Month: October 2018

U.S. authorities will soon have the authority to shoot down private drones if they are considered a threat — a move decried by civil liberties and rights groups.

The Senate passed the FAA Reauthorization Act on Wednesday, months after an earlier House vote in April. The bill renews funding for the Federal Aviation Administration (FAA) until 2023, and includes several provisions designed to modernize U.S aviation rule — from making commercial flights more comfortable for passengers to including new provisions to act against privately owned drones.

But critics say the new authority that gives the government the right to “disrupt,” “exercise control,” or “seize or otherwise confiscate” drones that’s deemed a “credible threat” is dangerous and doesn’t include enough safeguards.

Federal authorities would not need to first obtain a warrant, which rights groups say that authority could be easily abused, making it possible for Homeland Security and the Justice Department and its various law enforcement and immigration agencies to shoot down anyone’s drone for any justifiable reason.

Drones, or unmanned aerial vehicles, have rocketed in popularity, by amateur pilots and explorers to journalists using drones to report from the skies. But there’s also been a growing threat from hapless hobbyists accidentally crashing a drone on the grounds of the White House to so-called Islamic State terrorists using drones on the battlefield.

Both the American Civil Liberties Union and the Electronic Frontier Foundation have denounced the bill.

“These provisions give the government virtually carte blanche to surveil, seize, or even shoot a drone out of the sky — whether owned by journalists or commercial entities — with no oversight or due process,” an ACLU spokesperson told TechCrunch. “They grant new powers to the Justice Department and the Department of Homeland Security to spy on Americans without a warrant,” and they “undermine the use of drones by journalists, which have enabled reporting on critical issues like hurricane damage and protests at Standing Rock.”

“Flying of drones can raise security and privacy concerns, and there may be situations where government action is needed to mitigate these threats,” the ACLU said in a previous blog post. “But this bill is the wrong approach.”

The EFF agreed, arguing the bill endangers the First and Fourth Amendment rights of freedom of speech and the protection from warrantless device seizures.

“If lawmakers want to give the government the power to hack or destroy private drones, then Congress and the public should have the opportunity to debate how best to provide adequate oversight and limit those powers to protect our right to use drones for journalism, activism, and recreation,” the EFF said.

Other privacy groups, including the Electronic Privacy Information Center, denounced the passing of the bill without “baseline privacy safeguards.”

The bill will go to the president’s desk, where it’s expected to be signed into law.

One can only imagine what it was like to work at Uber in the years leading up to Susan Fowler’s infamous blog post. Many of the company’s leaders were said to be overly-competitive, sexist and inappropriate — “brilliant jerks,” as Arianna Huffington once said, — and its over-arching “move fast and break things” mentality hardly left room for employees to take a step back and reflect on how the company’s culture was impacting their mental health.

Andrew Chapin joined Uber in 2011 as one of its first hires in New York. He worked his way up to head of vehicle solutions and established Uber’s vehicle finance program, which helps drivers obtain and pay off car leases. He says the struggles within the company gave him severe anxiety, something he was all too familiar with from his stint as a commodities trader at Goldman Sachs.

“There were days when I was walking through lower Manhattan and thinking if I got hit by a car and was in the hospital for a week, it’d be better than going to work,” Chapin told TechCrunch.

At both Goldman and Uber, Chapin would go through rough patches but resisted therapy, in part because of the outlandish costs but mostly because of the hassle. Toward the end of his five-year Uber tenure, he realized the dire need for accessible and flexible tech-enabled tools to help workers endure stressful times, as well as the need to destigmatize the mental health issues prevalent within the tech industry and beyond.

In late 2016, he left Uber to build his own startup. Two years later, he’s ready to share what he’s been working on. Basis, an app meant to help people cope with anxiety, depression and other mental health issues through guided conversations via chat or video, is emerging from stealth today with a $3.75 million investment led by Bedrock. Wave Capital and Lightspeed Venture Partners have also participated in the round.

“Looking back at the Goldman experience of just kind of wallowing in this unpleasant situation, [Basis] would have been an outlet to talk through things and feel lighter,” Chapin said. “At the time, I bottled it up. In retrospect, if I had something to work me through the emotions I was dealing with, it would have been really helpful.” 

In the app, users can schedule 45-minute phone calls with unlicensed providers for $35. Because Basis works with paraprofessionals — people trained in research-backed approaches but who don’t have the same certifications as a counseling or clinical psychologist — it’s a much cheaper alternative to paying for a therapist. The startup does not give diagnoses or write prescriptions.

Chapin built the app with co-founder and chief science officer Lindsay Trent, a former research psychologist at Stanford who’d grown tired of watching trained psychologists charge outlandish fees and was hungry for an innovative solution to today’s mental health crises.

“I saw a real gap between what we knew was effective and what people actually received,” Trent told TechCrunch. “Clinicians that are charging $300 a session are not providing optimal care. It’s very frustrating for me.”

Basis provides six pathways: Work, Social, School, Finances, Relationships and Parenting. Within each, users can get same-day access to specialists who they can opt to see on a regular basis or just once.

The idea is that Basis fits into your life much like a SoulCycle class or a call with your best friend — on your terms.

Move over Twitter, President Trump now has the power to send every phone in the land a simultaneous message — thanks to the new “presidential alert”, tested by FEMA yesterday.

What’s it for? The idea is to enable the president of the United States to warn the nation of major threats — such as a natural disaster or terrorist attack.

FEMA did already have the power to mass text US phones, via the National Wireless Emergency Alert System devised by the Bush administration in 2006, which has been used for sending alerts about national emergencies like weather events or missing children at a local level.

But now the system has been expanded to allow for the White House to compose and send its own ‘presidential alert’ to all phones in a national emergency situation.

There is no opt-out.

Repeat: No opt-out.

Fortunately Congress did limit the substance of these alerts — to “natural disasters, acts of terrorism, and other man-made disasters or threats to public safety”, further stipulating that:

Except to the extent necessary for testing the public alert and warning system, the public alert and warning system shall not be used to transmit a message that does not relate to a natural disaster, act of terrorism, or other man-made disaster or threat to public safety.

But bearing in mind the ‘rip it up’ record of the current holder of office of the president of the US, there are no copper-bottomed guarantees about how ‘threat to public safety’ might be interpreted by president Trump.

So it remains a slightly mind-bending concept that the president could, say after a 3am binge-watch of his favorite TV show, fire out an alert entirely of his framing to EVERY US PHONE.

Technology is indeed a double-edged sword.

Here are a few ideas of presidential alerts we really hope Trump won’t be sending…

• an accidental photo of a body part after he couldn’t figure out how to use the system and hit send accidentally
• a text message intended for his son-in-law
• “Donald Trump”
• covfefe
• an even worse spelling mistake, e.g. mangling the name of another world leader — like French president “Manuel Macaroon”
• actual insults directed at other world leaders, e.g. suggesting Emmanuel Macron has a dandruff problem
• threats of thermonuclear war
• an unfortunate spoonerism, e.g. ‘the rockets are cot numbing’
• a love sonnet to president Kim Jong-Un
• encouragement to Russia to hack political opponents’ emails
• a recipe for a “beautiful” chocolate cake
• his golf handicap
• an affiliate link to a brochure of Trump Tower
• US stock market numbers
• investment advice
• an affiliate link to buy The Art of The Deal
• any other book recommendations at all
• a love sonnet to Ivanka Trump
• a claim that the hurricane isn’t actually as bad as FEMA’s alert says it is
• #MAGA
• “Lock her up”
• “His testimony was very credible, very credible”
• “You also had some very fine people on both sides”
• any claim about the size of the crowds at his inauguration
• any claim about historical precedence and what his administration has achieved
• all forms of self congratulation
• his thoughts on the UN
• his thoughts on NATO
• his thoughts on the EU
• his thoughts on China
• his thoughts on the Queen
• anything at all about women
• “Melanie”
• all insults about “the failing New York Times”
• a heart emoji + the words “Tucker Carlson”
• any text that includes the words “Fox & Friends”
• any text that includes the phrase “America first”
• a photo of Melania reclining on gilt furniture, in a gilt room, with some gilt statues
• a selfie with anyone, especially Nigel Farage
• any text written in ALL CAPS
• any text ending with the word “Sad!”
• his travel itinerary for his next trip to the Winter White House
• a love sonnet to president Putin
• ‘exciting’ real estate opportunities
• credit for Brexit
• a threat to Twitter not to shadowban conservative voices
• “You’re fired!”
• “Build the wall!”
• “Mission accomplished!”
• anything at all about president Obama
• all sports commentary
• anything containing the word “winning”
• his thoughts on climate change
• his thoughts on environmental protection
• his thoughts on the safety of radioactive substances
• a list of reasons why the Iran deal was a mistake
• his thoughts on anything at all to do with the rest of the world
• a photoshopped picture of Justin Trudeau to make him look ugly
• diet advice
• travel advice
• fashion advice
• complaints that Google is biased
• anything about tax — unless it’s his own tax returns
• a message to Peter Thiel asking him to come back
• a message asking where the nearest KFC is
• a message asking where he left his last bucket of KFC
• a really boring and slightly blurred photo of the inside of Air Force One
• any message about anything at all he saw on TV last night
• “Ha-ha you can’t opt out!”
• “Genius”
• his thoughts

JFrog wants to change the way we deal with software updates. Instead of large numbered updates you have to manually download, it sees a future of continuous delivery where software is delivered as binaries and updated in the background. Investors must like that vision very much because they showered the company with a $165 million Series D investment today, which the company reports pushes its valuation past the billion dollar mark.

The round was led by Insight Venture Partners, and as part of the deal Insight’s co-founder and managing director, Jeff Horing will be joining the JFrog board. Other investors joining the round included new investors and Silicon Valley Funds, Spark Capital and Geodesic Capital, as well as existing investors Battery Ventures, Sapphire Ventures, Scale Venture Partners, Dell Technologies Capital and Vintage Investment Partners. Today’s investment pushes the total invested to-date to over $226 million.

What the company has done to justify this kind of investment is offer a series of products that enable customers to deliver code in the form of binaries. That in turn allows them to deliver updates on a regular basis in the background without disturbing the user experience. In a world of continuous delivery, this approach is essential. You couldn’t deliver multiple updates a day if you had to take down your service every time you did it.

The JFrog platform is actually made up of multiple products, but the main one is JFrog Artifactory where companies can add the latest binaries (updates) and deliver them to customers in the background. It’s not unlike, GitHub, but whereas GitHub is a repository for downloading software and updates, the Artifactory is a place to deliver these updates automatically without user involvement. It also handles other DevOps functions like security, access control and distribution.

JFrog platform. Diagram: JFrog

CEO and co-founder Shlomi Ben Haim was happy to reveal that the company’s valuation had entered unicorn territory, but he wasn’t willing to share an exact number. “I don’t want to get into details, but we exceeded the billion dollar valuation. We are north of $1 billion already and we are building the company to generate the revenue to justify it,” he told TechCrunch.

He wasn’t discussing specific revenue numbers, but reports the company has a goal of a billion dollars in revenue by 2025, and he says they are working toward that. He did say they have had 500 percent revenue growth since the $50 million round in 2016, and that they tripled the number of employees to 400, while doubling the number of products they offer. They currently have 4500 customers including 70 percent of the Fortune 100.

So fair to say things are going well for the company. Ben Haim says the ultimate goal for the company is to deliver software in the background for scenarios like your operating system or your Tesla. Instead of shutting down your car or computer for the next software update, it will just happen over the air in the background. We are obviously a ways from fulfilling that vision, but investors are clearly betting on that potential.

It looks like Amazon’s move to sell off its physical server business in China last year was because the unit had been compromised by a Chinese government spying program.

That’s according to a report from Bloomberg which details how the Chinese government infiltrated a number of U.S. companies by sneaking tiny chips onto motherboards from Supermicro. They then became part of servers deployed by the companies giving remote operatives potential access to data. It’s a huge story that includes a comparatively small but important passage shedding light on Amazon’s China deal last November — the U.S. firm sold the physical server business to local partner Beijing Sinnet for 2 billion yuan, or around $300 million.

That transaction initially sparked reports that AWS would exit China, but Amazon later clarified it planned to continue to operate its cloud services in China. Selling the physical server business, it said, was down to the fact that “Chinese law forbids non-Chinese companies from owning or operating certain technology for the provision of cloud services.”

While it is correct that China did introduce cybersecurity laws that placed restrictions on overseas firms and appeared to give the government unprecedented access to data, the Bloomberg report claims that Amazon’s China-based servers were in fact offloaded because they were plagued with compromised servers.

A notable exception was AWS’s data centers inside China, which were filled with Supermicro-built servers, according to two people with knowledge of AWS’s operations there. Mindful of the Elemental findings, Amazon’s security team conducted its own investigation into AWS’s Beijing facilities and found altered motherboards there as well, including more sophisticated designs than they’d previously encountered. In one case, the malicious chips were thin enough that they’d been embedded between the layers of fiberglass onto which the other components were attached, according to one person who saw pictures of the chips. That generation of chips was smaller than a sharpened pencil tip, the person says.

One source at Amazon described the deal to Bloomberg as a decision to “hack off the diseased limb.”

Amazon refuted the claims, as did other U.S. companies named in the report as well as the Chinese government itself.

“It’s untrue that AWS knew about a supply chain compromise, an issue with malicious chips, or hardware modifications when acquiring Elemental. It’s also untrue that AWS knew about servers containing malicious chips or modifications in data centers based in China, or that AWS worked with the FBI to investigate or provide data about malicious hardware,” Amazon told Bloomberg in a statement.

The traditional aviation industry typically moves rather slowly, but over the last few years, we’ve seen a number of upstarts that are challenging the status quo both in the general and commercial aviation business. One of those is Zunum Aero, which is looking to produce a small hybrid electric-powered commuter plane for six to 12 passengers, with plans to launch its first plane, the ZA10, in the early 2020s.

As Zunum today announced, it has chosen Safran’s twin-spool Ardiden 3Z light helicopter engine as the powerplant for its first planes. While you have probably never heard of Safran, the company is one of the biggest suppliers of engines for turbine helicopters, and chances are that if you see one in the air, it’s probably powered by a Safran engine.

“The Ardiden 3Z represents a very powerful complement to the ZA10 because of its exceptional performance, along with low operating and maintenance costs,” said Safran’s head of OEM sales Florent Chauvancy. “This announcement marks a new step forward in demonstrating Safran’s ability to offer hybrid propulsive solutions for tomorrow’s mobility solutions.”

As Zunum chief engineer Matt Knapp told me, the company always believes that hybrid engines were the way to go — at least for the foreseeable future. The planes, however, can be converted to a pure electric powertrain if and when batteries reach enough energy density to make this an option. Right now, the only way to offer a plane that can cover the kind of distance between say San Francisco and Portland, Oregon, is to opt for this hybrid solution. Planes that solely rely on battery power simply aren’t a viable option for this kind of mission. Knapp believes that battery power alone would get the plane to about 500 miles, which isn’t bad, but less than most airlines would require.

The promise is that the hybrid powertrain will still reduce emissions by 80 percent and that airlines can save 40 to 80 percent per short-haul flight. Indeed, the company promises costs of 8 cents per passenger mile. Currently, the average for most of the major U.S. airlines is significantly more than that, even with their long-haul operations in the mix. For regional carriers, it’s even higher than that.

The new propulsion system will offer a peak performance of the equivalent of 1,300 horsepower, which should get the plane to a cruise speed of 340 miles per hour. During cruise, which uses far less power than the initial climb, the plane can go all-electric.

As for the airframe itself, Knapp notes there really isn’t anything all that special about it. “It’s more or less designed for high utilization in a commercial setting,” he said.

Knapp also noted that the plane can be flown by a single pilot, though the FAA would limit those operations to flights with nine seats or fewer. In the long run, though, Knapp actually expects that many new planes will be flying autonomously.

Until then, though, Zunum still has to prove it can build an airplane. For now, the company plans to use the hybrid powertrain on a test aircraft that it recently purchased (an old Aero Commander, for you avgeeks) while it starts working on its airframe.

Ready for information about what may be one of the largest corporate espionage programs from a nation-state? The Chinese government managed to gain access to the servers of more than 30 U.S. companies, including Apple, according to an explosive report from Bloomberg published today.

Bloomberg reports that U.S-based server motherboard specialist Supermicro was compromised in China where government-affiliated groups are alleged to have infiltrated its supply chain to attach tiny chips, some merely the size of a pencil tip, to motherboards which ended up in servers deployed in the U.S.

The goal, Bloomberg said, was to gain an entry point within company systems to potentially grab IP or confidential information. While the micro-servers themselves were limited in terms of direct capabilities, they represented a “stealth doorway” that could allow China-based operatives to remotely alter how a device functioned to potentially access information.

Once aware of the program, the U.S. government spied on the spies behind the chips but, according to Bloomberg, no consumer data is known to have been stolen through the attacks. Even still, this episode represents one of the most striking espionage programs from the Chinese government to date.

The story reports that the chips were discovered and reported to the FBI by Amazon, which found them during due diligence ahead of its 2015 acquisition of Elemental Systems, a company that held a range of U.S. government contracts, and Apple, which is said to have deployed up to 7,000 Supermicro servers at peak. Bloomberg reported that Amazon removed them all within a one-month period. Apple did indeed cut ties with Supermicro back in 2016, but it denied a claim from The Information which reported at the time that it was based on a security issue.

Amazon, meanwhile, completed the deal for Elemental Systems — reportedly worth $500 million — after it switched its software to the AWS cloud. Supermicro, meanwhile, was suspended from trading on the Nasdaq in August after failing to submit quarterly reports on time. The company is likely to be delisted.

Amazon, Apple, Supermicro and China’s Ministry of Foreign Affairs all denied Bloomberg’s findings with strong and lengthy statements — a full list of rebuttals is here. The publication claims that it sourced its information using no fewer than 17 individuals with knowledge of developments, including six U.S. officials and four Apple “insiders.”

You can (and should) read the full story on Bloomberg here.

Juul Labs today filed a complaint with the United States International Trade Commission (ITC) claiming that several organizations are infringing on Juul Labs’ patents. Juul has asked the ITC to halt the importation, distribution and sale of these products in the U.S.

In all, eighteen entities are listed within the complaint as having infringed Juul patents. They predominantly hail from within the U.S. and China, with one based in France, according to the complaint.

Earlier this year, Juul Labs filed for trademark infringement against 30 different companies which were allegedly using the Juul design or name brand.

Obviously, competition is one reason to take legal action, but Juul has other priorities. The company is under an immense amount of scrutiny by the FDA and lawmakers with regards to underage usage of the product. Counterfeit products are often sold without any age verification, putting electronic nicotine delivery systems in the hands of yet more minors.

From the release:

Whereas Juul Labs implements strict manufacturing and quality controls during the manufacturing of its products, little is known about how most of the accused devices are manufactured. Similarly, whereas Juul Labs applies strict age-gating when selling its products through its website, many of the accused products appear to be sold with little or no real age-verification processes. Notably, in contrast to Juul’s products, many of the accused copy-cat products include inappropriate flavors, seemingly directed to attract underage users – flavors like “Bubble Bubble,” “Apple Juice” and “Sour Gummy.”

In mid-September, FDA Commissioner Scott Gottlieb announced that Juul and other vape makers would have 60 days to come up with a more robust, comprehensive plan to combat underage use of the products. That 60-day period is about half-way complete.

It’s unclear what the consequences will be for a plan that doesn’t meet the FDA’s satisfaction, but there has been plenty of talk about banning flavored liquids, which would be a severe blow to Juul and other e-cig companies.

The UK has directly accused Russia’s military intelligence agency, the GRU, of being behind a number of cyber attacks that took place between 2015 and 2017, calling them “indiscriminate and reckless” with a range of target types including political institutions, businesses, media and even sport.

It says the chaotic campaign of attacks by the GRU shows it is “working in secret to undermine international law and international institutions”.

The government has also identified 12 hacker group it believes the GRU to be associated with — including ‘Fancy Bear’, a group behind a string of cyber espionage attacks including the 2016 hack of the Democratic National Committee, which the government is also now directly linking to Russia’s military spy agency.

Of course it’s not the first time the Kremlin has been linked to politically motivated attacks (some of which haven’t even required actual hacking).

Nor is it the first time the GRU has been specifically linked to Fancy Bear. Cybersecurity firm Crowdstrike made the same link back in 2016 — with “high level confidence“.

But it’s a first for the UK government to make a link and public accusation of Russia for the attacks — likely intended to keep up geopolitical pressure on president Putin in the wake of the Sailsbury poisonings which it has also previously linked to two GRU agents. (The Kremlin later claimed the two were just tourists who happened to have been visiting the town on the same day as a former Russian double agent and his daughter were poisoned with a nerve agent.)

The UK’s National Cyber Security Center, which is a public-facing branch of the UK’s GCHQ spy agency, has published the latest cyber attack claims — writing that it has “identified that a number of cyber actors widely known to have been conducting cyber attacks around the world are, in fact, the GRU”.

“These attacks have been conducted in flagrant violation of international law, have affected citizens in a large number of countries, including Russia, and have cost national economies millions of pounds,” it adds.

The full list of hacker groups being linked to the Kremlin and “almost certainly” to the GRU — with what the NCSC calls “high confidence” — are:

• APT 28
• Fancy Bear
• Sofacy
• Pawnstorm
• Sednit
• CyberCaliphate
• Cyber Berkut
• Voodoo Bear
• BlackEnergy Actors
• STRONTIUM
• Tsar Team
• Sandworm

The other cyber attacks the government has now also publicly attributed to the GRU include:

• an October 2017 ransomware attack by BadRabbit, which encrypted hard drives and rendered IT inoperable — resulting in disruption including to the Kyiv metro, Odessa airport, Russia’s central bank and two Russian media outlets
• an August 2017 attack on the World Anti-Doping Agency in which confidential medical files relating to a number of international athletes were released
• a phishing-based attack on an unnamed small UK-based TV station, which took place between July and August 2015, in which multiple email accounts were accessed and content stolen

The government also lists two attacks it says it had previously attributed to the GRU:

• a June 2017 cyber attack that targeted the Ukrainian financial, energy and government sectors but which also spread to impact other European and Russian businesses
• an October 2017 attack involving the VPNFILTER malware which infected thousands of home and small business routers and network devices worldwide. The NCSC notes that the infection “potentially allowed attackers to control infected devices, render them inoperable and intercept or block network traffic”

Commenting in a statement, foreign secretary Jeremy Hunt said:

These cyber attacks serve no legitimate national security interest, instead impacting the ability of people around the world to go about their daily lives free from interference, and even their ability to enjoy sport.

The GRU’s actions are reckless and indiscriminate: they try to undermine and interfere in elections in other countries; they are even prepared to damage Russian companies and Russian citizens.  This pattern of behaviour demonstrates their desire to operate without regard to international law or established norms and to do so with a feeling of impunity and without consequences.

Our message is clear: together with our allies, we will expose and respond to the GRU’s attempts to undermine international stability.

At the time of writing the Russian Embassy’s UK Twitter account had not yet issued any trolling responses to the UK government.

Well, unless this is it…

Startup Battlefield is returning to Africa this December. TechCrunch will be hitting Lagos, Nigeria, bringing with it our Battlefield competition and a day’s worth of panel discussions, focused on topics facing the city’s startup scene.

Iyin “E” Aboyeji

We’ve already announced a pair of speakers for the event and and are excited to add a couple more to the list, bringing with them expertise on topics like VC funding and blockchain technology.

Iyin “E” Aboyeji is the Founder and CEO of Flutterwave, a payment solution designed to transfer funds between Africa and abroad. The Lagos-based startup serves as a payment gateway for a number of high profile companies including Uber, TransferWise, booking.com and tuition platform, Flywire.

In July of this year, Flutterwave rasied a $10 million Series A led by Greycroft Partners and Green Visor Capital.

Other investors include Y Combinator, Omidyar Network, Social Capital, CRE Venture Capital and HOF Capital. Aboyeji will join us to discuss the potential of blockchain tech in Africa’s burgeoning startup scenes.

Kola Aina

Kola Aina is the CEO and founder of Ventures Platform, a Lagos-based VC firm focused on Africa. VP is among the largest accelerator/seed stage funders in the space with an eye toward solving local issues. In addition to serving as a Partner at the fund, Aina is also a mentor at World Bank Group and Google’s Launchpad Accelerator.

We’ve got plenty more speakers to announce in the coming weeks. You can grab your tickets to the event here.