Technology

In a little over an hour, SpaceX will be attempting the launch of a used Falcon 9 rocket and subsequently looking to pull off an upright landing on the California coast.

This time will interestingly be the first West Coast landing thattaking place on solid California ground as opposed to the drone barges that SpaceX has used in the past. This hasn&t been a matter of preference for SpaceX which has been trying to build its own land launch pad in the West Coast, but hasn&t gotten clearance yet, The Verge notes.

The purpose of the flight is the launch of theSAOCOM 1A, a satellite operated by ArgentinaSpace Agency which in conjunction with another identical satellite will help gather soil and moisture information, according to SpaceX.

The launch is scheduled to happen atVandenberg Air Force Base in California. The launch window will take place at 7:21 p.m. PDT with the satellite being released about 12 minutes after launch.

Gather round. The EU has a plan for a big update to privacy laws that could have a major impact on current Internet business models.

Um, I thought Europe just got some new privacy rules

They did. You&re thinking of the General Data Protection Regulation (GDPR), which updated the European Union1995 Data Protection Directive — most notably by making the penalties for compliance violations much larger.

But thereanother piece of the puzzle — intended to ‘complete& GDPR but which is still in train.

Or, well, sitting in the sidings being mobbed by lobbyists, as seems to currently be the case.

Itcalled the ePrivacy Regulation.

ePrivacy Regulation, eh So I guess that means therealready an ePrivacy Directive then…

Indeed. Clever cookie. Thatthe 2002 ePrivacy Directive to be precise, which was amended in 2009 (but is still just a directive).

Remind me whatthe difference between an EU Directive and a Regulation again…

A regulation is a more powerful legislative instrument for EU lawmakers as itbinding across all Member States and immediately comes into legal force on a set date, without needing to be transposed into national laws. In a word itself-executing.

Whereas, with a directive, Member States get a bit more flexibility because itup to them how they implement the substance of the thing. They could adapt an existing law or create a new one, for example.

With a regulation the deliberation happens among EU institutions and, once that discussion and negotiation process has concluded, the agreed text becomes law across the bloc — at the set time, and without necessarily requiring further steps from Member States.

So regulations are powerful.

So theremore legal consistency with a regulation

In theory. Greater harmonization of data protection rules is certainly an impetus for updating the EUlegal framework around privacy.

Although, in the case of GDPR, Member States did in fact need to update their national data protections laws to make certain choices allowed for in the framework, and identify competent national data enforcement agencies. So therestill some variation.

Strengthening the rules around privacy and making enforcement more effectiveare other general aims for the ePrivacy Regulation.

Europe has had robust privacy rules for many years but enforcement has been lacking.

Another point of note: Where data protection law is concerned, national agencies need to be properly resourced to be able to enforce rules, or that couldundermine the impact of regulation.

Itup to Member States to do this, though GDPR essentially requires it (and the Commission is watching).

Europedata protection supervisor, Giovanni Buttarelli, sums up the current resourcing situation for national data protection agencies, as: &Not bad, not enough. But much better than before.&

But why does Europe need another digital privacy law. Why isn&t GDPR enough

There is some debate about that, and not everyone agrees with the current approach. But the general idea is that GDPR deals with general (personal) data.

Whereas the proposed update to ePrivacy rules is intended to supplement GDPR — addressing in detail the confidentiality of electronic communications, and the tracking of Internet users more broadly.

So the (draft) ePrivacy Regulation covers marketing, and a whole raft of tracking technologies (including but not just cookies); and is intended to combat problems like spam, as well as respond to rampant profiling and behavioral advertising by requiring transparency and affirmative consent.

One major impulse behind the reform of the rules is to expand the scope to not just cover telcos but reflect how many communications now travel ‘over the top& of cellular networks, via Internet services.

This means ePrivacy could apply to all sorts of tech firms in future, be it Skype, Facebook, Google, and quite possibly plenty more — given how many apps and services include some ability for users to communicate with each other.

But scope remains one of the contested areas, with critics arguing the regulation could have a disproportionate impact, if — for example — every app with a chat function is going to be ruled.

On the communications front, the updated rules would not just cover message content but metadata too (to respond to how that gets tracked). Aka pieces of data that might not be personal data per se yet certainly pertain to privacy once they are wrapped up in and/or associated with peoplecommunications.

Although metadata tracking is also used for analytics, for wider business purposes than just profiling users, so you can see the challenge of trying to fashion rules to fit around all this granular background activity.

Simplifying problematic existing EU cookie consent rules — which have also been widely mocked for generating pretty pointless web page clutter — has also been a core part of the Commissionintention for the update.

EU lawmakers also want the regulation to cover machine to machine comms — to regulate privacy around the still emergent IoT (Internet of Things), to keep pace with the rise of smart home technologies.

Those are some of the high level aims but there have been multiple proposed texts and revisions at this point so goalposts have been shifting around.

So whereabouts in the process are we

The Commissionoriginal reform proposal came out in January 2017. More than a year and a half later EU institutions are still stuck trying to reach a consensus. Itnot even 100% certain whether ePrivacy will pass or founder in the attempt at this point.

The underlying problem is really the scope of exploitation of consumers& online activity going on in the areas ePrivacy seeks to regulate — which is now firmly baked into dominant digital business models — so trying to rule over all that after the fact of mainstream operational execution is a recipe for co-ordinated industry objection and frenzied lobbying. Of which there has been an awful lot.

At the same time, consumer protection groups in Europe are more clear than ever that ePrivacy should be a vehicle for further strengthening the data protection framework put in place by GDPR — pointing out, for example, that data misuse scandals like the Facebook-Cambridge Analytica debacle show that data-driven business models need closer checks to protect consumers and ensure peoplerights are respected.

Safe to say, the two sides couldn&t be further apart.

Like GDPR, the proposed ePrivacy Regulation would also apply to companies offering services in Europe not only those based in Europe. And it also includes major penalties for violations (of up to 2% or 4% of a companyglobal annual turnover) — similarly intended to bolster enforcement and support more consistently applied EU privacy rules.

But given the complexity of the proposals, and disagreements over scope and approach, having big fines baked in further complicates the negotiations — because lobbyists can argue that substantial financial penalties should not be attached to ‘ambiguous& laws and disputed regulatory mechanisms.

The high cost of getting the update wrong is not so much concentrating minds as causing alarms to be yanked and brakes applied. With the risk of no progress at all looking like an increasing possibility.

One thing is clear: The existing ePrivacy rules are outdated and itnot helpful to have old rules undermining a state-of-the-art data protection framework.

Telcos have also rightly complained itnot fair for tech giants to be able to operate messaging empires without the same compliance burdens they have.

Just don&t assume telcos love the proposed update either. Itcomplicated.

Sounds very messy.

Indeed.

EU lawmakers could probably have dealt with updating both privacy-related directives together, or even in one ‘super regulation&, but they decided to separate the work to try to simplify the process. In retrospect that looks like a mistake.

On the plus side, it means GDPR is now locked in place — with Buttarelli saying the new framework is intended to stand for as long as its predecessor.

Less good: One shiny worldclass data protection framework is having to work alongside a set of rules long past their sell-by-date.

So, so much for consistency.

Buttarelli tells us he thinks it was a mistake not to do both updates together, describing the blocks being thrown up to try to derail ePrivacy reform as &unacceptable&.

&I would like to say very clearly that the EU made a mistake in not updating earlier the rules for confidentiality for electronic communications at the same time as general data protection,& he told us during an interview this week, about GDPR enforcement, datas ethics and the future of EU privacy regulation.

He argues the patchwork of new and old rules &doesn&t work for data controllers& either, as they&re the ones saddled with dealing with the legal inconsistency.

As Europedata protection supervisor, Buttarelli is of course trying to apply pressure on key parties — to &get to the table and start immediately trilogue negotiations to identify a sustainable outcome&.

But the nature of lawmaking across a bloc of 28 Member States is often slow and painful. Certainly no one entity can force progress; it must be achieved via negotiated consensus and compromise across the various institutions and entities.

And when interest groups are so far apart, well, itsweating toil to put it mildly.

Entities that don&t want to play ball with a particular legal reform issue can sometimes also throw a delaying spanner in the works by impeding negotiations. Which is what looks to be going on with ePrivacy right now.

The EU parliament confirmed its negotiating mandate on the reformalmost a year ago now. But MEPs were then stuck waiting for Member States to take a position and get around the discussion table.

Except Member States seemingly weren&t so keen. Some were probably a bit preoccupied with Brexit.

Currently implicated as an ePrivacy blocker: Austria, which holds the six-month rotating presidency of the EU Council — meaning it gets to set priorities, and can thus kick issues into the long grass (as its right-wing government appears to be doing with ePrivacy).And so the wait goes on.

It now looks like a bit of a divide and conquer situation for anti-privacy lobbyists, who — having failed to derail GDPR — are throwing all their energies at blocking and even derailing/diluting the ePrivacy reform.

Some Member States appear to be trying to attack ePrivacy to weaken the overarching framework of GDPRtoo. So yes, itgot very messy indeed.

Therean added complication around timing because the EU parliament is up for re-election next Spring, and a few months after that the executive Commission will itself turn over, as the current president does not intend to seek reappointment. So it will be all change for the EU, politically speaking, in 2019.

A reconfigured political landscape could then change the entire conversation around ePrivacy. So the current delay could prove fatal unless agreement can be reached in early 2019.

Some EU lawmakers had hoped the reform could be done and dusted in in time to come into force at the same time as GDPR, this May.

That was certainly a major miscalculation.

But whatall the disagreement about

That depends on who you ask. There are many contested issues, depending on the interests of the group you&re talking to.

Media and publishing industry associations are terrified about what they say ePrivacy could do to their ad-supported business models, given their reliance on cookies and tracking technologies to try to monetize free content via targeted ads — and so claim it could destroy journalism as we know it if consumers need to opt-in to being tracked.

The ad industry is also of course screaming about ePrivacy as if its hairon fire. Big tech included, though it has generally preferred to lobby via proxies on this issue.

Anything that could impede adtechability to track and thus behaviourally target ads at web users is clearly enemy number one, given the current modus operandi. So ePrivacy is a major lobbying target for the likes of the IAB who don&t want it to upend their existing business models.

Even telcos aren&t happy, despite the potential of the regulation to even the playing field somewhat with tech giants — suggesting they will end up with double the regulatory burden, as well as moaning it will make it harder for them to make the necessary investments to roll out 5G networks.

Plus, as I say, there also seems to be some efforts to try to use ePrivacy as a vector to attack and weaken GDPR itself.

Buttarelli had comments to make on this front too, describing some data controllers as being in post-GDPR &revenge mode&.

&They want to move in sort of a vendetta, vendetta — and get back what they lose with the GDPR. But while I respect honest lobbying about which pieces of ePrivacy are not necessary I think ePrivacy will help first small businesses, and not necessarily the big tech startups. And where done properly ePrivacy may give more power to individuals. It may make harder for big tech to snoop on private conversations without meaningful consent,& he told us, appealing to Europepublishing industry to get behind the reform process, rather than applying pressure at the Member State level to try to derail it — given the media hardly feels well done by by big tech.

He even makes this appeal to local adtech players — which aren&t exactly enamoured with the dominance of big tech either.

&I see space for market incentives,& he added. &For advertisers and publishers to, letsay, re-establish direct relations with their readers and customers. And not have to accept the terms dictated by the major platform intermediaries. So I don&t see any other argument to discourage that we have a deal before the elections in May next year of the European legislators.&

Thereno doubt this is a challenging sell though, given how embedded all these players are with the big platforms. So it remains to be seen whether ePrivacy can be talked back on track.

Major progress is certainly very unlikely before 2019.

I&m still not sure why itso important though.

The privacy of personal communications is a fundamental right in Europe. So therea need for the legal framework to defend against technological erosion of citizens& rights.

Add to that, a big part of the problem with the modern adtech industry — aside from the core lack of genuine consent — is its opacity. Whodoing what;for what specific purposes; and with what exact outcomes.

Existing European privacy rules like GDPR mean theremore transparency than thereever been about whatgoing on — if you know and/or can be bothered to dig down into privacy policies and purposes.

If you do, you might, for example, discover a very long list of companies that your data is being shared with (and even be able to switch off that sharing) — entities with weird sounding names like Outbrain and OpenX.

A privacy policy might even state a per company purpose like ‘Advertising exchange& and ‘Advertising&. Or ‘Customer interaction&, whatever that means.

Thing is, itoften still very difficult for a consumer to understand what a lot of these companies are really doing with their data.

Thanks to current EU laws, we now have the greatest level of transparency there has ever been about the mechanisms underpinning Internet business models. But yet so much remains murky.

The average Internet user is very likely none the wiser. Can profiling them without proper consent really be fair

GDPR sets out an expectation of privacy by design and default. So, following that principle, you could argue that cookie consent, for example, should be default opt-out — and that any website must be required to gain affirmative opt in from a visitor for any tracking cookies. The adtech industry would certainly disagree though.

The original ePrivacy proposal even had a bit of a mixed approach to consent which was accused of being too overbearing for some technologies and not strong enough for others.

Itnot just creepy tech giants implicated here either. Publishers and the media (TechCrunch included) are very much caught up in the unpleasant tracking mess, complicit in darting users with cookies and trackers to try to increase what remain fantastically low conversation rates for digital ads.

Most of the time, most Internet users ignore most ads. So — with horribly wonky logic — the behavioral advertising industry, which has been able to grow like a weed because EU privacy rights have not previously been actively enforced, has made it its mission to suck up (and indeed buy up) more and more user data to try to move the ad conversion needle a fraction.

The media is especially desperate because the web has also decimated traditional business models. And European lawmakers can be very sensitive to publishing industry concerns (for e.g., see their backing of controversial copyright reforms which publishers have been pushing for).

Meanwhile Google and Facebook are gobbling up the majority of online ad spending, leaving publishers fighting for crumbs and stuck having to do businesses with the platforms that have so sorely disrupted them.

Platforms they can&t at all control but which are now so popular and powerful they can (and do) algorithmically control the visibility of publishers& content.

Itnot a happy combination. Well, unless you&re Facebook or Google.

Meanwhile, for web users just wanting to go about their business and do all the stuff people can (and sometimes need to do) online, things have got very bad indeed.

Unless you ignore the fact you&re being creeped on almost all the time, by snoopy entities that double as intelligence traders, selling info on what you like or don&t, so that an unseen adtech collective can create highly detailed profiles of you to try and manipulate your online transactions and purchasing decisions. With what can sometimes be discriminatory impacts.

The rise in popularity of ad blockers illustrates quite how little consumers enjoy being ad-stalked around the Internet.

More recently tracker blockers have been springing up to try to beat back the adtech vampire octopus which also lards the average webpage with myriad data-sucking tentacles, impeding page load times and gobbling bandwidth in the process, in addition to abusing peopleprivacy.

Therealso out-and-out malicious stuff to be found already here too as the increasing complexity, opacity and sprawl of the adtech industrysurveillance apparatus (combined with its general lack of interest in and/or focus on security) offers rich and varied vectors of cyber attack.

And so ads and gnarly page elements sometimes come bundled or injected with actual malware as hackers exploit all this stuff for their own ends and launch man in the middle attacks to grab user data as itbeing routinely siphoned off for tracking purposes.

Ittruly a layer cake of suck.

Ouch.

TheePrivacy Regulation could, in theory, help to change this, by helping to support alternative business models that don&t use people-tracking as their fuel by putting the emphasis back where it should be: Respect for privacy.

The (seemingly) radical idea underlying all these updates to European privacy legislation is that if you increase consumers& trust in online services by respecting peopleprivacy you can actually grease the wheel of ecommerce and innovation because web users will be more comfortable doing stuff online because they won&t feel like they&re under creepy surveillance.

More than that — you can lay down a solid foundation of trust for the next generation of disruptive technologies to build on.

Technologies like IoT and driverless cars.

Because, well, if consumers hate to feel like websites are spying on them, imagine how disgusted they&ll be to realize their fridge, toaster, kettle and TV are all complicit in snitching. Ditto their connected car.

‘I see you&re driving past McDonald&s. Great news! They have a special on those chocolate donuts you scoffed a whole box of last week…&

Ugh.

Yeah…

So what are ePrivacychances at this point

Ithard to say but things aren&t looking great right now.

Buttarelli describes himself as &relatively optimistic& about getting an agreement by May, i.e. before the EU parliament elections, but that may well be wishful thinking.

Even if heright there would likely still need to be an implementation period before it comes into force — so new rules aren&t likely up and running before 2020.

Yet he also describes the ePrivacy Regulation as &an essential missing piece of the jigsaw&.

Getting that piece in place is not going to be easy though.

Four Elon Musk tweets. One Securities and Exchange Commission lawsuit. Two settlement offers. Then some more Musk tweets taunting the SEC.

While Tesla continues to prove its doubters wrong as an automotive and energy business, the ongoing social media sideshow hangs over its finances. The stock rose to $310.70 per share on Monday, after Musk agreed to settle with the SEC last weekend. But the company ended this Friday around where it had been a week before, at $261.95 per share, seemingly driven by investor fears over the chief executiveongoing Twitter problem.

The SEC needs to help creative but impulsive entrepreneurs like Musk get off of social media and focus on building their companies—by being fair but firm.

So far, itbeen too easy, and thatsetting the wrong precedent. When companies go public, they&re agreeing to put the interests of their shareholders first. Impulsive tweeting breaks that bargain.

Once Musk rejected the first settlement, the SEC could have proceeded with its lawsuit and set an example. Musktweets were just the kind of egregious behavior that would have been an easy win in court. The SEC wouldn&t have needed to prove any intent by Musk to defraud. It would&ve just had to prove that it was more likely than not that Musk had disclosed a materially false fact or a misleading one without context—not a high bar when you consider the very flimsy basis for Musktweets.

How did we end up here

It all started with a single tweet. On August 7, Elon Musk tweetedto his more than 22 million Twitter followers: &Am considering taking Tesla private at $420. Funding secured.& The frenzy that followed was amplified by three more Musk tweets.

Combined, these four tweets formed the basis of the SEClawsuit against Musk filed in the Southern District of New York on September 27. In its suit, the SEC asked the court to remove Musk as both Chairman and CEO of Tesla, have Musk pay unquantified civil fines, and prohibit Musk from leading any publicly listed company for an unspecified time.

According to the SEC, Musktweets were based on a roughly half hour meeting on July 31 between him and representatives of the Saudi sovereign wealth fund. At this meeting, the fund told Musk it&d bought nearly 5% of Tesla stock on the open market, and expressed interest in taking Tesla private. But Musk didn&t get any formal offer, he didn&t then get full legal advice about what it would take to go private, and he hadn&t even talked to the fund again before his August 7 tweets.

Oh, and the $420 price The SECcomplaint claims Musk added 20% to the price of the stock at closing the day before his tweet, got $419 and rounded up to $420 because he thought his girlfriend would find it funny given 420significance.

Right after the SECsuit was filed, a reported settlement between Musk and the SEC would have allowed him to pay a $10 million fine, stay on as CEO and force him to step down as chairman for only two years. Considering what the SEC was suing for, those terms can only be described as generous. But Teslaboard still rejected the settlement, reportedly because Musk threatened to quit if they accepted.

The day after rejecting the settlement, Tesla lawyers were back at the SEC groveling. Musk had begrudgingly approved of settling as the companystock nosedived nearly 14% on the no-settlement news.

Under the terms of settlement 2.0, the ban on Musk serving as chairman went from two to three years and the fine on Musk doubled to $20 million. Tesla also agreed to pay a fine of $20 million, to add two independent directors to its board and to elect an independent director as chairman to replace Musk.As part of the deal, Tesla is also required to implement procedures and controls to oversee Muskcommunications, including his social media usage.

Just hours after the judge presiding over the case asked Musk and the SEC to show the settlement was in the &public interest,& Musk took to Twitter again to taunt the very counterpart whose help he needs to get the court on board with the settlement: &Just want to [sic] that the Shortseller Enrichment Commission is doing incredible work. And the name change is so on point!& On cue, Tesla&s stock price fell after Musklatest tweet.

The SEC may still pull the plug on the deal altogether, but—if history is prologue—that seems highly unlikely.

Whatwrong with Musktweets

The main issue is whether Musktweets were false or at least misleading. Under the SECrules, you can&t make a false material statement or not give enough context in making a statement to make sure itnot misleading. You can easily see how Musktweets can count as either false or—without any caveats about how preliminary the talks were—at least misleading.

Saying &funding secured,& means Tesla actually had the more than $70 billion probably needed to take the company private. No such funding was actually secured. No deal terms were discussed let alone agreed on with the Saudis. Even if Musk did have funding, approval was far from certain. Any going-private transaction would have required board approval. The Saudis had told Musk their investment may be contingent on Tesla building a factory in the Middle East, a condition which at least one Tesla board member described as a &non-starter.&

Itnot hard to imagine what led to Musktweets. He has been outspoken about being hampered by the myriad requirements that come with being publicly listed. He called an analystquestions &boneheaded& and &dry& during TeslaMay earning call. For years, heexpressed frustration with short sellers. Musk must&ve genuinely been excited about the prospect of the Saudis taking Tesla private so he&d no longer have to deal with any of this.

Ittrue that disclosure requirements are onerous. It takes countless expensive lawyer hours just to make a single filing with the SEC, only to then have to make another filing the next quarter or with the next material development. The SEC itself moves slowly. It took until 2013 to accept tweets as a form of disclosure. It took until 2014 for it to agree that a hyperlink in a tweet is enough for disclaimer language, as opposed to needing the full disclaimer language within the limited characters allowed in a tweet.

But the SECrules exist for a reason. They are intended to level the information differential between companies and their shareholders, and protect the millions of investors in public companies in the process. Musk may have been well intentioned in his tweets, but that doesn&t put him above the law, or make it okay for him to cause Teslastock price to go on a rollercoaster ride. He can complain all he wants about the SECrules, but these rules have been a requirement for public companies long before Tesla went public. By choosing the public route to get liquidity, Musk and Tesla knowingly signed up for these trade-offs.

Missed opportunity to set clear precedent

Ultimately, what matters most with any action that the SEC takes is the precedent it sets.

The SEC had a unique opportunity here to set an example of Muskegregious behavior. Instead, SEC Chairman Jay Claytonstatement about the settlement made it look like the SEC was making an exception for Musk because he is so central to Tesla. Clayton said penalties for violating securities laws should be balanced with &the skills and support of certain individuals& that are important &to the future success of a company.&

In other words, it seems, you can behave more recklessly the more important you are.

Musk is absolutely central to Tesla, but that doesn&t mean he has to be the one to wear every hat at the company. Therea reason Tesla has legal, policy and comms departments that go through rounds of approval before making corporate disclosures. It is not much to have asked Musk to call a lawyer in these departments before tweeting.

Instead of setting this double standard based on centrality of a director to a company, the SEC could have taken Musk to court and allowed the court to set a standard applicable to all directors equally. By going that route, Musk would have also had his day in court to argue before an impartial arbiter why the SECactions in suing him were &unjustified.&

Even if the SEC did not want this one case to drag on, leaving Tesla investors in limbo in the interim, it could have at least taken more time before agreeing to the second settlement. The specter of a continuing lawsuit would have served as a stronger deterrent than the two days it took from filing suit to coming to a settlement. Based on Musktweets taunting the SEC after the settlement was agreed, it&d be hard to argue that helearned his lesson.

Instead Muskcult of being the be-all and end-all on all matters big or small at Tesla will continue. This ultimately disempowers others within the company, lulling them into a false sense of security based on the sacrosanct words of one person. According to the SEC, an investment bank analyst emailed TeslaHead of Investor Relations, Martin Viecha, on August 7 following Musktweets asking for a clarification about the funding. Viecha responded within ten minutes with, &I can only say that the first Tweet clearly stated that ‘financing is secured&. Yes, there is a firm offer.&

Viecha couldn&t have actually known that financing was secured any more than Musk did. He did not actually know whether or not there was a firm offer. But Teslacorporate culture clearly didn&t allow him to second guess the words of Musk, to the ultimate detriment of the entire company and its investors.

It may be Musk in the headlines these days, but other public-company CEOs have social media accounts too. What they say—or don&t say—can equally hurt investors and their own companies. If Musk can get away relatively unharmed with bending the rules, what will stop others from trying The SECindirect acknowledgement that the settlement terms with Musk are justified by Muskcentrality to Tesla is exactly the kind of precedent other Silicon Valley leaders could latch onto to justify inappropriate social media behavior.

As counterintuitive as it may sound in a world where the most powerful seem to tweet with impunity, we should at least be holding directors of public companies fully accountable for tweets that violate securities law. Tweets and social media posts have real world consequences. Tesla shareholders deserve the brilliant technologist they bet their money on, not a social media troll.

The SEChandling of Musktweets is so far a missed opportunity to make that point clear.