Palantir

Auto Added by WPeMatico

Equity Monday: YC Demo Day, two funding rounds and where’s Palantir’s S-1?

Hello and welcome back to Equity, TechCrunch’s venture capital-focused podcast where we unpack the numbers behind the headlines.

This is Equity Monday, our weekly kickoff that tracks the latest big news, chats about the coming week, digs into some recent funding rounds and mulls over a larger theme or narrative from the private markets. You can follow the show on Twitter here, and myself here, and don’t forget to check out last Friday’s episode.

What was on the docket this morning? All sorts of good stuff, though the Sumo Logic S-1 did drop just after we wrapped. Here’s today’s rundown:

Whew, with YC and Palantir this week and a chat with Twilio’s CEO it’s going to be an active few days. Ready?

Equity drops every Monday at 7:00 a.m. PT and Friday at 6:00 a.m. PT, so subscribe to us on Apple PodcastsOvercastSpotify and all the casts.

Powered by WPeMatico

Jamf ups its IPO range, now targets a valuation of up to $2.7B

Today Jamf, a software company that helps other firms manage their Apple devices, raised its IPO price range.

The company had previously targeted a $17 to $19 per-share range. A new SEC filing from the firm today details a far higher $21 to $23 per-share IPO price interval.

Jamf still intends to sell up to 18.4 million shares in its debut, including 13.5 million in primary stock, 2.5 million shares from existing shareholders and an underwriter option worth 2.4 million shares. The whole whack at $21 to $23 per share would tally between $386.4 million and $423.2 million, though not all those funds would flow to the company.

At the low and high-end of its new IPO range, Jamf is worth between $2.44 billion and $2.68 billion, steep upgrades from its prior valuation range of $1.98 billion to $2.21 billion.

Jamf follows in the footsteps of recent IPOs like nCino, Vroom and others in seeing demand for its public offering allow its pricing to track higher the closer it gets to its public offering. Such demand from public-market investors indicates there is ample demand for debut shares in mid-2020, a fact that could spur other companies to the exit market.

Coinbase, Airbnb and DoorDash are three such companies that are expected to debut in the next year’s time, give or take a quarter or two.

Results, multiples

In anticipation of the Jamf debut that should come this week, let’s chat about the company’s recent performance.

Observe the following table from the most-recent Jamf S-1/A:

From even a quick glance we can learn much from this data. We can see that Jamf is growing, has improving gross margins and has managed to swing from an operating loss to operating profit in Q2 2020, compared to Q2 2019. And, for you fans out there of adjusted metrics, that Jamf managed to generate more non-GAAP operating income in its most recent period than the year-ago quarter.

In more precise terms:

  • Jamf grew from 26.5% to 29.0% on a year-over-year basis in Q2 2020
  • Its gross margin grew by 6% in gross terms, and 8.3% in relative terms
  • Its non-GAAP operating income grew 123.4%, to 150.9% in Q2 2020 compared to the year-ago quarter

Profits! Growth! Software! Improving margins! It’s not a huge surprise that Jamf managed to bolster its IPO price range.

Finally, for the SaaS-heads out there, the following:

This data lets us have a little fun. Recall that we have seen possible valuations for Jamf at IPO that started at $1.98 billion to $2.21 billion, and now include $2.44 billion and $2.68 billion? With our two ARR ranges for the end of Q2, we can now come up with eight ARR multiples for Jamf, from the low-end of its initial IPO price estimate, to the top-end of its new range.

Here they are:

  • Multiple at $1.98 billion valuation and $238 million ARR: 8.3x
  • Multiple at $1.98 billion valuation and $241 million ARR: 8.2x
  • Multiple at $2.21 billion valuation and $238 million ARR: 9.3x
  • Multiple at $2.21 billion valuation and $241 million ARR: 9.2x
  • Multiple at $2.44 billion valuation and $238 million ARR: 10.3x
  • Multiple at $2.44 billion valuation and $241 million ARR: 10.1x
  • Multiple at $2.68 billion valuation and $238 million ARR: 11.3x
  • Multiple at $2.68 billion valuation and $241 million ARR: 11.2x

From that perspective, the pricing changes feel a bit more modest, even if they work out to a huge spread on a valuation basis.

Regardless, this is the current state of the Jamf IPO. Rackspace also filed a new S-1/A today, but we can’t find anything useful in it. A bit like the Jamf S-1/A from Friday. Perhaps we’ll get a new Rackspace document soon with pricing notes.

And, of course, like the rest of the world we await the Palantir S-1 with bated breath. Consider that our white whale.

Powered by WPeMatico

SEC filing indicates big data provider Palantir is raising $961M, $550M of it already secured

Palantir, the sometimes controversial, but always secretive, big data and analytics provider that works with governments and other public and private organizations to power national security, health and a variety of other services, has reportedly been eyeing a public listing this autumn. But in the meantime it’s also continuing to push ahead in the private markets.

The company has filed a Form D — its first in four years — indicating that it is in the process of raising nearly $1 billion — $961,099,010, to be exact — with $549,727,437 of that already sold, and a further $411,371,573 remaining to be raised.

(A Reuters report from June confirmed that Palantir had closed funding from two strategic investors that both work with the company: $500 million from Japanese insurance company Sompo Holdings, and $50 million from Fujitsu. Together, it seems like these might account for $550 million noted as already sold on the Form D.)

The Form D also notes that 58 investors are already attached to the offering, and that “of the total remaining to be sold, all but $671,576.25 represents shares of common stock already subscribed for.” This means that Palantir has already secured commitments for the remaining part of the $961 million raise, although the offering has not closed.

Palantir declined to comment on the filing, except to note that this is related to primary investments, not secondary stakes.

It’s not clear if this latest fundraise, as spelled out by the Form D, spells a delay to a public listing, or if the intention is to complement it. 

The filing also appears to confirm a report from September 2019 that Palantir was seeking to raise between $1 billion and $3 billion, its first fundraising in four years.

That report noted Palantir was targeting a $26 billion valuation, up from $20 billion four years ago. The Reuters article in June put its valuation based on secondary market trades at between $10 billion and $14 billion.

To date, Palantir has raised at least $3.3 billion in funding, according to PitchBook, which names no fewer than 108 investors on its cap table.

The PitchBook data (some of which is behind a paywall) also indicates that Palantir has raised a number of previous rounds of undisclosed amounts.

Palantir was last valued at $20 billion when it raised money four years ago, but there are some data points that point to a bigger valuation today.

While the coronavirus pandemic has all but halted the IPO market, we are starting to see some movement again, and Palantir’s own business activity points to what might be a strong candidate to usher in more activity.

In April, according to a Bloomberg report, the company briefed investors with documents showing that it expects to make $1 billion in revenues this year, up 38% on 2019, and breaking even in the first time since being founded 16 years ago by Peter Thiel, Nathan Gettings, Joe Lonsdale, Stephen Cohen and current CEO Alex Karp.

(The Bloomberg report didn’t explain why Palantir was briefing investors, whether for a potential public listing, or for the fundraise we’re reporting on here, or something else.)

On top of that, the company has been in the news a lot around the global novel coronavirus pandemic.

Specifically, it’s been winning business, in the form of projects in major markets like the U.K. (where it’s part of a consortium of companies working with the NHS on a COVID-19 data trove) and the U.S. (where it’s been working on a COVID-19 tracker for the federal government and a project with the CDC), and possibly others. Those projects will presumably need a lot of upfront capital to set up and run, alongside other business deals that Palantir has been securing — possibly one reason it is raising money now.

Updated throughout, including with response from Palantir.

Powered by WPeMatico

IPOs that could happen soon, cannot happen soon enough

Earlier today we took a look at two companies that have filed to go public, nCino and GoHealth. The pair join Lemonade in a march toward the public markets.

But those three firms are hardly alone. We know that DoorDash filed privately earlier this year (it also raised a pile of cash lately, so its IPO may not be in a hurry), and Postmates filed privately last year.

Even more, there are a number of companies whose IPOs we anticipate in short order. So, what follows is our incredibly scientific survey of impending IPOs, starting with those closest to the gate. This list is focused on companies that were at one point venture-backed startups, even if they have become behemoths in the intervening years.

We’ll start with companies that have filed and are moving toward debuts in the next few weeks:

  • nCino: This SaaS company is growing nicely, and has pretty good overall economics. We covered its financial history here. Its debut will be a win for North Carolina.
  • GoHealth: A Chicago success story that was swallowed by private equity last year, GoHealth is now an incredibly complicated company and offering that features lots of long-term indebtedness. But, its exit should provide reasonable returns to its current owner’s backers, who held onto the firm for less than a year before trying to flip it.
  • Lemonade: Lemonade’s IPO is an important moment for a number of modern insurance companies like Root, MetroMile, Kin and others. Not that they all sell the same type of insurance, mind, they don’t. Lemonade does rental and home insurance, while Root and MetroMile are focused on autos, for example. But if Lemonade manages a strong offering, it could provide tailwind to its fellow neo-insurance providers all the same.
  • Agora: We’re catching up on the Agora debut. The China-based company’s IPO filing details a company that provides other companies and developers the ability to “embed real-time video and voice functionalities into their applications without the need to develop the technology or build the underlying infrastructure themselves” via APIs. This sounds a bit like what Daily.co is building, if you recall that round. Agora is a company that has good operating income and net income before “accretion on convertible redeemable preferred shares to redemption value.” With that in hand, the company’s earnings are sharply negative. Read that how you want. Agora wants to raise between $280 million and $315 million.

And, next, companies that have filed privately but are still hanging back:

And here are companies that are making the sort of noise that one might make before finally going public:

All of the above is a jam, and I am stoked to dig through the S-1 trenches with you.

Powered by WPeMatico

An EU coalition of techies is backing a ‘privacy-preserving’ standard for COVID-19 contacts tracing

A European coalition of techies and scientists drawn from at least eight countries, and led by Germany’s Fraunhofer Heinrich Hertz Institute for telecoms (HHI), is working on contacts-tracing proximity technology for COVID-19 that’s designed to comply with the region’s strict privacy rules — officially unveiling the effort today.

China-style individual-level location-tracking of people by states via their smartphones even for a public health purpose is hard to imagine in Europe — which has a long history of legal protection for individual privacy. However the coronavirus pandemic is applying pressure to the region’s data protection model, as governments turn to data and mobile technologies to seek help with tracking the spread of the virus, supporting their public health response and mitigating wider social and economic impacts.

Scores of apps are popping up across Europe aimed at attacking coronavirus from different angles. European privacy not-for-profit, noyb, is keeping an updated list of approaches, both led by governments and private sector projects, to use personal data to combat SARS-CoV-2 — with examples so far including contacts tracing, lockdown or quarantine enforcement and COVID-19 self-assessment.

The efficacy of such apps is unclear — but the demand for tech and data to fuel such efforts is coming from all over the place.

In the UK the government has been quick to call in tech giants, including Google, Microsoft and Palantir, to help the National Health Service determine where resources need to be sent during the pandemic. While the European Commission has been leaning on regional telcos to hand over user location data to carry out coronavirus tracking — albeit in aggregated and anonymized form.

The newly unveiled Pan-European Privacy-Preserving Proximity Tracing (PEPP-PT) project is a response to the coronavirus pandemic generating a huge spike in demand for citizens’ data that’s intended to offer not just an another app — but what’s described as “a fully privacy-preserving approach” to COVID-19 contacts tracing.

The core idea is to leverage smartphone technology to help disrupt the next wave of infections by notifying individuals who have come into close contact with an infected person — via the proxy of their smartphones having been near enough to carry out a Bluetooth handshake. So far so standard. But the coalition behind the effort wants to steer developments in such a way that the EU response to COVID-19 doesn’t drift towards China-style state surveillance of citizens.

While, for the moment, strict quarantine measures remain in place across much of Europe there may be less imperative for governments to rip up the best practice rulebook to intrude on citizens’ privacy, given the majority of people are locked down at home. But the looming question is what happens when restrictions on daily life are lifted?

Contacts tracing — as a way to offer a chance for interventions that can break any new infection chains — is being touted as a key component of preventing a second wave of coronavirus infections by some, with examples such as Singapore’s TraceTogether app being eyed up by regional lawmakers.

Singapore does appear to have had some success in keeping a second wave of infections from turning into a major outbreak, via an aggressive testing and contacts-tracing regime. But what a small island city-state with a population of less than 6M can do vs a trading bloc of 27 different nations whose collective population exceeds 500M doesn’t necessarily seem immediately comparable.

Europe isn’t going to have a single coronavirus tracing app. It’s already got a patchwork. Hence the people behind PEPP-PT offering a set of “standards, technology, and services” to countries and developers to plug into to get a standardized COVID-19 contacts-tracing approach up and running across the bloc.

The other very European flavored piece here is privacy — and privacy law. “Enforcement of data protection, anonymization, GDPR [the EU’s General Data Protection Regulation] compliance, and security” are baked in, is the top-line claim.

“PEPP-PR was explicitly created to adhere to strong European privacy and data protection laws and principles,” the group writes in an online manifesto. “The idea is to make the technology available to as many countries, managers of infectious disease responses, and developers as quickly and as easily as possible.

“The technical mechanisms and standards provided by PEPP-PT fully protect privacy and leverage the possibilities and features of digital technology to maximize speed and real-time capability of any national pandemic response.”

Hans-Christian Boos, one of the project’s co-initiators — and the founder of an AI company called Arago –discussed the initiative with German newspaper Der Spiegel, telling it: “We collect no location data, no movement profiles, no contact information and no identifiable features of the end devices.”

The newspaper reports PEPP-PT’s approach means apps aligning to this standard would generate only temporary IDs — to avoid individuals being identified. Two or more smartphones running an app that uses the tech and has Bluetooth enabled when they come into proximity would exchange their respective IDs — saving them locally on the device in an encrypted form, according to the report.

Der Spiegel writes that should a user of the app subsequently be diagnosed with coronavirus their doctor would be able to ask them to transfer the contact list to a central server. The doctor would then be able to use the system to warn affected IDs they have had contact with a person who has since been diagnosed with the virus — meaning those at risk individuals could be proactively tested and/or self-isolate.

On its website PEPP-PT explains the approach thus:

Mode 1
If a user is not tested or has tested negative, the anonymous proximity history remains encrypted on the user’s phone and cannot be viewed or transmitted by anybody. At any point in time, only the proximity history that could be relevant for virus transmission is saved, and earlier history is continuously deleted.

Mode 2
If the user of phone A has been confirmed to be SARS-CoV-2 positive, the health authorities will contact user A and provide a TAN code to the user that ensures potential malware cannot inject incorrect infection information into the PEPP-PT system. The user uses this TAN code to voluntarily provide information to the national trust service that permits the notification of PEPP-PT apps recorded in the proximity history and hence potentially infected. Since this history contains anonymous identifiers, neither person can be aware of the other’s identity.

Providing further detail of what it envisages as “Country-dependent trust service operation”, it writes: “The anonymous IDs contain encrypted mechanisms to identify the country of each app that uses PEPP-PT. Using that information, anonymous IDs are handled in a country-specific manner.”

While on healthcare processing is suggests: “A process for how to inform and manage exposed contacts can be defined on a country by country basis.”

Among the other features of PEPP-PT’s mechanisms the group lists in its manifesto are:

  • Backend architecture and technology that can be deployed into local IT infrastructure and can handle hundreds of millions of devices and users per country instantly.
  • Managing the partner network of national initiatives and providing APIs for integration of PEPP-PT features and functionalities into national health processes (test, communication, …) and national system processes (health logistics, economy logistics, …) giving many local initiatives a local backbone architecture that enforces GDPR and ensures scalability.
  • Certification Service to test and approve local implementations to be using the PEPP-PT mechanisms as advertised and thus inheriting the privacy and security testing and approval PEPP-PT mechanisms offer.

Having a standardized approach that could be plugged into a variety of apps would allow for contacts tracing to work across borders — i.e. even if different apps are popular in different EU countries — an important consideration for the bloc, which has 27 Member States.

However there may be questions about the robustness of the privacy protection designed into the approach — if, for example, pseudonymized data is centralized on a server that doctors can access there could be a risk of it leaking and being re-identified. And identification of individual device holders would be legally risky.

Europe’s lead data regulator, the EDPS, recently made a point of tweeting to warn an MEP (and former EC digital commissioner) against the legality of applying Singapore-style Bluetooth-powered contacts tracing in the EU — writing: “Please be cautious comparing Singapore examples with European situation. Remember Singapore has a very specific legal regime on identification of device holder.”

Dear Mr. Commissioner, please be cautious comparing Singapoore examples with European situation. Remember Singapore has a very specific legal regime on identification of device holder.

— Wojtek Wiewiorowski (@W_Wiewiorowski) March 27, 2020

A spokesman for the EDPS told us it’s in contact with data protection agencies of the Member States involved in the PEPP-PT project to collect “relevant information”.

“The general principles presented by EDPB on 20 March, and by EDPS on 24 March are still relevant in that context,” the spokesman added — referring to guidance issued by the privacy regulators last month in which they encouraged anonymization and aggregation should Member States want to use mobile location data for monitoring, containing or mitigating the spread of COVID-19. At least in the first instance.

“When it is not possible to only process anonymous data, the ePrivacy Directive enables Member States to introduce legislative measures to safeguard public security (Art. 15),” the EDPB further noted.

“If measures allowing for the processing of non-anonymised location data are introduced, a Member State is obliged to put in place adequate safeguards, such as providing individuals of electronic communication services the right to a judicial remedy.”

We reached out to the HHI with questions about the PEPP-PT project and were referred to Boos — but at the time of writing had been unable to speak to him.

“The PEPP-PT system is being created by a multi-national European team,” the HHI writes in a press release about the effort. “It is an anonymous and privacy-preserving digital contact tracing approach, which is in full compliance with GDPR and can also be used when traveling between countries through an anonymous multi-country exchange mechanism. No personal data, no location, no Mac-Id of any user is stored or transmitted. PEPP-PT is designed to be incorporated in national corona mobile phone apps as a contact tracing functionality and allows for the integration into the processes of national health services. The solution is offered to be shared openly with any country, given the commitment to achieve interoperability so that the anonymous multi-country exchange mechanism remains functional.”

“PEPP-PT’s international team consists of more than 130 members working across more than seven European countries and includes scientists, technologists, and experts from well-known research institutions and companies,” it adds.

“The result of the team’s work will be owned by a non-profit organization so that the technology and standards are available to all. Our priorities are the well being of world citizens today and the development of tools to limit the impact of future pandemics — all while conforming to European norms and standards.”

The PEPP-PT says its technology-focused efforts are being financed through donations. Per its website, it says it’s adopted the WHO standards for such financing — to “avoid any external influence”.

Of course for the effort to be useful it relies on EU citizens voluntarily downloading one of the aligned contacts tracing apps — and carrying their smartphone everywhere they go, with Bluetooth enabled.

Without substantial penetration of regional smartphones it’s questionable how much of an impact this initiative, or any contacts tracing technology, could have. Although if such tech were able to break even some infection chains people might argue it’s not wasted effort.

Notably, there are signs Europeans are willing to contribute to a public healthcare cause by doing their bit digitally — such as a self-reporting COVID-19 tracking app which last week racked up 750,000 downloads in the UK in 24 hours.

But, at the same time, contacts tracing apps are facing scepticism over their ability to contribute to the fight against COVID-19. Not everyone carries a smartphone, nor knows how to download an app, for instance. There’s plenty of people who would fall outside such a digital net.

Meanwhile, while there’s clearly been a big scramble across the region, at both government and grassroots level, to mobilize digital technology for a public health emergency cause there’s arguably greater imperative to direct effort and resources at scaling up coronavirus testing programs — an area where most European countries continue to lag.

Germany — where some of the key backers of the PEPP-PT are from — being the most notable exception.

Powered by WPeMatico

Telco metadata grab is for modelling COVID-19 spread, not tracking citizens, says EC

As part of its response to the public health emergency triggered by the COVID-19 pandemic, the European Commission has been leaning on Europe’s telcos to share aggregate location data on their users.

The Commission kick-started a discussion with mobile phone operators about the provision of aggregated and anonymised mobile phone location data,” it said today.

“The idea is to analyse mobility patterns including the impact of confinement measures on the intensity of contacts, and hence the risks of contamination. This would be an important — and proportionate — input for tools that are modelling the spread of the virus, and would also allow to assess the current measures adopted to contain the pandemic.”

“We want to work with one operator per Member State to have a representative sample,” it added. “Having one operator per Member State also means the aggregated and anonymised data could not be used to track individual citizens, that is also not at all the intention. Simply because not all have the same operator.

“The data will only be kept as long as the crisis is ongoing. We will of course ensure the respect of the ePrivacy Directive and the GDPR.”

Earlier this week Politico reported that commissioner Thierry Breton held a conference with carriers, including Deutsche Telekom and Orange, asking for them to share data to help predict the spread of the novel coronavirus.

Europe has become a secondary hub for the disease, with high rates of infection in countries including Italy and Spain — where there have been thousands of deaths apiece.

The European Union’s executive is understandably keen to bolster national efforts to combat the virus. Although, it’s less clear exactly how aggregated mobile location data can help — especially as more EU citizens are confined to their homes under national quarantine orders. (While police patrols and CCTV offer an existing means of confirming whether or not people are generally moving around.)

Nonetheless, EU telcos have already been sharing aggregate data with national governments.

Orange in France is sharing “aggregated and anonymized” mobile phone geolocation data with Inserm, a local health-focused research institute — to enable them to “better anticipate and better manage the spread of the epidemic,” as a spokeswoman put it.

“The idea is simply to identify where the populations are concentrated and how they move before and after the confinement in order to be able to verify that the emergency services and the health system are as well armed as possible, where necessary,” she added. “For instance, at the time of confinement, more than 1 million people left the Paris region and at the same time the population of Ile de Ré increased by 30%.

“Other uses of this data are possible and we are currently in discussions with the State on all of these points. But, it must be clear, we are extremely vigilant with regards to concerns and respect for privacy. Moreover, we are in contact with the CNIL [France’s data protection watchdog]… to verify that all of these points are addressed.”

Germany’s Deutsche Telekom is also providing to national health authorities what a spokesperson dubbed “anonymized swarm data” to combat the corona virus.

“European mobile operators are also to make such anonymized mass data available to the EU Commission at its request,” the spokesperson told us. “In fact, we will first provide the EU Commission with a description of data we have sent to German health authorities.”

It’s not entirely clear whether the Commission’s intention is to pool data from such existing local efforts — or whether it’s asking EU carriers for a different, universal data-set to be shared with it during the COVID-19 emergency.

When we asked about this it did not provide an answer. Although we understand discussions are ongoing with operators — and that it’s the Commission’s aim to work with one operator per Member State.

The Commission has said the metadata will be used for modelling the spread of the virus and for looking at mobility patterns to analyze and assess the impact of quarantine measures.

A spokesman emphasized that individual-level tracking of EU citizens is not on the cards.

“The Commission is in discussions with mobile operators’ associations about the provision of aggregated and anonymised mobile phone location data,” the spokesman for Breton told us.

“These data permit to analyse mobility patterns including the impact of confinement measures on the intensity of contacts and hence the risks of contamination. They are therefore an important and proportionate tool to feed modelling tools for the spread of the virus and also assess the current measures adopted to contain the Coronavrius pandemic are effective.”

“These data do not enable tracking of individual users,” he added. “The Commission is in close contact with the European Data Protection Supervisor (EDPS) to ensure the respect of the ePrivacy Directive and the GDPR.”

At this point there’s no set date for the system to be up and running — although we understand the aim is to get data flowing asap. The intention is also to use data sets that go back to the start of the epidemic, with data-sharing ongoing until the pandemic is over — at which point we’re told the data will be deleted.

Breton hasn’t had to lean very hard on EU telcos to share data for a crisis cause.

Earlier this week Mats Granryd, director general of operator association the GSMA, tweeted that its members are “committed to working with the European Commission, national authorities and international groups to use data in the fight against COVID-19 crisis.”

Although, he added an important qualifier: “while complying with European privacy standards.”

The @GSMA and our members are committed to working with the @EU_Commission, national authorities and international groups to use data in the fight against COVID-19 crisis, while complying with European privacy standards. https://t.co/f1hBYT5Lqx

— Mats Granryd (@MatsGranryd) March 24, 2020

Europe’s data protection framework means there are limits on how people’s personal data can be used — even during a public health emergency. And while the legal frameworks do quite rightly bake in flexibility for a pressing public purpose, like the COVID-19 pandemic, it does not mean individuals’ privacy rights automatically go out the window.

Individual tracking of mobile users for contact tracing — such as Israel’s government is doing — is unimaginable at the pan-EU level. Certainly unless the regional situation deteriorates drastically.

One privacy lawyer we spoke to last week suggested such a level of tracking and monitoring across Europe would be akin to a “last resort.” Though individual EU countries are choosing to respond differently to the crisis — such as, for example, Poland giving quarantined people a choice between regular police check ups or uploading geotagged selfies to prove they’re not breaking lockdown.

While former EU Member the U.K. has reportedly chosen to invite in the controversial U.S. surveillance-as-a-service tech firm Palantir to carry out resource tracking for its National Health Service during the coronavirus crisis.

Under pan-EU law (which the U.K. remains subject to, until the end of the Brexit transition period), the rule of thumb is that extraordinary data-sharing — such as the Commission asking telcos to share user location data during a pandemic — must be “temporary, necessary and proportionate,” as digital rights group Privacy International recently noted.

This explains why Breton’s request is for “anonymous and aggregated” location data. And why, in background comments to reporters, the claim is that any shared data sets will be deleted at the end of the pandemic.

Not every EU lawmaker appears entirely aware of all the legal limits, however.

Today the bloc’s lead privacy regulator, data protection supervisor (EDPS) Wojciech Wiewiórowski, could be seen tweeting cautionary advice at one former commissioner, Andrus Ansip (now an MEP) — after the latter publicly eyed up a Bluetooth-powered contacts tracing app deployed in Singapore.

“Please be cautious comparing Singapore examples with European situation. Remember Singapore has a very specific legal regime on identification of device holder,” wrote Wiewiórowski.

So it remains to be seen whether pressure will mount for more privacy-intrusive surveillance of EU citizens if regional rates of infection continue to grow.

Dear Mr. Commissioner, please be cautious comparing Singapoore examples with European situation. Remember Singapore has a very specific legal regime on identification of device holder.

— Wojtek Wiewiorowski (@W_Wiewiorowski) March 27, 2020

As we reported earlier this week, governments or EU institutions seeking to make use of mobile phone data to help with the response to the coronavirus must comply with the EU’s ePrivacy Directive — which covers the processing of mobile location data.

The ePrivacy Directive allows for Member States to restrict the scope of the rights and obligations related to location metadata privacy, and retain such data for a limited time — when such restriction constitutes “a necessary, appropriate and proportionate measure within a democratic society to safeguard national security (i.e. State security), defence, public security, and the prevention, investigation, detection and prosecution of criminal offences or of unauthorised use of the electronic communication system” — and a pandemic seems a clear example of a public security issue.

Thing is, the ePrivacy Directive is an old framework. The previous college of commissioners had intended to replace it alongside an update to the EU’s broader personal data protection framework — the General Data Protection Regulation (GDPR) — but failed to reach agreement.

This means there’s some potential mismatch. For example the ePrivacy Directive does not include the same level of transparency requirements as the GDPR.

Perhaps understandably, then, since news of the Commission’s call for carrier metadata emerged concerns have been raised about the scope and limits of the data sharing. Earlier this week, for example, MEP Sophie in’t Veld wrote to Breton asking for more information on the data grab — including querying exactly how the data will be anonymized.

Fighting the #coronavirus with technology: sure! But always with protection of our privacy. Read my letter to @ThierryBreton 👇 about @EU_Commission’s plans to call on telecoms to hand over data from people’s mobile phones in order to track&trace how the virus is spreading. pic.twitter.com/55kZo9bMhN

— Sophie in ‘t Veld (@SophieintVeld) March 25, 2020

The EDPS confirmed to us that the Commission consulted it on the proposed use of telco metadata.

A spokesman for the regulator pointed to a letter sent by Wiewiórowski to the Commission, following the latter’s request for guidance on monitoring the “spread” of COVID-19.

In the letter the EDPS impresses on the Commission the importance of “effective” data anonymization — which means it’s in effect saying a technique that does genuinely block re-identification of the data must be used. (There are plenty of examples of “anonymized” data being shown by researchers to be trivially easy to reidentify; while location data typically includes many easily identified individual tells, such as a home address and workplace address.)

“Effective anonymisation requires more than simply removing obvious identifiers such as phone numbers and IMEI numbers,” warns the EDPS, adding too that aggregated data “can provide an additional safeguard.”

We also asked the Commission for more details on how the data will be anonymized and the level of aggregation that would be used — but it told us it could not provide further information at this stage. 

So far we understand that the anonymization and aggregation process will be undertaken before data is transferred by operators to a Commission science and research advisory body, called the Joint Research Centre (JRC) — which will perform the data analytics and modelling.

The results — in the form of predictions of propagation and so on — will then be shared by the Commission with EU Member States authorities. The datasets feeding the models will be stored on secure JRC servers.

The EDPS is equally clear on the Commission’s commitments vis-a-vis securing the data.

“Information security obligations under Commission Decision 2017/464 still apply [to anonymized data], as do confidentiality obligations under the Staff Regulations for any Commission staff processing the information. Should the Commission rely on third parties to process the information, these third parties have to apply equivalent security measures and be bound by strict confidentiality obligations and prohibitions on further use as well,” writes Wiewiórowski.

“I would also like to stress the importance of applying adequate measures to ensure the secure transmission of data from the telecom providers. It would also be preferable to limit access to the data to authorised experts in spatial epidemiology, data protection and data science.”

Data retention — or rather the need for prompt destruction of data sets after the emergency is over — is another key piece of the guidance.

“I also welcome that the data obtained from mobile operators would be deleted as soon as the current emergency comes to an end,” writes Wiewiórowski. “It should be also clear that these special services are deployed because of this specific crisis and are of temporary character. The EDPS often stresses that such developments usually do not contain the possibility to step back when the emergency is gone. I would like to stress that such solution should be still recognised as extraordinary.”

teresting to note the EDPS is very clear on “full transparency” also being a requirement, both of purpose and “procedure.” So we should expect more details to be released about how the data is being effectively rendered unidentifiable.

“Allow me to recall the importance of full transparency to the public on the purpose and procedure of the measures to be enacted,” writes Wiewiórowski. “I would also encourage you to keep your Data Protection Officer involved throughout the entire process to provide assurance that the data processed had indeed been effectively anonymised.”

The EDPS has also requested to see a copy of the data model. At the time of writing the spokesman told us it’s still waiting to receive that.

“The Commission should clearly define the dataset it wants to obtain and ensure transparency towards the public, to avoid any possible misunderstandings,” Wiewiórowski added in the letter.

Powered by WPeMatico

Inside the history of Silicon Valley labor, with Louis Hyman

As I wrote for TechCrunch recently, immigration is not an issue always associated with tech — not even when thinking about the ethics of technology, as I do here.

So when I was moved to tears a few weeks ago, on seeing footage of groups of 18 Jewish protestors link arms to block the entrances to ICE detention facilities, bearing banners reading “Never Again” in reference to the Holocaust — these mostly young women risking their physical freedom and safety to try to help the children this country’s immigration service is placing in concentration camps today, one of my first thoughts was: I can’t cover that for my TechCrunch column. It’s about ethics of course, but not about tech.

It turns out that wasn’t correct. Immigration is a tech issue. In fact, companies such as Wayfair (furniture), Amazon (web services), and Palantir (the software used to track undocumented immigrants) have borne heavy criticism for their support of and partnership with ICE’s efforts under the current administration.

And as I discussed earlier this month with Jaclyn Friedman, a leading sex ethics expert and one of the ICE protestors arrested in a major demonstration in Boston, social media technology has been instrumental in building and amplifying those protests.

But there’s more. IBM, for example, has an unfortunate and dark history of support for Nazi extermination efforts, and many recent commentators have drawn parallels between what IBM did during the Holocaust and what companies like Palantir are beginning to do now.

Dozens of protestors huddle in the rain outside Palantir HQ.

I say “companies,” plural, with intention: immigrant advocacy organization Mijente recently released news that Anduril, the company founded by Palmer Luckey and composed of Palantir veterans, now has a $13.5 million contract with the Marine corps for their autonomous surveillance “Lattice” towers at four different USMC bases, including one border base. Documents procured via the Freedom of Information Act show the Marines mention “the intrusion dilemma” in their justification for choosing Anduril.

So now it seems the kinds of surveillance tech we know are badly biased at best — facial recognition? Panopticon-style observation? Algorithms of various other kinds — will be put to work by the most powerful fighting force ever designed, for expanded intervention into our immigration system.

Will the Silicon Valley elite say “no”? To what extent will new protests emerge, where the sorts of people likely to be reading this writing might draw a line and make work more difficult for their peers at places like Anduril?

Maybe the problem, however, is that most of us think of immigration ethics as an issue that might touch on a small handful of particularly libertarian-leaning tech companies, but surely it doesn’t go beyond that, right? Can’t the average techie in San Francisco or elsewhere safely and accurately say these problems don’t actually implicate them?

Turns out that’s not right either.

Which is why I had to speak this week with Cornell University historian Louis Hyman. Hyman is a Professor at Cornell’s School of Industrial and Labor Relations, and Director of the ILR’s Institute for Workplace Studies, in New York. In our conversation, Hyman and I dig into Silicon Valley’s history with labor rights, startup work structures and the role of immigration in the US tech ecosystem. Beyond that,  I’ll let him introduce himself and his extraordinary work, below.

image1 4

Louis Hyman. (Image by Jesse Winter)

Greg Epstein: I discovered your work via a piece you wrote in the Washington Post, which drew from your 2018 book, Temp: How American Work, American Business, and the American Dream Became Temporary. In it, you wrote, “Undocumented workers have been foundational to the rise of our most vaunted hub of innovative capitalism: Silicon Valley.”

And in the book itself, you write at one point, “To understand the electronics industry is simple: every time someone says “robot,” simply picture a woman of color. Instead of self-aware robots, workers—all women, mostly immigrants, sometimes undocumented—hunched over tables with magnifying glasses assembling parts, sometimes on a factory line and sometimes on a kitchen table. Though it paid a lot of lip service to automation, Silicon Valley truly relied upon a transient workforce of workers outside of traditional labor relations.”

Can you just give us a brief introduction to the historical context behind these kinds of comments?

Louis Hyman: Sure. One of the key questions all of us ask is why is there only one Silicon Valley. There are different answers for that.

Powered by WPeMatico

The rise of the new crypto “mafias”

Ash Egan
Contributor

Ash Egan leads crypto investing at Accomplice. He formerly was a VC at ConsenSys Ventures and Converge.

In the early 2000s, journalists popularized the term “PayPal mafia” to describe the PayPal founders and employees who left to start their own wildly successful tech companies, including Peter Thiel, Reid Hoffman, and Elon Musk. Drawing from that idea, this article seeks to cover the formation and flow of talent within the crypto landscape today.

I’m fascinated by the concept of tech mafias, popularized by Paypal in the early 00s.

Early signs of crypto mafias:

Coinbase ➡ @0xProject @dydxprotocol
Ethereum/ConsenSys ➡ @Cardano @polkadotnetwork @metamask_io
MIT ➡ @EnigmaMPC @Algorand Unit-e
IC3 ➡ Avalanche

Others?

— Ash Egan (@AshAEgan) April 3, 2019

The crypto world is in a constant state of flux, with new startups entrants joining the industry every single day. These new startups have the potential either to be superstars within a portfolio company or to start the next Coinbase. Additionally, there are already impressive spin-outs from some of the more established crypto companies.

For ease of framing, I’ve separated these early-forming mafias into four categories: CryptoTechWall Street, and Academia. Since 2009, there have been 186 spinout companies originating from those four categories (33% from Academia, 28% from Crypto, 24% from Tech, and 15% from Wall Street).

crypto mafias

Obvious but important disclaimer: this article does not intend to promote organized crime within crypto.

Criteria

Powered by WPeMatico

Startups Weekly: Uber’s headline-grabbing week and sextech at SXSW

I spent the week at SXSW, Austin’s really, really huge technology, music, comedy and film festival. It’s my first year making the trek down here for the event, which I did to interview sextech entrepreneur Lora DiCarlo founder Lora Haddock, whose robotics innovation reward was infamously revoked at this year’s CES.

“I brush my teeth and I masturbate. It’s all normal,” she said, addressing the stigma surrounding female-focused pleasure tech. Haddock, during our chat, also announced the first-ever government grant for a sextech startup, a $99,637 funding for Lora DiCarlo from the state of Oregon. Lora DiCarlo plans to release its first product, the Osé, this fall.

Here’s what happened while I was wondering confused around Austin.

Uber, Uber, Uber

Uber dominated the news cycle this week; here’s the TL;DR. The ride-hailing company is probably, most likely going to unveil its S-1 next month and it’s tying up some loose ends ahead of its big IPO. Uber wants to raise roughly $1 billion at a valuation of between $5 billion and $10 billion for its autonomous vehicles unit — yes, the same one that was burning through $20 million per month. Waymo, similarly, is looking to raise outside capital for the first time for its AV efforts.

Top TPG dealmaker caught in college admissions scandal

Bill McGlashan, who built his career as a top investor at the private equity firm TPG, was fired (or maybe quit?) says the firm after he was caught up in what the Justice Department said is the largest college admissions scandal it has ever prosecuted. Even worse, McGlashan lead TPG’s social impact strategy under the Rise Fund brand, making the charges particularly damning.

Accel gets $2.5B

HotelTonight and Slack stakeholder Accel raised $2.525 billion, sources confirm to TechCrunch; $525 million for its fourteenth early-stage fund, $1.5 billion for its fifth growth fund and $500 million for its second Leaders Fund, or a dedicated pool of capital meant to help the firm strengthen its positions on particularly competitive bets. Plus, 137 Ventures announced its fourth fund with $210 million in committed capital. The firm provides liquidity to founders and early employees of “sustainable, fast-growing, private companies.” In essence, 137 Ventures buys shares directly from employees at unicorn tech companies, like Palantir,  Flexport and Airbnb.

Sam Altman

Last week, we reported Y Combinator president Sam Altman would be stepping down to focus on OpenAI. TechCrunch’s Connie Loizos questions whether he had a positive or negative influence on the accelerator during his presidency. Altman was part of the first YC startup class in 2005 and began working part-time as a YC partner in 2011. He was ultimately made the head of the organization five years ago.

Brian O’Malley’s HotelTonight win

Forerunner Ventures general partner Brian O’Malley went long on HotelTonight and it paid off. For your weekend reading, we thought you might enjoy an oral history from O’Malley about how he stumbled upon HotelTonight and remained connected to the company across its nine-year history.

Here’s your weekly reminder to send me tips, suggestions and more to kate.clark@techcrunch.com or @KateClarkTweets

Startup cash

VC shakeups 

In an announcement that shocked VC Twitter, Tiger Global announced that Lee Fixel, whom Bill Gurley once said is one of the smartest investors on the scene, is leaving the firm at the end of June. Scott Shleifer and Chase Coleman will continue as co-managers of the portfolios Fixel has overseen, with Shleifer taking over as its head. “Lee has been a driving force behind the expansion of Tiger Global’s private equity investing activities in the United States and India, and he has distinguished himself as a world-class investor across multiple sectors and stages,” the firm stated. And on the hiring front, Canvas Ventures is expanding its team of three general partners to four with the hiring of Mike Ghaffary, a former general partner at Social Capital.

Extra Crunch

Subscribers to TechCrunch’s premium content can learn which types of startups are most often profitable.

Y Combinator’s latest batch

YC demo days are coming up quick. The TechCrunch staff has been meeting with YC startups and documenting their journey through the startup accelerator. I spoke to YourChoice Therapeutics, a startup developing unisex, non-hormonal birth control, and Bottomless, which operates a direct-to-consumer coffee delivery service. TechCrunch’s Lucas Matney wrote about Jetpack Aviation, a YC startup, and its $380,000 flying motorcycle, and Adventurous, an augmented reality scavenger hunt crafted for families. TechCrunch’s Megan Rose Dickey spoke to Ysplit, which wants to make it so you never have to owe anyone money ever again.

Listen to me talk

This week on Equity, TechCrunch’s venture capital-focused podcast, where we unpack the numbers behind the headlines, Crunchbase News’ editor-in-chief Alex Wilhelm and TechCrunch’s Connie Loizos discuss Uber’s IPO and Stash’s big round. Listen here.

Want more TechCrunch newsletters? Sign up here.

Powered by WPeMatico

Recent departures hint at turmoil at Quartet Health, a mental health startup backed by GV

Backed with nearly $87 million in venture capital funding from GV, Oak HC/FT and F-Prime Capital, Quartet Health was founded in 2014 by Arun Gupta, Steve Shulman and David Wennberg to improve access to behavioral healthcare. Its mission: “enable every person in our society to thrive by building a collaborative behavioral and physical health ecosystem.”

Recent shakeups within the New York-based company’s c-suite and a perusal of its Glassdoor profile suggest Quartet’s culture is not fully in line with its own philosophy.  

In the last few weeks, chief product officer Rajesh Midha has left the company and president and chief operating officer David Liu is on his way out, TechCrunch has learned and confirmed with Quartet. Founding chief executive officer Arun Gupta, meanwhile, has stepped into the executive chairman role, relinquishing responsibility of the company’s day-to-day operations to former chief science officer David Wennberg, who’s taken over as CEO.

“I’m focusing on our external growth,” Gupta told TechCrunch on Friday. “David has really stepped up as CEO.”

Gupta and Wennberg said Liu’s role was no longer needed because Wennberg had assumed his responsibilities. Liu will formally exit the company at the end of the month. As for its product chief, the pair say Midha had “transitioned out” of the role and that an unnamed internal candidate was tapped to replace him.

When asked whether other employees had left in recent weeks,  Wennberg provided the following indeterminate statement: “We are always having people coming in. I don’t think we’ve had any unusual turnover. We’re hiring and people’s roles change and that’s just part of growth.”

Quartet, which provides a platform that allows providers to collaborate on treatment plans, currently has 150 employees, according to its executives.

In a LinkedIn status update published this week — after TechCrunch’s initial inquiries — Gupta announced his transition to executive chairman:

“Still full-time, though focused largely on our opportunity to further evangelize our mission, [I will] drive the change we want to see in this world, and expand our reach … I have tremendous confidence in David’s ability to lead our many talented Quartetians to deliver this next phase.”

Several former employees seemed less than pleased with Gupta’s performance, writing in a number of Glassdoor reviews that he was “abominable,” “kind of a monster” and “by far the worst executive.”

When asked for comment on those reviews, Gupta and Wennberg shrugged it off: “Glassdoor is Glassdoor.” They agreed its important to pay attention to but impossible to vet.

Gupta began his career as a management consultant at McKinsey and served as a consultant to The World Bank before joining Palantir, Peter Thiel’s data-mining company, as an advisor in 2014. Wennberg, for his part, was the CEO of The High Value Healthcare Collaborative, a consortium of 15 healthcare delivery systems, before co-founding Quartet.

In January, Quartet raised a $40 million Series C to expand throughout the U.S. F-Prime Capital and Polaris Partners led the round, with participation from GV and Oak HC/FT. The financing valued the company at $300 million, according to PitchBook.

As part of the funding, Quartet announced it was adding three new directors to its board: F-Prime’s executive partner Carl Byers; Ken Goulet, an executive vice president at health insurance provider Anthem; and former Rackspace CEO and BuildGroup co-founder Lanham Napier. Other outside board members include Oak HC/FT’s managing partner Annie Lamont, GV partner Krishna Yeshwant, Polaris managing partner Brian Chee and former U.S. Congressman Patrick Kennedy.

Quartet previously raised a $40 million Series B in April 2016 led by GV. The investment marked the venture capital investment arm of Google’s first in a mental health startup. Before that, the startup brought in a $7 million Series A led by Oak HC/FT’s managing partner Annie Lamont.

For now, Quartet remains committed to growth.

“We learn from what we are doing and we continue to learn,” Wennberg said. “That is part of growth. It’s hard and you just keep working and growing because we have a huge mission.”

Powered by WPeMatico