privacy
Auto Added by WPeMatico
Auto Added by WPeMatico
Domestic abuse comes in digital forms as well as physical and emotional, but a lack of tools to address this kind of behavior leaves many victims unprotected and desperate for help. This Cornell project aims to define and detect digital abuse in a systematic way.
Digital abuse may be many things: hacking the victim’s computer, using knowledge of passwords or personal date to impersonate them or interfere with their presence online, accessing photos to track their location, and so on. As with other forms of abuse, there are as many patterns as there are people who suffer from it.
But with something like emotional abuse, there are decades of studies and clinical approaches to address how to categorize and cope with it. Not so with newer phenomena like being hacked or stalked via social media. That means there’s little standard playbook for them, and both abused and those helping them are left scrambling for answers.
“Prior to this work, people were reporting that the abusers were very sophisticated hackers, and clients were receiving inconsistent advice. Some people were saying, ‘Throw your device out.’ Other people were saying, ‘Delete the app.’ But there wasn’t a clear understanding of how this abuse was happening and why it was happening,” explained Diana Freed, a doctoral student at Cornell Tech and co-author of a new paper about digital abuse.
“They were making their best efforts, but there was no uniform way to address this,” said co-author Sam Havron. “They were using Google to try to help clients with their abuse situations.”
Investigating this problem with the help of a National Science Foundation grant to examine the role of tech in domestic abuse, they and some professor collaborators at Cornell and NYU came up with a new approach.
There’s a standardized questionnaire to characterize the type of tech-based being experienced. It may not occur to someone who isn’t tech-savvy that their partner may know their passwords, or that there are social media settings they can use to prevent that partner from seeing their posts. This information and other data are added to a sort of digital presence diagram the team calls the “technograph” and which helps the victim visualize their technological assets and exposure.

The team also created a device they call the IPV Spyware Discovery, or ISDi. It’s basically spyware scanning software loaded on a device that can check the victim’s device without having to install anything. This is important because an abuser may have installed tracking software that would alert them if the victim is trying to remove it. Sound extreme? Not to people fighting a custody battle who can’t seem to escape the all-seeing eye of an abusive ex. And these spying tools are readily available for purchase.
“It’s consistent, it’s data-driven and it takes into account at each phase what the abuser will know if the client makes changes. This is giving people a more accurate way to make decisions and providing them with a comprehensive understanding of how things are happening,” explained Freed.
Even if the abuse can’t be instantly counteracted, it can be helpful simply to understand it and know that there are some steps that can be taken to help.
The authors have been piloting their work at New York’s Family Justice Centers, and following some testing have released the complete set of documents and tools for anyone to use.
This isn’t the team’s first piece of work on the topic — you can read their other papers and learn more about their ongoing research at the Intimate Partner Violence Tech Research program site.
Powered by WPeMatico
As privacy regulations like GDPR and the California Consumer Privacy Act proliferate, more startups are looking to help companies comply. Enter Preclusio, a member of the Y Combinator Summer 2019 class, which has developed a machine learning-fueled solution to help companies adhere to these privacy regulations.
“We have a platform that is deployed on-prem in our customer’s environment, and helps them identify what data they’re collecting, how they’re using it, where it’s being stored and how it should be protected. We help companies put together this broad view of their data, and then we continuously monitor their data infrastructure to ensure that this data continues to be protected,” company co-founder and CEO Heather Wade told TechCrunch.
She says that the company made a deliberate decision to keep the solution on-prem. “We really believe in giving our clients control over their data. We don’t want to be just another third-party SaaS vendor that you have to ship your data to,” Wade explained.
That said, customers can run it wherever they wish, whether that’s on-prem or in the cloud in Azure or AWS. Regardless of where it’s stored, the idea is to give customers direct control over their own data. “We are really trying to alert our customers to threats or to potential privacy exceptions that are occurring in their environment in real time, and being in their environment is really the best way to facilitate this,” she said.
The product works by getting read-only access to the data, then begins to identify sensitive data in an automated fashion using machine learning. “Our product automatically looks at the schema and samples of the data, and uses machine learning to identify common protected data,” she said. Once that process is completed, a privacy compliance team can review the findings and adjust these classifications as needed.
Wade, who started the company in March, says the idea formed at previous positions where she was responsible for implementing privacy policies and found there weren’t adequate solutions on the market to help. “I had to face the challenges first-hand of dealing with privacy and compliance and seeing how resources were really taken away from our engineering teams and having to allocate these resources to solving these problems internally, especially early on when GDPR was first passed, and there really were not that many tools available in the market,” she said.
Interestingly Wade’s co-founder is her husband, John. She says they deal with the intensity of being married and startup founders by sticking to their areas of expertise. He’s the marketing person and she’s the technical one.
She says they applied to Y Combinator because they wanted to grow quickly, and that timing is important with more privacy laws coming online soon. She has been impressed with the generosity of the community in helping them reach their goals. “It’s almost indescribable how generous and helpful other folks who’ve been through the YC program are to the incoming batches, and they really do have that spirit of paying it forward,” she said.
Powered by WPeMatico
Apple has joined the dubious company of Google and Amazon in secretly sharing with contractors audio recordings of its users, confirming the practice to The Guardian after a whistleblower brought it to the outlet. The person said that Siri queries are routinely sent to human listeners for closer analysis, something not disclosed in Apple’s privacy policy.
The recordings are reportedly not associated with an Apple ID, but can be several seconds long, include content of a personal nature and are paired with other revealing data, like location, app data and contact details.
Like the other companies, Apple says this data is collected and analyzed by humans to improve its services, and that all analysis is done in a secure facility by workers bound by confidentiality agreements. And like the other companies, Apple failed to say that it does this until forced to.
Apple told The Guardian that less than 1% of daily queries are sent, cold comfort when the company is also constantly talking up the volume of Siri queries. Hundreds of millions of devices use the feature regularly, making a conservative estimate of a fraction of 1% rise quickly into the hundreds of thousands.
This “small portion” of Siri requests is apparently randomly chosen, and as the whistleblower notes, it includes “countless instances of recordings featuring private discussions between doctors and patients, business deals, seemingly criminal dealings, sexual encounters and so on.”
Some of these activations of Siri will have been accidental, which is one of the things listeners are trained to listen for and identify. Accidentally recorded queries can be many seconds long and contain a great deal of personal information, even if it is not directly tied to a digital identity.
Only in the last month has it come out that Google likewise sends clips to be analyzed, and that Amazon, which we knew recorded Alexa queries, retains that audio indefinitely.
Apple’s privacy policy states regarding non-personal information (under which Siri queries would fall):
We may collect and store details of how you use our services, including search queries. This information may be used to improve the relevancy of results provided by our services. Except in limited instances to ensure quality of our services over the Internet, such information will not be associated with your IP address.
It’s conceivable that the phrase “search queries” is inclusive of recordings of search queries. And it does say that it shares some data with third parties. But nowhere is it stated simply that questions you ask your phone may be recorded and shared with a stranger. Nor is there any way for users to opt out of this practice.
Given Apple’s focus on privacy and transparency, this seems like a major, and obviously a deliberate, oversight. I’ve contacted Apple for more details and will update this post when I hear back.
Powered by WPeMatico
It’s been hard to get away from FaceApp over the last few days, whether it’s your friends posting weird selfies using the app’s aging and other filters, or the brief furore over its apparent (but not actual) circumvention of permissions on iPhones. Now even the Senate is getting in on the fun: Sen. Chuck Schumer (D-NY) has asked the FBI and the FTC to look into the app’s data handling practices.
“I write today to express my concerns regarding FaceApp,” he writes in a letter sent to FBI Director Christopher Wray and FTC Chairman Joseph Simons. I’ve excerpted his main concerns below:
In order to operate the application, users must provide the company full and irrevocable access to their personal photos and data. According to its privacy policy, users grant FaceApp license to use or publish content shared with the application, including their username or even their real name, without notifying them or providing compensation.
Furthermore, it is unclear how long FaceApp retains a user’s data or how a user may ensure their data is deleted after usage. These forms of “dark patterns,” which manifest in opaque disclosures and broader user authorizations, can be misleading to consumers and may even constitute a deceptive trade practices. Thus, I have serious concerns regarding both the protection of the data that is being aggregated as well as whether users are aware of who may have access to it.
In particular, FaceApp’s location in Russia raises questions regarding how and when the company provides access to the data of U.S. citizens to third parties, including potentially foreign governments.
For the cave-dwellers among you (and among whom I normally would proudly count myself) FaceApp is a selfie app that uses AI-esque techniques to apply various changes to faces, making them look older or younger, adding accessories, and, infamously, changing their race. That didn’t go over so well.
There’s been a surge in popularity over the last week, but it was also noticed that the app seemed to be able to access your photos whether you said it could or not. It turns out that this is actually a normal capability of iOS, but it was being deployed here in somewhat of a sneaky manner and not as intended. And arguably it was a mistake on Apple’s part to let this method of selecting a single photo go against the “never” preference for photo access that a user had set.
Fortunately the Senator’s team is not worried about this or even the unfounded (we checked) concerns that FaceApp was secretly sending your data off in the background. It isn’t. But it very much does send your data to Russia when you tell it to give you an old face, or a hipster face, or whatever. Because the computers that do the actual photo manipulation are located there — these filters are being applied in the cloud, not directly on your phone.
His concerns are over the lack of transparency that user data is being sent out to servers who knows where, to be kept for who knows how long, and sold to who knows whom. Fortunately the obliging FaceApp managed to answer most of these questions before the Senator’s letter was ever posted.
The answers to his questions, should we choose to believe them, are that user data is not in fact sent to Russia, the company doesn’t track users and usually can’t, doesn’t sell data to third parties, and deletes “most” photos within 48 hours.
Although the “dark patterns” of which the Senator speaks are indeed an issue, and although it would have been much better if FaceApp had said up front what it does with your data, this is hardly an attempt by a Russian adversary to build up a database of U.S. citizens.
While it is good to see Congress engaging with digital privacy, asking the FBI and FTC to look into a single app seems unproductive when that app is not doing much that a hundred others, American and otherwise, have been doing for years. Cloud-based processing and storage of user data is commonplace — though usually disclosed a little better.
Certainly as Sen. Schumer suggests, the FTC should make sure that “there are adequate safeguards in place to protect the privacy of Americans…and if not, that the public be made aware of the risks associated with the use of this application or others similar to it.” But this seems the wrong nail to hang that on. We see surreptitious slurping of contact lists, deceptive deletion promises, third-party sharing of poorly anonymized data, and other bad practices in apps and services all the time — if the federal government wants to intervene, let’s have it. But let’s have a law or a regulation, not a strongly worded letter written after the fact.
Schumer Faceapp Letter by TechCrunch on Scribd
Powered by WPeMatico
Facebook is leaning on fears of China exporting its authoritarian social values to counter arguments that it should be broken up or slowed down. Its top executives have each claimed that if the U.S. limits its size, blocks its acquisitions or bans its cryptocurrency, Chinese company’s absent these restrictions will win abroad, bringing more power and data to their government. CEO Mark Zuckerberg, COO Sheryl Sandberg and VP of communications Nick Clegg have all expressed this position.
The latest incarnation of this talking point came in today’s and yesterday’s congressional hearings over Libra, the Facebook-spearheaded digital currency it hopes to launch in the first half of 2020. Facebook’s head of its blockchain subsidiary Calibra, David Marcus, wrote in his prepared remarks to the House Financial Services Committee today that (emphasis added):
I believe that if America does not lead innovation in the digital currency and payments area, others will. If we fail to act, we could soon see a digital currency controlled by others whose values are dramatically different.
WASHINGTON, DC – JULY 16: Head of Facebook’s Calibra David Marcus testifies during a hearing before Senate Banking, Housing and Urban Affairs Committee July 16, 2019 on Capitol Hill in Washington, DC. The committee held the hearing on “Examining Facebook’s Proposed Digital Currency and Data Privacy Considerations.” (Photo by Alex Wong/Getty Images)
Marcus also told the Senate Banking Subcommittee yesterday that “I believe if we stay put we’re going to be in a situation in 10, 15 years where half the world is on a blockchain technology that is out of reach of our national-security apparatus.”.
This argument is designed to counter House-drafted “Keep Big Tech Out of Finance” legislation that Reuters reports would declare that companies like Facebook that earn over $25 billion in annual revenue “may not establish, maintain, or operate a digital asset . . . that is intended to be widely used as medium of exchange, unit of account, store of value, or any other similar function.”
The message Facebook is trying to deliver is that cryptocurrencies are inevitable. Blocking Libra would just open the door to even less scrupulous actors controlling the technology. Facebook’s position here isn’t limited to cryptocurrencies, though.
The concept crystallized exactly a year ago when Zuckerberg said in an interview with Recode’s Kara Swisher, “I think you have this question from a policy perspective, which is, do we want American companies to be exporting across the world?” (emphasis added):
We grew up here, I think we share a lot of values that I think people hold very dear here, and I think it’s generally very good that we’re doing this, both for security reasons and from a values perspective. Because I think that the alternative, frankly, is going to be the Chinese companies. If we adopt a stance which is that, ‘Okay, we’re gonna, as a country, decide that we wanna clip the wings of these companies and make it so that it’s harder for them to operate in different places, where they have to be smaller,’ then there are plenty of other companies out that are willing and able to take the place of the work that we’re doing.
When asked if he specifically meant Chinese companies, Zuckerberg doubled down, saying (emphasis added):
Yeah. And they do not share the values that we have. I think you can bet that if the government hears word that it’s election interference or terrorism, I don’t think Chinese companies are going to wanna cooperate as much and try to aid the national interest there.
WASHINGTON, DC – APRIL 10: Facebook co-founder, Chairman and CEO Mark Zuckerberg testifies before a combined Senate Judiciary and Commerce committee hearing in the Hart Senate Office Building on Capitol Hill April 10, 2018 in Washington, DC. Zuckerberg, 33, was called to testify after it was reported that 87 million Facebook users had their personal information harvested by Cambridge Analytica, a British political consulting firm linked to the Trump campaign. (Photo by Chip Somodevilla/Getty Images)
This April, Zuckerberg went deeper when he described how Facebook would refuse to comply with data localization laws in countries with poor track records on human rights. The CEO explained the risk of data being stored in other countries, which is precisely what might happen if regulators hamper Facebook and innovation happens elsewhere. Zuckerberg told philosopher Yuval Harari that (emphasis added):
When I look towards the future, one of the things that I just get very worried about is the values that I just laid out [for the internet and data] are not values that all countries share. And when you get into some of the more authoritarian countries and their data policies, they’re very different from the kind of regulatory frameworks that across Europe and across a lot of other places, people are talking about or put into place . . . And the most likely alternative to each country adopting something that encodes the freedoms and rights of something like GDPR, in my mind, is the authoritarian model, which is currently being spread, which says every company needs to store everyone’s data locally in data centers and then, if I’m a government, I can send my military there and get access to whatever data I want and take that for surveillance or military.
I just think that that’s a really bad future. And that’s not the direction, as someone who’s building one of these internet services, or just as a citizen of the world, I want to see the world going. If a government can get access to your data, then it can identify who you are and go lock you up and hurt you and your family and cause real physical harm in ways that are just really deep.

Facebook’s newly hired head of communications, Nick Clegg, told reporters back in January that (emphasis added):
These are of course legitimate questions, but we don’t hear so much about China, which combines astonishing ingenuity with the ability to process data on a vast scale without the legal and regulatory constraints on privacy and data protection that we require on both sides of the Atlantic . . . [and this data could be] put to more sinister surveillance ends, as we’ve seen with the Chinese government’s controversial social credit system.
In response to Facebook co-founder Chris Hughes’ call that Facebook should be broken up, Clegg wrote in May that “Facebook shouldn’t be broken up — but it does need to be held to account. Anyone worried about the challenges we face in an online world should look at getting the rules of the internet right, not dismantling successful American companies.”
He hammered home the alternative the next month during a speech in Berlin (emphasis added):
If we in Europe and America don’t turn off the white noise and begin to work together, we will sleepwalk into a new era where the internet is no longer a universal space but a series of silos where different countries set their own rules and authoritarian regimes soak up their citizens’ data while restricting their freedom . . . If the West doesn’t engage with this question quickly and emphatically, it may be that it isn’t ours to answer. The common rules created in our hemisphere can become the example the rest of the world follows.
COO Sheryl Sandberg made the point most directly in an interview with CNBC in May (emphasis added):
You could break us up, you could break other tech companies up, but you actually don’t address the underlying issues people are concerned about . . . While people are concerned with the size and power of tech companies, there’s also a concern in the United States about the size and power of Chinese tech companies and the … realization that those companies are not going to be broken up.
![]()
WASHINGTON, DC – SEPTEMBER 5: Facebook chief operating officer Sheryl Sandberg testifies during a Senate Intelligence Committee hearing concerning foreign influence operations’ use of social media platforms, on Capitol Hill, September 5, 2018 in Washington, DC. Twitter CEO Jack Dorsey and Facebook chief operating officer Sheryl Sandberg faced questions about how foreign operatives use their platforms in attempts to influence and manipulate public opinion. (Photo by Drew Angerer/Getty Images)
Indeed, China does not share the United States’ values on individual freedoms and privacy. And yes, breaking up Facebook could weaken its products like WhatsApp, providing more opportunities for apps like Chinese tech giant Tencent’s WeChat to proliferate.
But letting Facebook off the hook won’t solve the problems China’s influence poses to an open and just internet. Framing the issue as “strong regulation lets China win” creates a false dichotomy. There are more constructive approaches if Zuckerberg seriously wants to work with the government on exporting freedom via the web. And the distrust Facebook has accrued through the mistakes it’s made in the absence of proper regulation arguably do plenty to hurt the perception of how American ideals are spread through its tech companies.

Breaking up Facebook may not be the answer, especially if it’s done in retaliation for its wrong-doings instead of as a coherent way to prevent more in the future. To that end, a better approach might be stopping future acquisitions of large or rapidly growing social networks, forcing it to offer true data portability so existing users have the freedom to switch to competitors, applying proper oversight of its privacy policies and requiring a slow rollout of Libra with testing in each phase to ensure it doesn’t screw consumers, enable terrorists or jeopardize the world economy.
Resorting to scare tactics shows that it’s Facebook that’s scared. Years of growth over safety strategy might finally catch up with it. The $5 billion FTC fine is a slap on the wrist for a company that profits more than that per quarter, but a break-up would do real damage. Instead of fear-mongering, Facebook would be better served by working with regulators in good faith while focusing more on preempting abuse. Perhaps it’s politically savvy to invoke the threat of China to stoke the worries of government officials, and it might even be effective. That doesn’t make it right.
Powered by WPeMatico
Facebook will only build its own Calibra cryptocurrency wallet into Messenger and WhatsApp, and will refuse to embed competing wallets, the head of Calibra David Marcus told the Senate Banking Committee today. While some, like Senator Brown, blustered that “Facebook is dangerous!,” others surfaced poignant questions about Libra’s risks.
Calibra will be interoperable, so users can send money back and forth with other wallets, and Marcus committed to data portability so users can switch entirely to a competitor. But solely embedding Facebook’s own wallet into its leading messaging apps could give the company a sizable advantage over banks, PayPal, Coinbase or any other potential wallet developer.
Other highlights from the “Examining Facebook’s Proposed Digital Currency and Data Privacy Considerations” hearing included Marcus saying:
But Marcus also didn’t clearly answer some critical questions about Libra and Calibra, and may be asked again when he testifies before the House Financial Services Committee tomorrow.
Chairman Crapo asked if Facebook would collect data about transactions made with Calibra that are made on Facebook, such as when users buy products from businesses they discover through Facebook. Marcus instead merely noted that Facebook would still let users pay with credit cards and other mediums as well as Calibra. That means that even though Facebook might not know how much money is in someone’s Calibra wallet or their other transactions, it might know how much they paid and for what if that transaction happens over their social networks.
Senator Tillis asked how much Facebook has invested in the formation of Libra. TechCrunch has also asked specifically how much Facebook has invested in the Libra Investment Token that will earn it a share of interest earned from the fiat currencies in the Libra Reserve. Marcus said Facebook and Calibra hadn’t determined exactly how much it would invest in the project. Marcus also didn’t clearly answer Senator Toomey’s question of why the Libra Association is considered a not-for-profit organization if it will pay out interest to members.
Senator Menendez asked if the Libra Association would freeze the assets if terrorist organizations were identified. Marcus said that Calibra and other custodial wallets that actually hold users’ Libra could do that, and that regulated off-ramps could block them from converting Libra into fiat. But this answer underscores that there may be no way for the Libra Association to stop transfers between terrorists’ non-custodial wallets, especially if local governments where those terrorists operate don’t step in.
Perhaps the most worrying moment of the hearing was when Senator Sinema brought up TechCrunch’s article citing that “The real risk of Libra is crooked developers.” There I wrote that Facebook’s VP of product Kevin Weil told me that “There are no plans for the Libra Association to take a role in actively vetting [developers],” which I believe leaves the door open to a crypto Cambridge Analytica situation where shady developers steal users money, not just their data.
Senator Sinema asked if an Arizonan was scammed out of their Libra by a Pakistani developer via a Thai exchange and a Spanish wallet, would that U.S. citizen be entitled to protection to recuperate their lost funds. Marcus responded that U.S. citizens would likely use American Libra wallets that are subject to protections and that the Libra Association will work to educate users on how to avoid scams. But Sinema stressed that if Libra is designed to assist the poor who are often less educated, they could be especially vulnerable to scammers.
Here @SenatorSinema cites my article warning that we need protection from Facebook Libra’s unvetted developers https://t.co/gYeYIQVFLj pic.twitter.com/QSqVDztpCU
— Josh Constine (@JoshConstine) July 16, 2019
Overall, the hearing was surprisingly coherent. Many Senators showed strong base knowledge of how Libra worked and asked the right questions. Marcus was generally forthcoming, beyond the topics of how much Facebook has invested in the Libra project and what data it will glean from transactions atop its social network.
Some of the top concerns, such as terrorist money laundering, encompass the entire cryptocurrency ecosystem and can’t be solved even by strong rules around Libra. Little regard was given to how Libra could improve remittance or cut transaction fees that see corporations profit off families and small businesses.
Still, if Libra actually becomes popular and evolves as an open ecosystem full of unvetted developers, the currency could be used to facilitate scams. Precisely because of the lack of trust in Facebook that many Senators harped on, consumers could go seeking Libra wallet alternatives to the company that might push them into the hands of evildoers. The Libra Association may need to shift the balance further toward safety and away from cryptocurrency’s prevailing philosophies from openness. Otherwise, the frontiers of this Wild West could prove dangerous, even if its civilized regions are well-regulated.
Powered by WPeMatico
The unchecked digital land grab for consumers’ personal data that has been going on for more than a decade is coming to an end, and the dominoes have begun to fall when it comes to the regulation of consumer privacy and data security.
We’re witnessing the beginning of a sweeping upheaval in how companies are allowed to obtain, process, manage, use and sell consumer data, and the implications for the digital ad competitive landscape are massive.
On the backdrop of evolving privacy expectations and requirements, we’re seeing the rise of a new class of digital advertising player: consumer-facing apps and commerce platforms. These commerce companies are emerging as the most likely beneficiaries of this new regulatory privacy landscape — and we’re not just talking about e-commerce giants like Amazon.
Traditional commerce companies like eBay, Target and Walmart have publicly spoken about advertising as a major focus area for growth, but even companies like Starbucks and Uber have an edge in consumer data consent and, thus, an edge over incumbent media players in the fight for ad revenues.
Image via Getty Images / alashi
By now, most executives, investors and entrepreneurs are aware of the growing acronym soup of privacy regulation, the two most prominent ingredients being the GDPR (General Data Protection Regulation) and the CCPA (California Consumer Privacy Act).
Powered by WPeMatico
A UK parliamentary committee has concluded there are no technical grounds for excluding Chinese network kit vendor Huawei from the country’s 5G networks.
In a letter from the chair of the Science & Technology Committee to the UK’s digital minister Jeremy Wright, the committee says: “We have found no evidence from our work to suggest that the complete exclusion of Huawei from the UK’s telecommunications networks would, from a technical point of view, constitute a proportionate response to the potential security threat posed by foreign suppliers.”
Though the committee does go on to recommend the government mandate the exclusion of Huawei from the core of 5G networks, noting that UK mobile network operators have “mostly” done so already — but on a voluntary basis.
If it places a formal requirement on operators not to use Huawei for core supply the committee urges the government to provide “clear criteria” for the exclusion so that it could be applied to other suppliers in future.
Reached for a response to the recommendations, a government spokesperson told us: “The security and resilience of the UK’s telecoms networks is of paramount importance. We have robust procedures in place to manage risks to national security and are committed to the highest possible security standards.”
The spokesperson for the Department for Digital, Media, Culture and Sport added: “The Telecoms Supply Chain Review will be announced in due course. We have been clear throughout the process that all network operators will need to comply with the Government’s decision.”
In recent years the US administration has been putting pressure on allies around the world to entirely exclude Huawei from 5G networks — claiming the Chinese company poses a national security risk.
Australia announced it was banning Huawei and another Chinese vendor ZTE from providing kit for its 5G networks last year. Though in Europe there has not been a rush to follow the US lead and slam the door on Chinese tech giants.
In April leaked information from a UK Cabinet meeting suggested the government had settled on a policy of granting Huawei access as a supplier for some non-core parts of domestic 5G networks, while requiring they be excluded from supplying components for use in network cores.
On this somewhat fuzzy issue of delineating core vs non-core elements of 5G networks, the committee writes that it “heard unanimously and clearly” from witnesses that there will still be a distinction between the two in the next-gen networks.
It also cites testimony by the technical director of the UK’s National Cyber Security Centre (NCSC), Dr Ian Levy, who told it “geography matters in 5G”, and pointed out Australia and the UK have very different “laydowns” — meaning “we may have exactly the same technical understanding, but come to very different conclusions”.
In a response statement to the committee’s letter, Huawei SVP Victor Zhang welcomed the committee’s “key conclusion” before going on to take a thinly veiled swiped at the US — writing: “We are reassured that the UK, unlike others, is taking an evidence based approach to network security. Huawei complies with the laws and regulations in all the markets where we operate.”
The committee’s assessment is not all comfortable reading for Huawei, though, with the letter also flagging the damning conclusions of the most recent Huawei Oversight Board report which found “serious and systematic defects” in its software engineering and cyber security competence — and urging the government to monitor Huawei’s response to the raised security concerns, and to “be prepared to act to restrict the use of Huawei equipment if progress is unsatisfactory”.
Huawei has previously pledged to spend $2BN addressing security shortcomings related to its UK business — a figure it was forced to qualify as an “initial budget” after that same Oversight Board report.
“It is clear that Huawei must improve the standard of its cybersecurity,” the committee warns.
It also suggests the government consults on whether telecoms regulator Ofcom needs stronger powers to be able to force network suppliers to clean up their security act, writing that: “While it is reassuring to hear that network operators share this point of view and are ready to use commercial pressure to encourage this, there is currently limited regulatory power to enforce this.”
Another committee recommendation is for the NCSC to be consulted on whether similar security evaluation mechanisms should be established for other 5G vendors — such as Ericsson and Nokia: Two European based kit vendors which, unlike Huawei, are expected to be supplying core 5G.
“It is worth noting that an assurance system comparable to the Huawei Cyber Security Evaluation Centre does not exist for other vendors. The shortcomings in Huawei’s cyber security reported by the Centre cannot therefore be directly compared to the cyber security of other vendors,” it notes.
On the issue of 5G security generally the committee dubs this “critical”, adding that “all steps must be taken to ensure that the risks are as low as reasonably possible”.
Where “essential services” that make use of 5G networks are concerned, the committee says witnesses were clear such services must be able to continue to operate safely even if the network connection is disrupted. Government must ensure measures are put in place to safeguard operation in the event of cyber attacks, floods, power cuts and other comparable events, it adds.
While the committee concludes there is no technical reason to limit Huawei’s access to UK 5G, the letter does make a point of highlighting other considerations, most notably human rights abuses, emphasizing its conclusion does not factor them in at all — and pointing out: “There may well be geopolitical or ethical grounds… to enact a ban on Huawei’s equipment”.
It adds that Huawei’s global cyber security and privacy officer, John Suffolk, confirmed that a third party had supplied Huawei services to Xinjiang’s Public Security Bureau, despite Huawei forbidding its own employees from misusing IT and comms tech to carry out surveillance of users.
The committee suggests Huawei technology may therefore be being used to “permit the appalling treatment of Muslims in Western China”.
Powered by WPeMatico
Five billion dollars. That’s the apparent size of Facebook’s latest fine for violating data privacy.
While many believe the sum is simply a slap on the wrist for a behemoth like Facebook, it’s still the largest amount the Federal Trade Commission has ever levied on a technology company.
Facebook is clearly still reeling from Cambridge Analytica, after which trust in the company dropped 51%, searches for “delete Facebook” reached 5-year highs, and Facebook’s stock dropped 20%.
While incumbents like Facebook are struggling with their data, startups in highly-regulated, “Third Wave” industries can take advantage by using a data strategy one would least expect: ethics. Beyond complying with regulations, startups that embrace ethics look out for their customers’ best interests, cultivate long-term trust — and avoid billion dollar fines.
To weave ethics into the very fabric of their business strategies and tech systems, startups should adopt “agile” data governance systems. Often combining law and technology, these systems will become a key weapon of data-centric Third Wave startups to beat incumbents in their field.
Established, highly-regulated incumbents often use slow and unsystematic data compliance workflows, operated manually by armies of lawyers and technology personnel. Agile data governance systems, in contrast, simplify both these workflows and the use of cutting-edge privacy tools, allowing resource-poor startups both to protect their customers better and to improve their services.
In fact, 47% of customers are willing to switch to startups that protect their sensitive data better. Yet 80% of customers highly value more convenience and better service.
By using agile data governance, startups can balance protection and improvement. Ultimately, they gain a strategic advantage by obtaining more data, cultivating more loyalty, and being more resilient to inevitable data mishaps.
With agile data governance, startups can address their critical weakness: data scarcity. Customers share more data with startups that make data collection a feature, not a burdensome part of the user experience. Agile data governance systems simplify compliance with this data practice.
Take Ally Bank, which the Ponemon Institute rated as one of the most privacy-protecting banks. In 2017, Ally’s deposits base grew 16%, while those of incumbents declined 4%.
One key principle to its ethical data strategy: minimizing data collection and use. Ally’s customers obtain services through a personalized website, rarely filling out long surveys. When data is requested, it’s done in small doses on the site — and always results in immediate value, such as viewing transactions.
This is on purpose. Ally’s Chief Marketing Officer publicly calls the industry-mantra of “more data” dangerous to brands and consumers alike.
A critical tool to minimize data use is to use advanced data privacy tools like differential privacy. A favorite of organizations like Apple, differential privacy limits your data analysts’ access to summaries of data, such as averages. And by injecting noise into those summaries, differential privacy creates provable guarantees of privacy and prevents scenarios where malicious parties can reverse-engineer sensitive data. But because differential privacy uses summaries, instead of completely masking the data, companies can still draw meaning from it and improve their services.
With tools like differential privacy, organizations move beyond governance patterns where data analysts either gain unrestricted access to sensitive data (think: Uber’s controversial “god view”) or face multiple barriers to data access. Instead, startups can use differential privacy to share and pool data safely, helping them overcome data scarcity. The most agile data governance systems allow startups to use differential privacy without code and the large engineering teams that only incumbents can afford.
Ultimately, better data means better predictions — and happier customers.
According to Deloitte, 80% of consumers are more loyal to companies they believe protect their data. Yet far fewer leaders at established, incumbent companies — the respondents of the same survey — believed this to be true. Customers care more about their data than the leaders at incumbent companies think.
This knowledge gap is an opportunity for startups.
Furthermore, big enterprise companies — themselves customers of many startups — say data compliance risks prevent them from working with startups. And rightly so. Over 80% of data incidents are actually caused by errors from insiders, like third party vendors who mishandle sensitive data by sharing it with inappropriate parties. Yet over 68% of companies do not have good systems to prevent these types of errors. In fact, Facebook’s Cambridge Analytica firestorm — and resulting $5 billion fine — was sparked by third party inappropriately sharing personal data with a political consulting firm without user consent.
As a result, many companies — both startups and incumbents — are holding a ticking time bomb of customer attrition.
Agile data governance defuses these risks by simplifying the ethical data practices of understanding, controlling, and monitoring data at all times. With such practices, startups can prevent and correct the mishandling of sensitive data quickly.
Cognoa is a good example of a Third Wave healthcare startup adopting these three practices at a rapid pace. First, it understands where all of its sensitive health data lies by connecting all of its databases. Second, Cognoa can control all connected data sources at once from one point by using a single access-and-control layer, as opposed to relying on data silos. When this happens, employees and third parties can only access and share the sensitive data sources they’re supposed to. Finally, data queries are always monitored, allowing Cognoa to produce audit reports frequently and catch problems before they escalate out of control.
With tools that simplify these three practices, even low-resourced startups can make sure sensitive data is tightly controlled at all times to prevent data incidents. Because key workflows are simplified, these same startups can maintain the speed of their data analytics by sharing data safely with the right parties. With better and safer data sharing across functions, startups can develop the insight necessary to cultivate a loyal fan base for the long-term.
In 2018, Panera mistakenly shared 37 million customer records on its website and took 8 months to respond. Panera’s data incident is a taste of what’s to come: Gartner predicts that 50% of business ethics violations will stem from data incidents like these. In the era of “Big Data,” billion dollar incumbents without agile data governance will likely continue to violate data ethics.
Given the inevitability of such incidents, startups that adopt agile data governance will likely be the most resilient companies of the future.
Case in point: Harvard Business Review reports that the stock prices of companies without strong data governance practices drop 150% more than companies that do adopt strong practices. Despite this difference, only 10% of Fortune 500 companies actually employ the data transparency principle identified in the report. Practices include clearly disclosing data practices and giving users control over their privacy settings.
Sure, data incidents are becoming more common. But that doesn’t mean startups don’t suffer from them. In fact, up to 60% of startups fold after a cyber attack.
Startups can learn from WebMD, which Deloitte named as one standout in applying data transparency. With a readable privacy policy, customers know how data will be used, helping customers feel comfortable about sharing their data. More informed about the company’s practices, customers are surprised less by incidents. Surprises, BCG found, can reduce consumer spending by one-third. On a self-service platform on WebMD’s site, customers can control their privacy settings and how to share their data, further cultivating trust.
Self-service tools like WebMD’s are part of agile data governance. These tools allow startups to simplify manual processes, like responding to customer requests to control their data. Instead, startups can focus on safely delivering value to their customers.
For so long, the public seemed to care less about their data.
That’s changing. Senior executives at major companies have been publicly interrogated for not taking data governance seriously. Some, like Facebook and Apple, are even claiming to lead with privacy. Ultimately, data privacy risks significantly rise in Third Wave industries where errors can alter access to key basic needs, such as healthcare, housing, and transportation.
While many incumbents have well-resourced legal and compliance departments, agile data governance goes beyond the “risk mitigation” missions of those functions. Agile governance means that time-consuming and error-prone workflows are streamlined so that companies serve their customers more quickly and safely.
Case in point: even after being advised by an army of lawyers, Zuckerberg’s 30,000-word Senate testimony about Cambridge Analytica included “ethics” only once, and it excluded “data governance” completely.
And even if companies do have legal departments, most don’t make their commitment to governance clear. Less than 15% of consumers say they know which companies protect their data the best. Startups can take advantage of this knowledge gap by adopting agile data governance and educate their customers about how to protect themselves in the risky world of the Third Wave.
Some incumbents may always be safe. But those in highly-regulated Third Wave industries, such as automotive, healthcare, and telecom should be worried; customers trust these incumbents the least. Startups that adopt agile data governance, however, will be trusted the most, and the time to act is now.
Powered by WPeMatico
GDPR, and the newer California Consumer Privacy Act, have given a legal bite to ongoing developments in online privacy and data protection: it’s always good practice for companies with an online presence to take measures to safeguard people’s data, but now failing to do so can land them in some serious hot water.
Now — to underscore the urgency and demand in the market — one of the bigger companies helping organizations navigate those rules is announcing a huge round of funding. OneTrust, which builds tools to help companies navigate data protection and privacy policies both internally and with its customers, has raised $200 million in a Series A led by Insight that values the company at $1.3 billion.
It’s an outsized round for a Series A, being made at an equally outsized valuation — especially considering that the company is only three years old — but that’s because of the wide-ranging nature of the issue, according to CEO Kabir Barday, and OneTrust’s early moves and subsequent pole position in tackling it.
“We’re talking about an operational overhaul in a company’s practices,” Barday said in an interview. “That requires the right technology and reach to be able to deliver that at a low cost.” Notably, he said that OneTrust wasn’t actually in search of funding — it’s already generating revenue and could have grown off its own balance sheet — although he noted that having the capitalization and backing sends a signal to the market and in particular to larger organizations of its stability and staying power.
Currently, OneTrust has around 3,000 customers across 100 countries (and 1,000 employees), and the plan will be to continue to expand its reach geographically and to more businesses. Funding will also go toward the company’s technology: it already has 50 patents filed and another 50 applications in progress, securing its own IP in the area of privacy protection.
OneTrust offers technology and services covering three different aspects of data protection and privacy management.
Its Privacy Management Software helps an organization manage how it collects data, and it generates compliance reports in line with how a site is working relative to different jurisdictions. Then there is the famous (or infamous) service that lets internet users set their preferences for how they want their data to be handled on different sites. The third is a larger database and risk management platform that assesses how various third-party services (for example advertising providers) work on a site and where they might pose data protection risks.
These are all provided either as a cloud-based software as a service, or an on-premises solution, depending on the customer in question.
The startup also has an interesting backstory that sheds some light on how it was founded and how it identified the gap in the market relatively early.
Alan Dabbiere, who is the co-chairman of OneTrust, had been the chairman of Airwatch — the mobile device management company acquired by VMware in 2014 (Airwatch’s CEO and founder, John Marshall, is OneTrust’s other co-chairman). In an interview, he told me that it was when they were at Airwatch — where Barday had worked across consulting, integration, engineering and product management — that they began to see just how a smartphone “could be a quagmire of privacy issues.”
“We could capture apps that an employee was using so that we could show them to IT to mitigate security risks,” he said, “but that actually presented a big privacy issue. If [the employee] has dyslexia [and uses a special app for it] or if the employee used a dating app, you’ve now shown things to IT that you shouldn’t have.”
He admitted that in the first version of the software, “we weren’t even thinking about whether that was inappropriate, but then we quickly realised that we needed to be thinking about privacy.”
Dabbiere said that it was Barday who first brought that sensibility to light, and “that is something that we have evolved from.” After that, and after the VMware sale, it seemed a no-brainer that he and Marshall would come on to help the new startup grow.
Airwatch made a relatively quick exit, I pointed out. His response: the plan is to stay the course at OneTrust, with a lot more room for expansion in this market. He describes the issues of data protection and privacy as “death by 1,000 cuts.” I guess when you think about it from an enterprising point of view, that essentially presents 1,000 business opportunities.
Indeed, there is obvious growth potential to expand not just its funnel of customers, but to add more services, such as proactive detection of malware that might leak customers’ data (which calls to mind the recently fined breach at British Airways), as well as tools to help stop that once identified.
While there are a million other companies also looking to fix those problems today, what’s interesting is the point from which OneTrust is starting: by providing tools to organizations simply to help them operate in the current regulatory climate as good citizens of the online world.
This is what caught Insight’s eye with this investment.
“OneTrust has truly established themselves as leaders in this space in a very short time frame, and are quickly becoming for privacy professionals what Salesforce became for salespeople,” said Richard Wells of Insight. “They offer such a vast range of modules and tools to help customers keep their businesses compliant with varying regulatory laws, and the tailwinds around GDPR and the upcoming CCPA make this an opportune time for growth. Their leadership team is unparalleled in their ambition and has proven their ability to convert those ambitions into reality.”
Wells added that while this is a big round for a Series A it’s because it is something of an outlier — not a mark of how Series A rounds will go soon.
“Investors will always be interested in and keen to partner with companies that are providing real solutions, are already established and are led by a strong group of entrepreneurs,” he said in an interview. “This is a company that has the expertise to help solve for what could be one of the greatest challenges of the next decade. That’s the company investors want to partner with and grow, regardless of fund timing.”
Powered by WPeMatico