EC

Auto Added by WPeMatico

Join Greylock’s Asheem Chandna on November 5 at noon PST/3 pm EST/8 pm GMT to discuss the future of enterprise and cybersecurity investing

The world of enterprise software and cybersecurity has taken multiple body blows since COVID-19 demolished the in-person office, flinging employees across the world and forcing companies to adapt to an all-remote productivity model. The shift has required companies to rethink not only collaboration software, but also the infrastructure that powers it and the best way to protect assets once their security perimeters have been destroyed.

The pandemic has also dramatically increased the usage of digital services, forcing cloud providers to keep up with crushing demands for performance and reliability.

In short — it’s never been a better time to be an enterprise investor (or, possibly, a founder).

So I’m excited to announce our next guest in our Extra Crunch Live interview series: Asheem Chandna from Greylock, one of the top enterprise investors of the past two decades who has worked with multiple important founding teams from whiteboard to IPO. We’re scheduled for Thursday, November 5 at noon PST/3 p.m. EST/8 p.m. GMT (check that daylight savings time math!)

Login details are below the fold for EC members, and if you don’t have an Extra Crunch membership, click through to sign up.

For nearly two decades, Asheem Chandna has invested in enterprise and security startups at Greylock, with massive investment wins in Palo Alto Networks, AppDynamics and Sumo Logic. These days, he continues to invest in cybersecurity with companies like Awake Security and Abnormal Security, data platforms like Rubrik and Delphix, and the stealthy search engine company Neeva. As a leading early-stage investor and mentor in the space, he’s seen a multitude of companies transition from inception to product-market fit to IPO.

We’ll talk about what all the turbulence in enterprise means for the future of startups in the space, how cybersecurity is evolving given the new threat landscape and also discuss a bit about how the public markets and their aggressive multiples for Silicon Valley enterprise startups is changing the strategy of venture capitalists. Plus, we’ll talk about company building, developing founders as leaders and more.

Join us next week with Asheem on Thursday, November 5 at noon PST/3 p.m. EST/8 p.m. GMT. Login details and calendar invite are below.

Event Details

Powered by WPeMatico

Digital mapping of coronavirus contacts will have key role in lifting Europe’s lockdown, says Commission

The European Commission has set out a plan for coordinating the lifting of regional coronavirus restrictions that includes a role for digital tools in what the EU executive couches as “a robust system of reporting and contact tracing.” However it has reiterated that such tools must “fully respect data privacy.”

Last week, the Commission made a similar call for a common approach to data and apps for fighting the coronavirus, emphasizing the need for technical measures to be taken to ensure that citizens’ rights and freedoms aren’t torched in the scramble for a tech fix.

Today’s toolbox of measures and principles is the next step in its push to coordinate a pan-EU response.

Responsible planning on the ground, wisely balancing the interests of protection of public health with those of the functioning of our societies, needs a solid foundation. That’s why the Commission has drawn up a catalogue of guidelines, criteria and measures that provide a basis for thoughtful action,” said EC president Ursula von der Leyen, commenting on the full roadmap in a statement.

“The strength of Europe lies in its social and economic balance. Together we learn from each other and help our European Union out of this crisis,” she added.

Harmonized data gathering and sharing by public health authorities — “on the spread of the virus, the characteristics of infected and recovered persons and their potential direct contacts” — is another key plank of the plan for lifting coronavirus restrictions on citizens within the 27 Member State bloc.

While ‘anonymized and aggregated’ data from commercial sources — such as telcos and social media platforms — is seen as a potential aid to pandemic modelling and forecasting efforts, per the plan.

“Social media and mobile network operators can offer a wealth of data on mobility, social interactions, as well as voluntary reports of mild disease cases (e.g. via participatory surveillance) and/or indirect early signals of disease spread (e.g. searches/posts on unusual symptoms),” it writes. “Such data, if pooled and used in anonymised, aggregated format in compliance with EU data protection and privacy rules, could contribute to improve the quality of modelling and forecasting for the pandemic at EU level.”

The Commission has been leaning on telcos to hand over fuzzy metadata for coronavirus modelling which it wants done by the EU’s Joint Research Centre. It wrote to 19 mobile operators last week to formalize its request, per Euractiv, which reported yesterday that its aim is to have the data exchange system operational ‘as soon as possible’ — with the hope being it will cover all the EU’s member states.

Other measures included in the wider roadmap are the need for states to expand their coronavirus testing capacity and harmonize tesing methodologies — with the Commission today issuing guidelines to support the development of “safe and reliable testing”.

Steps to support the reopening of internal and external EU borders is another area of focus, with the executive generally urging a gradual and phased lifting of coronavirus restrictions.

On contacts tracing apps specifically, the Commission writes:

“Mobile applications that warn citizens of an increased risk due to contact with a person tested positive for COVID-19 are particularly relevant in the phase of lifting containment measures, when the infection risk grows as more and more people get in contact with each other. As experienced by other countries dealing with the COVID-19 pandemic, these applications can help interrupt infection chains and reduce the risk of further virus transmission. They should thus be an important element in the strategies put in place by Member States, complementing other measures like increased testing capacities.

“The use of such mobile applications should be voluntary for individuals, based on users’ consent and fully respecting European privacy and personal data protection rules. When using tracing apps, users should remain in control of their data. National health authorities should be involved in the design of the system. Tracing close proximity between mobile devices should be allowed only on an anonymous and aggregated basis, without any tracking of citizens, and names of possibly infected persons should not be disclosed to other users. Mobile tracing and warning applications should be subject to demanding transparency requirements, be deactivated as soon as the COVID-19 crisis is over and any remaining data erased.”

“Confidence in these applications and their respect of privacy and data protection are paramount to their success and effectiveness,” it adds.

Earlier this week Apple and Google announced a collaboration around coronavirus contracts tracing — throwing their weight behind a privacy-sensitive decentralized approach to proximity tracking that would see ephemeral IDs processed locally on devices, rather than being continually uploaded and held on a central server.

A similar decentralized infrastructure for Bluetooth-based COVID-19 contacts tracing had already been suggested by a European coalition of privacy and security experts, as we reported last week.

While a separate coalition of European technologists and researchers has been pushing a standardization effort for COVID-19 contacts tracing that they’ve said will support either centralized or decentralized approaches — in the hopes of garnering the broadest possible international backing.

For its part the Commission has urged the use of technologies such as decentralization for COVID-19 contacts tracing to ensure tools align with core EU principles for handling personal data and safeguarding individual privacy, such as data minimization.

However governments in the region are working on a variety of apps and approaches for coronavirus contacts tracing that don’t all look as if they will check a ‘rights respecting’ box…

Poland advertised a new product to enforce #coronavirus #COVID19 quarantaine? Electronic bracelet equipped with geolocation sensor (and a microphone, apparently), for “constant monitoring instead of random checks”. https://t.co/WipDJDnLK8 pic.twitter.com/ormYjM1EyJ

— Lukasz Olejnik (@lukOlejnik) April 14, 2020

In a video address last week, Europe’s lead privacy regulator, the EDPS, intervened to call for a “panEuropean model ‘COVID-19 mobile application’, coordinated at EU level” — in light of varied tech efforts by Member States which involve the processing of personal data for a claimed public health purpose.

“The use of temporary broadcast identifiers and bluetooth technology for contact tracing seems to be a useful path to achieve privacy and personal data protection effectively,” said Wojciech Wiewiórowski on Monday week. “Given these divergences, the European Data Protection Supervisor calls for a panEuropean model “COVID-19 mobile application”, coordinated at EU level. Ideally, coordination with the World Health Organisation should also take place, to ensure data protection by design globally from the start.”

The Commission has not gone so far in today’s plan — calling instead for Member States to ensure their own efforts align with the EU’s existing data protection framework.

Though its roadmap is also heavy on talk of the need for “coordination between Member Statesto avoid negative effects” — dubbing it “a matter of common European interest”. But, for now, the Commission has issued a list of recommendations; it’s up to Member States to choose to fall in behind them or not.

With the caveat that EU regulators are watching very carefully how states’ handle citizens’ data.

“Legality, transparency and proportionality are essential for me,” warned Wiewiórowski, ending last week’s intervention on the EU digital response to the coronavirus with a call for “digital solidarity, which should make data working for all people in Europe and especially for the most vulnerable” — and a cry against “the now tarnished and discredited business models of constant surveillance and targeting that have so damaged trust in the digital society”.

Powered by WPeMatico

An EU coalition of techies is backing a ‘privacy-preserving’ standard for COVID-19 contacts tracing

A European coalition of techies and scientists drawn from at least eight countries, and led by Germany’s Fraunhofer Heinrich Hertz Institute for telecoms (HHI), is working on contacts-tracing proximity technology for COVID-19 that’s designed to comply with the region’s strict privacy rules — officially unveiling the effort today.

China-style individual-level location-tracking of people by states via their smartphones even for a public health purpose is hard to imagine in Europe — which has a long history of legal protection for individual privacy. However the coronavirus pandemic is applying pressure to the region’s data protection model, as governments turn to data and mobile technologies to seek help with tracking the spread of the virus, supporting their public health response and mitigating wider social and economic impacts.

Scores of apps are popping up across Europe aimed at attacking coronavirus from different angles. European privacy not-for-profit, noyb, is keeping an updated list of approaches, both led by governments and private sector projects, to use personal data to combat SARS-CoV-2 — with examples so far including contacts tracing, lockdown or quarantine enforcement and COVID-19 self-assessment.

The efficacy of such apps is unclear — but the demand for tech and data to fuel such efforts is coming from all over the place.

In the UK the government has been quick to call in tech giants, including Google, Microsoft and Palantir, to help the National Health Service determine where resources need to be sent during the pandemic. While the European Commission has been leaning on regional telcos to hand over user location data to carry out coronavirus tracking — albeit in aggregated and anonymized form.

The newly unveiled Pan-European Privacy-Preserving Proximity Tracing (PEPP-PT) project is a response to the coronavirus pandemic generating a huge spike in demand for citizens’ data that’s intended to offer not just an another app — but what’s described as “a fully privacy-preserving approach” to COVID-19 contacts tracing.

The core idea is to leverage smartphone technology to help disrupt the next wave of infections by notifying individuals who have come into close contact with an infected person — via the proxy of their smartphones having been near enough to carry out a Bluetooth handshake. So far so standard. But the coalition behind the effort wants to steer developments in such a way that the EU response to COVID-19 doesn’t drift towards China-style state surveillance of citizens.

While, for the moment, strict quarantine measures remain in place across much of Europe there may be less imperative for governments to rip up the best practice rulebook to intrude on citizens’ privacy, given the majority of people are locked down at home. But the looming question is what happens when restrictions on daily life are lifted?

Contacts tracing — as a way to offer a chance for interventions that can break any new infection chains — is being touted as a key component of preventing a second wave of coronavirus infections by some, with examples such as Singapore’s TraceTogether app being eyed up by regional lawmakers.

Singapore does appear to have had some success in keeping a second wave of infections from turning into a major outbreak, via an aggressive testing and contacts-tracing regime. But what a small island city-state with a population of less than 6M can do vs a trading bloc of 27 different nations whose collective population exceeds 500M doesn’t necessarily seem immediately comparable.

Europe isn’t going to have a single coronavirus tracing app. It’s already got a patchwork. Hence the people behind PEPP-PT offering a set of “standards, technology, and services” to countries and developers to plug into to get a standardized COVID-19 contacts-tracing approach up and running across the bloc.

The other very European flavored piece here is privacy — and privacy law. “Enforcement of data protection, anonymization, GDPR [the EU’s General Data Protection Regulation] compliance, and security” are baked in, is the top-line claim.

“PEPP-PR was explicitly created to adhere to strong European privacy and data protection laws and principles,” the group writes in an online manifesto. “The idea is to make the technology available to as many countries, managers of infectious disease responses, and developers as quickly and as easily as possible.

“The technical mechanisms and standards provided by PEPP-PT fully protect privacy and leverage the possibilities and features of digital technology to maximize speed and real-time capability of any national pandemic response.”

Hans-Christian Boos, one of the project’s co-initiators — and the founder of an AI company called Arago –discussed the initiative with German newspaper Der Spiegel, telling it: “We collect no location data, no movement profiles, no contact information and no identifiable features of the end devices.”

The newspaper reports PEPP-PT’s approach means apps aligning to this standard would generate only temporary IDs — to avoid individuals being identified. Two or more smartphones running an app that uses the tech and has Bluetooth enabled when they come into proximity would exchange their respective IDs — saving them locally on the device in an encrypted form, according to the report.

Der Spiegel writes that should a user of the app subsequently be diagnosed with coronavirus their doctor would be able to ask them to transfer the contact list to a central server. The doctor would then be able to use the system to warn affected IDs they have had contact with a person who has since been diagnosed with the virus — meaning those at risk individuals could be proactively tested and/or self-isolate.

On its website PEPP-PT explains the approach thus:

Mode 1
If a user is not tested or has tested negative, the anonymous proximity history remains encrypted on the user’s phone and cannot be viewed or transmitted by anybody. At any point in time, only the proximity history that could be relevant for virus transmission is saved, and earlier history is continuously deleted.

Mode 2
If the user of phone A has been confirmed to be SARS-CoV-2 positive, the health authorities will contact user A and provide a TAN code to the user that ensures potential malware cannot inject incorrect infection information into the PEPP-PT system. The user uses this TAN code to voluntarily provide information to the national trust service that permits the notification of PEPP-PT apps recorded in the proximity history and hence potentially infected. Since this history contains anonymous identifiers, neither person can be aware of the other’s identity.

Providing further detail of what it envisages as “Country-dependent trust service operation”, it writes: “The anonymous IDs contain encrypted mechanisms to identify the country of each app that uses PEPP-PT. Using that information, anonymous IDs are handled in a country-specific manner.”

While on healthcare processing is suggests: “A process for how to inform and manage exposed contacts can be defined on a country by country basis.”

Among the other features of PEPP-PT’s mechanisms the group lists in its manifesto are:

  • Backend architecture and technology that can be deployed into local IT infrastructure and can handle hundreds of millions of devices and users per country instantly.
  • Managing the partner network of national initiatives and providing APIs for integration of PEPP-PT features and functionalities into national health processes (test, communication, …) and national system processes (health logistics, economy logistics, …) giving many local initiatives a local backbone architecture that enforces GDPR and ensures scalability.
  • Certification Service to test and approve local implementations to be using the PEPP-PT mechanisms as advertised and thus inheriting the privacy and security testing and approval PEPP-PT mechanisms offer.

Having a standardized approach that could be plugged into a variety of apps would allow for contacts tracing to work across borders — i.e. even if different apps are popular in different EU countries — an important consideration for the bloc, which has 27 Member States.

However there may be questions about the robustness of the privacy protection designed into the approach — if, for example, pseudonymized data is centralized on a server that doctors can access there could be a risk of it leaking and being re-identified. And identification of individual device holders would be legally risky.

Europe’s lead data regulator, the EDPS, recently made a point of tweeting to warn an MEP (and former EC digital commissioner) against the legality of applying Singapore-style Bluetooth-powered contacts tracing in the EU — writing: “Please be cautious comparing Singapore examples with European situation. Remember Singapore has a very specific legal regime on identification of device holder.”

Dear Mr. Commissioner, please be cautious comparing Singapoore examples with European situation. Remember Singapore has a very specific legal regime on identification of device holder.

— Wojtek Wiewiorowski (@W_Wiewiorowski) March 27, 2020

A spokesman for the EDPS told us it’s in contact with data protection agencies of the Member States involved in the PEPP-PT project to collect “relevant information”.

“The general principles presented by EDPB on 20 March, and by EDPS on 24 March are still relevant in that context,” the spokesman added — referring to guidance issued by the privacy regulators last month in which they encouraged anonymization and aggregation should Member States want to use mobile location data for monitoring, containing or mitigating the spread of COVID-19. At least in the first instance.

“When it is not possible to only process anonymous data, the ePrivacy Directive enables Member States to introduce legislative measures to safeguard public security (Art. 15),” the EDPB further noted.

“If measures allowing for the processing of non-anonymised location data are introduced, a Member State is obliged to put in place adequate safeguards, such as providing individuals of electronic communication services the right to a judicial remedy.”

We reached out to the HHI with questions about the PEPP-PT project and were referred to Boos — but at the time of writing had been unable to speak to him.

“The PEPP-PT system is being created by a multi-national European team,” the HHI writes in a press release about the effort. “It is an anonymous and privacy-preserving digital contact tracing approach, which is in full compliance with GDPR and can also be used when traveling between countries through an anonymous multi-country exchange mechanism. No personal data, no location, no Mac-Id of any user is stored or transmitted. PEPP-PT is designed to be incorporated in national corona mobile phone apps as a contact tracing functionality and allows for the integration into the processes of national health services. The solution is offered to be shared openly with any country, given the commitment to achieve interoperability so that the anonymous multi-country exchange mechanism remains functional.”

“PEPP-PT’s international team consists of more than 130 members working across more than seven European countries and includes scientists, technologists, and experts from well-known research institutions and companies,” it adds.

“The result of the team’s work will be owned by a non-profit organization so that the technology and standards are available to all. Our priorities are the well being of world citizens today and the development of tools to limit the impact of future pandemics — all while conforming to European norms and standards.”

The PEPP-PT says its technology-focused efforts are being financed through donations. Per its website, it says it’s adopted the WHO standards for such financing — to “avoid any external influence”.

Of course for the effort to be useful it relies on EU citizens voluntarily downloading one of the aligned contacts tracing apps — and carrying their smartphone everywhere they go, with Bluetooth enabled.

Without substantial penetration of regional smartphones it’s questionable how much of an impact this initiative, or any contacts tracing technology, could have. Although if such tech were able to break even some infection chains people might argue it’s not wasted effort.

Notably, there are signs Europeans are willing to contribute to a public healthcare cause by doing their bit digitally — such as a self-reporting COVID-19 tracking app which last week racked up 750,000 downloads in the UK in 24 hours.

But, at the same time, contacts tracing apps are facing scepticism over their ability to contribute to the fight against COVID-19. Not everyone carries a smartphone, nor knows how to download an app, for instance. There’s plenty of people who would fall outside such a digital net.

Meanwhile, while there’s clearly been a big scramble across the region, at both government and grassroots level, to mobilize digital technology for a public health emergency cause there’s arguably greater imperative to direct effort and resources at scaling up coronavirus testing programs — an area where most European countries continue to lag.

Germany — where some of the key backers of the PEPP-PT are from — being the most notable exception.

Powered by WPeMatico

Startups Weekly: All these startups are raising big rounds

TechCrunch’s Connie Loizos published some interesting stats on seed and Series A financings this week, courtesy of data collected by Wing Venture Capital. In short, seed is the new Series A and Series A is the new Series B. Sure, we’ve been saying that for a while, but Wing has some clean data to back up those claims.

Years ago, a Series A round was roughly $5 million and a startup at that stage wasn’t expected to be generating revenue just yet, something typically expected upon raising a Series B. Now, those rounds have swelled to $15 million, according to deal data from the top 21 VC firms. And VCs are expecting the startups to be making money off their customers.

“Again, for the old gangsters of the industry, that’s a big shift from 2010, when just 15 percent of seed-stage companies that raised Series A rounds were already making some money,” Connie writes.

As for seed, in 2018, the average startup raised a total of $5.6 million prior to raising a Series A, up from $1.3 million in 2010.

Now on to IPO updates, then a closer look at all the companies raising big rounds. Want more TechCrunch newsletters? Sign up here. Contact me at kate.clark@techcrunch.com or @KateClarkTweets.

Slack iOS logo (2019)

IPO corner

Slack: The workplace communication software provider dropped its S-1 on Friday ahead of a direct listing. That’s when companies sell existing shares directly to the market, allowing them to skip the roadshow and minimize the astronomical fees typically associated with an initial public offering. Here’s the TLDR on financials: Slack reported revenues of $400.6 million in the fiscal year ending January 31, 2019, on losses of $138.9 million. That’s compared to a loss of $140.1 million on revenue of $220.5 million for the year before. Slack’s losses are shrinking (slowly), while its revenues expand (quickly). It’s not profitable yet, but is that surprising?

Zoom was the Slack we thought Slack was all along.

— alex (PVD) (@alex) April 26, 2019

Uber: The ride-hail giant is fast approaching its IPO, expected as soon as next week. On Friday, the company established an IPO price range of $44 to $50 per share to raise between $7.9 billion and $9 billion at a valuation of approximately $84 billion, significantly lower than the $100 billion previously reported estimations. The most likely outcome is Uber will price above range and all the latest estimates will be way off course. Best to sit back and see how Uber plays it. Oh, and PayPal said it would make a $500 million investment in the company in a private placement, as part of an extension of the partnership between the two.

There are a lot of fascinating companies raising colossal rounds, so I thought I’d dive a bit deeper than I normally do. Bear with me.

Carbon: The poster child for 3D printing has authorized the sale of $300 million in Series E shares, according to a Delaware stock filing uncovered by PitchBook. If Carbon raises the full amount, it could reach a valuation of $2.5 billion. Using its proprietary Digital Light Synthesis technology, the business has brought 3D-printing technology to manufacturing, building high-tech sports equipment, a line of custom sneakers for Adidas and more. It was valued at $1.7 billion by venture capitalists with a $200 million Series D in 2018.

Canoo: The electric vehicle startup formerly known as Evelozcity is on the hunt for $200 million in new capital. Backed by a clutch of private individuals and family offices from China, Germany and Taiwan, the company is hoping to line up the new capital from some more recognizable names as it finalizes supply deals with vendors, according to reporting from TechCrunch’s Jonathan Shieber. The company intends to make its vehicles available through a subscription-based model and currently has 400 employees. Canoo was founded in 2017 after Stefan Krause, a former executive at BMW and Deutsche Bank, and another former BMW executive, Ulrich Kranz, exited Faraday Future amid that company’s struggles.

Starry: The Boston-based wireless broadband internet startup has authorized the sale of Series D shares worth up to $125 million, according to a Delaware stock filing. If Starry closes the full authorized raise it will hold a post-money valuation of $870 million. A spokesperson for the company confirmed it had already raised new capital, but disputed the numbers. The company has already raised more than $160 million from investors, including FirstMark Capital and IAC. The company most recently closed a $100 million Series C this past July.

Selina & Sonder: The Airbnb competitor Sonder is in the process of closing a financing worth roughly $200 million at a $1 billion valuation, reports The Wall Street Journal. Investors including Greylock Partners, Spark Capital and Structure Capital are likely to participate. Sonder is four years old but didn’t emerge from stealth until 2018. The startup, which turns homes into hotels, quickly attracted more than $100 million in venture funding. Meanwhile, another hospitality business called Selina has raised $100 million at an $850 million valuation. The company, backed by Access Industries, Grupo Wiese and Colony Latam Partners, builds living/co-working/activity spaces across the world for digital nomads.

Fresh funds: Mary Meeker has made history with the close of her new fund, Bond Capital, the largest VC fund founded and led by a female investor to date. Bond has $1.25 billion in committed capital. If you remember, Meeker ditched Kleiner Perkins last fall and brought the firm’s entire growth team with her. Kleiner said it was a peaceful split that would allow the firm to focus more on its early-stage efforts, leaving the growth investing to Bond. Fortune, however, reported this week that a power struggle of sorts between Meeker and Mamoon Hamid, who joined recently to reenergize the early-stage side of things, was a larger cause of her exit.

Plus, SOSV, a multi-stage venture firm that was founded as the personal investment vehicle of entrepreneur Sean O’Sullivan after his company went public in 1994, has raised $218 million for its third fund. The vehicle has a $250 million target that SOSV expects to meet. Already, the fund is substantially larger than the firm’s previous vehicle, which closed with $150 million.

A grocery delivery startup crumbles: Honestbee, the online grocery delivery service in Asia, is nearly out of money and trying to offload its business. Despite looking impressive from the outside, the company is currently in crisis mode due to a cash crunch — there’s a lot happening right now. TechCrunch’s Jon Russell dives in deep here.

Extra Crunch: When it comes to working with journalists, so many people are, frankly, idiots. I have seen reporters yank stories because founders are assholes, play unfairly, or have PR firms that use ridiculous pressure tactics when they have already committed to a story.” Sign up for Extra Crunch for a full list of PR don’ts. Here are some other EC pieces to hit the wire this week:

Equity: If you enjoy this newsletter, be sure to check out TechCrunch’s venture-focused podcast, Equity. In this week’s episode, available here, Crunchbase News editor-in-chief Alex Wilhelm and I chat about Kleiner Perkins, Chinese IPOs and Slack & Uber’s upcoming exits. 

Powered by WPeMatico

Huawei opens a cybersecurity transparency center in the heart of Europe

5G kit maker Huawei opened a Cyber Security Transparency center in Brussels yesterday as the Chinese tech giant continues to try to neutralize suspicion in Western markets that its networking gear could be used for espionage by the Chinese state.

Huawei announced its plan to open a European transparency center last year but giving a speech at an opening ceremony for the center yesterday the company’s rotating CEO, Ken Hu, said: “Looking at the events from the past few months, it’s clear that this facility is now more critical than ever.”

Huawei said the center, which will demonstrate the company’s security solutions in areas including 5G, IoT and cloud, aims to provide a platform to enhance communication and “joint innovation” with all stakeholders, as well as providing a “technical verification and evaluation platform for our
customers”.

“Huawei will work with industry partners to explore and promote the development of security standards and verification mechanisms, to facilitate technological innovation in cyber security across the industry,” it said in a press release.

“To build a trustworthy environment, we need to work together,” Hu also said in his speech. “Both trust and distrust should be based on facts, not feelings, not speculation, and not baseless rumour.

“We believe that facts must be verifiable, and verification must be based on standards. So, to start, we need to work together on unified standards. Based on a common set of standards, technical verification and legal verification can lay the foundation for building trust. This must be a collaborative effort, because no single vendor, government, or telco operator can do it alone.”

The company made a similar plea at Mobile World Congress last week when its rotating chairman, Guo Ping, used a keynote speech to claim its kit is secure and will never contain backdoors. He also pressed the telco industry to work together on creating standards and structures to enable trust.

“Government and the mobile operators should work together to agree what this assurance testing and certification rating for Europe will be,” he urged. “Let experts decide whether networks are safe or not.”

Also speaking at MWC last week the EC’s digital commissioner, Mariya Gabriel, suggested the executive is prepared to take steps to prevent security concerns at the EU Member State level from fragmenting 5G rollouts across the Single Market.

She told delegates at the flagship industry conference that Europe must have “a common approach to this challenge” and “we need to bring it on the table soon”.

Though she did not suggest exactly how the Commission might act.

A spokesman for the Commission confirmed that EC VP Andrus Ansip and Huawei’s Hu met in person yesterday to discuss issues around cybersecurity, 5G and the Digital Single Market — adding that the meeting was held at the request of Hu.

“The Vice-President emphasised that the EU is an open rules based market to all players who fulfil EU rules,” the spokesman told us. “Specific concerns by European citizens should be addressed. We have rules in place which address security issues. We have EU procurement rules in place, and we have the investment screening proposal to protect European interests.”

“The VP also mentioned the need for reciprocity in respective market openness,” he added, further noting: “The College of the European Commission will hold today an orientation debate on China where this issue will come back.”

In a tweet following the meeting Ansip also said: “Agreed that understanding local security concerns, being open and transparent, and cooperating with countries and regulators would be preconditions for increasing trust in the context of 5G security.”

Met with @Huawei rotating CEO Ken Hu to discuss #5G and #cybersecurity.

Agreed that understanding local security concerns, being open and transparent, and cooperating with countries and regulators would be preconditions for increasing trust in the context of 5G security. pic.twitter.com/ltATdnnzvL

— Andrus Ansip (@Ansip_EU) March 4, 2019

Reuters reports Hu saying the pair had discussed the possibility of setting up a cybersecurity standard along the lines of Europe’s updated privacy framework, the General Data Protection Regulation (GDPR).

Although the Commission did not respond when we asked it to confirm that discussion point.

GDPR was multiple years in the making and before European institutions had agreed on a final text that could come into force. So if the Commission is keen to act “soon” — per Gabriel’s comments on 5G security — to fashion supportive guardrails for next-gen network rollouts a full blown regulation seems an unlikely template.

More likely GDPR is being used by Huawei as a byword for creating consensus around rules that work across an ecosystem of many players by providing standards that different businesses can latch on in an effort to keep moving.

Hu referenced GDPR directly in his speech yesterday, lauding it as “a shining example” of Europe’s “strong experience in driving unified standards and regulation” — so the company is clearly well-versed in how to flatter hosts.

“It sets clear standards, defines responsibilities for all parties, and applies equally to all companies operating in Europe,” he went on. “As a result, GDPR has become the golden standard for privacy protection around the world. We believe that European regulators can also lead the way on similar mechanisms for cyber security.”

Hu ended his speech with a further industry-wide plea, saying: “We also commit to working more closely with all stakeholders in Europe to build a system of trust based on objective facts and verification. This is the cornerstone of a secure digital environment for all.”

Huawei’s appetite to do business in Europe is not in doubt, though.

The question is whether Europe’s telcos and governments can be convinced to swallow any doubts they might have about spying risks and commit to working with the Chinese kit giant as they roll out a new generation of critical infrastructure.

Powered by WPeMatico

Europe is prepared to rule over 5G cybersecurity

The European Commission’s digital commissioner has warned the mobile industry to expect it to act over security concerns attached to Chinese network equipment makers.

The Commission is considering a defacto ban on kit made by Chinese companies including Huawei in the face of security and espionage concerns, per Reuters.

Appearing on stage at the Mobile World Congress tradeshow in Barcelona today, Mariya Gabriel, European commissioner for digital economy and society, flagged network “cybersecurity” during her scheduled keynote, warning delegates it’s stating the obvious for her to say that “when 5G services become mission critical 5G networks need to be secure”.

Geopolitical concerns between the West and China are being accelerated and pushed to the fore as the era of 5G network upgrades approach, as well as by ongoing tensions between the U.S. and China over trade.

“I’m well away of the unrest among all of you key actors in the telecoms sectors caused by the ongoing discussions around the cybersecurity of 5G,” Gabriel continued, fleshing out the Commission’s current thinking. “Let me reassure you: The Commission takes your view very seriously. Because you need to run these systems everyday. Nobody is helped by premature decisions based on partial analysis of the facts.

“However it is also clear that Europe has to have a common approach to this challenge. And we need to bring it on the table soon. Otherwise there is a risk that fragmentation rises because of diverging decisions taken by Member States trying to protect themselves.”

“We all know that this fragmentation damages the digital single market. So therefore we are working on this important matter with priority. And to the Commission we will take steps soon,” she added.

The theme of this year’s show is “intelligent connectivity”; the notion that the incoming 5G networks will not only create links between people and (many, many more) things but understand the connections they’re making at a greater depth and resolution than has been possible before, leveraging the big data generated by many more connections to power automated decision-making in near real time, with low latency another touted 5G benefit (as well as many more connections per cell).

Futuristic scenarios being floated include connected cars neatly pulling to the sides of the road ahead of an ambulance rushing a patient to hospital — or indeed medical operations being aided and even directed remotely in real-time via 5G networks supporting high resolution real-time video streaming.

But for every touted benefit there are easy to envisage risks to network technology that’s being designed to connect everything all of the time — thereby creating a new and more powerful layer of critical infrastructure society will be relying upon.

Last fall the Australia government issued new security guidelines for 5G networks that essential block Chinese companies such as Huawei and ZTE from providing equipment to operators — justifying the move by saying that differences in the way 5G operates compared to previous network generations introduces new risks to national security.

New Zealand followed suit shortly after, saying kit from the Chinese companies posed a significant risk to national security.

While in the U.S. President Trump has made 5G network security a national security priority since 2017, and a bill was passed last fall banning Chinese companies from supplying certain components and services to government agencies.

The ban is due to take effect over two years but lawmakers have been pressuring to local carriers to drop 5G collaborations with companies such as Huawei.

In Europe the picture is so far more mixed. A UK government report last summer investigating Huawei’s broadband and mobile infrastructure raised further doubts, and last month Germany was reported to be mulling a 5G ban on the Chinese kit maker.

But more recently the two EU Member States have been reported to no longer be leaning towards a total ban — apparently believing any risk can be managed and mitigated by oversight and/or partial restrictions.

It remains to be seen how the Commission could step in to try to harmonize security actions taken by Member States around nascent 5G networks. But it appears prepared to set rules.

That said, Gabriel gave no hint of its thinking today, beyond repeating the Commission’s preferred position of less fragmentation, more harmonization to avoid collateral damage to its overarching Digital Single Market initiative — i.e. if Member States start fragmenting into a patchwork based on varying security concerns.

We’ve reached out to the Commission for further comment and will update this story with any additional context.

During the keynote she was careful to talk up the transformative potential of 5G connectivity while also saying innovation must work in lock-step with European “values”.

“Europe has to keep pace with other regions and early movers while making sure that its citizens and businesses benefit swiftly from the new infrastructures and the many applications that will be built on top of them,” she said.

“Digital is helping us and we need to reap its opportunities, mitigate its risks and make sure it is respectful of our values as much as driven by innovation. Innovation and values. Two key words. That is the vision we have delivered in terms of the defence for our citizens in Europe. Together we have decided to construct a Digital Single Market that reflects the values and principles upon which the European Union has been built.”

Her speech also focused on AI, with the commissioner highlighting various EC initiatives to invest in and support private sector investment in artificial intelligence — saying it’s targeting €20BN in “AI-directed investment” across the private and public sector by 2020, with the goal for the next decade being “to reach the same amount as an annual average” — and calling on the private sector to “contribute to ensure that Europe reaches the level of investment needed for it to become a world stage leader also in AI”.

But again she stressed the need for technology developments to be thoughtfully managed so they reflect the underlying society rather than negatively disrupting it. The goal should be what she dubbed “human-centric AI”.

“When we talk about AI and new technologies development for us Europeans it is not only about investing. It is mainly about shaping AI in a way that reflects our European values and principles. An ethical approach to AI is key to enable competitiveness — it will generate user trust and help facilitate its uptake,” she said.

“Trust is the key word. There is no other way. It is only by ensuring trustworthiness that Europe will position itself as a leader in cutting edge, secure and ethical AI. And that European citizens will enjoy AI’s benefits.”

Powered by WPeMatico

Google files appeal against Europe’s $5BN antitrust fine for Android

Google has lodged its legal appeal against the European Commission’s €4.34 billion (~$5BN) antitrust ruling against its Android mobile OS, according to Reuters — the first step in a process that could keep its lawyers busy for years to come.

“We have now filed our appeal of the EC’s Android decision at the General Court of the EU,” it told the news agency, via email.

We’ve reached out to Google for comment on the appeals process.

Rulings made by the EU’s General Court in Luxembourg can be appealed to the top court, the Court of Justice of the European Union, but only on points of law.

Europe’s competition commissioner, Margrethe Vestager, announced the record-breaking antitrust penalty for Android in July, following more than two years of investigation of the company’s practices around its smartphone operating system.

Vestager said Google had abused the regional dominance of its smartphone platform by requiring that manufacturers pre-install other Google apps as a condition for being able to license the Play Store.

She also found the company had made payments to some manufacturers and mobile network operators in exchange for them exclusively pre-installing Google Search on their devices, and used Google Play licensing to prevent manufacturers from selling devices based on Android forks — which would not have to include Google services and, in Vestager’s view, “could have provided a platform for rival search engines as well as other app developers to thrive”.

Google rejected the Commission’s findings and said it would appeal.

In a blog post at the time, Google CEO Sundar Pichai argued the contrary — claiming the Android ecosystem has “created more choice, not less” for consumers, and saying the Commission ruling “ignores the new breadth of choice and clear evidence about how people use their phones today”.

According to Reuters the company reiterated its earlier arguments in reference to the appeal.

A spokesperson for the EC told us simply: “The Commission will defend its decision in Court.”

Powered by WPeMatico

Europe to cap intra-EU call fees as part of overhaul to telecoms rules

European Union institutions have reached a political agreement over an update to the bloc’s telecoms rules that’s rattled the cages of incumbent telcos.

Agreement was secured late yesterday after months of negotiations between the EU parliament and Council, with the former pushing for and securing a price cap on international calls within the bloc — of no more than 19 cents per minute. Texts will also be capped at a maximum of 6 cents each, Reuters reports.

While roaming charges for EU travelers were abolished across the bloc last summer, the parliament was concerned that charges for calls and texts between EU Member States is often disproportionately high — hence pushing for the cap, which was not in the original EC proposal.

The Commission proposed a new European Electronic Communications Code back in 2016, to modernize telecoms rules that had stood since 2009 — to take account of technology and market shifts, and align the rules with its wider Digital Single Market strategy.

The proposal broadly focused on pushing for consistency in spectrum policy and management; reducing regulatory fragmentation; ensuring a level playing field for market players and protections for consumers; and incentivizing investment in high-speed broadband networks.

And on the incentivization front, the new rules agreed yesterday update the powers of national regulators to act against dominant players — such as by being able to impose access to their network.

For a case study on why such interventions might be necessary you could look at the fiber investment and network-access foot-dragging of a former incumbent telco such as BT in the UK, for example, which has long favored eking out copper. While its network infrastructure division OpenReach was last year ordered to be legally separated — around a decade after it was functionally separated by the regulator. Yet complaints over BT’s lack of investment in broadband infrastructure and access for rivals to its networks have, nonetheless, persisted.

On the consumer front, the new EU telecoms Code also includes measures intended to make it easier to change service provider and keep the same phone number; measures around tariff transparency to make it easier for people to compare contractual offers, and the ability to terminate a contract without incurring additional costs; as well as additional protections around bundled services.

For operators there are deregulation measures for co-investments — intended to promote “risk sharing in the deployment of very high capacity networks”. And the Code sets wireless spectrum licenses at at least 20 years — also intended to give carriers the “predictability” they need to speed up 5G and fiber deployments.

Though this is shorter than operators had hoped, and the European Telecommunications Network Operators’ Association (ETNO) — whose membership is made up of incumbent telcos such as BT — has been quick to voice its displeasure, describing the code as a “missed opportunity“, and complaining that it adds extra complexity while also failing to incentivize investment.

“The Code will not ignite the much needed rush to invest in 5G and fibre networks and it will add complexity to an already burdensome system,” it writes. “The agreed law foresees only limited progress on spectrum policy, a complex and watered down compromise on incentivising fibre investment, uncertain triggers for imposing regulatory remedies and no fair playing field for digital services users and providers.”

Smaller, fiber-to-the-home broadband players are sounding much happier though…

The FTTH Council Europe congratulates the co-legislators for reaching today’s agreement on the #EECC and welcomes the regulatory push to #fibre investments & end-user benefits. More info: https://t.co/azx0VW8R6q pic.twitter.com/gCLk2pNKZr

— FTTH Council Europe (@FTTHCouncilEU) June 6, 2018

Congratulations for the results of the new telecom code. The wholesale only model will boost investments in FTTH in Europe. No more conflicts of interest of incumbents @delcastillop @GabrielMariya @ViolaRoberto

— Luigi Gambardella (@lgambardella) June 6, 2018

ETNO also criticizes what it describes as “the unfortunate decision to regulate intra-EU calls” — arguing this is an unjustified, populist measure, and sniping that it creates legal uncertainty by setting what it couches as “a highly dangerous precedent for all other European industries”.

That’s not the view of the European Consumer Organization, BEUC, which describes the measure as “a good next step towards a real single market for consumers”.

“Consumers should no longer have to worry about excessive costs when calling another EU country from home. The end of roaming charges was a big first step, but it did not deal with the high costs of phone calls to another EU country when at home,” its director general, Monique Goyens, told us in a statement.

“Market concentration is bad for prices and consumer choice. A small group of players should not be able to take control of the market. Thanks to what has been agreed, national regulators can take measures to intervene and maintain a healthy level of competition,” she added.

“Telecom services regularly rank among the top most complained-about markets. This new law upgrades some important consumer protection measures. Telecom clients will for instance be able to end their contract early and choose a better deal.”

And of course the Commission is putting a positive spin on the outcome, two years on from its proposal to modernize the rules.

In a statement welcoming the end of the negotiations, Andrus Ansip, the VP in charge of the Digital Single Market, said: “This agreement is essential to meet Europeans’ growing connectivity needs and boost Europe’s competitiveness. We are laying the groundwork for the deployment of 5G across Europe.”

In another supporting statement, Mariya Gabriel, commissioner for digital economy and society, described the new rules as “bold and balanced” — saying they would provide “faster access to radio spectrum, better services and more protection for consumers, as well as greater investment in very high speed networks”.

While political accord on the new telecoms code has indeed been reached between the EU institutions, members of the EU parliament and Council still need to vote to adopt it — after which the bloc’s Member States will have two years to transpose it into their national laws.

Powered by WPeMatico

Apple Relabels “Free” Download Buttons On iTunes And Mac App Store To “Get” Following Pressure from EC

appstore Across the iTunes and Mac App Stores today, a minor but also notable change is taking place with regard to how Apple is marketing its iOS and Mac applications. Instead of free apps being labeled as “FREE,” the download button now reads “GET.” The change likely has to do with increased pressures from the European Commission, which this summer, succeeded in forcing Google… Read More

Powered by WPeMatico