privacy

Auto Added by WPeMatico

Europe’s recharged antitrust chief makes her five-year pitch to be digital EVP

Europe’s competition commissioner Margrethe Vestager, set for a dual role in the next Commission, faced three hours of questions from members of four committees in the European Parliament this afternoon, as MEPs got their chance to interrogate her priorities for a broader legislative role that will shape pan-EU digital strategy for the next five years.

As we reported last month, Vestager is headed for an expanded role in the incoming European Commission with president-elect Ursula von der Leyen picking her as an executive VP overseeing a new portfolio called “Europe fit for the digital age.”

She is also set to retain her current job as competition commissioner. And a question she faced more than once during today’s hearing in front of MEPs, who have a confirming vote on her appointment, was whether the combined portfolio wasn’t at risk of a conflict of interest?

Or whether she “recognized the tension between objective competition enforcement and industrial policy interests in your portfolio,” as one MEP put it, before asking whether she would “build Chinese walls” within it to avoid crossing the streams of enforcement and policymaking.

Vestager responded by saying it was the first question she’d asked herself on being offered the role — before laying out flat reasoning that “the independence in law enforcement is non-negotiable.”

“It has always been true that the commissioner for competition has been part of the College. And every decision we take also in competition is a collegial decision,” she said. “What justifies that is of course that every decision is subject to not one but 2x legal scrutiny if need be. And the latest confirmation of this set up was two judgments in 2011 — where it was looked into whether this set up… is in accordance with our human rights and that has been found to be so. So the set up, as such, is as it should be.”

The commissioner and commissioner-designate responded capably to a wide range of questions reflecting the broad span of her new responsibilities — fielding questions on areas including digital taxation; platform power and regulation; a green new deal; AI and data ethics; digital skills and research; and small business regulation and funding, as well as queries around specific pieces of legislation (such as ePrivacy and Copyright Reform). 

Climate change and digital transformation were singled out in her opening remarks as two of Europe’s biggest challenges — ones she said will require both joint working and a focus on fairness.

Europe is filled with highly skilled people, we have excellent infrastructure, fair and effective laws. Our Single Market gives European businesses the room to grow and innovate, and be the best in the world at what they do,” she said at the top of her pitch to MEPs. “So my pledge is not to make Europe more like China, or America. My pledge is to help make Europe more like herself. To build on our own strengths and values, so our society is both strong and fair. For all Europeans.”

Building trust in digital services

In her opening remarks Vestager said that if confirmed she will work to build trust in digital services — suggesting regulation on how companies collect, use and share data might be necessary to ensure people’s data is used for public good, rather than to concentrate market power.

It’s a suggestion that won’t have gone unnoticed in Silicon Valley.

“I will work on a Digital Services Act that includes upgrading our liability and safety rules for digital platforms, services and products,” she pledged. “We may also need to regulate the way that companies collect and use and share data — so it benefits the whole of our society.”

“As global competition gets tougher we’ll need to work harder to preserve a level playing field,” she also warned.

But asked directly during the hearing whether Europe’s response to platform power might include breaking up overbearing tech giants, Vestager signaled caution — saying such an intrusive intervention should only be used as a last resort, and that she has an obligation to try less drastic measures first. (It’s a position she’s set out before in public.)

“You’re right to say fines are not doing the trick and fines are not enough,” she said in response to one questioner on the topic. Another MEP complained fines on tech giants are essentially just seen as an “operating expense.”

Vestager went on to cite the Google AdSense antitrust case as an example of enforcement that hasn’t succeeded because it has failed to restore competition. “Some of the things that we will of course look into is do we need even stronger remedies for competition to pick up in these markets,” she said. “They stopped their behavior. That’s now two years ago. The market hasn’t picked up. So what do we do in those kind of cases? We have to consider remedies that are much more far reaching.

“Also before we reach for the very, very far reaching remedy to break up a company — we have that tool in our toolbox but obviously it is very far reaching… My obligation is to ensure that we do the least intrusive thing in order to make competition come back. And in that respect, obviously, I am willing to explore what do we need more, in competition cases, for competition to come back.”

Competition law enforcers in Europe will have to consider how to make sure rules enforce fair competition in what Vestager described as a “new phenomenon” of “competition for a market, not just in a market” — meaning that whoever wins the competition becomes “the de facto rule setter in this market.”

Regulating platforms on transparency and fairness is something on which European legislators have already agreed — earlier this year. Though that platform to business regulation has yet to come into force. “But it will also be a question for us as competition law enforcers,” Vestager told MEPs.

Making use of existing antitrust laws but doing so with greater speed and agility, rather than a drastic change of competition approach, appeared to be her main message — with the commissioner noting she’d recently dusted off interim measures in an ongoing case against chipmaker Broadcom; the first time such an application has been made for 20 years.

“It’s a good reflection of the fact that we find it a very high priority to speed up what we do,” she said, adding: “There’s a limit as to how fast law enforcement can work, because we will never compromise on due process — on the other hand we should be able to work as fast as possible.”

Her responses to MEPs on platform power favored greater regulation of digital markets (potentially including data), markets which have become dominated by data-gobbling platforms — rather than an abrupt smashing of the platforms themselves. So not an Elizabeth Warren “existential” threat to big tech, then, but from a platform point of view Vestager’s preferred approach might just sum to death by a thousand legal cuts.

“One of course could consider what kind of tools do we need?,” she opined, talking about market reorganization as a means of regulating platform power. “[There are] different ways of trying to re-organize a marketplace if the competition authority finds that the way it’s working is not beneficial for fair competition. And those are tools that can be considered in order to sort of re-organize before harm is done. Then you don’t punish because no infringement is found but you can give very direct almost orders… as to how a market should be organized.”

Artificial intelligence with a purpose

On artificial intelligence — which the current Commission has been working on developing a framework for ethical design and application — Vestager’s opening remarks contained a pledge to publish proposals for this framework — to “make sure artificial intelligence is used ethically, to support human decisions and not undermine them” — and to do so within her first 100 days in office.

That led one MEP to question whether it wasn’t too ambitious and hasty to rush to control a still emerging technology. “It is very ambitious,” she responded. “And one of the things that I think about a lot is of course if we want to build trust then you have to listen.

“You cannot just say I have a brilliant idea, I make it happen all over. You have to listen to people to figure out what would be the right approach here. Also because there is a balance. Because if you’re developing something new then — exactly as you say — you should be very careful not to over-regulate.

“For me, to fulfill these ambitions, obviously we need the feedback from the many, many businesses who have taken upon them to use the assessment list and the principles [recommended by the Commission’s HLEG on AI] of how to create AI you can trust. But I also think, to some degree, we have to listen fast. Because we have to talk with a lot of different people in order to get it right. But it is a reflection of the fact that we are in hurry. We really need to get our AI strategy off the ground and these proposals will be part of that.”

Europe could differentiate itself — and be “a world leader” — by developing “AI with a purpose,” Vestager suggested, pointing to potential applications for the tech such as in healthcare, transportation and combating climate change, which she said would also work to further European values.

“I don’t think that we can be world leaders without ethical guidelines,” she said of AI. “I think we will lose it if we just say no let’s do as they do in the rest of the world — let’s pool all the data from everyone, no matter where it comes from, and let’s just invest all our money. I think we will lose out because the AI you create because you want to serve humans. That’s a different sort of AI. This is AI with a purpose.”

On digital taxation — where Vestager will play a strategic role, working with other commissioners — she said her intention is to work toward trying to achieve global agreement on reforming rules to take account of how data and profits flow across borders. But if that’s not possible she said Europe is prepared to act alone — and quickly — by the end of 2020.

“Surprising things can happen,” she said, discussing the challenge of achieving even an EU-wide consensus on tax reform, and noting how many pieces of tax legislation have already been passed in the European Council by unanimity. “So it’s not undoable. The problem is we have a couple of very important pieces of legislation that have not been passed.

“I’m still kind of hopeful in the working way that we can get a global agreement on digital taxation. If that is not the case, obviously we will table and push for a European solution. And I admire the Member States who’ve said we want a European or global solution, but if that isn’t to be we’re willing to do that by ourselves in order to be able to answer to all the businesses who pay their taxes.”

Vestager also signaled support for exploring the possibility of amending Article 116 of the Treaty on the Functioning of the EU, which relates to competition-based distortion of the internal market, in order to enable tax reform to be passed by a qualified majority, instead of unanimously — as a potential strategy for getting past the EU’s own current blocks to tax reform.

“I think definitely we should start exploring what would that entail,” she said in response to a follow-up question. “I don’t think it’s a given that it would be successful, but it’s important that we take the different tools that the treaty gives us and use these tools if need be.”

During the hearing she also advocated for a more strategic use of public procurement by the EU and Member States — to push for more funding to go into digital research and business innovation that benefits common interests and priorities.

“It means working together with Member States on important projects of common European interest. We will bring together entire value chains, from universities, suppliers, manufacturers all the way to those who recycle the raw material that is used in manufacturing,” she said.

“Public procurement in Europe is… a lot of money,” she added. “And if we also use that to ask for solutions well then we can have also maybe smaller businesses to say I can actually do that. So we can make an artificial intelligence strategy that will push in all different sectors of society.”

She also argued that Europe’s industrial strategy needs to reach beyond its own Single Market — signaling a tougher approach to market access to those outside the bloc.

And implying she might favor less of a free-for-all when it comes to access to publicly funded data — if the value it contains risks further entrenching already data-rich, market-dominating giants at the expense of smaller local players.

“As we get more and more interconnected, we are more dependent and affected by decisions made by others. Europe is the biggest trading partner of some 80 countries, including China and the U.S. So we are in a strong position to work for a level global playing field. This includes pursuing our proposal to reform the World Trade Organization. It includes giving ourselves the right tools to make sure that foreign state ownership and subsidies do not undermine fair competition in Europe,” she said.

“We have to figure out what constitutes market power,” she went on, discussing how capacity to collect data can influence market position, regardless of whether it’s directly linked to revenue. “We will expand our insights as to how this works. We have learned a lot from some of the merger cases that we have been doing to see how data can work as an asset for innovation but also as a barrier to entry. Because if you don’t have the right data it’s very difficult to produce the services that people are actually asking for. And that becomes increasingly critical when it comes to AI. Because once you have it then you can do even more.

“I think we have to discuss what we do with all the amazing publicly funded data that we make available. It’s not to be overly biblical but we shouldn’t end up in a situation where ‘those who have shall more be given.’ If you have a lot already then you also have the capabilities and the technical insight to make very good use of it. And we do have amazing data in Europe. Just think about what can be assessed in our supercomputers… they are world-class… And second when it comes to both [EU sat-nav] Galileo and [earth observation program] Copernicus. Also here data is available. Which is an excellent thing for the farmer doing precision farming and saving in pesticides and seeds and all of that. But are really happy that we also make it available for those who could actually pay for it themselves?

“I think that is a discussion that we will have to have — to make sure that not just the big ones keep taking for themselves but the smaller ones having a fair chance.”

Rights and wrongs

During the hearing Vestager was also asked whether she supported the controversial EU copyright reform.

She said she supports the “compromise” achieved — arguing that the legislation is important to ensure artists are rewarded for the work they do — but stressed that it will be important for the incoming Commission to ensure Member States’ implementations are “coherent” and that fragmentation is avoided.

She also warned against the risk of the same “divisive” debates being reopened afresh, via other pieces of legislation.

“I think now that the copyright issue has been settled it shouldn’t be reopened in the area of the Digital Services Act,” she said. “I think it’s important to be very careful not to do that because then we would lose speed again when it comes to actually making sure there is remuneration for those who hold copyright.”

Asked in a follow-up question how, as the directive gets implemented by EU Member States, she will ensure freedom of speech is protected from upload filter technologies — which is what critics of the copyright reform argue the law effectively demands that platforms deploy — Vestager hedged, saying: “[It] will take a lot of discussions and back and forth between Member States and Commission, probably. Also this parliament will follow this very closely. To make sure that we get an implementation in Member States that are similar.”

“One has to be very careful,” she added. “Some of the discussions that we had during the adoption of the copyright directive will come back. Because these are crucial debates. Because it’s a debate between the freedom of speech and actually protecting people who have rights. Which is completely justified… Just as we have fundamental values we also have fundamental discussions because it’s always a balancing act how to get this right.”

The commissioner also voiced support for passing the ePrivacy Regulation. “It will be high priority to make sure that we’re able to pass that,” she told MEPs, dubbing the reform an important building block.

“One of the things I hope is that we don’t just always decentralize to the individual citizens,” she added.  “Now you have rights, now you just go and force them. Because I know I have rights but one of my frustrations is how to enforce them? Because I am to read page after page after page and if I’m not tired and just forget about it then I sign up anyway. And that doesn’t really make sense. We still have to do more for people to feel empowered to protect themselves.”

She was also asked for her views on adtech-driven microtargeting — as a conduit for disinformation campaigns and political interference — and more broadly as so-called “surveillance capitalism.” “Are you willing to tackle adtech-driven business models as a whole?,” she was asked by one MEP. “Are you willing to take certain data exploitation practices like microtargeting completely off the table?”

Hesitating slightly before answering, Vestager said: “One of the things I have learned from surveillance capitalism and these ideas is it’s not you searching Google it is Google searching you. And that gives a very good idea about not only what you want to buy but also what you think. So we have indeed a lot to do. I am in complete agreement with what has been done so far — because we needed to do something fast. So the Code of Practice [on disinformation] is a very good start to make sure that we get things right… So I think we have a lot to build on.

“I don’t know yet what should be the details of the Digital Services Act. And I think it’s very important that we make the most of what we have since we’re in a hurry. Also to take stock of what I would call digital citizens’ rights — the GDPR [General Data Protection Regulation] — that we can have national authorities enforce that in full, and hopefully also to have a market response so that we have privacy by design and being able to choose that. Because I think it’s very important that we also get a market response to say, well, you can actually do things in a very different way than just to allow yourself to feel forced to sign up to whatever terms and conditions that are put in front of you.

“I myself find it very thought-provoking if you have the time just once in a while to read the T&Cs now when they are obliged, thanks to this parliament, to write in a way that you can actually understand that makes it even more scary. And very often it just makes me think, thanks but no thanks. And that of course is the other side of that coin. Yes, regulation. But also us as citizens to be much more aware of what kind of life we want to live and what kind of democracy we want to have. Because it cannot just be digital. Then I think we will lose it.”

In her own plea to MEPs, Vestager urged them to pass the budget so that the Commission can get on with all the pressing tasks in front of it. “We have proposed that we increase our investments quite a lot in order to be able to do all this kind of stuff,” she said.

“First things first, I’m sorry to say this, we need the money. We need funding. We need the programs. We need to be able to do something so that people can see that businesses can use funds to invest in innovation, so that researchers can make their networks work all over Europe. That they get the funding actually to get there. And in that respect I hope that you will help push for the multi-annual financial framework to be in place. I don’t think that Europeans have any patience for us when it comes to these different things that we would like to be real. That is now, that is here.”

Powered by WPeMatico

Nadella warns government conference not to betray user trust

Microsoft CEO Satya Nadella, delivering the keynote at the Microsoft Government Leaders Summit in Washington, DC today, had a message for attendees to maintain user trust in their tools technologies above all else.

He said it is essential to earn user trust, regardless of your business. “Now, of course, the power law here is all around trust because one of the keys for us, as providers of platforms and tools, trust is everything,” he said today. But he says it doesn’t stop with the platform providers like Microsoft. Institutions using those tools also have to keep trust top of mind or risk alienating their users.

“That means you need to also ensure that there is trust in the technology that you adopt, and the technology that you create, and that’s what’s going to really define the power law on this equation. If you have trust, you will have exponential benefit. If you erode trust it will exponentially decay,” he said.

He says Microsoft sees trust along three dimensions: privacy, security and ethical use of artificial intelligence. All of these come together in his view to build a basis of trust with your customers.

Nadella said he sees privacy as a human right, pure and simple, and it’s up to vendors to ensure that privacy or lose the trust of their customers. “The investments around data governance is what’s going to define whether you’re serious about privacy or not,” he said. For Microsoft, they look at how transparent they are about how they use the data, their terms of service and how they use technology to ensure that’s being carried out at runtime.

He reiterated the call he made last year for a federal privacy law. With GDPR in Europe and California’s CCPA coming on line in January, he sees a centralized federal law as a way to streamline regulations for business.

As for security, as you might expect, he defined it in terms of how Microsoft was implementing it, but the message was clear that you needed security as part of your approach to trust, regardless of how you implement that. He asked several key questions of attendees.

“Cyber is the second area where we not only have to do our work, but you have to [ask], what’s your operational security posture, how have you thought about having the best security technology deployed across the entire chain, whether it’s on the application side, the infrastructure side or on the endpoint, side, and most importantly, around identity,” Nadella said.

The final piece, one which he said was just coming into play, was how you use artificial intelligence ethically, a sensitive topic for a government audience, but one he wasn’t afraid to broach. “One of the things people say is, ‘Oh, this AI thing is so unexplainable, especially deep learning.’ But guess what, you created that deep learning [model]. In fact, the data on top of which you train the model, the parameters and the number of parameters you use — a lot of things are in your control. So we should not abdicate our responsibility when creating AI,” he said.

Whether Microsoft or the U.S. government can adhere to these lofty goals is unclear, but Nadella was careful to outline them both for his company’s benefit and this particular audience. It’s up to both of them to follow through.

Powered by WPeMatico

Osano makes business risk and compliance (somewhat) sexy again

A new startup is clearing the way for other companies to better monitor and manage their risk and compliance with privacy laws.

Osano, an Austin, Texas-based startup, bills itself as a privacy platform startup, which uses a software-as-a-service solution to give businesses real-time visibility into their current privacy and compliance posture. On one hand, that helps startups and enterprises large and small insight into whether or not they’re complying with global or state privacy laws, and manage risk factors associated with their business such as when partner or vendor privacy policies change.

The company launched its privacy platform at Disrupt SF on the Startup Battlefield stage.

Risk and compliance is typically a fusty, boring and frankly unsexy topic. But with ever-changing legal landscapes and constantly moving requirements, it’s hard to keep up. Although Europe’s GDPR has been around for a year, it’s still causing headaches. And stateside, the California Consumer Privacy Act is about to kick in and it is terrifying large companies for fear they can’t comply with it.

Osano mixes tech with its legal chops to help companies, particularly smaller startups without their own legal support, to provide a one-stop shop for businesses to get insight, advice and guidance.

“We believe that any time a company does a better job with transparency and data protection, we think that’s a really good thing for the internet,” the company’s founder Arlo Gilbert told TechCrunch.

Gilbert, along with his co-founder and chief technology officer Scott Hertel, have built their company’s software-as-a-service solution with several components in mind, including maintaining its scorecard of 6,000 vendors and their privacy practices to objectively grade how a company fares, as well as monitoring vendor privacy policies to spot changes as soon as they are made.

One of its standout features is allowing its corporate customers to comply with dozens of privacy laws across the world with a single line of code.

You’ve seen them before: The “consent” popups that ask (or demand) you to allow cookies or you can’t come in. Osano’s consent management lets companies install a dynamic consent management in just five minutes, which delivers the right consent message to the right people in the best language. Using the blockchain, the company says it can record and provide searchable and cryptographically verifiable proof-of-consent in the event of a person’s data access request.


“There are 40 countries with cookie and data privacy laws that require consent,” said Gilbert. “Each of them has nuances about what they consider to be consent: what you have to tell them; what you have to offer them; when you have to do it.”

Osano also has an office in Dublin, Ireland, allowing its corporate customers to say it has a physical representative in the European Union — a requirement for companies that have to comply with GDPR.

And, for corporate customers with questions, they can dial-an-expert from Osano’s outsourced and freelance team of attorneys and privacy experts to help break down complex questions into bitesize answers.

Or as Gilbert calls it, “Uber, but for lawyers.”

The concept seems novel but it’s not restricted to GDPR or California’s upcoming law. The company says it monitors international, federal and state legislatures for new laws and changes to existing privacy legislation to alert customers of upcoming changes and requirements that might affect their business.

In other words, plug in a new law or two and Osano’s customers are as good as covered.

Osano is still in its pre-seed stage. But while the company is focusing on its product, it’s not thinking too much about money.

“We’re planning to kind of go the binary outcome — go big or go home,” said Gilbert, with his eye on the small- to medium-sized enterprise. “It’s greenfield right now. There’s really nobody doing what we’re doing.”

The plan is to take on enough funding to own the market, and then focus on turning a profit. So much so, Gilbert said, that the company is registered as a B Corporation, a more socially conscious and less profit-driven approach of corporate structure, allowing it to generate profits while maintaining its social vision.

The company’s idea is strong; its corporate structure seems mindful. But is it enough of an enticement for fellow startups and small businesses? It’s either dominate the market or bust, and only time will tell.

Powered by WPeMatico

Segment’s new privacy portal helps companies comply with expanding regulations

With the EU’s sweeping GDPR privacy laws and the upcoming California Consumer Privacy ACT (CCPA), companies have to figure out how to deal with keeping private data private — or face massive fines. Segment announced a new Privacy Portal today that could help companies trying to remain in compliance.

Segment CEO and co-founder Peter Reinhardt says companies have built a false dichotomy between personalization and privacy, and he says that it doesn’t have to be that way. “We’ve noticed that a lot of companies feel this tension between privacy and growth. They basically see a paradox between being either privacy-respectful versus providing a very personalized experience,” he said.

The new Privacy Portal is designed to be a central place where customers can sort their data in an automated way and create an inventory of what data they have inside the company. “By introducing a single point of collection for all the data, it creates a choke point on the data collection to allow you to actually govern that, a single place to inspect, monitor, alert and have an inventory of all the data that you’re collecting, so that you can ensure that it’s compliant, and so that you can ensure that you’ve got consent, and all of those things,” he said.

The way this works is that as the data comes into the portal, it automatically gets put into a bucket based on the level of concern about it. “We are basically giving customers monitoring and a consolidated view over all of the different data points that are coming in. So we have matches that basically look for things that might be PII, and we automatically grade most of them with green, yellow or red in terms of the level of potential concern,” Reinhardt explained.

On top of that, companies can apply policies, based on the grades, say letting anything that’s green or yellow through, but preventing any red data (PII) from being shared with other applications.

In addition, to make sure that the product can connect to as many marketing tools as possible to get the most complete data picture, the company is releasing a new feature called Functions, which lets customers build their own custom data connectors. With thousands of marketing technology tools, it’s impossible for Segment to build connectors for all of them. Functions lets companies build custom connectors in a low-code way in instances where Segment doesn’t provide it out of the box.

The two tools are available to Segment customers starting today.

Powered by WPeMatico

Tonic launches a personalized news reader that respects user privacy

Personalization technology can lead to better experiences as it allows apps to customize their content for each individual user. But it can also chip away at user privacy. A company called Canopy wants to change that. It has developed a personalization engine that works without requiring users to log in or even provide an email. Instead, it uses a combination of on-device machine learning and differential privacy to offer a personalized experience to an app’s users. Now it’s demonstrating how this works with the launch of the news reader app, Tonic.

The new app is designed to be completely private, while also learning what you like over time, in order to offer a customized experience. But unlike other personalization engines, all the raw interaction and behavioral data stays on your own device. That means the company itself never see it, nor does any content provider or partner it works with, it says.

As Canopy explains:

What we instead send over an encrypted connection to our server is a differentially private version of your personal interaction and behavior model. The local model of you that goes to Canopy never has a direct connection to the things you’ve interacted with, but instead represents an aggregate set of preferences of people like you. It’s a crucial difference for our approach: even in the worst case of the encryption failing, or our servers being hacked, no one could ever do anything with the private models because they do not represent any individual.

Another big differentiator is that Tonic puts you in control over your own personalization settings. This is not typical. If you’ve ever used an app powered by personalization technology, there’s probably been a point where you were recommended a song, video, or a news article, for example, that seemed to be entirely wrong and not representative of something you’d actually like. But you may have been at a loss as to why it was recommended, because most apps don’t detail this sort of information.

Tonic, on the other hand, lets you view, change and even reset your personalization settings whenever you want.

tonic app phones

While Tonic is mainly meant to demonstrate of its engine in action — Canopy’s larger goal is to license the technology — the app itself has several other features that make it worth a look.

The company employs a human editorial team to help select the app’s news content, to ensure that it’s not offering a bunch of noise, like clickbait or “hate-reads.” It also avoids breaking news and “hot takes,” it says, as it’s not designed to be an app you use to track the latest news with urgency.

Instead, Tonic pulls from a diversity of sources with its core focus on bringing you a curated, personalized selection of daily reads to inform and inspire. And in the spirit of digital well-being, it’s a finite list of articles — not an endless news feed.

“We made Tonic because we were tired of having to give up our digital selves to get great recommendations, and because we wanted to build an alternative to endless feeds optimized for maximum engagement, breaking news, and outrage,” the company explains in its announcement of the app’s launch.

The technology’s arrival comes at a time when big tech is being investigated for carelessness with user data, and there’s increased attention on user privacy in general. Apple, for example, has made its respect for user privacy a key selling point for its hardware and software.

The New York-based startup was founded by Brian Whitman, formerly the founder of The Echo Nest and a former principal scientist at Spotify. The team also includes several ex-Spotify, Instagram, Google and New York Times execs. It’s seed-funded by Matrix Partners, and other investors from Spotify, WeWork, Splice, MIT Media Lab, Keybase, and more to the tune of $4.5 million dollars.

Powered by WPeMatico

What startup CSOs can learn from three enterprise security experts

How do you keep your startup secure?

That’s the big question we explored at TC Sessions: Enterprise earlier this month. No matter the size, every startup is an enterprise. Every startup will grow in size as it builds out. But as a company expands, that rapid growth can lead to a distraction from the foundational principle of any modern company — keeping it secure.

Security isn’t just a buzzword. As some of the largest companies in Silicon Valley have shown, security can be difficult. From storing passwords in plaintext to data breaches galore, how can startups learn from some of the biggest security lapses in the tech industry’s history?

Our panel consisted of three of the brightest minds in enterprise security: Wendy Nather, head of advisory CISOs at Duo Security, is an enterprise security expert; Martin Casado, general partner at Andreessen Horowitz, is a security and enterprise startup investor; and Emily Heath, United’s chief information security officer, oversees the security operations of the largest U.S. airlines.

This is what advice they had.

Security from the very start

Powered by WPeMatico

BigID announces $50M Series C investment as privacy takes center stage

It turns out GDPR was just the tip of the privacy iceberg. With California’s privacy law coming on line January 1st and dozens more in various stages of development, it’s clear that governments are taking privacy seriously, which means companies have to as well. New York startup BigID, which has been developing a privacy platform for the last several years, finds itself in a good position to help. Today, the company announced a $50 million Series C.

The round was led by Bessemer Venture Partners with help from SAP.io Fund, Comcast Ventures, Boldstart Ventures, Scale Venture Partners and ClearSky. New investor Salesforce Ventures also participated. Today’s investment brings the total raised to more than $96 million, according to Crunchbase.

In addition to the funding, the company is also announcing the formation of a platform of sorts, which will offer a set of privacy services for customers. It includes data discovery, classification and correlation. “We’ve separated the product into some constituent parts. While it’s still sold as a broad-based solution, it’s much more of a platform now in the sense that there’s a core set of capabilities that we heard over and over that customers want,” CEO and co-founder Dimitri Sirota told TechCrunch.

He says that these capabilities really enable customers to see connections in the data across a set of disparate data sources. “There are a lot of products that do the request part, but there’s nobody that’s able to look across your entire data landscape, the hundreds of petabytes, and pick out the data in Salesforce, Workday, AWS, mainframe, and all these places you could have data on [an individual], and show how it’s all tied together,” Sirota explained.

It’s interesting to see the mix of strategic investors and traditional venture capitalists that are investing in the company. The strategics in particular see the privacy landscape as well as anyone, and Sirota says it’s a case of privacy mattering more than ever and his company providing the means to navigate the changing landscape. “Consumers care about privacy, which means legislators care about it, which ultimately means companies have to care about it,” he said. He added, “Strategics, whether they are companies that collect personal data or those that sell to those companies, therefore have an interest in BigID .”

The company has been growing fast and raising money quickly to help it scale to meet demand. Starting in January 2018, it raised $14 million. Just six months later, it raised another $30 million and you can tack on today’s $50 million. Sirota says having money in the bank and seeing these investments helps give enterprise customers confidence that the company is in this for the long haul.

Sirota wouldn’t give an exact valuation, only saying that while the company is not a unicorn, the valuation was a “robust number.” He says the plan now it to keep expanding the platform, and there will be announcements coming soon around partnerships, customers and new capabilities.

Sirota will be appearing at TechCrunch Sessions: Enterprise on September 5th at 11 am on the panel “Cracking the Code: From Startup to Scaleup in Enterprise Software.”

Powered by WPeMatico

Hackers to stress-test Facebook Portal at hacking contest

Hackers will soon be able to stress-test the Facebook Portal at the annual Pwn2Own hacking contest, following the introduction of the social media giant’s debut hardware device last year.

Pwn2Own is one of the largest hacking contests in the world, where security researchers descend to find and demonstrate their exploits for vulnerabilities in a range of consumer electronics and technologies, including appliances and automobiles.

It’s not unusual for companies to allow hackers put their products through their paces. Tesla earlier this year entered its new Model 3 sedan into the contest. A pair of researchers later scooped up $375,000 — and the car they hacked — for finding a severe memory randomization bug in the web browser of the car’s infotainment system.

Hackers able to remotely inject and run code on the Facebook Portal can receive up to $60,000, while a non-invasive physical attack or a privilege escalation bug can net $40,000.

Introducing the Facebook Portal is part of a push by Trend Micro’s Zero Day Initiative, which runs the contest, to expand the range of home automation devices available to researchers in attendance. Pwn2Own said researchers will also get a chance to try to hack an Amazon Echo Show 5, a Google Nest Hub Max, an Amazon Cloud Cam and a Nest Cam IQ Indoor.

Facebook said it also would allow hackers to find flaws in the Oculus Quest virtual reality kit.

Pwn2Own Tokyo, set to be held on November 6-7, is expected to dish out more than $750,000 in cash and prizes.

Powered by WPeMatico

US cell carriers team up to combat robocalls — but no deadline set

Twelve cell carriers, including the four largest — AT&T, Sprint, T-Mobile and Verizon — have promised to make efforts to prevent spoofed and automated robocalls.

Announced Thursday, the pledge comes after 51 U.S. attorneys general brokered a deal that would see the telecom giants roll out anti-robocalling technologies, including a way of cryptographically signing callers to wipe out phone number spoofing. Known as STIR/SHAKEN, the system relies on every customer phone number having a unique digital signature which, when checked against the cell networks, validates that a caller is real. The carrier near-instantly invisibly approves the call and patches it through to the recipient.

Robocalls are illegal, but are a billion-dollar industry. Many of these automated, robot-dialed calls imitate a cell number area code to convince unsuspecting victims into picking up the phone. Often robocalls try to sell products they don’t need — or worse, try to con victims out of cash.

The hope is that STIR/SHAKEN would weed out most robocalls. The system would verify real callers while the billions of illegal or spoofed robocalls made every year would fail.

So far to date, AT&T and Comcast have tested the new anti-robocalling system, and AT&T and T-Mobile have also teamed up to use the technology to fight robocalls. But the system works best when every carrier uses the technology, allowing calls to be checked even as they traverse between networks. By getting Verizon (which owns TechCrunch), Sprint and the other cell giants on board, the attorneys general hope the cooperation will vastly reduce the number of robocalls each year.

CenturyLink, Charter and U.S. Cellular have also signed up to the pledge.

There’s a catch: No deadline was set, allowing the carriers to take as long as necessary to roll out the technology. That may not be good news for those seeking immediate relief. Although all of the major networks have already made some progress in testing the new anti-robocalling system, few have said exactly when their service will be ready to roll out to consumers across the country.

The Washington Post first reported the news ahead of Thursday’s announcement.

The pledge comes just weeks after the Federal Trade Commission and the Justice Department took coordinated action against close to a hundred individuals and companies accused of making more than a billion illegal robocalls.

Powered by WPeMatico

T-Mobile customers report outage, can’t make calls or send text messages

T-Mobile customers across the U.S. say they can’t make calls or send text messages following an apparent outage — although mobile data appears to be unaffected.

We tested with a T-Mobile phone in the office. Both calls to and from the T-Mobile phone failed. When we tried to send a text message, it said the message could not be sent. The outage began around 3pm PT (6pm ET).

Users took to social media to complain about the outage. It’s not clear how many customers are affected, but users across the U.S. have said they are affected.

A T-Mobile support account said the cell giant has “engaged our engineers and are working on a resolution.”

In a tweet two hours into the outage, chief executive John Legere acknowledged the outage, adding that the company has “already started to see signs of recovery.”

T-Mobile is the third largest cell carrier after Verizon (which owns TechCrunch) and AT&T. The company had its proposed $26.5 billion merger with Sprint approved by the Federal Communications Commission, despite a stream of state attorneys general lining up to block the deal.

Updated with acknowledgement by chief executive John Legere.

Powered by WPeMatico