Month: May 2020

Over the years I’ve seen hundreds, probably thousands, of data breach notifications warning that a company’s data was lost, stolen or left online for anyone to grab.

Most of them look largely the same. It’s my job to decode what they actually mean for the victims whose information is put at risk.

Data breach notifications are meant to tell you what happened, when and what impact it may have on you. You’ve probably already seen a few this year. That’s because most U.S. states have laws that compel companies to publicly disclose security incidents, like a data breach, as soon as possible. Europe’s rules are stricter, and fines can be a common occurrence if breaches aren’t disclosed.

But data breach notifications have become an all-too-regular exercise in crisis communications. These notices increasingly try to deflect blame, obfuscate important details and omit important facts. After all, it’s in a company’s best interest to keep the stock markets happy, investors satisfied and regulators off their backs. Why would it want to say anything to the contrary?

The next time you get a data breach notification, read between the lines. By knowing the common bullshit lines to avoid, you can understand the questions you need to ask.

“We take security and privacy seriously.”
Read: “We clearly don’t.”

A phrase frequently featured in data breach notifications, we first wrote about companies taking security and privacy “seriously” last year. We found that about one-third of all notices filed with the California attorney general in 2019 had some variation of this line. The reality is that most companies have shown little compassion or care about the privacy or security of your data, but do care about having to explain to their customers that their data was stolen. It’s a hollow, overused phrase that means nothing.

“We recently discovered a security incident…”
Read: “Someone else found it but we’re trying to do damage control.”

It sounds innocuous enough, but it’s an important remark to get right. When a company says they’ve “recently discovered” a security incident, ask who actually reported the incident. All too often it’s a reporter — like me — who’s reached out for comment because a hacker dropped off a file containing their customer database and now the company is scrambling to take ownership of the incident because it looks better than the company being in the dark.

“An unauthorized individual…”
Read: “We don’t know who’s to blame, but don’t blame us.”

This is one of the most contentious parts of a data breach notification, and it boils down to a simple question: Who was to blame for a security incident? Legally speaking, “unauthorized access” means someone unlawfully broke into a system, often using someone else’s password or bypassing a login screen. But companies often get this wrong, or can’t — or don’t want to — distinguish between whether or not an incident was malicious. If a system was exposed or left online without a password, you’d blame the company for lax security controls. If a good-faith security researcher finds and reports an unprotected system, for example, there’s no reason to paint them as a malicious actor. Companies love to shift the blame, so keep an open mind.

“We took immediate steps…”
Read: “We sprung into action… as soon as we found out.”

Hackers aren’t always caught in the act. In a lot of cases, most hackers are long gone by the time a company learns of a breach. When a company says it took immediate steps, don’t assume it’s from the moment of the breach. Equifax said it “acted immediately” to stop its intrusion, which saw hackers steal nearly 150 million consumers’ credit records. But hackers had already been in its system for two months before Equifax found the suspicious activity. What really matters is when did the security incident start; when did the company learn of the security incident; and when did the company inform regulators of the breach?

“Our forensic investigation shows…”
Read: “We asked someone to tell us how f**ked we are.”

Incident responders help to understand how an intrusion or a data breach happened. It helps the company collect on cyber-insurance and prevent a similar breach happening again. But some companies use the term “forensics” loosely. Internal investigations are not transparent or accountable, and their outcomes are rarely scrutinized or published, whereas incident responders are independent, qualified assessors that will tell a company what it needs to hear and not what it wants to hear — even if their findings may still remain private.

“Out of an abundance of caution, we want to inform you of the incident.”
Read: “We were forced to tell you.”

Don’t think for a second that a company is doing “the right thing” by disclosing a security incident. In the U.S. and Europe, companies aren’t given a choice. Most states have some form of a data breach notification law that compels companies to disclose incidents that affect a certain number of residents and above. Failing to disclose a breach can lead to massive penalties. Just look at Yahoo (which, like TechCrunch, is owned by Verizon), which was fined $35 million in 2018 by a U.S. federal regulator for failing to disclose one of its data breaches that saw 500 million user accounts stolen.

“A sophisticated cyberattack…”
Read: “We’re trying not to look as stupid as we actually are.”

Just because a company says it was hit by a “sophisticated” cyberattack doesn’t mean it was. It’s hyperbole, designed to serve as a “cover your ass” statement to downplay a security incident. What it really tells you is that the company has no idea how the attack happened. After all, some of the biggest breaches in history happened because of unpatched systems, weak passwords or because someone clicked on a malicious email.

“There is no evidence that data was taken.”
Read: “That we know of.”

“No evidence” doesn’t mean that something hasn’t happened, it’s that it hasn’t been seen yet. Either the company isn’t looking hard enough or it doesn’t know. Even if a company says it has “no evidence” that data was stolen, it’s worth asking how it arrived at that conclusion.

“A small percentage of our customers are affected.”
Read: “It sounds way worse if we say ‘millions’ of users.”

The next time you see a data breach notification that says only a “small percentage” of customers are affected by a breach, take a minute to think what that actually means. Houzz admitted a data breach in January 2019, in which it said “some of our user data” was taken. Months later, a hacker posted some 57 million Houzz user records. CBS-owned Last.fm also said in 2012 that “some” of its passwords were stolen in a breach. It later amounted to 43 million passwords. If a company doesn’t tell you how many people are affected, it’s because they don’t know — or they don’t want you to know.

Source: Tech Crunch

Over the past couple of years, Spotify has demonstrating a long-term commitment to the podcasting format by shelling out money hand over fist. The music streaming service has made a number of high profile acquisitions, including production company Gimlet and editing tool Anchor, but today’s news may well be the biggest of all.

The company has signed The Joe Rogan Experience to an exclusive multi-year licensing deal. The show will hit Spotify September 1, and become exclusive to the platform later in the year. Rogan is arguably the biggest and most influential voice in the medium.

The podcast has dominated Apple’s podcasting charts and YouTube views. Rogan currently has 8.41 million subscribers on YouTube, where his videos regularly rack up more than a million views. A recent interview with Elon Musk has already generated more than 13 million views. As of this writing, the show is currently #2 on Apple’s charts and comprises three of the service’s top ten episodes. “The talk series has long been the most-searched-for podcast on Spotify,” according to the service.

In an audio message attached the the release, Rogan noted that, “It will be the exact same show. I will not be an employee of Spotify.” It’s a key point, not just in order to ease the minds of a rabid fanbase, but because the left has often been critical of Rogan’s show and message. The program has often featured right-wing voices, including members of the so-called Intellectual Dark Web, Proud Boy founder Gavin McInnes and de-platformed conspiracy trafficker, Alex Jones.

Other high profile guests include Elon Musk, who recently made another appearance on the program and Senator Bernie Sanders. Sanders’ campaign came under criticism from the DNC establishment after promoting Rogan’s offhanded nomination for president. At the time, the Human Rights Campaign said Sanders “must reconsider” the endorsement, stating that Rogan has “attacked transgender people, gay men, women, people of color and countless marginalized groups at every opportunity.”

While the show has long been hosted on a variety of audio and video platforms, Spotify could well come under fire from similar groups from similar groups. Rogan has described himself as not belonging to any political party and holding largely libertarian views.

In addition to purchasing existing shows and podcast production companies, Spotify has also been creating its own in-house programs, in a bid to wrest domination of the medium away from long-time leader, Apple. This acquisition represents a fairly massive shot across the bow, as diehard fans will soon have no other (legal) option for listening to the show. Details of the deal — including the duration — have not yet been disclosed.

Source: Tech Crunch

GM has a “big team” working on an advanced version of its hands-free driving assistance system, Super Cruise, that will expand its capability beyond highways and apply it to city streets, the automaker’s vice president of global product development Doug Parks said Tuesday.

GM is also continuing to improve its existing Super Cruise product, Parks said during a webcasted interview at Citi’s 2020 Car of the Future Symposium.

“As we continue to ratchet up Super Cruise, we continue to add capability and not just highway roads,” Parks said, adding that a separate team is working on the hands-free city driving product known internally as “Ultra Cruise.”

“We’re trying to take that same capability off the highway,” he said. “Ultra cruise would be all of the Super Cruise plus the neighborhoods, city streets and subdivisions. So Ultra Cruise’s domain would be  essentially all driving, all the time.”

Parks was quick to add that this would not be autonomous driving. Advanced driving assistance systems have become more capable, but they still require a human driver to take control and to be paying attention.

“What we’re not saying is that Ultra Cruise will be fully autonomous 100% of the time, although that could be one of the end games,” Parks said.

Parks didn’t provide a timeline for when Ultra Cruise might be available. A GM spokesperson said in a statement after his interview that the company continues to expand its hands-free driver assistance system technology across its vehicle portfolio and has “teams looking at how we can expand the capabilities to more scenarios.”

GM said it “does not have a name or anything specific to announce today, but stay tuned.”

This new Ultra Cruise feature would put it in competition with Tesla’s Autopilot advanced driving system, which is largely viewed as the most capable on the market today. Tesla’s “full self-driving” package, a more capable version of Autopilot, can now identify stop signs and traffic lights and automatically slows the car to a stop on approach. This feature is still considered to be in beta.

GM’s Super Cruise uses a combination of lidar map data, high-precision GPS,  cameras and radar sensors, as well as a driver attention system, which monitors the person behind the wheel to ensure they’re paying attention. Unlike Tesla’s Autopilot driver assistance system, users of Super Cruise do not need to have their hands on the wheel. However, their eyes must remain directed straight ahead.

GM has taken a slower approach to Super Cruise compared to Tesla’s method of rolling out software updates that gives early access to some owners to test the improved features. When GM launched Super Cruise in 2017, it was only available in one Cadillac model — the full-size CT6 sedan — and restricted to divided highways. That began to change in 2019 when GM announced plans to expand where Super Cruise would be available.

GM’s new digital vehicle platform, which provides more electrical bandwidth and data processing power, enabled engineers to add to Super Cruise’s capabilities. In January, GM added a feature to Super Cruise that automated lane changes for drivers of certain Cadillac models, including the upcoming 2021 Escalade.

This enhanced version of Super Cruise includes better steering and speed control. The improved version will be introduced starting with the 2021 Cadillac CT4 and CT5 sedans, followed by the new 2021 Cadillac Escalade. The vehicles are expected to become available in the second half of 2020.

Source: Tech Crunch

Here’s another edition of “Dear Sophie,” the advice column that answers immigration-related questions about working at technology companies.

“Your questions are vital to the spread of knowledge that allows people all over the world to rise above borders and pursue their dreams,” says Sophie Alcorn, a Silicon Valley immigration attorney. “Whether you’re in people ops, a founder or seeking a job in Silicon Valley, I would love to answer your questions in my next column.”

“Dear Sophie” columns are accessible for Extra Crunch subscribers; use promo code ALCORN to purchase a one or two-year subscription for 50% off.

Dear Sophie:

Fallout from COVID-19 is forcing our startup to downsize. What legal requirements do we need to consider if we’re laying off foreign-born employees or scaling back their hours?

— HR Manager in San Mateo

Dear HR Manager:

Thank you for your question; a lot of people are going through the same thing. Keep in mind that terminating an employee that your company sponsored for a visa or green card can have ramifications for future hiring.

Source: Tech Crunch

Last week, Mount Sinai showcased how it’s started using Nest devices to monitor patients remotely. Today, Google’s showing off how the Nest Hub Max is helping retirement home residents feel a little less isolated amid the COVID-19 lockdown.

To help matters along, the company is currently testing a simplified interface to make the smart screen easier to operate for less tech savvy residents. Google is currently piloting the device’s use in by handing units out to people at Merrill Gardens in Washington State. They’ll be the first to get a crack at the new UI.

Updates include additional “What can you do” cards serving as shortcuts to common requests like alarms, weather and music. Recipients will also get their devices preloaded with contacts for video calls — likely the primary use, as homes across the country institute social distancing.

“It’s important for seniors’ mental and emotional health to stay connected, and social isolation during this quarantine makes doing that especially hard,” Google’s Molly McHugh-Johnson says in a post. “As I learned with my grandma, Nest Hub Max and Duo video calling can help keep us ‘together’ while we’re apart.”

Retirement and nursing homes have been disproportionately impact during the COVID-19 pandemic. The elderly community in general has been hard hit by the virus, with a mortality rate of three to 11% for ages 65 to 84 and 10 to 27% for ages 85 and up. For that reason it’s become particularly important for communities to enact strong social distancing measures.

Source: Tech Crunch

When Verizon (which owns this publication) announced it was buying video conferencing company BlueJeans for around $500 million last month, you probably thought it was going take awhile to bake, but the companies announced today that they has closed the deal.

While it’s crystal clear that video conferencing is a hot item during the pandemic, all sides maintained that this deal was about much more than the short-term requirements of COVID-19. In fact, Verizon saw an enterprise-grade video conferencing platform that would fit nicely into its 5G strategy around things like tele-medicine and online learning.

They believe these needs will far outlast the current situation, and BlueJeans puts them in good shape to carry out a longer-term video strategy, especially on the burgeoning 5G platform. As BlueJean’s CEO Quentin Gallivan and co-founders, Krish Ramakrishnan and Alagu Periyannan reiterated in a blog post today announcing the deal has been finalized, they saw a lot of potential for growth inside the Verizon Business family that would have been difficult to achieve as a stand-alone company.

“Today, organizations are relying on connectivity and digital communications now more than ever. As Verizon announced, adding BlueJeans’ trusted, enterprise-grade video conferencing and event platform to the company’s Advanced Communications portfolio is critical to keep businesses, from small organizations to some of the world’s largest multinational brands, operating at the highest level,” the trio wrote.

As Alan Pelz-Sharpe, founder and principal analyst at Deep Analysis told TechCrunch at the time of the acquisition announcement, Verizon got a good deal here.

Verizon is getting one of the only true enterprise-grade online conferencing systems in the market at a pretty low price,” he told TechCrunch. “On one level, all these systems do pretty much the same thing, but BlueJeans has always prided itself on superior sound and audio quality. It is also a system that scales well and can handle large numbers of participants as well, if not better, than its nearest competitors.

BlueJean brings with it 15,000 enterprise customers. It raised $175 million since its founding in 2009.

Source: Tech Crunch

A famous investor published notes today concerning its startup investments, detailing where they excelled and where they struggled. To understand why we care about this particular investor’s results, a little context helps.

The investor in question is Japanese telecom giant and startup benefactor SoftBank, which reported its fiscal year results this morning. SoftBank’s investments are famous because of its $100 billion Vision Fund effort, which saw it put capital to work in a host of private companies around the world in an aggressive manner.

The information it shared this morning included a slide deck detailing the conglomerate’s view of the future of unicorn health, and notes on the conclusion of the SoftBank Vision Fund’s investment into net-new companies.

SoftBank’s earnings have made headlines around the financial and technology press, especially regarding the performance of its investments into Uber, an American ride-hailing company, and WeWork, an American coworking startup. The former’s post-IPO performance has led to a lackluster outcome for SoftBank, while the implosion of WeWork after its failed IPO has continued; SoftBank’s results noted a new, lower value for WeWork.

The rest of the information painted a picture of mixed outcomes, with SoftBank recording wins in enterprise-focused deals and “Health Tech” investments. Other invested sectors saw less salubrious results, including the three we’ll focus on today: consumer-focused deals, transit-related investments and real estate-related outlays.

Let’s explore what SoftBank had to say about each. Then we’ll see what we can infer about the broader startup market itself.

Results

SoftBank’s Vision Fund made big bets into Uber and WeWork, two companies that fit into the sectors we are exploring. To provide investors with clarity of its outcomes outside of those two outsized and troubled bets, the company broke out sector performances less their outcomes.

Source: Tech Crunch

It would be one of the greatest startup investments of all time. Masayoshi Son, riding high in the klieg lights of the 1990s dot-com bubble, invested $20 million dollars into a fledgling Hong Kong-based startup called Alibaba. That $20 million investment into the Chinese e-commerce business would go on to be worth about $120 billion for SoftBank, which still retains more than a quarter ownership stake today.

That early check and the rise, fall, and rise of Son and Alibaba’s Jack Ma helped to cement an intricately connected partnership that has endured decades of ferocious change in the tech industry. Ma joined SoftBank’s board in 2007, and the two have been tech titans together ever since.

So it is notable and worth a minute of reflection that SoftBank announced overnight that Jack Ma would be leaving SoftBank’s board after almost 14 years.

In some ways, perhaps the news shouldn’t be all that surprising. Jack Ma has been receding from many of his duties, most notably leaving the chairmanship of Alibaba last year.

Yet, one can’t help connect the various dots of news that hovers between the two companies and not realize that the partnership that has endured so much is now increasingly fraying, and due to forces far beyond the ken of the two dynamos.

On one hand, there is a pecuniary point: SoftBank has been rapidly selling Alibaba shares the past few years after decades of going long as it attempts to shore up its balance sheet amidst intense financial challenges. According to Bloomberg in March, SoftBank intended to sell $14 billion of its Alibaba shares, and that was after $11 billion in realized returns on Alibaba stock in 2019 from a deal consummated in 2016. It’s just a bit awkward for Ma to be sitting on a board that is actively selling his own legacy.

Yet, there is more here. Jack Ma has become a figure in the fight against COVID-19, and has burnished China’s image (and his own) of responding globally to the crisis. In the process, though, there has been blowback, as concerns about the quality of face masks and other goods have been raised by health authorities.

And of course, there is the deepening trade war, not just between the United States and China, but also between Japan and China. Japan’s government is increasingly looking for a way to find a “China exit” and become more self-sufficient in its own supply chains and less financially dependent on Chinese capitalism.

Meanwhile, the Trump administration has been seeking out avenues of decoupling the U.S. from China. Overnight, the largest chip fab in the world, TSMC, announced that it would no longer accept orders from China’s Huawei following new export controls put in place by the U.S. last week and its announcement of a new, $12 billion chip fab plant in Arizona.

SoftBank itself has gotten caught up in these challenges. As an international conglomerate, and with the Vision Fund itself officially incorporated in Jersey, it has confronted the tightening screws of U.S. regulation of foreign ownership of critical technology companies through mechanisms like CFIUS. Its acquisition of ARM Holdings a few years ago may not have been completed if it had tried today, given the environment in the United Kingdom or the U.S.

So it’s not just about an investor and his entrepreneur breaking some ties after two decades in business together. It’s about the fraying of the very globalization that powered the first wave of tech companies — that a Japanese conglomerate with major interests in the U.S. and Europe could invest in a Hong Kong / China startup and reap huge rewards. That tech world and the divide of the internet and the world’s markets continues unabated.

Source: Tech Crunch

Apple outlines new safety measures as it reopens stores, Huawei responds to new U.S. chip curbs and Jack Ma departs SoftBank’s board of directors.

Here’s your Daily Crunch for May 18, 2020.

1. Apple begins reopening some stores with temperature checks and other safeguards in place

In mid-March, Apple closed all of its stores outside of China “until further notice.” In a statement issued today under the title, “To our Customers,” Retail SVP Deirdre O’Brien offered insight into the company’s plans to reopen locations.

Nearly 100 stores have already resumed services, according to O’Brien. Face covers will be required for both employees and customers alike. In addition, temperature checks are now conducted at the store’s entrance, coupled with posted health questions. Apple has also instituted deeper cleaning on all surfaces, including display products.

2. Huawei admits uncertainty following new US chip curbs

Following the U.S. government’s announcement that it would further thwart Huawei’s chip-making capability, the Chinese telecoms equipment giant condemned the new ruling for being “arbitrary and pernicious.” Adding to its woes, the Nikkei Asian Review reported that Taiwanese Semiconductor Manufacturing Co. has stopped taking new orders from the company. (Huawei declined to comment, while TSMC said the report was “purely market rumor.”)

3. Jack Ma to resign from SoftBank Group’s board of directors

The company did not give a reason for the resignation, but over the past year, Ma has been pulling back from business roles to focus on philanthropy. Last September, he resigned as Alibaba’s chairman, and is also expected to step down from its board at its annual general shareholder’s meeting this year.

4. Oculus surpasses $100 million in Quest content sales

Facebook-owned Oculus released a new sales figure as the company reaches the one-year anniversary of the release of the Quest headset. We didn’t get unit sales, but the company did share that it has sold $100 million worth of Quest content in the device’s first year — a number that indicates that although the platform is still nascent, a handful of developers are definitely making it work for them.

5. 3 views on the future of work, coffee shops and neighborhoods in a post-pandemic world

Devin Coldewey talks about what’s going to change with coffee shops and co-working spaces, Alex Wilhelm discusses the future of the home office setup and Danny Crichton talks about the revitalization of urban and semi-urban neighborhoods. (Extra Crunch membership required.)

6. India’s Swiggy to cut 1,100 jobs, scale down cloud kitchen operations

In an internal email, which the Bangalore-headquartered food delivery startup published on its blog, Swiggy co-founder and chief executive Sriharsha Majety said the company’s core food business had been “severely impacted.”

7. This week’s TechCrunch podcasts

The latest full episode of Equity looks at a funding round for pizza delivery company Slice and the possibility of Uber acquiring Grubhub, while the Monday news roundup takes a deeper look at the financials of the food delivery business. Meanwhile, Original Content is back on a weekly schedule, and we review the new Netflix series “Never Have I Ever.”

The Daily Crunch is TechCrunch’s roundup of our biggest and most important stories. If you’d like to get this delivered to your inbox every day at around 9am Pacific, you can subscribe here.

Source: Tech Crunch

The Gillmor Gang — Frank Radice, Michael Markman, Keith Teare, Denis Pombriant, Brent Leary, and Steve Gillmor . Recorded live Saturday, May 9, 2020. For more, subscribe to the Gillmor Gang Newsletter.

Produced and directed by Tina Chase Gillmor @tinagillmor

@fradice, @mickeleh, @denispombriant, @kteare, @brentleary, @stevegillmor, @gillmorgang

Liner Notes

Live chat stream

The Gillmor Gang on Facebook

Source: Tech Crunch