Group items matching

in title, tags, annotations or url

In a seminal decision updating and consolidating its previous jurisprudence on surveillance, the Grand Chamber of the European Court of Human Rights took a sideways swing at mass surveillance programs last week, reiterating the centrality of “reasonable suspicion” to the authorization process and the need to ensure interception warrants are targeted to an individual or premises. The decision in Zakharov v. Russia — coming on the heels of the European Court of Justice’s strongly-worded condemnation in Schrems of interception systems that provide States with “generalised access” to the content of communications — is another blow to governments across Europe and the United States that continue to argue for the legitimacy and lawfulness of bulk collection programs. It also provoked the ire of the Russian government, prompting an immediate legislative move to give the Russian constitution precedence over Strasbourg judgments. The Grand Chamber’s judgment in Zakharov is especially notable because its subject matter — the Russian SORM system of interception, which includes the installation of equipment on telecommunications networks that subsequently enables the State direct access to the communications transiting through those networks — is similar in many ways to the interception systems currently enjoying public and judicial scrutiny in the United States, France, and the United Kingdom. Zakharov also provides a timely opportunity to compare the differences between UK and Russian law: Namely, Russian law requires prior independent authorization of interception measures, whereas neither the proposed UK law nor the existing legislative framework do.

The decision is lengthy and comprises a useful restatement and harmonization of the Court’s approach to standing (which it calls “victim status”) in surveillance cases, which is markedly different from that taken by the US Supreme Court. (Indeed, Judge Dedov’s separate but concurring opinion notes the contrast with Clapper v. Amnesty International.) It also addresses at length issues of supervision and oversight, as well as the role played by notification in ensuring the effectiveness of remedies. (Marko Milanovic discusses many of these issues here.) For the purpose of the ongoing debate around the legitimacy of bulk surveillance regimes under international human rights law, however, three particular conclusions of the Court are critical.

The Court took issue with legislation permitting the interception of communications for broad national, military, or economic security purposes (as well as for “ecological security” in the Russian case), absent any indication of the particular circumstances under which an individual’s communications may be intercepted. It said that such broadly worded statutes confer an “almost unlimited degree of discretion in determining which events or acts constitute such a threat and whether that threat is serious enough to justify secret surveillance” (para. 248). Such discretion cannot be unbounded. It can be limited through the requirement for prior judicial authorization of interception measures (para. 249). Non-judicial authorities may also be competent to authorize interception, provided they are sufficiently independent from the executive (para. 258). What is important, the Court said, is that the entity authorizing interception must be “capable of verifying the existence of a reasonable suspicion against the person concerned, in particular, whether there are factual indications for suspecting that person of planning, committing or having committed criminal acts or other acts that may give rise to secret surveillance measures, such as, for example, acts endangering national security” (para. 260). This finding clearly constitutes a significant threshold which a number of existing and pending European surveillance laws would not meet. For example, the existence of individualized reasonable suspicion runs contrary to the premise of signals intelligence programs where communications are intercepted in bulk; by definition, those programs collect information without any consideration of individualized suspicion. Yet the Court was clearly articulating the principle with national security-driven surveillance in mind, and with the knowledge that interception of communications in Russia is conducted by Russian intelligence on behalf of law enforcement agencies.

The first (and thus far only) roll-back of post-9/11 surveillance authorities was implemented over the weekend: The National Security Agency shuttered its program for collecting and holding the metadata of Americans’ phone calls under Section 215 of the Patriot Act. While bulk collection under Section 215 has ended, the government can obtain access to this information under the procedures specified in the USA Freedom Act. Indeed, some experts have argued that the Agency likely has access to more metadata because its earlier dragnet didn’t cover cell phones or Internet calling. In addition, the metadata of calls made by an individual in the United States to someone overseas and vice versa can still be collected in bulk — this takes place abroad under Executive Order 12333. No doubt the NSA wishes that this was the end of the surveillance reform story and the Paris attacks initially gave them an opening. John Brennan, the Director of the CIA, implied that the attacks were somehow related to “hand wringing” about spying and Sen. Tom Cotton (R-Ark.) introduced a bill to delay the shut down of the 215 program. Opponents of encryption were quick to say: “I told you so.”

But the facts that have emerged thus far tell a different story. It appears that much of the planning took place IRL (that’s “in real life” for those of you who don’t have teenagers). The attackers, several of whom were on law enforcement’s radar, communicated openly over the Internet. If France ever has a 9/11 Commission-type inquiry, it could well conclude that the Paris attacks were a failure of the intelligence agencies rather than a failure of intelligence authorities. Despite the passage of the USA Freedom Act, US surveillance authorities have remained largely intact. Section 702 of the FISA Amendments Act — which is the basis of programs like PRISM and the NSA’s Upstream collection of information from Internet cables — sunsets in the summer of 2017. While it’s difficult to predict the political environment that far out, meaningful reform of Section 702 faces significant obstacles. Unlike the Section 215 program, which was clearly aimed at Americans, Section 702 is supposedly targeted at foreigners and only picks up information about Americans “incidentally.” The NSA has refused to provide an estimate of how many Americans’ information it collects under Section 702, despite repeated requests from lawmakers and most recently a large cohort of advocates. The Section 215 program was held illegal by two federal courts (here and here), but civil attempts to challenge Section 702 have run into standing barriers. Finally, while two review panels concluded that the Section 215 program provided little counterterrorism benefit (here and here), they found that the Section 702 program had been useful.

There is, nonetheless, some pressure to narrow the reach of Section 702. The recent decision by the European Court of Justice in the safe harbor case suggests that data flows between Europe and the US may be restricted unless the PRISM program is modified to protect the information of Europeans (see here, here, and here for discussion of the decision and reform options). Pressure from Internet companies whose business is suffering — estimates run to the tune of $35 to 180 billion — as a result of disclosures about NSA spying may also nudge lawmakers towards reform. One of the courts currently considering criminal cases which rely on evidence derived from Section 702 surveillance may hold the program unconstitutional either on the basis of the Fourth Amendment or Article III for the reasons set out in this Brennan Center report. A federal district court in Colorado recently rejected such a challenge, although as explained in Steve’s post, the decision did not seriously explore the issues. Further litigation in the European courts too could have an impact on the debate.

The five-week court hearing in what is a complex case delving into detail on US surveillance operations took place in February. The court issued its ruling today. The 153-page ruling starts by noting “this is an unusual case”, before going into a detailed discussion of the arguments and concluding that the DPC’s concerns about the validity of SCCs should be referred to the European Court of Justice for a preliminary ruling. Schrems is also the man responsible for bringing, in 2013, a legal challenge that ultimately struck down Safe Harbor — the legal mechanism that had oiled the pipe for EU-US personal data flows for fifteen years before the ECJ ruled it to be invalid in October 2015. Schrems’ argument had centered on U.S. government mass surveillance programs, as disclosed via the Snowden leaks, being incompatible with fundamental European privacy rights. After the ECJ struck down Safe Harbor he then sought to apply the same arguments against Facebook’s use of SCCs — returning to Ireland to make the complaint as that’s where the company has its European HQ. It’s worth noting that the European Commission has since replaced Safe Harbor with a new (and it claims more robust) data transfer mechanism, called the EU-US Privacy Shield — which is now, as Safe Harbor was, used by thousands of businesses. Although that too is facing legal challenges as critics continue to argue there is a core problem of incompatibility between two distinct legal regimes where EU privacy rights collide with US mass surveillance.

In a written statement on the ruling Schrems added: “I welcome the judgement by the Irish High Court. It is important that a neutral Court outside of the US has summarized the facts on US surveillance in a judgement, after diving through more than 45,000 pages of documents in a five week hearing.

Making a video statement outside court in Dublin today, Schrems said the Irish court had dismissed Facebook’s argument that the US government does not undertake any surveillance.

Lawmakers in the United States and the United Kingdom are calling on Facebook chief executive Mark Zuckerberg to explain how the names, preferences and other information from tens of millions of users ended up in the hands of the Cambridge Analytica data analysis firm.

After Facebook cited data privacy policies violations and announced that it was suspending the Cambridge Analytica data analytics firm also tied to the Trump campaign, new revelations have emerged. On Saturday, reports revealed that Cambridge Analytica, used a feature once available to Facebook app developers to collect information on some 270,000 people. In the process, the company, which was, at the time, handling U.S. President Donald Trump’s presidential campaign, gained access to data on tens of millions of their Facebook “friends” and that it wasn’t clear at all if any of these people had given explicit permission for this kind of sharing. Facebook’s Deputy General Counsel Paul Grewal said in a statement, “We will take legal action if necessary to hold them responsible and accountable for any unlawful behavior.”

The social media giant also added that it was continuing to investigate the claims. According to reports, Cambridge Analytica worked for the failed presidential campaign of U.S. Senator Ted Cruz and then for the presidential campaign of Donald Trump. Federal Election Commission records reportedly show that Trump’s campaign hired Cambridge Analytica in June 2016 and paid it more than $6.2 million. On its website, the company says that it “provided the Donald J. Trump for President campaign with the expertise and insights that helped win the White House.” Cambridge Analytica also mentions that it uses “behavioral microtargeting,” or combining analysis of people’s personalities with demographics, to predict and influence mass behavior.  According to the company, it has data on 220 million Americans, two thirds of the U.S. population. Cambridge Analytica says it has worked on other campaigns in the United States and other countries, and it is funded by Robert Mercer, a prominent supporter of politically conservative groups.

The battle over the Federal Communications Commission’s (FCC) repeal of net neutrality rules is entering a new phase, with opponents of the move launching efforts to preserve the Obama-era consumer protections.The net neutrality rules had required internet service providers to treat all web traffic equally. Republicans on the Commission decried the regulatory structure as a gross overreach, and quickly moved to reverse them once the Trump administration came to power. The reversal of the rules was published in the Federal Register Thursday, and even though the order is months away from implementation, net neutrality supporters are now free to mount legal challenges to the action. A coalition of Democratic state attorneys general, public interest groups and internet companies have vowed to fight in the courts. Twenty-three states, led by New York and its attorney general, Eric Schneiderman (D), have already filed a lawsuit. 

Even if Democrats do manage to find the tie-breaking vote in the Senate, the bill is almost certain to die in the House. But Democrats see a roll call vote as an opportunity to make GOP members stake out a position on an issue that they think could resonate in the midterm elections. On yet another front, Democratic states around the country have already launched their own attack on the FCC’s rules. Five governors (from Montana, Hawaii, New Jersey, Vermont and New York) have in recent weeks signed executive orders forbidding their states from doing business with internet service providers who violate net neutrality principles. And, according to the pro-net neutrality group Free Press, legislatures in 26 states are weighing bills that would codify their own open internet protections. The local efforts could ignite a separate legal battle over whether states have the authority to counteract the FCC’s order, which included a provision preempting them from replacing the rules.

The emerging court battle over net neutrality could keep the issue in limbo for years.Meanwhile, a separate battle over the rules is brewing in Congress.Senate Democrats have secured enough support to force a vote on a bill that would undo the FCC’s December vote and leave the net neutrality rules in place. The bill, which is being pushed by Sen. Ed MarkeyEdward (Ed) John MarkeyRegulators seek to remove barriers to electric grid storage Markey, Paul want to know if new rules are helping opioid treatment Oil spill tax on oil companies reinstated as part of budget deal MORE (D-Mass.), would use a legislative tool called the Congressional Review Act (CRA) to roll back the FCC’s repeal of net neutrality. The entry of the FCC’s repeal order in the Federal Register Thursday means that the Senate has 60 legislative days to move on the CRA bill. Democrats have secured support from one Republican, Sen. Susan CollinsSusan Margaret CollinsOvernight Tech: Judge blocks AT&T request for DOJ communications | Facebook VP apologizes for tweets about Mueller probe | Tech wants Treasury to fight EU tax proposal Overnight Regulation: Trump to take steps to ban bump stocks | Trump eases rules on insurance sold outside of ObamaCare | FCC to officially rescind net neutrality Thursday | Obama EPA chief: Reg rollback won't stand FCC to officially rescind net neutrality rules on Thursday MORE (Maine), and need just one more to cross the aisle for the bill to pass the chamber. 

n a bipartisan effort, the state's legislators passed House Bill 2282. which was signed into law Monday by Gov. Jay Inslee. "Washington will be the first state in the nation to preserve the open internet," Inslee said at the bill signing. The state law, approved by the legislature last month, is to safeguard net neutrality protections, which have been repealed by the Federal Communications Commission and are scheduled to officially end April 23. Net neutrality requires internet service providers to treat all online content the same, meaning they can't deliberately speed up or slow down traffic from specific websites to put their own content at advantage over rivals. The FCC's decision to overturn net neutrality has been championed by the telecom industry, but widely criticized by technology companies and consumer advocacy groups. Attorneys general from more than 20 red and blue states filed a lawsuit in January to stop the repeal. Inslee said the new measure would protect an open internet in Washington, which he described as having "allowed the free flow of information and ideas in one of the greatest demonstrations of free speech in our history." HB2282 bars internet service providers in the state from blocking content, applications, or services, or slowing down traffic on the basis of content or whether they got paid to favor certain traffic. The law goes into effect June 6.

Maine internet service providers will face the strictest consumer privacy protections in the nation under a bill signed Thursday by Gov. Janet Mills, but the new law will almost certainly be challenged in court. Several technology and communication trade groups warned in testimony before the Legislature that the measure may be in conflict with federal law and would likely be the subject of legal action.

The new law, which goes into effect on July 1, 2020, would require providers to ask for permission before they sell or share any of their customers’ data to a third party. The law would also apply to telecommunications companies that provide access to the internet via their cellular networks.

The law is modeled on a Federal Communications Commission rule, adopted under the administration of President Obama but overturned by the administration of President Trump in 2017. The rule blocked an ISP from selling a customer’s personal data, which is not prohibited under federal law.

A court in the Belgian capital Brussels, on Friday, found the social media company Facebook guilty of breaching Belgian privacy laws. Belgium’s Privacy Commission had taken Facebook to court and the judge agreed with the Commission’s view that Facebook had flouted the country’s privacy legislation. The company has been ordered to correct its practice right away of face fines. Facebook has lodged an appeal.

Facebook follows its users activities by means of so-called social plug-ins, cookies, and pixels. These digital technologies enable Facebook to follow users’ behavior when online. Cookies, for example, are small files that are attached to your internet browser when you go online and visit a particular site. They are used to collect information about the kind of things you like to read or look at while surfing the web. Facebook uses the data both for its own ends, but also to help advertisers send tailor made advertising. In so doing Facebook also uses certain cookies to follow people that don’t even have a Facebook profile. The court ruled that it is “unclear what information Facebook is collecting about us” and “what it uses the information for”. Moreover, Facebook has not been given permission to keep tabs on internet-users by a court of law.

he court has ordered Facebook to stop the practice straight away and to delete any data that it has obtained by means contrary to Belgian privacy legislation. If Facebook fails to comply it will face a penalty payment of 250,000 euro/day.

Since taking office, President Donald Trump has wasted no time in proposing rollbacks to Obama-era federal regulations. So, it should come as no surprise that the Federal Communications Commission (FCC) voted last month to propose changes to current regulations on Internet service providers. Spearheaded by Ajit Pai — the Trump-appointed FCC chairman and former lawyer for Verizon — the 2-1 vote is the first step in dismantling the Open Internet Order. The lone FCC Democrat, Mignon Clyburn, was overruled by Pai and fellow Commissioner Michael O’Reilly. The 2015 order classified broadband internet as a utility under Title II of the Communications Act of 1934. Opponents of the current state of net neutrality argue that the rules are archaic and place unnecessary — even harmful — restrictions on internet service providers (ISPs), leading to lack of innovation and investment. While it’s true that policies conceived in the 1930s could hardly anticipate the complexities of the modern Internet, a complete rollback of Title II protections would leave ISPs free to favor their own services and whichever company pays for upgraded service. Considering relaxed FEC rules on media ownership and lack of antitrust enforcement, some could argue that a rollback of net neutrality is even more toxic to innovation and affordable pricing. That is, fast lanes could be created for companies with deeper pockets, effectively giving them an advantage over companies and individuals who can’t pay extra. This approach effectively penalizes small businesses, nonprofits and innovative start-ups. Today’s Internet is so vast and so pervasive that it’s hard to grasp the impact that an abandonment of net neutrality would have on every aspect of our culture.

While the FCC’s proposed change will touch most Americans, net neutrality remains a mystifying concept to non-techies. To help our readers better understand the issue, we have compiled some videos that explain net neutrality and its importance. The FCC will be accepting comments from the public on their website until August 16, 2017.

The digital privacy world was rocked late Thursday evening when The New York Times reported on Securus, a prison telecom company that has a service enabling law enforcement officers to locate most American cell phones within seconds. The company does this via a basic Web interface leveraging a location API—creating a way to effectively access a massive real-time database of cell-site records. Securus’ location ability relies on other data brokers and location aggregators that obtain that information directly from mobile providers, usually for the purposes of providing some commercial service like an opt-in product discount triggered by being near a certain location. ("You’re near a Carl’s Jr.! Stop in now for a free order of fries with purchase!") The Texas-based Securus reportedly gets its data from 3CInteractive, which in turn buys data from LocationSmart. Ars reached 3CInteractive's general counsel, Scott Elk, who referred us to a spokesperson. The spokesperson did not immediately respond to our query. But currently, anyone can get a sense of the power of a location API by trying out a demo from LocationSmart itself. Currently, the Supreme Court is set to rule on the case of Carpenter v. United States, which asks whether police can obtain more than 120 days' worth of cell-site location information of a criminal suspect without a warrant. In that case, as is common in many investigations, law enforcement presented a cell provider with a court order to obtain such historical data. But the ability to obtain real-time location data that Securus reportedly offers skips that entire process, and it's potentially far more invasive. Securus’ location service as used by law enforcement is also currently being scrutinized. The service is at the heart of an ongoing federal prosecution of a former Missouri sheriff’s deputy who allegedly used it at least 11 times against a judge and other law enforcement officers. On Friday, Sen. Ron Wyden (D-Ore.) publicly released his formal letters to AT&T and also to the Federal Communications Commission demanding detailed answers regarding these Securus revelations.

While there is considerable telecom hubris regarding the 5G rollout and increasing speculation that the next generation of wireless is not yet ready for Prime Time, the industry continues to make promises to Rural America that it has no intention of fulfilling. Decades-long promises to deliver digital Utopia to rural America by T-Mobile, Verizon and AT&T have never materialized.  

In 2017, the USDA reported that 29% of American farms had no internet access. The FCC says that 14 million rural Americans and 1.2 million Americans living on tribal lands do not have 4G LTE on their phones, and that 30 million rural residents do not have broadband service compared to 2% of urban residents.  It’s beginning to sound like a Third World country. Despite an FCC $4.5 billion annual subsidy to carriers to provide broadband service in rural areas, the FCC reports that ‘over 24 million Americans do not have access to high-speed internet service, the bulk of them in rural area”while a  Microsoft Study found that  “162 million people across the US do not have internet service at broadband speeds.” At the same time, only three cable companies have access to 70% of the market in a sweetheart deal to hike rates as they avoid competition and the FCC looks the other way.  The FCC believes that it would cost $40 billion to bring broadband access to 98% of the country with expansion in rural America even more expensive.  While the FCC has pledged a $2 billion, ten year plan to identify rural wireless locations, only 4 million rural American businesses and homes will be targeted, a mere drop in the bucket. Which brings us to rural mapping: Since the advent of the digital age, there have been no accurate maps identifying where broadband service is available in rural America and where it is not available.  The FCC has a long history of promulgating unreliable and unverified carrier-provided numbers as the Commission has repeatedly ‘bungled efforts to produce accurate broadband maps” that would have facilitated rural coverage. During the Senate Commerce Committee hearing on April 10th regarding broadband mapping, critical testimony questioned whether the FCC and/or the telecom industry have either the commitment or the proficiency to provide 5G to rural America.  Members of the Committee shared concerns that 5G might put rural America further behind the curve so as to never catch up with the rest of the country

Facebook will pay a record $5bn (£4bn) penalty in the US for “deceiving” users about their ability to keep personal information private, after a year-long investigation into the Cambridge Analytica data breach. The Federal Trade Commission (FTC), the US consumer regulator, also announced a lawsuit against Cambridge Analytica and proposed settlements with the data analysis firm’s former chief executive Alexander Nix and its app developer Aleksandr Kogan. The $5bn fine for Facebook dwarfs the previous record for the largest fine handed down by the FTC for violation of consumers’ privacy, which was a $275m penalty for consumer credit agency Equifax.

Billboards targeting legislators who voted to end online privacy measures earlier this year have gone up in key districts, as promised by activists. Digital rights group Fight for the Future vowed to put up the ads against Reps. Marsha Blackburn (R-Tenn.) and John Rutherford (R-Fla.), Sens. Jeff Flake (R-Ariz.) and Dean Heller (R-Nev.), as well as other lawmakers after they voted in favor of a resolution, introduced by Flake, that overturned federal rules preventing broadband providers from selling user data to third parties without consent. Blackburn, Rutherford, Flake, and Heller took large contributions from the telecommunications industry before supporting the resolution, Fight for the Future said. The billboards—paid for through a crowdfunded campaign—encourage viewers to contact the lawmakers’ offices and ask why they voted against their constituents’ privacy rights.

Flake’s resolution was introduced under the Congressional Review Act (CRA), which gives lawmakers the authority to overturn recently-introduced agency rules with a simple majority. The Federal Communications Commission (FCC) implemented the data-sharing ban in October. Once a rule is repealed under the CRA, an agency cannot reintroduce it without specific authorization by a new law.

The Federal Communications Commission (FCC) under President Donald Trump on Thursday afternoon voted to begin slashing regulations protecting a free and open internet. The decision (pdf) ran along party lines, with the FCC’s two Republican members voting to dismantle net neutrality. Mignon Clyburn, the Commission’s Democratic member, was the sole dissenting vote. “While the majority engages in flowery rhetoric about light-touch regulation and so on, the endgame appears to be no-touch regulation and a wholesale destruction of the FCC’s public interest authority in the 21st century,” Clyburn wrote in her dissent, according to The Hill.

Comcast met with Federal Communications Commission Chairman Ajit Pai's staff this week in an attempt to prevent states from issuing net neutrality rules. As the FCC prepares to gut its net neutrality rules, broadband providers are worried that states might enact their own laws to prevent ISPs from blocking, throttling, or discriminating against online content.

Comcast Senior VP Frank Buono and a Comcast attorney met with Pai Chief of Staff Matthew Berry and Senior Counsel Nicholas Degani on Monday, the company said in an ex parte filing that describes the meeting. Comcast urged Pai's staff to reverse the FCC's classification of broadband as a Title II common carrier service, a move that would eliminate the legal authority the FCC uses to enforce net neutrality rules. Pai has said he intends to do just that, so Comcast will likely get its wish on that point. But Comcast also wants the FCC to go further by making a declaration that states cannot impose their own regulations on broadband. The filing said: We also emphasized that the Commission's order in this proceeding should include a clear, affirmative ruling that expressly confirms the primacy of federal law with respect to BIAS [Broadband Internet Access Service] as an interstate information service, and that preempts state and local efforts to regulate BIAS either directly or indirectly.

California’s attorney general has gone to court to force Facebook to hand over documents as part of an investigation into the company. Xavier Becerra filed a “petition to enforce investigative subpoena” with the Superior Court of California in San Francisco on Wednesday morning, arguing that Facebook’s response to his subpoenas has been “patently inadequate.” Citing a “lack of cooperation” not just with his office but also the Federal Trade Commission (FTC), Xavier Becerra points out [PDF] that it took Facebook a year to respond to his initial inquiry to produce documents relating to the Cambridge Analytica scandal, where Facebook allowed a third party to access vast amounts of personal information through its systems.

Not only that but Facebook flat out refused to “search communications involving senior executives,” meaning that it refused to search for relevant information in the emails and other communications of CEO Mark Zuckerberg and COO Sheryl Sandberg, among others. “Facebook is not just continuing to drag its feet, it is failing to comply with lawfully issued subpoenas and interrogatories,” the filing states.

The filing comes the same day that 7,000 pages of internal Facebook files were published online. Those documents were obtained and leaked amid a lawsuit between Facebook and a third-party app developer and were labelled as “highly confidential” by the antisocial network. The main upshot of those files is that they show Facebook used the data it gathered on millions of its users as a business weapon: it provided people's profile information to companies that, for instance, agreed to spend hundreds of thousands of dollars on adverts within Facebook, and it cut off developers that posed a competitive threat to its ever-growing stable of companies and services (or developers that wouldn't pay up, or were just too sketchy for the internet giant.) This confirms earlier reporting. CEO Zuckerberg also continues to avoid visiting London, or anywhere in the UK, out of fear he will be arrested for repeatedly failing to comply with a request by Parliament to answer questions about Facebook’s actions, as revealed in the tranche of documents.

The state attorneys in more than a dozen states are preparing to begin an antitrust investigation of the tech giants, The Wall Street Journal and The New York Times reported Monday, putting the spotlight on an industry that is already facing federal scrutiny.The bipartisan group of attorneys from as many as 20 states is expected to formally launch a probe as soon as next month to assess whether tech companies are using their dominant market position to hurt competition, the WSJ reported.If true, the move follows the Department of Justice, which last month announced its own antitrust review of how online platforms scaled to their gigantic sizes and whether they are using their power to curb competition and stifle innovation. Earlier this year, the Federal Trade Commission formed a task force to monitor competition among tech platforms.

Just before midnight on Friday, at the close of what was a hectic month for markets, WSJ dropped a bombshell of a story: The paper reported that the DoJ has opened an anti-trust investigation of Alphabet Inc., which could "present a major new layer of regulatory scrutiny for the search giant, according to people familiar with the matter." The report was sourced to "people familiar with the matter," but was swiftly corroborated by the New York Times, Bloomberg and others. For months now, the FTC has appeared to be gearing up for a showdown with big tech. The agency - which shares anti-trust authority with the DoJ - has created a new commission that could help undo big-tech tie-ups like Facebook's acquisition of Instagram, and hired lawyers who have advanced new anti-monopoly theories that would help justify the breakup of companies like Amazon. But as it turns out, the Trump administration's first salvo against big tech didn't come from the FTC; instead, this responsibility has been delegated to the DoJ, which has reportedly been tasked with supervising the investigation into Google. That's not super surprising, since the FTC already had its chance to nail Google with an anti-monopoly probe back in 2013. But the agency came up short. From what we can tell, it appears the administration will divvy up responsibility for any future anti-trust investigations between the two agencies, which means the FTC - which is already reportedly preparing to levy a massive fine against Facebook - could end up taking the lead in those cases.

Though WSJ didn't specify which aspects of Google's business might come under the microscope, a string of multi-billion-euro fines recently levied by the EU might offer some guidance. The bloc's anti-trust authority, which has been far more eager to take on American tech giants than its American counterpart (for reasons that should be obvious to all), has fined Google over its practice of bundling software with its standard Android license, the way its search engine rankings favor its own product listings, and ways it has harmed competition in the digital advertising market. During the height of the controversy over big tech's abuses of sensitive user data last year, the Verge published a story speculating about how the monopolistic tendencies of each of the dominant Silicon Valley tech giants could be remedied. For Google, the Verge argued, the best remedy would be a ban on acquisitions - a strategy that has been bandied about in Congress.

Federal regulators are discussing whether and how to hold Facebook Chief Executive Mark Zuckerberg personally accountable for the company's history of mismanaging users' private data, two sources familiar with the discussions told NBC News on Thursday.The sources wouldn't elaborate on what measures are specifically under consideration. The Washington Post, which first reported the development, reported that regulators were exploring increased oversight of Zuckerberg's leadership.While Facebook has come under scrutiny for its privacy practices for years, both of the Democratic members of the FTC have said the agency should target individual executives when appropriate.Justin Brookman, a former policy director for technology research at the Federal Trade Commission, or FTC, said Thursday night that while the FTC can name individual company leaders if they directed, controlled and knew about any wrongdoing, "they typically only use that authority in fraud-like cases, so far as I can tell."

Facebook expects to pay a fine of up to $5 billion in a settlement with federal regulators. The tech giant disclosed that figure in its first-quarter 2019 financial results. Facebook has been in negotiations with the Federal Trade Commission following concerns that the company violated a 2011 consent decree. Back then, company leaders promised to give consumers "clear and prominent notice" when sharing their data with others and to get "express consent."

But, experts say, Facebook broke its promise. Just one example: giving user data to Cambridge Analytica, the political consulting firm that did work for the 2016 Trump campaign. Facebook estimates the fine will be in the $3 billion to $5 billion range and has set aside $3 billion for payment. "The matter remains unresolved, and there can be no assurance as to the timing or the terms of any final outcome," the company's statement says.