Tag: Microsoft

FTC Chair Lina Khan on startups, scaling, and ”innovations in potential lawbreaking”

Posted on by faz_business


FTC Chair Lina Khan was the youngest person appointed to her position when she assumed the job in 2021. But once her term ends in September –  after which she’ll stay until a successor is named – her age might be the last thing that people remember about her reign.

It’s more likely that Khan’s legacy will be taking on Big Tech – and doing it very publicly. Unlike her decidedly low-flying predecessors, Khan talks routinely with the media about how the FTC executes on its mandate of both enforcing antitrust laws and protecting consumers, putting today’s tech giants on constant notice. 

The strategy is all the more notable given how small the FTC really is, with just 1,300 employees who work roughly 150 cases simultaneously and are backed by an annual budget of just $400 million. That’s a drop in the ocean for some of the outfits the agency investigates.

We talked with Khan about her approach – and what she thinks Silicon Valley misunderstands about it – in a sit-down earlier this week at one of TechCrunch’s more intimate StrictlyVC events, this one held in Washington, D.C. Outtakes from that conversation have been edited for length below. You can listen to the talk in its entirety here.

Over the last two decades, Washington has  become dominated by massive players like Google and Microsoft. I was hoping we could start with the Wall Street Journal’s report that federal regulators are moving forward with an investigation of some of these big players – Microsoft, OpenAI, and Nvidia –  if there’s anything you can say about your plans.

You’re right that there is a lot of interest across D.C. and making sure that we are able to harness the opportunity and potential that these tools present while also making sure that these markets stay open and fair and competitive, rather than allowing certain types of bottlenecks or choke points to emerge in ways that could undermine that competition and that opportunity and that innovation . . . I was out in Silicon Valley a few months ago, and it was really interesting to hear from those founders in particular about how right now there is a whole lot of opacity around who’s getting access to some of these key inputs, be it compute, be at the models, be it whether there is any guarantee that you’re not effectively feeding back proprietary information. And so I think, there’s a lot of excitement, but we’re also hearing some weariness that can emerge when you realize there’s a lot of power already concentrated, and then that power being concentrated could foreclose innovation and competition. 

It also seems like some of the people that you are trying to regulate are getting more creative about the deals that they’re striking, like Microsoft’s deal with Inflection AI, an AI company whose co-founder and employees were hired by Microsoft back in March and that is now being paid a $650 million licensing fee by Microsoft so it can resell [InflectionAI’s] technology. It’s not technically a merger. Did they talk to your agency or other regulators about what they were doing?

I’m limited in what I can say about some of these specific deals or specific potential matters. I will say that we are interested in being vigilant to make sure that we’re not seeing evasion of the existing laws. We’ve been really clear that all of the existing laws still apply: the laws prohibiting mergers that may substantially lessen competition, the laws that ban price fixing and collusion. Whether you’re doing that price fixing through an algorithm or through a handshake, both are still illegal. So across the board, we’re trying to scrutinize and make sure we’re not seeing some of these innovations in potential lawbreaking. We want to make sure that everybody’s playing by the same rules.

I will say that earlier this year, we also launched an inquiry into some of these strategic partnerships and investments to make sure we were understanding what was really going on here. We’d heard some concerns about, for example, whether some of these partnerships and investments could be resulting in privileged access for some or exclusionary access for others . . and that work is still ongoing as well.

Apple also made a lot of announcements [this week at WWDC]. It said it’s integrating OpenAI into some of its offerings; it said it is also open to working with other third parties, including potentially Google Gemini. It seems like a lot of the partnerships are among the same players that are probably a bit concerning to you right now. What did you think of what came out of that event?

We’ve seen that some of the most significant breakthrough innovations have historically come from the startups and the entrepreneurs and the small guys who are able to just see things differently, see an opening in the marketplace, and really disrupt in ways that disintermediate the big guys . . . 

It’s true that right now, what we could be saying is that some of the existing incumbents may be controlling access to the inputs and the raw material that’s needed for some of these innovations. And so we need to be vigilant to make sure that that moment of competition and innovation and disruption is not going to be coopted by the existing incumbents in ways that we’ll close off the market, and prevent us from really enjoying the innovations and competition that have historically kept our country ahead . . .

I know you don’t buy this argument that these companies have to be protected [from antitrust action] because if they’re slowed down in any way, it weakens the U.S. as a country. And on the one hand, plenty of people agree; they want to see things broken up so that startups can breathe. Others might say, ‘This technology moves much faster than anything we’ve ever seen before. Autonomous weapons can incorporate this technology.’ How do you lay out the case for breaking things up while also not putting the country at any risk? 

Even 40 or 50 years ago, as the Justice Department was investigating AT&T, it was the Defense Department that stepped in and said, ‘Hey, we really need to tread carefully here because taking antitrust action against AT&T could pose a national security risk.’ And so even back then, we were hearing a lot of these analogous arguments. 

There are some natural experiments. At various moments, we faced a choice as to whether we should protect and coddle our monopolies or instead whether we should protect the laws of fair competition. And time and time again, we chose the path of competition. And that is what ended up fueling and catalyzing so many of these breakthrough innovations and so much of the remarkable growth that our country has enjoyed and that has allowed us to stay ahead globally. If you look at some other countries that instead chose that national champions model, they’re the ones who got left behind. I think we need to keep those lessons of history in mind as we again choose a path. 

There are founders and VCs in this audience who have mixed feelings about you because they want their companies to thrive, and they’re worried that you’ve been so vocal about having your eye on Big Tech that companies aren’t making any [acquisitions]. Exits are a huge path for VCs and for founders; how do you make them comfortable that you’re doing what’s best for them in both the short and long term?

Certainly, we understand that for some startups and founders that acquisition is a key exit path that they’re interested in. Really, what the law prohibits is an exit or an acquisition that’s going to fortify a monopoly or allow a dominant firm to take out a nascent threat and a competitive threat. . . Just to step back, in any given year, we see up to 3,000 merger filings that get reported to us. Around 2% of those actually get a second look by the government, so you have 98% of all deals that, for the most part, are going through. 

I’ll also say that if you are a startup or a founder that is eager for an acquisition as an exit, I would think that a world in which you have six or seven or eight potential suitors is a better world than one where you have just one or two. 

There are 1,500 people at the FTC? 

Around 1,300, which is actually 400 fewer people than in the 1980s, even though the economy has grown 15 times over so . . we’re a small agency, but definitely punch above our weight.

I don’t know if you’re taking more actions than your predecessors, or if you’re just more visible about it. Do you know if you’re moving at a faster pace than your predecessors in the role? 

You can look at the numbers and there are some upticks there. But to my mind, counting the number of lawsuits or the number of investigations is only one way to try to capture impact. The types of cases you’re bringing is also important. One thing that’s been important for me is to make sure that we’re actually looking at: where do we see the biggest harm? Where do we see players that we think are more systematically driving some of these problems in illegal behaviors? So in the same way that being able to go after the mob boss is going to be more effective than going after some of the henchmen at the bottom, you want to be effective in your enforcement strategy. That’s why we have been looking upstream and taking on lawsuits that can really go up against some of the big guys; we think if we’re successful, [it will] have a really beneficial effect in the marketplace. 

When it comes to deterrence, I think we’re already seeing some of that. We hear routinely from senior dealmakers, senior antitrust lawyers, who will say pretty openly that as of five or six or seven years ago, when you were thinking about a potential deal, antitrust risk or even the antitrust analysis was nowhere near the top of the conversation, and now it is up front and center. For an enforcer, if you’re having companies think about that legal issue on the front end, that’s a really good thing because then we’re not going to have to spend as many public resources taking on deals that we believe are violating the laws. 

To scale your relatively small office, which has a fairly constrained budget, are you using AI?

We are thinking about: are there ways, especially with some of our economic analysis, to be benefiting from some of these tools? Obviously, being able to do that requires pretty significant compute upgrades, which we’re asking Congress for more funding to be able to [secure].

FTC launches an antitrust probe into Microsoft’s deal with Inflection AI

Posted on by faz_business


Microsoft is under investigation by the Federal Trade Commission over its deal with Inflection AI, according to The Wall Street Journal. Back in March, the company hired almost all of Inflection AI’s employees, including founders Karén Simonyan and Mustafa Suleyman, who was also a DeepMind cofounder. In addition, Microsoft paid Inflection AI $650 million to license its artificial intelligence technology. Now, the FTC wants to know whether the companies deliberately structured the deal to avoid being the subject of regulatory antitrust review.

As The Journal notes, companies are required to report any acquisition that’s valued at $119 million or more to federal antitrust agencies. The FTC or the Justice Department could then investigate whether the deal stifles competition in the industry and then sue to block the merger or the investment that it deems to be anti-competitive. When companies want to hire all the talent in another firm, they typically buy the other out in an “acquihire.” But Microsoft didn’t buy Inflection, which denied that the bigger company has any power over it. Ted Shelton, its new COO, told the publication that it still operates as an independent company under new leadership.

The FTC has already sent out subpoenas to both Microsoft and Inflection, asking for relevant documents over the past two years. If it does determine that the companies entered into an agreement in a way that would give Microsoft control over the other while dodging regulatory review, then Microsoft could be fined, and the transaction could be suspended pending a more in-depth investigation.

Microsoft provided Engadget with the following statement: “Our agreements with Inflection gave us the opportunity to recruit individuals at Inflection AI and build a team capable of accelerating Microsoft Copilot, while enabling Inflection to continue pursuing its independent business and ambition as an AI studio. We take our legal obligations to report transactions under the HSR Act seriously and are confident that we have complied with those obligations.”

US federal agencies have been cracking down on monopolistic practices by the world’s largest tech companies over the past few years. To be even more efficient in conducting antitrust investigations involving the current biggest players in artificial intelligence, the agencies have also just struck a deal on how they’re dividing their responsibilities. The Justice Department will take the lead in investigations involving NVIDIA, while the FTC will take charge of antitrust probes involving Microsoft and OpenAI.

Update, June 6 2024, 11:46AM ET: This story has been updated to include a statement from Microsoft.

This article contains affiliate links; if you click such a link and make a purchase, we may earn a commission.

Microsoft uncovers a security flaw impacting Android apps with billions of combined downloads

Posted on by faz_business


Android logo on smartphone stock photo (8)

Edgar Cervantes / Android Authority

TL;DR

  • Microsoft has uncovered a security vulnerability affecting Android apps named “Dirty Stream.”
  • This could allow attackers to execute malicious code within popular apps, potentially leading to data theft.
  • The flaw is widespread, with Microsoft identifying vulnerable apps that have billions of combined installations.

Microsoft has brought to light a critical security loophole, potentially affecting countless Android applications. Dubbed “Dirty Stream,” this vulnerability presents a serious threat that could grant someone the ability to take control of apps and steal valuable user information. (h/t: Bleeping Computer)

The heart of the “Dirty Stream” vulnerability lies in the potential for malicious Android apps to manipulate and abuse Android’s content provider system. This system is typically designed to facilitate secure data exchange between different applications on a device. It includes safeguards such as strict isolation of data, the use of permissions attached to specific URIs (Uniform Resource Identifiers), and thorough validation of file paths to ward off unauthorized access.

However, careless implementation of this system can open the door to exploitation. Microsoft’s researchers found that incorrect use of “custom intents” — the messaging system that allows Android app components to communicate — can expose sensitive areas of an app. For example, vulnerable apps may fail to adequately check file names or paths, granting a malicious app the chance to sneak in harmful code camouflaged as legitimate files.

What’s the threat?

By exploiting the Dirty Stream flaw, an attacker could trick a vulnerable app into overwriting critical files within its private storage space. Such an attack scenario could result in the attacker seizing total control over the app’s behavior, gaining unauthorized access to sensitive user data, or intercepting private login information.

Microsoft’s investigation revealed that this vulnerability is not an isolated issue, as the research found incorrect implementations of the content provider system prevalent across many popular Android apps. Two notable examples are Xiaomi’s File Manager application, which has over one billion installations, and WPS Office, which boasts about 500 million installs.

Microsoft researcher Dimitrios Valsamaras emphasized the staggering number of devices at risk, stating, “We identified several vulnerable applications in the Google Play Store that represented over four billion installations.”

Microsoft has proactively shared its discoveries, alerting developers of potentially vulnerable apps and collaborating with them to deploy fixes. Both companies mentioned above have promptly acknowledged the identified issues in their software.

Furthermore, Google has taken steps to prevent similar vulnerabilities in the future by updating its app security guidelines, now placing additional emphasis on exploitable common content provider design flaws.

What can Android users do?

While developers scramble to find and patch vulnerable apps, Android users can take some simple precautions. Staying vigilant with app updates is crucial, as developers will likely be issuing fixes rapidly.

Additionally, it’s advisable to always download applications from the official Google Play Store and be highly cautious when downloading from unofficial sources, which are more likely to harbor malicious apps.

Got a tip? Talk to us! Email our staff at news@androidauthority.com. You can stay anonymous or get credit for the info, it’s your choice.

You might like