Month: June 2019

The new DEEPFAKES Accountability Act in the House — and yes, that’s an acronym — would take steps to criminalize the synthetic media referred to in its name, but its provisions seem too optimistic in the face of the reality of this threat. On the other hand, it also proposes some changes that will help bring the law up to date with the tech.

The bill, proposed by Representative Yvette Clarke (D-NY), it must be said, has the most ridiculous name I’ve encountered: the Defending Each and Every Person from False Appearances by Keeping Exploitation Subject to Accountability Act. Amazingly, that acronym (backronym, really) actually makes sense.

It’s intended to stem the potential damage of synthetic media purporting to be authentic, which is rare enough now but soon may be commonplace. With just a few minutes (or even a single frame) of video and voice, a fake version of a person, perhaps a public figure or celebrity, can be created that is convincing enough to fool anyone not looking too closely. And the quality is only getting better.

DEEPFAKES would require anyone creating a piece of synthetic media imitating a person to disclose that the video is altered or generated, using “irremovable digital watermarks, as well as textual descriptions.” Failing to do so will be a crime.

The act also establishes a right on the part of victims of synthetic media to sue the creators and/or otherwise “vindicate their reputations” in court.

Many of our readers will have already spotted the enormous loopholes gaping in this proposed legislation.

First, if a creator of a piece of media is willing to put their name to it and document that it is fake, those are almost certainly not the creators or the media we need to worry about. Jordan Peele is the least of our worries (and in fact the subject of many of our hopes). Requiring satirists and YouTubers to document their modified or generated media seems only to assign paperwork to people already acting legally and with no harmful intentions.

Second, watermark and metadata-based markers are usually trivial to remove. Text can be cropped, logos removed (via more smart algorithms), and even a sophisticated whole-frame watermark might be eliminated simply by being re-encoded for distribution on Instagram or YouTube. Metadata and documentation are often stripped or otherwise made inaccessible. And the inevitable reposters seem to have no responsibility to keep that data intact, either — so as soon as this piece of media leaves the home of its creator, it is out of their control and very soon will no longer be in compliance with the law.

Third, it’s far more likely that truly damaging synthetic media will be created with an eye to anonymity and distributed by secondary methods. The law here is akin to asking bootleggers to mark their barrels with their contact information. No malicious actor will even attempt to mark their work as an “official” fake.

That said, just because these rules are unlikely to prevent people from creating and distributing damaging synthetic media — what the bill calls “advanced technological false personation records” — that doesn’t mean the law serves no purpose here.

One of the problems with the pace of technology is that it frequently is some distance ahead of the law, not just in spirit but in letter. With something like revenge porn or cyberbullying, there’s often literally no legal recourse because these are unprecedented behaviors that may not fit neatly under any specific criminal code. A law like this, flawed as it is, defines the criminal behavior and puts it on the books, so it’s clear what is and isn’t against the law. So while someone faking a Senator’s face may not voluntarily identify themselves, if they are identified, they can be charged.

To that end a later portion of the law is more relevant and realistic: It seeks to place unauthorized digital recreations of people under the umbrella of unlawful impersonation statutes. Just as it’s variously illegal to pretend you’re someone you’re not, to steal someone’s ID, to pretend you’re a cop, and so on, it would be illegal to nefariously misrepresent someone digitally.

That gives police and the court system a handhold when cases concerning synthetic media begin pouring in. They can say “ah, this falls under statute so and so” rather than arguing about jurisdiction or law and wasting everyone’s time — an incredibly common (and costly) occurrence.

The bill puts someone at the U.S. Attorney’s Office in charge of things like revenge porn (“false intimate depictions”) to coordinate prosecution and so on. Again, these issues are so new that it’s often not even clear who you or your lawyer or your local police are supposed to call.

Lastly the act would create a task force at the Department of Homeland Security that would form the core of government involvement with the practice of creating deep fakes, and any countermeasures created to combat them. The task force would collaborate with private sector companies working on their own to prevent synthetic media from gumming up their gears (Facebook has just had a taste), and report regularly on the state of things.

It’s a start, anyway — rare it is that the government acknowledges something is a problem and attempts to mitigate it before that thing is truly a problem. Such attempts are usually put down as nanny state policies, alas, so we wait for a few people to have their lives ruined then get to work with hindsight. So while the DEEPFAKES Accountability Act would not, I feel, create much in the way of accountability for the malicious actors most likely to cause problems, it does begin to set a legal foundation for victims and law enforcement to fight against those actors.

You can track the progress of the bill (H.R. 3230 in the 116th Congress) here.

The Daily Crunch is TechCrunch’s roundup of our biggest and most important stories. If you’d like to get this delivered to your inbox every day at around 9am Pacific, you can subscribe here.

1. Telegram faces DDoS attack in China… again

The popular encrypted messaging service Telegram is once again being hit with a distributed denial of service (DDoS) attack in Asia as protestors in Hong Kong take to the streets.

As they look to evade surveillance measures by government officials, Telegram is one of the tools that organizers have turned to. Four years ago, a similar attack struck the company’s service, just as China was initiating a crackdown on human rights lawyers in the country.

2. Bird confirms acquisition of Scoot

This acquisition means Bird may finally get to operate shared electric scooters in San Francisco.

3. LaLiga fined $280K for soccer app’s privacy-violating spy mode

Users of the LaLiga app were outraged to discover the smartphone software does rather more than show minute-by-minute commentary of football matches: It can use the microphone and GPS of fans’ phones to record their surroundings in a bid to identify bars that are unofficially streaming games.

4. Google leaks its own phone

Details of the Pixel 4 have been swirling around this week, so Google decided to just leak the design of its next phone via its official Twitter account, revealing the backplate and new camera module on the smartphone.

5. NFC gets a lot more powerful in iOS 13

This opens up a range of new application possibilities, Apple said, including the ability to create apps that read passports and contactless smart cards and interact with NFC-enabled hardware.

6. Facebook collected device data on 187,000 users using banned snooping app

The social media giant said in a letter to Sen. Richard Blumenthal’s office — which TechCrunch obtained — that it collected data on 31,000 users in the U.S., including 4,300 teenagers. The rest of the collected data came from users in India.

7. Uber’s annual flying taxi summit reveals Uber Air has a ways to go

We talked to Uber Director of Engineering for Energy Storage Systems Celina Mikolajczak at the company’s third annual Elevate Summit in Washington, D.C. this week. (Extra Crunch membership required.)

Earlier today, Tyson Foods announced the launch of its first foray into the meat replacement market with the unveiling of its Raised and Rooted brand.

While the company’s plant-based nuggets present a direct challenge to companies like Beyond Meat, Tyson Foods is playing a different game by introducing consumers to foods that are blended with meat and protein replacements.

So it’s not exactly a direct competitor to Beyond Meat, a former Tyson Foods venture portfolio investment, or Impossible Foods, which are the two current leaders in the growing alterna-beef category.

Rather it seems to be an attempt to up-sell customers on products with less beef for potentially more money? Tyson did not respond to a request for comment by the time of publication.

For Springdale, Ark.-based Tyson Foods, making alternative proteins is less of an optional strategy and more of a necessary response to what could be an existential threat to the traditional meat market in the U.S. and around the world.

By 2040 traditional meat consumption could fall by 33%, according to a recent analysis by the consulting firm A.T. Kearny.

“All in all, cultured meat and new meat replacement products are going to disrupt the $1,000 billion conventional meat industry with all its supplier companies,” the study’s authors write. “This disruption is supported by a general shift toward consumption of non-meat proteins (for example, legumes and nuts) as a consequence of new lifestyle trends, all aimed at a more sustainable and healthier diet, as well as regulatory measures against conventional meat.”

Tyson has launched its new brand with just these pressures in mind. The company is the first large meat producer to confront the changes that are coming to the market at anything approaching the scale of the challenge.

What remains to be seen is whether consumers will respond to the concept of “blended” burger outside of the fast food restaurants where those kinds of products are already served. It’s trying with its premium sausage brand, Aidells, along with the Raised & Rooted patty, which is a blend of beef and vegetable proteins.

“Today’s consumers are seeking more protein options so we’re creating new products for the growing number of people open to flexible diets that include both meat and plant-based protein,” said Noel White, president and CEO of Tyson Foods, in a statement. “For us, this is about ‘and’ – not ‘or.’ We remain firmly committed to our growing traditional meat business and expect to be a market leader in alternative protein, which is experiencing double-digit growth and could someday be a billion-dollar business for our company.”

Tyson’s plant-based nuggets, made from a blend of pea protein isolate and other plant ingredients, will be out on store shelves in the fall, while the blended beef and vegetable burgers will hit store shelves in the fall.

Tyson also has bets on other, novel meat replacements and alternative protein sources. The company has invested in lab-grown meat makers like Memphis Meats and Future Meat Technologies and is also backing Mycotechnology, a mushroom-based protein producer, through its venture capital arm, Tyson Ventures.

Investors in newly public Beyond Meat, seem un-fazed by Tyson’s new offerings. The stock, dipped on the news (and a downgrade from IPO underwriter J.P. Morgan), but it’s still up more than 100% on the year.

 

A hospital infusion pump widely used in hospitals and medical facilities has critical security flaws that allow it to be remotely hijacked and controlled, according to security researchers.

Researchers at healthcare security firm CyberMDX found two vulnerabilities in the Alaris Gateway Workstation, developed by medical device maker Becton Dickinson.

Infusion pumps are one of the most common bits of kit in a hospital. These devices control the dispensing of intravenous fluids and medications, like painkillers or insulin. They’re often hooked up to a central monitoring station so medical staff can check on multiple patients at the same time.

But the researchers found that an attacker could install malicious firmware on a pump’s onboard computer, which powers, monitors and controls the infusion pumps. The pumps run on Windows CE, commonly used in pocket PCs before smartphones.

In the worst case scenario, the researchers said it would be possible to adjust specific commands on the pump — including the infusion rate — on certain versions of the device by installing modified firmware.

The researchers said it was also possible to remotely brick the onboard computer, knocking the pump offline.

The bug was scored a rare maximum score of 10.0 on the industry standard common vulnerability scoring system, according to Homeland Security’s advisory. A second vulnerability, scored at a lesser 7.5 out of 10.0 could allow an attacker to gain access to the workstation’s monitoring and configuration interfaces through the web browser.

The researchers said creating an attack kit was “quite easy” and “worked consistently,” said Elad Luz, CyberMDX’s head of research, in an email to TechCrunch. But the attack chain is complex and requires multiple steps, access to the hospital network, knowledge of the workstation’s IP address, and the capability to write custom malicious code.

In other words, there are far easier ways to kill a patient than exploiting these bugs.

CyberMDX disclosed the vulnerabilities to Becton Dickinson in November and to federal regulators.

Becton Dickinson said device owners should update to the latest firmware, which contains fixes for the vulnerabilities. Spokesperson Troy Kirkpatrick said the pump is not sold in the U.S., but would not say how many devices were vulnerable “for competitive reasons.”

“There are about 50 countries that have these devices,” said Kirkpatrick. He confirmed that eight countries that have more than 1,000 devices, three countries have more than 2,000 devices, but no country has more than 3,000 devices.

The flaws are another reminder that security issues can exist in any device — particularly life-saving equipment in the medical space.

Earlier this year, Homeland Security warned about a set of critical-rated vulnerabilities in Medtronic defibrillators. The government-issued alert said the device’s proprietary radio communications protocol did not require authentication, allowing a nearby attacker in certain circumstances to intercept and modify commands over-the-air.

When it announced the long-awaited Mac Pro relaunch onstage at WWDC last week, Apple settled on creative pro software as the best way to illustrate the desktop’s power. Along with Final Cut, Logic was one of the centerpieces of that introduction.

Today the company issued the update to Logic Pro X illustrated onstage. Version 10.4.5 of the pro-level music production software supports up to 56 processing threads, and up to 1,000 audio tracks and software instrument tracks.

That can be augmented with 1,000 auxiliary channel strips and 1,000 external MIDI tracks. The company says the new version is capable of handling five times as many real-time plug-ins on the software as the last version of the Mac Pro.

There a handful of other smaller updates, as well. Per Apple:

• The loop browser can filter by loop type and allows drag and drop of multiple loops into your project simultaneously.
• The redesigned DeEsser 2 plug-in provides more options to reduce sibilance on audio tracks.
• MIDI beat clocks can be sent to individual ports, each with unique settings like timing offset and plug-in delay compensation.

Version 10.4.5 is out today for $200 or as a free update to existing users. The new Mac Pro, meanwhile, isn’t set to be released until the fall.

This morning, Spotify announced the rollout of a redesigned app for its Premium users. Now, the service is down. The streaming music provider is experiencing an outage today, according to reports from social media and various outage tracking websites, including DownDetector. Spotify had failed to acknowledge the outage on its Spotify Status Twitter account. But the company has now confirmed the outage directly with TechCrunch.

Spotify’s Twitter customer support team is also responding to customers to let them know the company is aware of the problem and working on a fix.

Many of the impacted users appear to be complaining about their Spotify mobile app not working — something that led people to believe the outage is related to the app redesign that went live earlier today.

Spotify tells TechCrunch that’s not the case, however.

The company isn’t offering information about what is causing the issue, nor any other details, but says it’s working to bring the service back online.

According to Down Detector, Spotify began having issues as early as 8:22 AM ET. But its chart shows a clear spike later in the morning heading into the afternoon.

Its outage map shows a heavy concentration of reports in the U.S., but U.K. tabloid publications noted the outage is happening there, as well.

Meanwhile, the website Outage.Report claims to have received hundreds of reports of Spotify issues beginning around the same time of ~8:00 AM ET. Reports hail from the U.S., Canada, Mexico, Brazil, the U.K., and 26 other countries, it says. A third service, IsItDownRightNow.com also reports the Spotify.com website is currently unreachable.

We’ll update with more information as it becomes available.

The UK government today announced a £153 million investment into efforts to commercialize quantum computing. That’s about $193 million and with additional commitments from numerous industry players, that number goes up to over $440 million. With this, the UK’s National Quantum Technologies Programme has now passed £1 billion (or about $1.27 billion) in investments since its inception in 2014.

In the US, president Trump last year signed into law a $1.2 billion investment into quantum computing and the European Union, which the UK is infamously trying to leave, also launched a similarly-sized plan. Indeed, it’s hard not to look at this announcement in the context of Brexit, which would cut the UK off from these European efforts, though it’s worth noting that the UK obviously has a long history of fundamental computer science research, something that is surely also motivating these efforts.

“This milestone shows that Quantum is no longer an experimental science for the UK,” UK Science Minister Chris Skidmore said in today’s announcement. “Investment by government and businesses is paying off, as we become one of the world’s leading nations for quantum science and technologies. Now industry is turning what was once a futuristic pipedream into life-changing products.”

Specifically, the UK program is looking into research that can grow its local quantum industry. To do so, the £153 million Industrial Strategy Challenge Fund will invest in new products and innovations through research and development competitions, but also into industry-led projects. It will also function as an investment accelerator, with the hope of encouraging venture capitalist to invest in early-stage, spin-out and startup quantum companies.

“The announcement of this significant public funding for the industrialization of quantum technologies exemplifies the benefits of the Industrial Strategy, both in terms of improved coordination across government departments and also the creation of long-term partnerships between government, academia and businesses,” said Roger McKinlay, Challenge Director for Quantum Technologies at UK Research and Innovation. “Five years of investment in the UK National Quantum Technologies Programme has given the UK a technological lead which businesses are now ready to turn in to a significant commercial advantage.”

For governments, quantum computing obviously opens up a number of economic opportunities, but there are also national security interests at play here. Once it becomes a reality, a general quantum computer with long coherence times will easily be able to defeat today’s encryption schemes, for example. That’s not what today’s announcement is about, but it is surely something that all of the world’s governments are thinking about.

 

 

Investments by U.S. venture capital firms into Latin America are skyrocketing and one of the firms leading the charge into deals is none other than Silicon Valley’s Andreessen Horowitz .

The firm that shook up Silicon Valley with potentially over-generous term sheets and valuations and an overarching thesis that “software is eating the world” has been reluctant to test its core belief… well… pretty much anywhere outside of the United States.

That was true until a few years ago when Andreessen began making investments in Latin America. It’s the only geography outside of the U.S. where the firm has committed significant capital and the pace of its investments is increasing.

Andreessen isn’t the only firm that’s making big bets in companies south of the American border. SoftBank has its $2 billion dollar investment fund, which launched earlier this year, to invest in Latin American deals as well. (Although the most recent SoftBank Innovation Fund investment in GymPass is likely an indicator that the fund, much like SoftBank’s “Vision” fund, has a pretty generous interpretation of what is and is not a Latin American deal.)

“We previously didn’t invest internationally, [because] we weren’t as well set up to help these companies,” says Angela Strange, a general partner at Andreessen Horowitz. “Part of the reason for why LatAm is proximity.”

Fresh off its 10th anniversary and under the helm of a new CEO, Kickstarter is shaking things up with a new set of guidelines targeted at seller claims.

A new page titled Honest and Clear Presentation in Projects notes:

The language you choose to present your project plays a critical role in setting expectations for backers. Your project description should give backers a realistic and accurate picture of what you’ve done so far, what stage of development you’re in now, and what you’re hoping to create with their support.

Among the bullets points here are presenting projects as ideas, rather than finished products and, notably, avoiding exaggerations and dubious claims — both of which are mainstays of not just Kickstarter projects, but advertising in generally.

Included among the latter is a dissuasion to “Use superlatives or puffery to describe your project, such as ‘the world’s best / smallest / fastest / first / etc.’ or ‘the ultimate / unrivaled / revolutionary / etc.’ ”

So, calling these “the world’s best rules” would be heavily frowned upon.

Kickstarter’s leaning heavily on the idea of guidelines. The head of the crowdfunding site’s System Integrity Team, Meg Heim, tells The Verge, “We don’t see this as a one-time quick fix, or even a crackdown,” adding that it’s intended to “help guide creators into setting expectations that’ll help them [and their campaign] in the long run.”

Community guidelines are, by their very nature, more difficult to enforce than, say, a crackdown. The main deterrent here appears to be that the service is less likely to promote those projects that don’t adhere. It’s a fairly soft consequence, though Kickstarter’s page and newsletter promotions do go a long way toward helping projects gain momentum.

Google’s Area 120 team, the company’s in-house incubator for some of its more experimental projects, today launched Game Builder, a free and easy to use tool for PC and macOS users who want to build their own 3D games without having to know how to code. Game Builder is currently only available through Valve’s Steam platform, so you’ll need an account there to try it.

After a quick download, Game Builder asks you about what screen size you want to work on and then drops you right into the experience after you tell it whether you want to start a new project, work on an existing project or try out some sample projects. These sample projects include a first-person shooter, a platformer and a demo of the tool’s card system for programming more complex interactions.

The menu system and building experience take some getting used to and isn’t immediately intuitive, but after a while, you’ll get the hang of it. By default, the overall design aesthetic clearly draws some inspiration from Minecraft, but you’re pretty free in what kind of game you want to create. It does not strike me as a tool for getting smaller children into game programming since we’re talking about a relatively text-heavy and complex experience.

To build more complex interactions, you use Game Builder’s card-based visual programming system. That’s pretty straightforward, too, but also takes some getting used to. Google says building a 3D level is like playing a game. There’s some truth in that, in that you are building inside the game environment, but it’s not necessarily an easy game either.

One cool feature here is that you can also build multiplayer games and even create games in real-time with your friends.

Traditionally, drag-and-drop game builders feel pretty limited. The Area 120 team is trying to overcome this by also letting you use JavaScript to go beyond some of the pre-programmed features. Google is also betting on Poly, its library of 3D objects, to give users lots of options for creating and designing their levels.

It’s no secret that Google is taking games pretty seriously these days, now that it is getting ready to launch its Stadia game streaming service later this year. There doesn’t seem to be a connection between the two just yet, but I wouldn’t be surprised if we saw Game Builder on Stadia, too.