Platforms

Harnessing Platform Envelopment in the Digital World' by Daniele Condorelli and Jorge Padilla in (2020) 16(2) Journal of Competition Law and Economics 143–187 comments

We revisit the economics of “platform envelopment strategies,” whereby a dominant platform (the enveloper) operating in a multi-sided market (the origin market) enters a second multi-sided market (the target market) by leveraging the data obtained from its shared user relationships. In particular, we analyze the logic and effects of “privacy policy tying,” a strategy whereby the enveloper requests consumers to grant their consent to combining their data in both origin and target markets. This may allow the enveloper to fund the services offered to all sides of the target market by monetizing data in the origin market, monopolize the target market, and entrench its dominant position in the origin market. We conclude by considering a range of possible policy interventions that may serve to limit such potential anticompetitive effects, while preserving the efficiencies generated by conglomerate platforms.

The authors state

In their seminal paper, Eisenmann et al. (2011) explained that entry in platform markets subject to network effects and high switching costs can occur in two ways: first, by offering drastically new functionality (that is, through Schumpeterian innovation) and second, through “platform envelopment.” 

They noted that Through envelopment, a provider in one platform market [the origin market] can enter another platform market [the target market] and combine its own functionality with that of the target in a multi-platform bundle that leverages shared user relationships. Envelopers capture market share by foreclosing an incumbent’s access to users; in doing so, they harness the network effects that previously had protected the incumbent. 

Platform envelopment thus involves the combination or bundling of the entrant’s functionality in the origin market with that of its new platform in the target market. The goal is to leverage shared user relationships and/or common components. For example, Google entered into mobile operating systems by bundling Android with Google Search, two separate platforms, in order to, among other possible goals, leverage the data generated by users of both platforms. Such data were effectively monetized through Google’s online advertising platforms. This strategy allowed Google to fund its entry in a way that could not be replicated by other competitors and contributed to its eventual dominance of the mobile operating system market. 

Importantly, platform envelopment strategies are viable not only when bundling platforms that are complements but also when they are weak substitutes or are functionally unrelated. Google entered online display advertising by bundling DoubleClick’s online display platform and its own online search platform, which were regarded as complements by many advertisers and weak substitutes by others. It entered into the mobile operating system market by combining two functionally unrelated platforms. And it may, like Facebook or Alibaba, successfully penetrate retail banking by combining a payment system platform with its online advertising businesses (De la Mano and Padilla, 2018). 

Eisenmann et al. demonstrated that “an entrant that bundles a complementary platform is most likely to succeed when the platforms’ users overlap significantly [ . . . ] an entrant that bundles a weak substitute platform is most likely to succeed when bundling offers significant economies of scope; [ . . . ] an entrant that bundles a functionally unrelated platform is most likely to succeed when the platforms’ users overlap significantly and when economies of scope are high.” 

Focusing attention on the bundling of functionally unrelated platforms, Eisenmann et al. explain that in this case the multi-platform entrant may benefit when (a) component overlap is meaningful and cost economies of scope are significant, or (b) user overlap is large and there are significant demand economies of scope (and thus users prefer to concentrate their purchases on a single supplier), or (c) user overlap is large and the entrant can exploit negative correlations in valuations across platforms to price discriminate more effectively. 

In this article, we consider alternative conditions under which bundling unrelated platforms are likely to be profitable. In addition to the scenarios (a)–(c) identified by Eisenmann et al. and listed above, we find that enveloping of unrelated platforms can be profitable even in the absence of “direct” economies of scope in demand and/or supply and when there is no component overlap. We show that this may occur when a firm operating in multiple platform markets with a common user side engages in “privacy policy tying,” that is, when the (conglomerate) firm’s privacy policies in each of those platform markets request users to grant consent so that it can combine the data they generate when using its multiple platforms to improve its offerings in one or more of them. 

In particular, we show how a platform monopolizing a multi-sided market where user data are monetized (the origin market) can profitably envelop another platform market with overlapping users (the target market) by tying its privacy policies in both platform markets to (i) combine the data generated by the common users in both markets without infringing the privacy laws and (ii) monetize such rich and difficult-to-replicate data in its dominant origin which can be profitably exploited by the dominant enveloping platform in the origin market. The combination of data across multiple platforms allows the enveloper to fund the services offered to all sides of the target market by monetizing that data in the origin market. As a result of this and its position of dominance in a key primary market, it may be able to monopolize the target market and entrench its dominant position in the origin market. 

The enveloping platform’s advantage does not lie in any “deep pockets,” because both the enveloper and its rivals may have the same profitability. Rather it flows from the enveloper’s first-mover advantage granted by itsestablished monopoly on a key origin market. In fact, in challenging a young rival in a data-ripe market, the dominant enjoys a commitment to compete toughly to monopolize the target market. This is so because leaving the data in the hands of the rival may in turn trigger its entry in the origin and more profitable market. Crucial to our argument is the competitive advantage resulting from the combination of data from unrelated markets; a combination that is facilitated by a strategy of tying privacy policies. 

Platform envelopment strategies may explain why “competition in the digital sector today is heavily shaped by competition between large digital competitors (Bourreau and Streel, 2019, p. 4).” Such strategies can distort competition and cause consumer harm. In particular, we discuss how this strategy can be used to protect the origin market from potential entry by more efficient competitors that operate (or may operate) in the target market. We illustrate the use of this enveloping strategy by reference to an actual case study. 

Finally, we discuss possible remedies, including ex post antitrust intervention, ex ante business-line regulation, limitations on the ability to combine user data from multiple platforms, data sharing, and so forth, seeking to constrain the potential competitive and consumer harm created by platform envelopment while allowing these strategies when they are likely to be welfare increasing. 

We discuss two regulatory solutions in greater detail. The first alternative is to mandate data sharing conditional on customer consent so that dominant platforms provide consistent application program interface in an interoperable form on terms parallel to FRAND licensing. Platforms with market power in well-defined origin markets would be mandated to grant access to other platforms to access a subset of their data, including personal data, if the individual or business in question decides so. Because data are “non-rivalrous” and, therefore, can be shared without losing them, data sharing is likely to have a small disincentive effect on the incentives to collect data. Meanwhile, the benefits of mandated access or data sharing are bound to be large since those data can be used to foster competition in many related and unrelated platforms at once. It follows that, unlike it may be the case with physical assets, patents, and other intellectual property rights, the trade-off between the short-term and long-term effects on competition and innovation points in favor of mandatory sharing. 

The second option is to enhance the privacy protection offered by dominant, conglomerate platforms by limiting their ability to combine user data across their platforms regardless of user consent. Of course, a potential drawback of this policy is that it may limit efficiency by preventing the creation of large and rich databases that could be mined in the interest of consumers and business users. We thus consider less stringent alternatives, which however may fell short of the objective of limiting the data superiority of dominant multi-platform conglomerates. 

The remainder of the article is organized as follows. In Section II, we provide a brief overview of the economics of platforms. This is a well-known topic; yet we believe it is important to ensure that the reader understands the basic principles and terminology used in subsequent sections. In Section III, we discuss the logic of platform envelopment. In Section IV, we particularize this discussion to consider platform envelopment strategies based on the combination of data from origin and target markets. We illustrate how such a strategy may work when the monetization platform (that is, the platform where the data are monetized) is an online advertising platform in Section V. In Section VI, we summarize the potential procompetitive and anticompetitive effects of such strategies, and in Section VII, we explore alternative ways to limit their possible detrimental effects on the integrity of the competitive process and consumer welfare. Section VIII concludes.

Unwell

In Health Care Complaints Commission v McGregor [2020] NSWCATOD 13 the NSW Civil and Administrative Tribunal has cancelled the registration of Sydney psychiatrist Dr McGregor after the practitioner posted a blog on his practice website which was “bizarre and suggestive of impaired reality testing” and verbally abused Medical Council panel members. NSWCAT considered whether McGregor's conduct constituted unsatisfactory professional conduct and professional misconduct, whether the practitioner is impaired whether he has “sufficient physical and/or mental capacity to practise medicine”, accordingly imposing appropriate protective orders.

The action was initiated by the NSW Health Care Complaints Commission. NSWCAT notes that

During 2017 Dr McGregor became suspicious that his wife, who was a receptionist at the practice, was having an affair with another psychiatrist in the practice. Around July 2017 he engaged a private investigator to download data from his wife’s mobile phone. On 22 December 2017 he provided that data, together with his own commentary, to the Australian Health Practitioner Regulation Agency (AHPRA). Dr McGregor characterised the notification as a “mandatory notification” alleging that the other psychiatrist had breached ethical guidelines. On 18 January 2018 a colleague who practised in the same building as Dr McGregor, complained to AHPRA about Dr McGregor’s behaviour in forwarding her a copy of the complaint he had sent to AHPRA. Dr McGregor said that he sent the complaint to his colleague to protect his reputation. As part of the investigation of the colleague’s complaint, investigators accessed Dr McGregor’s practice website and found a blog  - characterised by McGregor as his “Australian patriot blog” - on that psychiatric practice website.

Shortly thereafter an employee of the NSW Health Pharmaceutical Regulatory Unit (PRU)  poke with the Medical Director of the NSW Medical Council about the content of the blog. That content might politely be described as colourful, featuring reference to ' FISA wiretapping, M 16 connection, Assassination plots and ... unmentionable satanic ritual evidence'.

In praising QAnon and President Trump for fighting the satanic 'deep state' the blog stated

 Julian Assange is not in the Ecuadorian Embassy. He is either in Switzerland or Washington. Q and the MoD, SVR (Kremlin) confirm this. He is an Australian hero and would make a fine future PM. When the infant torture, rape and satanic rites cannibalism by elites is provided by Trump on tape – seek the comfort of others. Pay attention to the news cycle. Follow Q breadcrumbs on 8chan. Message, tweet, post and discuss with friends and family. Be open to new knowledge and cross check information thoroughly. Await the Australian Treason Trials (TT’s). 

After reviewing the blog, the NSW Medical Council decided to raise an 'own motion' complaint against McGregor with the Health Care Complaints Commission, expressing considerable concern for the practitioner's mental health and well-being. The Commission referred the complaint to NSWCAT as a serious complaint under s 145D of the Health Practitioner Regulation National Law, seeking an order from the Tribunal that McGregor’s registration be cancelled either because he is not competent to practise medicine or because he is guilty of professional misconduct: s 149C(1)(a) and (b). The Commission also sought an order under National Law s 149C(7) that McGregor cannot reapply for registration for a period of 12 months.

McGregor was on notice that the Tribunal would hear the complaint on 11 December 2019 but   did not attend. The HCCC provided McGregor with a copy of all the material it had lodged with the Tribunal, including the orders it was seeking.  Rather than alleging that McGregor had expressed extreme political views on his blog, the HCCC alleged that “the information published by the practitioner had the potential to expose his patients to harm when accessing the practice website for information or to make an appointment.”

McGregor did not respond and had not attended a meeting with a consultant psychiatrist, required by the Council. NSWCAT states 'We note that if a medical practitioner fails, without reasonable excuse, to comply with a requirement to attend a medical appointment, that failure is evidence the person does not have sufficient physical or mental capacity to practise medicine: National Law, s 152B(4)'.  McGregor did not respond to subsequent contact by the Medical Council apart from stating 'regardless of what Council does, it won’t change his political views and he won’t remove the blog from his website'.

NSWCAT states

On 5 March 2018, the Council held a hearing under s 150 of the National Law. During that hearing, the panel attempted to contact Dr McGregor by phone. Eventually Dr McGregor spoke with the three Council delegates on the panel. He repeatedly asserted that it was his politically views, as expressed in his blog that had brought him to the Council’s attention. Despite the Presiding Member telling him that it was concerns about his mental health that had triggered their response, Dr McGregor continued to assert that he was being persecuted because of his political opinions. At one stage during the phone call, Dr McGregor explained that, “there are great political changes occurring in the world at the moment and um I uh you know I need to uh uh get that across to other people and um ah if you uh feel that because uh my opinion is a little different to yours that you need to take away my registration that’s up to you . . um but . . .” He went on. “Um if you had any understanding of politics um you would understand that that that the beliefs that are actually put on the blog are actually um the uh directives um from ah from President Trump.” 

The issue for the Council delegates at that hearing was whether McGregor’s registration should be suspended to protect the health or safety of any persons or because the delegates were satisfied that suspension was necessary in the public interest. The delegates concluded that Dr McGregor showed such impaired judgment that exposure to those views had significant potential to expose his patients to risk of harm. McGregor’s response on hearing of the consequent suspension was visceral.
McGregor later stated on his blog

Sadly I was deregistered from practicing as a doctor today. The Medical Council of NSW found me guilty of publishing a website and expressing a political opinion which they disagreed with. . . . I sincerely apologise to all of my patients who have been terribly affected by this. I am very sorry to have caused you so many difficulties. . . . The truth is that it is very likely that I shall go bankrupt, and shut down, as my practice has enormous running costs. Thus it is best not to wait to see if The Medical Council of NSW will change its mind, but rather to find another Psychiatrist. 

He then requested an 'immediate reinstatement of my right to practice medicine', claiming the Presiding Member 'knowingly used the power of Political Correctness to inflict woman to male intimidation and assault against me. She knew that my political beliefs were different to hers and as such I felt she was using legal, financial and reputational intimidation as a woman against me. I feel her behaviour was that of a feminist thug used to deny me consent and respect'.

 In the written decision next month the Council delegates gave detailed reasons for suspending the registration, expressing the view that McGregor has an impairment with severely distorted judgement, construed as evident in the 'bizarre nature of aspects of his blogs (such as his reference to cannibalism and Satanic rituals) and publishing such disturbing material on his practice website where vulnerable patients could easily access the content'. Later in April a lengthy email from McGregor to the Council about the proposed s 150A hearing appears to have characterised the Council as 'clearly a Government Institution with bigoted/intolerant socially left wing zealots who conform to groupthink and take political views to further their careers'. The Council set aside the decision to suspend Dr McGregor’s registration and instead, imposed a condition that he is not to practise medicine, referring the matter to the Commission under s 150F to the HCCC. Doubling up, McGregor stated

 The Medical Council of New South Wales is a Paedophile Protection Agency. The operatives who have been involved in Politically destroying me are deranged President Trump haters and those who are Political sycophants of what the Deep State represents. That is, they Sensor and Punish any Patriot who criticises Paedophilia, and other Deep State crimes. . . . Furthermore, the Council has allowed a Politically malevolent pre-determined report be used against me by a Council affiliated Psychiatrist/Political activist/operative for the intention to entrap by The Political Abuse of Psychiatry.  ...
 Elite globalist satanic paedophiliac rituals, child trafficking, torture and cannibalism will be exposed in time. It will change the political landscape forever. The elite use secret societies and satanic infant/child abuse to maintain control and cohesion. The in-group allegiance is absolute with these binding behaviours. The initiation rites enforce compliance with the aims of the NWO – which is subjugation of the world’s people for their own benefit.

NSWCAT concluded

Complaint 1 

(1) Are the facts of the four incidents of alleged inappropriate conduct set out in Complaint 1 proved? Yes. 

(2) Did the blog publication conduct have the potential to expose Dr McGregor’s patients to harm when accessing the practice website for information or to make an appointment? Yes. 

(3) Did each of the four incidents of alleged inappropriate conduct set out in Complaint 1 relate to “the practice or purported practice of medicine”? Yes. 

(4) If so, (a) is the “complaint to Council” conduct “any other improper or unethical conduct”? No. (b) is the “distribution of the complaint to another medical practitioner” “any other improper or unethical conduct”? No. (c) is the “publication of blog” conduct; “any other improper or unethical conduct”? Yes. (d) Is the “abusive language” conduct “any other improper or unethical conduct”? Yes. 

Complaint 2 

(5) Did Dr McGregor self-prescribe the medications in the quantities and on the dates listed in the table set out under complaint 2, particular 1? Yes. 

(6) If so, was any self-prescribing in breach of the code of practice or the self-treatment guidelines? Yes, if Dr McGregor initiated these medications. 

(7) If so, has Dr McGregor “engaged in any other improper or unethical conduct relating to the practice or purported practice of medicine”? No. 

Complaint 3 

(8) Are any of the particulars in complaint 1 or complaint 2 sufficiently serious to justify suspension or cancellation of Dr McGregor’s registration? No. 

(9) If not, are all the particulars in complaints 1 and 2, or any other combination of particulars in complaints 1 and 2, when considered together, of a sufficiently serious nature to justify suspension or cancellation of Dr McGregor’s registration? Yes. 

Complaint 4 

(10) Does Dr McGregor have a “physical or mental impairment, disability, condition or disorder (including substance abuse or dependence)? Yes. 

(11) Does that disability, condition or disorder detrimentally affect or is it likely to detrimentally affect his capacity to practise medicine? Yes. 

Complaint 5 

(12) Does Dr McGregor have “sufficient physical and/or mental capacity to practise medicine”? No.

NSWCAT states

Between February 2018 and March 2019, the practitioner inappropriately published a personal Internet ‘blog on a website attached to his medical practice and identified himself as the author of the blog where the information published by the practitioner had the potential to expose his patients to harm when accessing the practice website for information or to make an appointment. (“publication of blog” – particular 1) Around 5 March 2018, the practitioner engaged in inappropriate and abusive language to the Council section 150 delegates by stating to the delegates, [abusive language]

NSWCAT bites the view that

McGregor's response to his marriage breakdown and concerns about harm to his reputation was “highly unusual . . . and likely to cause an escalation in conflict, and certainly took no account of his former wife’s privacy.” In the complaint to the Tribunal, the HCCC characterised this conduct as “inappropriate”. However, it must be more than inappropriate to meet the definition of unsatisfactory professional conduct in s 139B(1)(l). It must be “improper or unethical conduct.” In our view, Dr McGregor lacked judgment in making a complaint to AHPRA about his colleague and his wife having an affair. Their relationship is a private matter. The fact that Dr McGregor perceived that it impacted on his reputation, is not a sufficient reason for making the complaint. Dr McGregor did not point to any guidelines or codes of practice applicable to the medical profession which Dr Keighran was said to have breached. In our view, Dr McGregor’s complaint was misguided, but his conduct in making the complaint was not improper or unethical.   

... asked whether he thought he had breached his wife’s privacy in distributing such personal information, “he said that his wife gave him the mobile phone”, and that, “I still feel it was the right decision.” When Dr Wright asked him whether he thought there might be an ethical problem in distributing such material, he replied that, “there’s something in the back of my mind . . .” As with the previous particular, the HCCC characterised this conduct as “inappropriate”. In our view, Dr McGregor lacked judgment in distributing the complaint to a colleague especially when it contained sensitive personal information about his former wife. As we have said, her relationship with one of Dr McGregor’s colleagues is a private matter. His fears about loss of reputation do not justify distributing this material. In our view, Dr McGregor was misguided, but his conduct in distributing the complaint was not improper or unethical.

In discussing the blog on the practice site, NSWCAT comments

We find that Dr McGregor was the author of all the material lodged by the HCCC for that period and we rely on that material. In his 27 March 2018 report, Dr Wright accurately described the content of the blog: A review of the blog content shows it included opinions reflective of a global conspiracy perspective. Dr McGregor identifies the content as his opinions, and if they are indeed his opinions, some of the material is quite disturbing. They include references to “infant torture, rape and Satanic Rites cannibalism by elites is provided by Trump on tape . . elite globalist satanic paedophiliac (sic) rituals, child trafficking, torture and cannibalism will be exposed in time . . The elite use secret societies and satanic infant/child abuse to maintain control and cohesion. . expect the paedophilia and child torture/cannibalism to be fully exposed prior to the mid terms in November. 

Dr Wright expressed the view that: These are extraordinary beliefs for a consultant psychiatrist to publicly associate himself with, particularly on a website associated with his clinical practice. 

Some of this material reflects a loss of perspective and potential loss of reality testing. We agree with that opinion. Contrary to Dr McGregor’s assertions, the content of the blogs are not merely expressions of his political beliefs. Existing and potential patients had access to the website to obtain information or make an appointment. The publication of this material relates to the practice of medicine because it is on the practice website. The fact that Dr McGregor identifies himself as a medical practitioner and psychiatrist on the website gives his comments added credibility.

Algocracy

'Fighting Back Algocracy: The need for new participatory approaches to technology assessment' by Timothy Kariotis and Darakhshan J. Mir in PDC '20: Proceedings of the 16th Participatory Design Conference 2020 - Participation(s) Otherwise vol 2 (2020)148–153 comments

City, municipal, and state governments around the globe are increasingly looking towards algorithmic solutions to long-standing and difficult problems in governance. We use the term algorithmic governance to capture this increasing use of predictive and other algorithms to provide efficiencies in the targeting of services and government processes. However, in the course of pursuing these efficiencies, openness, transparency, public accountability, and community-based deliberation, key pillars of democracy, come under threat when decision making is black-boxed in an algorithm. Furthermore, algorithmic governance (for example, in domains like welfare management) typically exacerbates the marginalization of the most disadvantaged in society, while simultaneously making such marginalization invisible to the larger citizenry. A hybrid technology assessment (TA) comprising of elements of both participatory TA (that involves public debate about technology) and constructive TA (that involves co-construction of technology between society and designers) employed through the framework of engineering technology for social justice, may help address these challenges.

Deep Fakes

"Sex, Lies, and Videotape: Deep Fakes and Free Speech Delusions' by Mary Anne Franks and Ari Ezra Waldman in (2019) 78 Maryland Law Review comments

The longstanding position of civil libertarians that harmful speech should generally be tolerated instead of regulated is based on three interrelated claims about free speech. One is that an unfettered “marketplace of ideas” ultimately leads to the discovery of truth. The second, closely related to the first, is that harmful speech is always best addressed through counterspeech rather than regulation. The third is that even well-intentioned and modest regulations of speech will ultimately be used to silence minority or dissident voices. Whatever merit these claims may have had in the past, they cannot be sustained in the digital age. Unbridled, unlimited free speech rights, especially in an era of technologically mediated expression, have led to the disintegration of truth, the reign of unanswerable speech, and the silencing and self-censorship of women, queer people, persons of color, and other racial and ethnic minorities.

Genomic Panopticism

'Genomic surveillance' by Emile Dirks and James Leibold at the Australian Strategic Policy Institute reports that

The Chinese Government is building the world’s largest police-run DNA database in close cooperation with key industry partners across the globe. Yet, unlike the managers of other forensic databases, Chinese authorities are deliberately enrolling tens of millions of people who have no history of serious criminal activity. Those individuals (including preschool-age children) have no control over how their samples are collected, stored and used. Nor do they have a clear understanding of the potential implications of DNA collection for them and their extended families. 

Earlier Chinese Government DNA collection campaigns focused on Tibet and Xinjiang, but, beginning in late 2017, the Ministry of Public Security expanded the dragnet across China, targeting millions of men and boys with the aim to ‘comprehensively improve public security organs’ ability to solve cases, and manage and control society’. This program of mass DNA data collection violates Chinese domestic law and global human rights norms. And, when combined with other surveillance tools, it will increase the power of the Chinese state and further enable domestic repression in the name of stability maintenance and social control. 

Numerous biotechnology companies are assisting the Chinese police in building this database and may find themselves complicit in these violations. They include multinational companies such as US-based Thermo Fisher Scientific and major Chinese companies like AGCU Scientific and Microread Genetics. All these companies have an ethical responsibility to ensure that their products and processes don’t violate the fundamental human rights and civil liberties of Chinese citizens. 

The forensic use of DNA has the potential to solve crimes and save lives; yet it can also be misused and reinforce discriminatory law enforcement and authoritarian political control. The Chinese Government and police must end the compulsory collection of biological samples from individuals without records of serious criminal wrongdoing, destroy all samples already collected, and remove all DNA profiles not related to casework from police databases. China must enact stringent restrictions on the collection, storage, use and transfer of human genomic data. 

The Chinese Government must also ensure that it adheres to the spirit of the International Covenant on Civil and Political Rights (1966), the International Declaration on Human Genetic Data (2003), the Universal Declaration on the Human Genome and Human Rights (1997) and the Convention on the Rights of the Child (1989), as well as China’s own Criminal Law (2018). National and international legal experts have condemned previous efforts to enrol innocent civilians and children in forensic DNA databases, and the UN Special Rapporteur on the right to privacy should investigate the Chinese Government’s current collection program for any violations of international law and norms. 

Foreign governments must strengthen export controls on biotechnology and related intellectual property and research data that’s sold to or shared with the Chinese Government and its domestic public and private partners. Chinese and multinational companies should conduct due diligence and independent audits to ensure that their forensic DNA products and processes are not being used in ways that violate the human and civil rights of Chinese citizens.

In summarising their findings the authors state

 Forensic DNA analysis has been a part of criminal investigations for more than three decades. Dozens of countries have searchable DNA databases that allow police to compare biological samples found during forensic investigations with profiles stored in those databases. China is no exception. 

In 2003, China’s Ministry of Public Security began building its own forensic DNA database. Like other such databases, it contains samples taken from criminal offenders and suspects. However, since 2013, Chinese authorities have collected DNA samples from entire ethnic minority communities and ordinary citizens outside any criminal investigations and without proper informed consent. The Chinese Government’s genomic dataset likely contains more than 100 million profiles and possibly as many as 140 million, making it the world’s largest DNA database, and it continues to grow (see Appendix 3). 

This ASPI report provides the first comprehensive analysis of the Chinese Government’s forensic DNA database and the close collaboration between Chinese and multinational companies and the Chinese police in the database’s construction. It draws on more than 700 open-source documents, including government bid tenders and procurement orders, public security bureaus’ Weibo and Weixin (WeChat) posts, domestic news coverage, social media posts, and corporate documents and promotional material (see Appendix 1). This report provides new evidence of how Xinjiang’s well-documented biosurveillance program is being rolled out across China, further deepening the Chinese Government’s control over society while violating the human and civil liberties of millions of the country’s citizens. 

The indiscriminate collection of biometric data in China was first reported by Human Rights Watch. 

Beginning in 2013, state authorities obtained biometric samples from nearly the entire population of the Tibetan Autonomous Region (3 million residents) under the guise of free annual physical exams (Figure 1). In 2016, a similar program was launched in Xinjiang, where data from nearly all of the region’s 23 million residents was collected. 

In those minority regions, DNA collection was only one element of an ongoing multimodal biometric surveillance regime, which also includes high-definition photos, voiceprints, fingerprints and iris scans, which are then linked to personal files in police databases. In both Xinjiang and Tibet, authorities intentionally concealed the reasons for biometric collection. When that data was combined with an extensive system of security cameras and intrusive monitoring of local families, the Chinese Government was able to extend its control over these already tightly monitored communities. 

Such programs, however, were only the beginning. Starting in late 2017, Chinese police expanded mass DNA data collection to the rest of the country. Yet in contrast to the wholesale approach adopted in Tibet and Xinjiang, authorities are using a more cost-efficient but equally powerful method: the collection of DNA samples from selected male citizens. This targeted approach gathers Y-STR data—the ‘short tandem repeat’ or unique DNA sequences that occur on the male (Y) chromosome. 

When these samples are linked to multigenerational family trees created by the police, they have the potential to link any DNA sample from an unknown male back to a specific family and even to an individual man. 

In this report, we document hundreds of police-led DNA data-collection sorties in 22 of China’s 31 administrative regions (excluding Hong Kong and Macau) and across more than a hundred municipalities between late 2017 and April 2020. Evidence suggests that, in some locations, blood collection has occurred in preschools (Figure 2) and even continued during the Covid-19 pandemic. 

The scale and nature of this program are astounding. We estimate that, since late 2017, authorities across China have sought to collect DNA samples from 5–10% of the country’s male population, or roughly 35–70 million people (Figure 3, and see Appendix 3). These ordinary citizens are powerless to refuse DNA collection and have no say over how their personal genomic data is used. The mass and compulsory collection of DNA from people outside criminal investigations violates Chinese domestic law and international norms governing the collection, use and storage of human genetic data. 

The corporate world is profiting handsomely from this new surveillance program. Leading Chinese and multinational companies are providing the Chinese police with the equipment and intellectual property needed to collect, store and analyse the Y-STR samples. Key participants include Thermo Fisher Scientific, which is a US-headquartered biomedical and bioinformatics company, and dozens of Chinese companies, including AGCU Scientific, Forensic Genomics International, Microread Genetics and Highershine (see Appendix 4). Under China’s 2019 Regulations on Human Genetic Resource Management, if these companies partner with public security bureaus to develop new forensic products, any results and patents must be shared with the police. The continued sale of DNA profiling products and processes to China’s public security bureaus is inconsistent with claims that these companies have made to improve the quality of life and wellbeing of the communities they serve.

Intimates

'Privacy threats in intimate relationships' by Karen Levy and Bruce Schneier in (2020) 6(1) Journal of Cybersecurity states

This article provides an overview of intimate threats: a class of privacy threats that can arise within our families, romantic partnerships, close friendships, and caregiving relationships. Many common assumptions about privacy are upended in the context of these relationships, and many otherwise effective protective measures fail when applied to intimate threats. Those closest to us know the answers to our secret questions, have access to our devices, and can exercise coercive power over us. We survey a range of intimate relationships and describe their common features. Based on these features, we explore implications for both technical privacy design and policy, and offer design recommendations for ameliorating intimate privacy risks. 

The authors comment

 The information security community tends to focus its attention on a canonical set of attackers: companies tracking our activities online, criminals looking to steal our data, government agencies surveilling us to gather information, and hackers out for the “lulz.” But a huge number of threats are much more quotidian, performed by much less powerful and less technically savvy actors with very different motives and resources. These attackers know their victims well, and have much greater access to their information, devices, and lives in general. We call these attacks intimate threats, in which one member of an intimate relationship—a spouse, a parent, a child, or a friend, for example—violates the privacy of the other.

Intimate threats have garnered little explicit attention from the security and privacy communities and from system designers. For example, a recent review of 40 academic analyses of smart home security anticipated 29 different threat actors and 100 different types of threats—but the threat model of a domestic abuser was almost entirely absent across the literature. We argue that these threats ought to be treated as a primary concern.

Intimate threats represent the way a huge number of people actually experience insecurity and privacy invasions every day. These threats are so common as to be treated as routine and often overlooked, but they are experienced much more frequently—and often with greater direct impact on victims’ lives—than many of the threats that dominate the security discussion. And they disproportionally impact society’s most vulnerable and least powerful people, often including women, children, the elderly, and the physically or cognitively impaired. Though these threats are, by their nature, difficult to definitively quantify, the indicators we have suggest the scope and scale of intimate threats. In one survey, 31% of participants admitted to snooping through another person’s phone without permission in the past year. A recent Pew survey found that the majority of parents check their teenagers’ browsing histories and social media profiles. Forty-eight percent looked through phone records and text messages, and 16% tracked teens’ locations via their cell phones; half reported knowing the password to their teenager’s email account. An NPR survey of US domestic violence shelters indicated that 85% of shelters had worked with survivors who had been stalked using GPS devices, and that 75% had helped survivors who had been subject to eavesdropping using remote tools. A survey in the UK found that 85% of abuse survivors reported being subject to online abuse as part of a pattern of their abuse more generally. Taken together, figures like these suggest that privacy invasions by intimates are pervasive and deserving of focused study.

In addition to being important on their own, intimate threats can be precursors to more traditional forms of privacy and security threat. Intimate privacy invasions can result in the destruction of valuable or personal data, like financial records or family photographs. They can be the first step in financial fraud. In abusive partner situations, they can be a precursor to physical, emotional, and sexual abuse [6, 7]. And even well-intentioned intimate monitoring can create a slippery slope of acceptability, inuring users to accepting surveillance as a mode of social control in other contexts.

Finally, a more systematic consideration of intimate threats stands to benefit socio-technical security research as a field. These threats pose difficult technical challenges, made more complex by the social relationships in which they are embedded—which are marked by different degrees of authority and autonomy within relationships. They present a mixture of motivations for privacy invasion, often including beneficent motivations like protection and care. They pose novel and interesting questions about privacy boundaries: what degree of monitoring is socially and normatively acceptable in intimate relationships, and how system designers might best accommodate divergent and dynamic preferences. Directly addressing these issues extends the field and provides designers with an opportunity to better address real-world situations. In this way, our work fits into a broader scheme of research that prioritizes the sociotechnical and behavioral dimensions of security and privacy across different social contexts, and which recognizes the critical importance of interdisciplinary approaches to developing solutions.

Our goals in this article are twofold. While emerging research has begun to examine privacy threats within particular intimate relationships, we are aware of no work that synthesizes common characteristics or design considerations of these threats from across intimate contexts. Our first goal, then, is to describe intimate threats as a class of privacy problems, drawing out the features that characterize the category. Many of these features involve the violation of implicit assumptions that hold more readily in other contexts of privacy threat. A better understanding of these common features is required to more adequately protect against intimate threats.

Our second goal is to articulate a set of design considerations that is cognizant of intimate threats. These are difficult problems, and our intention is not to prescribe an exhaustive “checklist” that will immunize a technological system against all intimate threats. Rather, we aim to supply researchers, designers, and policymakers with a conceptual toolkit for recognizing and taking these threats seriously, as well as a critical assessment of the design trade-offs they entail.

Hacking

Dark Basin Uncovering a Massive Hack-For-Hire Operation by John Scott-Railton, Adam Hulcoop, Bahr Abdul Razzak, Bill Marczak, Siena Anstis, and Ron Deibert at Citizen Lab reports on hacking for hire against civil society organisations.

The authors report that

Dark Basin is a hack-for-hire group that has targeted thousands of individuals and hundreds of institutions on six continents. Targets include advocacy groups and journalists, elected and senior government officials, hedge funds, and multiple industries. Dark Basin extensively targeted American nonprofits, including organisations working on a campaign called #ExxonKnew, which asserted that ExxonMobil hid information about climate change for decades. We also identify Dark Basin as the group behind the phishing of organizations working on net neutrality advocacy, previously reported by the Electronic Frontier Foundation. We link Dark Basin with high confidence to an Indian company, BellTroX InfoTech Services, and related entities. 

Citizen Lab has notified hundreds of targeted individuals and institutions and (at the request of several targets) shared information about the argeting with the US Department of Justice (DOJ).

The report states

We give the name Dark Basin to a hack-for-hire organization that has targeted thousands of individuals and organizations on six continents, including senior politicians, government prosecutors, CEOs, journalists, and human rights defenders. With high confidence, we link Dark Basin to BellTroX InfoTech Services (“BellTroX”), an India-based technology company. 

Over the course of our multi-year investigation, we found that Dark Basin likely conducted commercial espionage on behalf of their clients against opponents involved in high profile public events, criminal cases, financial transactions, news stories, and advocacy. This report highlights several clusters of targets. In future reports, we will provide more details about specific clusters of targets and Dark Basin’s activities. 

Thousands of Targets Emerge

In 2017, Citizen Lab was contacted by a journalist who had been targeted with phishing attempts and asked if we could investigate. We linked the phishing attempts to a custom URL shortener, which the operators used to disguise the phishing links.

We subsequently discovered that this shortener was part of a larger network of custom URL shorteners operated by a single group, which we call Dark Basin. Because the shorteners created URLs with sequential shortcodes, we were able to enumerate them and identify almost 28,000 additional URLs containing e-mail addresses of targets. We used open source intelligence techniques to identify hundreds of targeted individuals and organizations. We later contacted a substantial fraction of them, assembling a global picture of Dark Basin’s targeting.

Our investigation yielded several clusters of interest that we will describe in this report, including two clusters of advocacy organizations in the United States working on climate change and net neutrality.

While we initially thought that Dark Basin might be state-sponsored, the range of targets soon made it clear that Dark Basin was likely a hack-for-hire operation. Dark Basin’s targets were often on only one side of a contested legal proceeding, advocacy issue, or business deal. ...

Links to an Indian Operator

We link Dark Basin’s activity with high confidence to individuals working at an Indian company named BellTroX InfoTech Services (also known as “BellTroX D|G|TAL Security,” and possibly other names). BellTroX’s director, Sumit Gupta, was indicted in California in 2015 for his role in a similar hack-for-hire scheme. ... Along with our collaborators at NortonLifeLock, we have unearthed numerous technical links between the campaigns described in this report and individuals associated with BellTroX. These links lead us to conclude with high confidence that Dark Basin is linked to BellTroX.

We were able to identify several BellTroX employees whose activities overlapped with Dark Basin because they used personal documents, including a CV, as bait content when testing their URL shorteners. They also made social media posts describing and taking credit for attack techniques containing screenshots of links to Dark Basin infrastructure. BellTroX and its employees appear to use euphemisms for promoting their services online, including “Ethical Hacking” and “Certified Ethical Hacker.” BellTroX’s slogan is: “you desire, we do!” ....

Targeting American Nonprofits, Journalists

Dark Basin has a remarkable portfolio of targets, from senior government officials and candidates in multiple countries, to financial services firms such as hedge funds and banks, to pharmaceutical companies. Troublingly, Dark Basin has extensively targeted American advocacy organizations working on domestic and global issues. These targets include climate advocacy organizations and net neutrality campaigners.

Targeting American Environmental Organizations

We discovered a large cluster of targeted individuals and organizations that were engaged in environmental issues in the US. In the fall of 2017, Citizen Lab made contact with these groups and began working with them to determine the nature and scope of the targeting. We determined that these organizations were all linked to the #ExxonKnew campaign, which highlights documents that, the advocacy organizations argue, point to Exxon’s decades-long knowledge of climate change. According to the New York Times, the #ExxonKnew campaign has led to “exposés of the company’s research into climate change, including actions it took to incorporate climate projections into its exploration plans while playing down the threat.” The New York Times describes an intense legal battle between ExxonMobil, multiple states’ attorneys general, and organizations engaged in the #ExxonKnew campaign.

Targeted organizations consenting to be named in this report include: Rockefeller Family Fund, Climate Investigations Center, Greenpeace, Center for International Environmental Law, Oil Change International, Public Citizen, Conservation Law Foundation, Union of Concerned Scientists, M+R Strategic Services, and 350.org

 The authors conclude

Mercenary Intrusion: A Global Problem

Dark Basin’s thousands of targets illustrate that hack-for-hire is a serious problem for all sectors of society, from politics, advocacy and government to global commerce.

Many of Dark Basin’s targets have a strong but unconfirmed sense that the targeting is linked to a dispute or conflict with a particular party whom they know. However, absent a systematic investigation, it is difficult for most individuals to determine with certainty who undertakes these phishing campaigns and/or who may be contracting for such services, especially given that Dark Basin’s employees or executives are unlikely to be within the jurisdiction of their local law enforcement. Further, while many of the targets whom we contacted had a sense they were being phished in a targeted operation, many others did not share this awareness. These targets either concluded that they were being phished for an unknown reason, or simply did not notice the targeting against the background of unrelated phishing messages and spam.

We believe there is an important role for major online platforms who have the capacity to track and monitor groups like Dark Basin. We hope Google and others will continue to track and report such hack-for-hire operations. We also encourage online platforms to be proactive in notifying users that have been targeted by such groups, such as providing detailed warnings beyond generic notifications to help enable targets to recognize the seriousness of the threat and take appropriate action.

Hacking for hire

Dark Basin’s activities make it clear that there is a large and likely growing hack-for-hire industry. Hack-for-hire groups enable companies to outsource activities like those described in this report, which muddies the waters and can hamper legal investigations. Previous court cases indicate that similar operations to BellTroX have contracted through a murky set of contractual, payment, and information sharing layers that may include law firms and private investigators and which allow clients a degree of deniability and distance.

The growth of a hack-for-hire industry may be fueled by the increasing normalization of other forms of commercialized cyber offensive activity, from digital surveillance to “hacking back,” whether marketed to private individuals, governments or the private sector. Further, the growth of private intelligence firms, and the ubiquity of technology, may also be fueling an increasing demand for the types of services offered by BellTroX. At the same time, the growth of the private investigations industry may be contributing to making such cyber services more widely available and perceived as acceptable.

A clear danger to democracy

The rise of large-scale, commercialized hacking threatens civil society. As this report shows, it can be used as a tool of the powerful to target organizations that may not have sophisticated cybersecurity resources and consequently are vulnerable to such attacks.

For example, in a four-year-study, we concluded that digital threats undermined civil society organizations’ core communications and missions in a significant way, sometimes as a nuisance or resource drain, or more seriously as a major risk to individual safety. Citizen Lab has also previously researched and documented the harms of phishing campaigns against civil society around the globe.

We believe it is especially urgent that all parties involved in these phishing campaigns are held fully accountable. For this reason, and on the request of multiple targets of Dark Basin, Citizen Lab provided indicators and other materials to the US DOJ.