Year: 2018

Put on your best unsurprised face: Unroll.me, a company that has, for years, used the premise of ‘free’ but not very useful ’email management’ services to gain access to people’s email inboxes in order to data-mine the contents for competitive intelligence — and controversially flog the gleaned commercial insights to the likes of Uber — is to stop serving users in Europe ahead of a new data protection enforcement regime incoming under GDPR, which applies from May 25.

In a section on its website about the regional service shutdown, the company writes that “unfortunately we can no longer support users from the EU as of the 23rd of May”, before asking whether a visitor lives in the EU or not.

Clicking ‘no’ doesn’t seem to do anything but clicking ‘yes’ brings up another info screen where Unroll.me writes that this is its “last month in the EU” — because it says it will be unable to comply with “all GDPR requirements” (although it does not specify which portions of the regulation it cannot comply with).

Any existing EU user accounts will be deleted by May 24, it adds:

The EU is implementing new data privacy rules, known as General Data Protection Regulation (GDPR). Unfortunately, our service is intended to serve users in the U.S. Because it was not designed to comply with all GDPR requirements, Unroll.Me will not be available to EU residents. This means we may not serve users we believe are residents of the EU, and we must delete any EU user accounts by May 24. We are truly sorry that we are unable to offer our service to you.

While Unroll.me, which is owned by Slice Technologies, also claims on the very same website that its parent company “strips away personal information” (i.e. after it has passed personal data attached to commercial and transactional emails found in users’ inboxes) — to “build anonymized market research products that analyze and track consumer trends” — it has been criticized for not being transparent about how it parses and sells people’s personal information.

And in fact if you go to the trouble of reading the small print of Unroll.me’s privacy policy it says it can share users’ personal information how it pleases — not just with its parent entity (and direct affiliates) but with any other ‘partners’ it chooses…

We may share personal information we collect with our parent company, other affiliated companies, and trusted business partners. We also will share personal information with service providers that perform services on our behalf. Our non-affiliated business partners and service providers are not authorized by us to use or disclose the information except as necessary to perform services on our behalf or comply with legal requirements.

So it’s not hard to see why Unroll.me has decided it must shut up shop in the EU, given this ‘hand-in-the-cookie-jar’ approach to private data. (In a GDPR FAQ on its site it tries to suggest it needs more time to comply with the enforcement requirements — couching the regulation as “so vast and appropriately comprehensive” it simply hasn’t had time to get its ducks in order; yet the final text of GDPR was agreed at the end of 2015, and the regulation was proposed three years before that, so all companies handling personal data in the EU have had years to get aware and get prepared.)

The move also flags up contradictions in Unroll.me’s messaging to its users. For instance we’ve asked the company why it’s shutting down in the EU if — as it claims on its website — it “respects your privacy”. We’re not holding our breath for a response.

The market exit also looks like a tacit admission that Unroll.me has essentially been ignoring the EU’s existing privacy regime. Because GDPR does not introduce privacy rules to the region. Rather the regulation updates and builds on a data protection framework that’s more than two decades old at this point — mostly by ramping up enforcement, with penalties for privacy violations that can scale as high as 4% of a company’s global annual turnover.

So suddenly the EU is getting privacy regs with teeth. And just as suddenly Unroll.me is deciding it needs to shut up the local shop…  (And nor is it the only one… )

It’s true that GDPR does tighten existing consent requirements for processing personal data — but only slightly. Current EU rules already require that consent be freely given, specific and informed. GDPR adds that it must also be a “clear affirmative act” and “unambiguous”, along with requiring data controllers are able to demonstrate that a service user whose personal data is being processed has given consent for that to happen.

But the core EU requirement of ‘freely given, specific and informed’ consent stands. Which does rather suggest that Unroll.me was already trampling over the privacy rights of EU users — given it’s the threat of big fines that’s the shiny new thing here…

GDPR also takes aim at the practice of burying information that users need to decide whether or not to consent to their personal data being processed in difficult to find and read dense legalese.

And the regulation’s requirements on that front are forcing companies to be more up front about what exactly they intend to do with people’s data. (Even if some tech giants are still trying their hand at socially engineering and manipulating ‘consent‘.)

“Consent [under GDPR] must also now be separable from other written agreements, and in an intelligible and easily accessible form, using clear and plain language,” data protection expert Jon Baines, an advisor at UK law firm Mishcon de Reya LLP, told us recently. “If these requirements are enforced by data protection supervisory authorities and the courts, then we could well see a significant shift in habits and practices.”

As well as signs of shifts in business processes, it looks like some of the changes that GDPR can take (early) credit for include expedited market exits by companies with business models that rely on not being adequately up front with their users.

In the case of Unroll.me, any non-EU users should really be asking themselves if they need this ‘service’ — and/or asking the company lots of questions about what it’s doing with their private information; who it’s selling their information to; and what those third parties are using their data for?

There’s no end to the number of fascinating devices and therapies being created right now in the fields of health and life sciences. The investors behind them are often pretty interesting, too, given the expertise needed to make informed bets on what are often completely unproven projects.

Such is the case with Foresite Capital, a seven-year-old, San Francisco-based outfit that just closed on $668 million for its fourth venture fund, its biggest pool of capital so far. (Its first funds closed with $100 million, $300 million, and $450 million, respectively.)

The firm was founded by Jim Tananbaum, who has started and sold healthcare companies and who earned the dubious distinction — courtesy of Bloomberg — of symbolizing what’s gone wrong with the Burning Man festival in recent years. (Months after Bloomberg described an elaborate camp he had built, Tananbaum, who in 2014 was elected to the board of the nonprofit that oversees the event, resigned.)

No doubt Tananbaum — who has both an MD and an MBA from Harvard — would prefer to be known for being named to Forbes’ Midas List of top venture capitalists for the last four years, thanks to a wide array of bets in Foresite’s portfolio. Some of these include Aimmune Therapeutics, whose treatment to protect children with food allergies is seeking FDA approval; Puma Biotech and Juno Therapeutics, both of which have gone recent public in recent years; and Intarcia Therapeutics, which makes a matchstick-size, diabetes-treating pump and was flying high two years ago, though it has more recently taken its lumps.

Foresite’s approach has impressed more than Forbes. Last year, Tananbaum also recruited recruited Vik Bajaj, who co-founded Alphabet’s life sciences arm Verily and was formerly the chief scientific officer of Grail, a well-funded company that’s developing a blood test to detect cancer in its earliest stages.

Bajaj — who’d earlier in his career spent seven years as a scientist with Lawrence Berkeley National Laboratory — presumably could have landed at another venture firm, a growing number of which are making life sciences investments. But he says Foresite’s 40-person team of largely researchers was one major draw. As Tananbaum describes it, the group tracks data “ranging from the technical to R&D to patient/payer information, analyzing how each company compares technically and whether they’re meeting a significant patient need and is sustainable.”

Says Bajaj of the multi-stage firm, whose checks range in size from $1 million, all the way to $50 million: “The amount of data to inform decisions in bio medical investing is enormous, from biological to preclinical and clinical data, to data about how products are going to be marketed and used and approved by regulators. Each of these features is associated with massive data sets, and you have to have a degree of scientific depth and rigor — and that’s the culture that  Jim set up here from the beginning.”

Foresite is overseen by five managing directors altogether. They write roughly a dozen checks each year, and generally target 10 percent ownership, say both men.

Some of Foresite’s other investments include the machine-learning drug R&D startup, insitro; Mindstrong, a mental health startup; and Denali Therapeutics, which is developing treatments for Alzheimer’s and Parkinson’s diseases and staged one of last year’s biggest biotech IPOs.

The National Security Agency revealed a huge increase in the amount of call metadata collected, from about 151 million call records in 2016 to more than 530 million last year — despite having fewer targets. But officials say nothing is different about the year but the numbers.

A transparency report issued by the Office of the Director of National Intelligence shows numerous other fluctuations in the volume of surveillance conducted. Foreign surveillance-related, warrantless Section 702 content queries involving U.S. persons jumped from 5,288 to 7,512, for instance, and more citizens were “unmasked,” indicating a general increase in quantity.

On the other hand, the number of more invasive pen register/trace and tap orders dropped by nearly half, to 33, with even fewer targets — far less than the peak in 2014, when 135 orders targeted 516 people.

The biggest increase by far is the number of “call detail records” collected from service providers. Although the number of targets actually decreased from the previous year, from 42 to 40, the number of call records jumped from 151 million to 534 million, and search terms from 22,360 to 31,196.

Call detail records are things like which numbers were called and when, the duration of the call and so on — metadata, no content. But metadata can be just as revealing as content, since it can, for example, place a person near the scene of a crime, or establish that two people were connected even if the conversation they had was benign.

What do these increases mean? It’s hard to say. A spokesperson for the ODNI told Reuters that the government “has not altered the manner in which it uses its authority to obtain call detail records,” and that they “expect this number to fluctuate from year to year.” So according to them, it’s just a matter of quantity.

Because one target can yield hundreds or thousands of incidental sub-targets — people connected to the target whose call records will be requested and stored — it’s possible that 2017’s targets just had fatter, longer contact lists and deeper networks than 2016’s. Needless to say this explanation is unsatisfying.

Although the NSA’s surveillance apparatus was dealt a check with the 2013 Snowden leaks and subsequent half-hearted crackdowns by lawmakers, it clearly is getting back into its stride.

A Waymo self-driving vehicle was involved in a serious accident in Chandler, Arizona earlier this afternoon. Local police have said there were minor injuries from the incident after a sedan swerved into the Waymo van to avoid another collision, ABC 15 reported. I’ve contacted the Chandler police department for more information.

Although Waymo has said it will be testing vehicles without safety drivers in Arizona, this was not one of them. An operator was in the driver’s seat at the time of the crash, though the car was in autonomous mode, police said.

Aerial footage and images posted online by onlookers show that this was no fender-bender. The sedan’s front crumple zone is wrecked and glass is broken; the van is in better shape, though its front right tire is crushed in. Both vehicles have since been towed.

Reportedly the sedan was traveling eastbound and swerved to avoid another car at an intersection, straying into the westbound lanes and hitting the Waymo van. What actions if any the latter took to avoid the collision are unknown at this time, though an analysis by the company would of course provide that info. I’ve asked the company for comment and will update if I hear back.

Night owl? Good news — there’s an historic rocket launch early tomorrow morning that you can catch while the rest of the country is sleeping. NASA’s InSight Mars lander is scheduled for takeoff at 4:05 AM Pacific, weather permitting. You can watch it live at the links below.

InSight is launching atop an Atlas V rocket with a Centaur for the orbital stage, operated by United Launch Alliance. After a six-month trip through space, the mission is to discover the secrets lying deep within the Red Planet using sensitive seismographs and a temperature probe that will bore into the surface. There’s also a pair of CubeSats hitching a ride to test how tiny spacecraft will perform outside Earth’s orbit.

It’s historic not just because it’s an awesome Mars lander that will teach us about the formation of our rocky neighbor and Earth itself, but because this is the first time an interplanetary mission has taken off from the west coast of the country. It’s launching from Vandenberg air base, between Santa Barbara and San Luis Obispo (a couple hours north of LA, for those not familiar with Californian geography).

“If you live on the California Central Coast or south to L.A. and San Diego, be sure to get up early on May 5th, because Atlas V is the gold standard in launch vehicles and it can put on a great show,” said Kennedy Space Center launch director Tim Dunn in a NASA news release.

That all depends on the weather, of course. The dreaded marine layer lies heavy on the coast, and that means visibility will be extremely low. But as coastal Californians know, waiting for it to go away is a good way to waste a whole day. NASA can’t wait that long — the rocket needs to go off when this side of the planet is facing the right direction, of course. So Range Safety may waive the eyes-on visibility requirement for launch, provided all other telemetry systems are working normally.

Going from launch to orbit will take about 13 minutes, at which time InSight will wait for about an hour, and then a final burn will send it on its way to Mars. The whole process should take about 93 minutes.

So if you’re up tomorrow in the predawn hours, check out the launch either at NASA’s stream or at the YouTube hosted one that should appear here half an hour or so before launch.

Today is the day Google makes good on a lot of its 2017 I/O VR promises. The company just announced that it will be open-sourcing Seurat, a tool designed to reduce complexity in high-fidelity mobile VR scenes, improving performance considerably.

This launch arrives alongside the release of the Mirage Solo, the first headset on the Daydream VR platform to make use of Google’s WorldSense positional tracking system. The headset is standalone and runs on a mobile chipset so it’s a lot more resource constrained than headsets that connect to gaming PCs.

Seurat is a software tool that aims to reduce polygon count. Basically, Seurat takes all of the possible viewpoints that a VR user may have given their limited range of movement and removes the area of the 3D environment that they’d never be able to see. Seurat removes object permanence from the equation, so if you can’t see it in virtual reality, chances are it doesn’t actually exist at all.

In the snippet above from a new Blade Runner title, Google says the Seurat program was able to take a scene with 46.6 million triangles and reduce it down to 307,000. This is especially useful for developers with existing renders that they’re porting from more capable hardware to the more strained mobile VR hardware.

Source code and documentation for the tool is available on its GitHub page.

The volume of data particle physicists have to sort through at the Large Hadron Collider is staggering, and it’s about to increase by an order of magnitude. To cope with this torrent of data, CERN is turning to machine learning, offering prizes for AI models that can cut through the clutter and help make the next breakthrough.

Inside the massive detectors that dot the rings of the LHC, protons accelerated to near light speed smash into each other with incredible energy and produce a fountain of exotic, short-lived particles that impact on sensors lining the walls. Improvements being made to the magnetic fields guiding these protons around the ring mean that where once you could expect a couple dozen collisions to draw data from, soon there may be hundreds.

Great for the scientists, but with more collisions comes more data, in this case an order of magnitude more. The old methods of sorting and categorizing the data are too slow, researchers told Nature. So they’re doing what any modern data scientist would do when faced with a massive set of noisy data: hand it over to the AIs.

I use the term loosely, of course — machine learning models are just really great at chewing through reams of data in search of what they’ve been trained to find. Medicine, astronomy and, of course, psychology (courtesy of Facebook) have all been advanced by this convenient ability to separate the statistical wheat from the chaff. Particle physics is just another example of it.

A little healthy competition, as always, is a good way to jump-start the field. So CERN established TrackML, a relatively low-key contest in which physicists and data scientists can download gigs of real collider data and train up models to classify it correctly. Of course, there are terabytes available for the picking, but you’ll want to use this particular data set.

The prize pool is relatively small, with a total of $25,000 available to the winners. Perhaps they used up all their money on… you know, upgrading the world’s biggest particle collider with state of the art cryomagnets.

There’s no entry fee, so if you’re interested in giving it a shot, head over to Kaggle, where the contest is hosted, and download your own copy of the data. You’ve got plenty of time — submissions are due in August. Oh, and anything you submit will be open sourced, so don’t worry that they’re going to commercialize your algorithm.

Researchers at Ben-Gurion University of the Negev in Israel are building a tic-tac-toe game to help patients with their rehabilitation exercises. The game is played on a grid of boxes and includes “embodied” and non-embodied play. Embodied play means a robotic arm will grab and place a marker – in this case a small cup – and non-embodied play includes bright lights that light up to mark the computer’s spot.

The system uses a Kinova arm and cups. The cups are part of the rehabilitation process and help users learn to grasp and manipulate objects after an illness or accident.

“Playing Tic Tac Toe with a set of cups (instead of X’s and O’s) is one example of a game that can help rehabilitate an upper limb,” said Dr. Shelly Levy-Tzedek. “A person can pick up and place many cups while enjoying a game and improving their performance of a daily task.”

Interestingly the speed of the robot had an effect on the users. A slower robot would make users perform more slowly while a faster robot sped up the game. This could be used to modify the game for individual patients and individual needs. Because the robot never gets tired the rehabilitation staff can pay attention to the minute movements of a patient, catering the speed and type of play to the patient’s particular needs.

The research paper appeared in Restorative Neurology and Neuroscience.

Google Assistant is gaining some new capabilities thanks to a deal with Fandango which should make ordering movie tickets a quick and easy process. Simply tell Google Assistant that you want to buy some movie tickets and you’ll see what’s playing nearby, you can dial in the specificity to find out just what’s playing at a specific theater of what theaters a particular flick is going to be at.

The deal is going live on May the Fourth in honor of the Star Wars marketing holiday and the fact that advanced tickets for Solo: A Star Wars Story are going on sale today.

This functionality is something that’s been available on Siri, but Google Assistant allows you to make the purchase without downloading the Fandango app which had pretty much negated most of the utility this feature had on Siri.

For now, this launch is just for Google Assistant on Android phones but if you’re perplexingly a heavy user of the Google Assistant app on iOS than you’ll be able to get your movie ticket ordering functionality sometime later this year.

After a distributed denial-of-service attack knocked some servers offline during a local election in Tennessee this week, Knox County is working with an outside security contractor to investigate the cause. The attack took the Knox County Election Commission site displaying results of the county mayoral primary offline during Tuesday night voting. The county resorted to distributing printed results during the outage.

“Tonight, Our web servers suffered a successful denial of service attack,” Knox County wrote on Twitter on Tuesday night. “Election results were not affected, as our election machines are never connected to the Internet.”

The day after the incident, Knox County Mayor Tim Burchett reassured voters that the attack did not compromise the vote. Election systems that can go online are far less secure than systems that are not able to connect to the internet.

“Although the crash did not affect the vote tallies or the integrity of the election, this is not something that should happen,” Burchett said in a statement. “I want to know what happened, and I think an independent review will help to determine that so we can move forward and work to prevent similar issues in the future.”

Burchett disputed outside claims that his office had acted “prematurely” in dismissing any risk to the integrity of the Knox County vote, reiterating that the county’s voting system “is never connected to internet, never at risk.”

In a report from Knox County’s IT Department, Director Dick Moran noted “extremely heavy and abnormal network traffic” consistent with a DDoS attack and observed that the IP addresses involved originated from both domestic and international locations. Moran drew a distinction between a DDoS attack that can knock servers offline and a hack intended to infiltrate systems or servers.

Sword & Shield Enterprise Security, a Knoxville-based security firm, has been contracted to conduct an analysis of the attack and “determine the exact nature” of the server’s time offline.

The county site that was affected by the attack only displayed results to the public, it did not receive or tabulate them. Still, DDoS attacks are sometimes used as a diversionary tactic to create chaos. TechCrunch has reached out to Sword & Shield with additional questions about the sophistication and extent of the attack.

Given its enhanced coordination with states as part of recent initiatives to secure national election systems, TechCrunch has also been in touch with Homeland Security about its role in providing support to Knox County and will update this story when we have more information.