By David Talbot on May 18, 2015


The Internet is still unavailable to four billion people.
Brazil’s president, Dilma Rousseff, wears a hoodie adorned with the Facebook logo and Brazil’s flag, given to her by Mark Zuckerberg at a conference last month in Panama. She holds the power to allow or block in Brazil.

In January Facebook founder Mark Zuckerberg clinched the first Latin American customer for, which lets people use certain websites and apps without incurring data charges. Standing with Colombian president Juan Manuel Santos, he announced that the mobile carrier Tigo would provide “free basic services” through the app, which Zuckerberg argues is how the world’s poorest should get online.

Already, though, is running into trouble in Colombia because of criticisms that are being echoed in many other countries. The opposition is adding up to a strong challenge to Zuckerberg’s vision of using Facebook as a central part of a strategy to introduce the Web to Internet newcomers.

Today 60 people from digital-rights groups in 28 countries or regions around the world signed a joint letter to Zuckerberg criticizing many of’s practices on fairness, privacy, and security grounds. Among them are the Zimbabwe Human Rights NGO Forum, Pakistan’s Digital Rights Foundation, and similar groups in Brazil, Indonesia, Uganda, and Cameroon.

Also on the list is the Karisma Foundation, a digital-rights group based in Bogotá. It points out that Tigo is telling customers it will discontinue the free app on May 31. Tigo recently decided to offer a 60-day free trial of Facebook, which users are confusing with the app that gives free trials to multiple services, says Carolina Botero, Karisma’s president. “We have done some informal inquiries in the neighborhoods and found that people don’t realize they are only on Facebook—not on the Internet,” she says. Colombia’s government is channeling government information through Facebook’s app rather than making it available directly, she adds. “This was presented as a project meant to be an important universalization of the Internet,” she says. “But contrary to transparency principles, we have no information on the contract with Tigo, or how it came about. It’s only a few apps which they choose—and we don’t even know why or how.”

The new controversy comes after a recent furor in which more than a million Indians signed a petition asking India’s telecom authority to ban the app (see “Indian Companies Turn Against Facebook’s Scheme for Broader Internet Access”). “It is our belief that Facebook is improperly defining net neutrality in public statements and building a walled garden where the world’s poorest people can only access a limited set of insecure websites and services,” the letter published today says. “In its present conception, thereby violates the principles of net neutrality, threatening freedom of expression, equality of opportunity, security, privacy and innovation.”

The opposition isn’t to Facebook per se. The main Facebook app or website is very popular among people who can afford data plans. (After the United States, Facebook’s next-largest user bases are in India, Indonesia, and Brazil.) Rather, it is to specifically.

The free system works like this: Users download the app. Through it, they get a simple version of Facebook plus access to a collection of other apps—often stripped-down websites for weather, health, and jobs—that pass through a Facebook approval process. The local telecom company foots the bill, a process known as “zero rating.”

That is a business model Zuckerberg has explained as “free service with upsells.” In other words, get people interested with the free stuff, then charge them when they use more data—for example, if they want to download a photo that someone posted on Facebook. Zuckerberg frames the idea altruistically. “If someone can’t afford to pay for connectivity, it is always better to have some access than none at all,” he wrote recently.

A growing number of opponents argue that Facebook’s effort will create a de facto two-tier Internet—one tier curated by Facebook, and the other open to everything, for anyone who can afford it. But the joint letter also addresses issues of privacy and security. The groups worry that Facebook will make it easy for state-run telecoms to monitor users through this centralized system—and that the app could in some cases enable countries to spy on and repress their citizens. Adding to the concerns, Facebook is not supporting apps that use encryption.

A Facebook spokesman said in an e-mail this week that Facebook “doesn’t share user-level navigation information” with its partners or store it at all beyond 90 days. Meanwhile, many feature phones can’t handle encryption; Facebook says it is working fast to overcome this problem but did not offer a time line. (As for Colombia, the Facebook spokesman said the company was looking into Tigo’s May 31 deadline for the app, and said that Tigo’s 60-day free Facebook offering has “nothing to do with” even though the latter also includes free Facebook. Tigo has not responded to requests for comment.)

Facebook keeps adding more deals with carriers; Zuckerberg said in a post Wednesday that a new deal in Malawi brings the number of people with access to free Internet services through the app to a billion, at least in theory. (The number of people who have actually downloaded and used the app is nine million, according to Facebook.)
Facebook did not invent the concept of zero rating, which is in use in various ways around the world (see “Around the World, Net Neutrality Is Not a Reality”). But whether a Facebook-curated scheme is the best way to provide access is an open question. “It would be extremely dangerous if governments weigh in to favor one company or commercial model for expanding access,” says Carolina Rossini, a Brazilian lawyer who is vice president for international policy at Public Knowledge, a think tank in Washington, D.C.

Other models for free access are emerging. One of them is from Jana, a Boston startup, which is offering a service through carriers in 15 countries (see “Facebook’s Controversial Free App Plan Gets Competition”). Under that scheme, an app developer can underwrite a user’s cost of both downloading and using an app; users get a bonus of extra data to use for anything.

Many countries, like Brazil, have enacted laws that make strong commitments to universal access and support net neutrality, the principle that no set of applications should be favored over any other. Some countries, like Chile, expressly ban zero rating. But in most cases, the legal picture is ambiguous. Brazil, for example, has a strong universal-access law called the Marco Civil. Clearing up whether Facebook can operate there will require a stroke of the presidential pen asserting it one way or another.

No surprise then, that at the Summit of the Americas in Panama last month, Zuckerberg gave the president of Brazil, Dilma Rousseff, a hoodie adorned with Facebook’s logo and Brazil’s flag. The surprise, Rossini said, was that Rousseff gamely put it on and smiled for the press.

This story was updated on May 18, 2015, to clarify the description of

May 13, 2015 | Provided by AIG

Cybercrime is on the rise. According to Symantec, more than 1 million people are victims of cyber-attacks every day, at a global annual cost to consumers of almost $113 billion.1 The cost to businesses is even greater. A recent study sponsored by McAfee, a subsidiary of Intel, put the global figure at more than $400 billion annually.2 And, of course, beyond the dollars, the cost in reputational damage, consumer confidence in the brand, and time to recovery can be enormous.

While major high-profile security breaches, such as those recently suffered by Target and Home Depot, make the biggest splashes in the news, the attacks are not limited to national and multinational companies. For example, the largest online breach targeting credit card data in Australia’s history occurred in December 2012, when criminals attacked 46 small and midsize businesses—the majority of which were service stations and individual retail outlets.3

The principal lesson to be learned is that companies of all sizes are vulnerable to cyber-attacks. Unfortunately, many don’t view themselves that way because they believe they are too small to be targeted. But from a risk-management perspective, that is exactly the wrong attitude to take.

Because of the devastating impact that a major breach can have—on both the top and bottom lines, on the brand, and along many other dimensions of the business—and because of the increasing likelihood that such an event may one day occur, it is prudent to rank cyberthreats as one of the three largest areas of exposure for essentially every business. As such, thwarting cyber attacks, as well as planning for how the company will respond in the event of a successful major breach, should be a C-suite-level concern, and not something relegated to the IT department and then promptly forgotten—until it’s too late.

An Ounce of Prevention

A first step in assessing your company’s exposure to cyberthreats is to conduct a thorough inventory of your data- collection and data-storage protocols. What kind of data do you have? How is it being protected? In addition, what does the threat environment look like for your company and industry? How frequently are your systems being attacked? Your competitors? According to The Wall Street Journal, immediately after Target made its data breach public, executives at Home Depot began conducting a threat assessment of their company’s exposure to a similar attack, and soon afterwards began implementing heightened security measures across the organization. Unfortunately, as we now know, hackers were able to infiltrate Home Depot’s systems before these steps could be fully put in place.4

Fortunately, the majority of attacks are not as sophisticated as those that struck those two major retailers. In fact, most cyberthreats do not target a specific company, and they can be stopped by the use of basic IT security measures, including up-to-date antivirus software and robust firewalls. However, as noted above, it is highly prudent to be prepared to defend against more dangerous efforts—and to think about what to do should a major breach occur.

Business Continuity and Risk Transfer

Cyber attacks: It’s not a matter of if but when
A key step is to build cyberthreats into your company’s business continuity plans, alongside other kinds of potential major disruptions. How would your business function if it suddenly lost access to critical data? What kinds of plans are currently in place for dealing with a major data breach? Running scenario-based drills to test the impact and response times to various types of breaches will aid in identifying where your company’s greatest weaknesses are, so that they can be adequately addressed. As Home Depot’s example demonstrates, it’s never too early to start.

There may still remain areas where, for various reasons, risk cannot be managed internally. In this case, the best decision may be to transfer the risk via a cyber-liability policy. These policies should be viewed as a supplement to, and not a replacement for, good risk management policies. But they can provide a vital source of liquidity in the days following a successful attack.

By taking cyberthreats seriously and building them into your business continuity plans and practices, your company will be better positioned to survive a major cyber-attack and get back to normal business operations quickly.