Year: 2019

Amazon’s recent investments in NYC educational initiatives will continue, despite the company pulling its HQ2 plans for the area. But the company isn’t stopping there. Today, Amazon announced it will bring computer science courses to over 1,000 high schools in all 50 states and the District of Columbia. The classes, which are funded through Amazon’s Future Engineer program, will reach tens of thousands of students nationwide.

The Future Engineer program’s goal is to bring computer science courses to more than 100,000 underprivileged kids in 2,000 low-income high schools across the U.S. It also awards 100 students per year with four-year $10,000 scholarships and offers internships at Amazon.

The U.S. high schools will offer the Intro to Computer Science and AP Computer Science classes through the curriculum provider Edhesive, says Amazon. The funding will provide the lessons, tutorials, professional development for teachers, a fully sequenced and paced digital curriculum for students, and live online support for both students and teachers alike.

All students in the courses also receive a membership to AWS Educate, which gives them free computing power in the AWS Cloud for their class projects and other content to learn about cloud computing.

While Amazon obviously has a vested interest in ensuring the next generation of engineers are learning its own technologies, including AWS, investments like this help to level the playing field some by offering more students the opportunity to study computer science – which can lead to their ability to get into higher-paying jobs down the road, including those outside of Amazon.

The Amazon Future Engineer program itself is part of Amazon’s larger $50 million investment in computer science and STEM education.

Amazon notes that there will be 1.4 million computer science jobs available by 2020, according to the Bureau of Labor statistics, but only 400,000 computer science grads with the skills needed to apply for them. Computer Science is also the fastest-growing STEM profession, but only 8 percent of STEM grads are earning a computer science degree. And only a small fraction of those are from underprivileged background, Amazon says.

“We want to ensure that every child, especially those from underprivileged communities, has an opportunity to study computer science,” said Jeff Wilke, CEO Worldwide Consumer, Amazon, in a statement. “We are excited more than 1,000 schools will now provide these courses, and look forward to adding 1,000 more schools over the coming months.”

A company using advanced technologies to grow and harvest mealworms (larval beetles) at scale is on track to become one of the venture capital industry’s oddest billion dollar investments.

Ÿnsect, (pronounced ‘insect”) is a Paris-based producer of insect protein that has just closed on $125 million as the company looks to expand into North America selling bug-based nutrients to fish farms, animal farms, and the everyday harvesters of vegetables. 

The company isn’t worth $1 billion… yet. But that’s clearly the goal as it bulks up for a global expansion effort.

According to the company’s chief executive Antoine Hubert, a former agronomist turned bug farm maven, the company grew out of efforts to promote sustainability in the food system at foods and companies across France.

“We thought we could make a bigger impact by developing not only education but production,” in the realm of novel proteins for agriculture, Hubert says. 

Since agriculture is a leading producer of carbon dioxide and methane emissions that contribute to global warming, then any steps that are taken to reduce those emissions by making supply chains and production more efficient would be good for the environment.

“The food system has an impact on greenhouse gas. We decided to develop a proper technology to produce large volumes of proteins at competitive prices,” Hubert says. 

The company borrows automation and sensing technologies from areas as diverse as automotive manufacturing and data center heating ventilation and cooling and applies it to the cultivation of mealworms. The company actually has 25 patents on the technologies it has deployed and is on track to book more than $70 million in revenue this year.

Bugs are clearly big business.

Why mealworms, though? Because Hubert says they’re the highest quality insect for pound-for-pound protein production.

The company said that it raised this $125 million (€110m) Series C round to scale up production. Ÿnsect intends to build the world’s biggest insect farm in Amiens Metropole, Northern France and will begin expanding its presence in the North American market. 

The deal, led by Astanor Ventures with participation from Bpifrance, Talis Capital, Idinvest Partners, Finasucre and Compagnie du Bois Sauvage is the largest ag tech deal to date outside of North America and should plant a flag for the role of insect cultivation in the animal feedstock and fertilizer market, which is a combined global market of $800 billion.

That’s good news for competitors like Protix, AgriProtein, EnviroFlight and Beta Hatch, which are all building insect kingdoms of their own with eyes on the same, massive, global market. In fact, before Ÿnsect’s big haul, Protix held the title of the venture-backed bug business with the most cash. The company raised $50 million in financing back in 2017 to expand its insect empire.

Ÿnsect’s bug protein has already found its way into pet and plant food, fish food for aquaculture and other applications, but as demand for sources of high quality proteins continues to grow alongside a rising global population, the company sees one of its largest opportunities in fish and shellfish farming.

“By offering an insect protein alternative to traditional animal and fish-based feed sources, Ÿnsect can help offset the growing competition for ocean fish stock required to feed two billion more people by 2050, while alleviating fish, water and soil depletion, as well as agriculture’s staggering 25% share of global greenhouse gas emissions,” says Hubert. “Our goal is simply to give insects back their natural place in the food chain.”

It was this ability for Ÿnsect to slot itself into the global food chain that attracted Talis Capital as an investor, according to the firm’s co-founder Matus Maar.

“With the global population expected to grow to nine billion by 2050, current acquaculture and animal feeding practices are unsustainable.” Mar said in a statement. “Ÿnsect taps into a huge, yet highly inefficient global market by offering a premium and – above all – sustainable insect-derived product through a fully automated, AI-enabled production process.”

The quality of a financial market is driven by liquidity. Companies want to list on the NYSE, because that’s where the most financial investors in the world are located, and the thicker the market for investors, the better the valuations for companies. The NYSE has “problems” though — its closed most hours of the week, for instance, because humans are lazy, and it has a bunch of rules on what can be listed and how.

So blockchain! Blockchain solves this liquidity problem by allowing traders to operate 24/7, sell assets immediately, yada yada yada. All the stuff that’s been talked about ad nauseam the past few years.

I wanted us to get a better feel for the real liquidity of blockchain technology, and so we had Extra Crunch contributor Galen Moore crunch the numbers. And, my god, these markets are about as liquid as my dining room table.

In his analysis of security token offerings, Moore finds that liquidity can be measured in dollars a day. As in, sometimes there is someone, somewhere that wants to trade a token, but it isn’t all that often! For BCAP and SPICE, there are days that had no liquidity at all despite millions in purported market value.

It’s straight out of my market microstructures textbook that I used to read before going to bed. When you have lightly-traded assets, you want to build a market that concentrates trades in that asset into tight windows, in order to increase the thickness of the market. These securitized tokens would do better with an hour of trading per week when more buys and sells could be matched together, rather than the current model of no one trading ever.

We talk a lot about the user story from a utility token perspective, but we also need to talk about the user story from an investor perspective. Markets are sort of the classic case of network effects. Blockchain technologies are great and I am a “believer” for whatever that means, but if you are going to run a market, there has to be a crowd that shows up — or there is no market.

Why can’t we operate anything?

The Wall Street Journal had a great piece yesterday on the travails of Amtrak, which in addition to being an actual business, needs to get approval from Congress to make operational changes (and you think your board is tough). If you thought we couldn’t build anything, wait until you see how little we can operate anything as well.

This story has everything:

• Train nostalgics want Amtrak to continue running unprofitable, long-distance routes daily
• Congressmen with rural stops want unprofitable routes to continue serving stations that essentially have no passengers
• Unions are opposed to removing dining cars on trains that operate over short distances
• Private rail owners don’t want more frequent service because it makes scheduling freight trains more complicated
• Amtrak’s entire long-distance fleet has aged and needs to be replaced, but no one can agree on what configuration new train sets should have
• Even so, Congress wants Amtrak to become more financially solvent (!)

And so you get to this fact:

Amtrak’s long-distance routes carried about 4.5 million riders in fiscal 2018, down slightly from the previous year. Amtrak reported an adjusted operating loss of $543 million on those routes in 2018, more than offsetting the $524 million in earnings coming from its operations on the Northeast Corridor.

Long distance passengers are just 15% of Amtrak’s total, but hold the company hostage.

We have an infrastructure obsession over here these days, but it’s not just planning and construction that matters — how we operate infrastructure is even more crucial for preserving the quality of the user experience. As Amtrak makes clear, the kinds of sprawling debates that plague the planning process come up just as often in operations.

Quality news from around the web

Google Policy “Reorg”

Dave McCabe at Axios got the scoop yesterday that Google is re-organizing its policy wing. The details are vague and don’t portend huge changes to its model. One interesting note is that the shop will be called “Government Affairs and Public Policy” instead of just “Public Policy,” indicating that Google clearly sees a need to lobby more forcefully on its behalf than it has in the past. The company will also bolster regional teams, which seems critical in emerging markets like India and Indonesia, where massive elections this year threaten to rapidly change the policy environment for large foreign tech companies.

Two internets is increasingly the reality at the protocol level too

We’ve talked a lot about the splitting of the internet into internets due to content firewalls and barriers to competition in the tech sectors in countries like China, India, and elsewhere. Another dynamic is that the very protocols that run the internet are now diverging between these countries. The FT noted that emerging markets have made almost no efforts to migrate to IPv6, the modern Internet Protocol system, from IPv4. With more and more devices coming online and the IP address space exhausted, that split on the core protocol of the internet complicates keeping the world on one platform.

Does Saudi Arabia’s Asia investments paint a blurry picture for the SoftBank Vision Fund?

During his tour across Southeast Asia this week, Saudi Arabia’s crown prince Mohammed bin Salman has been publicizing his intentions to invest billions in the region. And we’re not talking about chump change here — just yesterday during his visit to India, MBS stated Saudi Arabia was looking to invest at least $100 billion in the country over the next two years, which came just days after Saudi Arabia reportedly signed agreements to pour around $20 billion into Pakistan.

Besides the fact that Saudi Arabia is diving further into the infrastructure race in Southeast Asia and that the country is actively engaged with national rivals, Salman’s statements interestingly came right after reports that Saudi Arabia’s Public Investment Fund was growing frustrated with the SoftBank Vision Fund where it has invested $45 billion. Based on the crown prince’s ambitious claims in Southeast Asia, it seems like Saudi Arabia has more than enough alternatives to SoftBank to put its money to work, which might create some more around hopes for a second Vision Fund if the reports of LP discontent are true. ~ Written by Arman Tabatabai

Countries are torn on how to transition to a cashless future

Pieces from Quartz and the New York Times highlighted a developing story of how countries are approaching the swift decline in cash. As regions move closer to cashless societies, policymakers are voicing concerns over equity, data treatment, and the underbanked. Such negative externalities have been well-documented in countries like Sweden, where cash is rarely used, infrequently printed and is no longer accepted in most places.

To avoid the same unintended consequences, the UK will publish a roadmap for handling falling cash usage next month, while policies banning cashless stores have already been passed or discussed in major US cities and states. While other countries like South Korea, India and China have advocated for cashless payments, the UK and the US are hoping to create a more gradual, manageable and predictable transition. ~ Written by Arman Tabatabai

JVP’s new $220 million fund leverages its frontier tech and cyber pedigree

Yesterday, Israel-based Jerusalem Venture Partners (JVP) announced it had closed on $220 million in committed capital for its eighth fund, which will focus on investing in early and mid-stage companies in frontier tech sectors like AI, cybersecurity, and computer vision. JVP has a long track record of investing in these categories and working with governments. The firm has worked with the Israeli government to help run several leading cybersecurity accelerators, and recently partnered with New York City to help launch the city’s $100 million Cyber NYC program focused on establishing a dominant cybersecurity ecosystem. Israel has long been a source of new innovative cyber solutions while New York’s central financial institutions have been some of the largest customers and stakeholders in cybersecurity. Given its established and expanding presence in these markets, JVP seems well-positioned to source deals and grow companies that fit under the focus of its new fund. ~ Written by Arman Tabatabai

Obsessions

• More discussion of megaprojects, infrastructure, and “why can’t we build things”
• We are going to be talking India here, focused around the book “Billonnaire Raj” by James Crabtree, who we just interviewed and will share more soon
• We have a lot to catch up on in the China world when the EC launch craziness dies down. Plus, we are covering The Next Factory of the World by Irene Yuan Sun.
• Societal resilience and geoengineering are still top-of-mind
• Some more on metrics design and quantification

Thanks

To every member of Extra Crunch: thank you. You allow us to get off the ad-laden media churn conveyor belt and spend quality time on amazing ideas, people, and companies. If I can ever be of assistance, hit reply, or send an email to danny@techcrunch.com.

This newsletter is written with the assistance of Arman Tabatabai from New York

According to a new report from the WSJ, Apple and Goldman Sachs are partnering on a different kind of products for both companies — a credit card. The Mastercard-based card would be focused on Apple Pay and feature some deep integrations in iOS.

This card could launch later this year in the U.S., which would coincide with the next iPhone. An Apple credit card would be a good way to take a bigger cut on Apple Pay transactions. Instead of splitting fees between the card issuer, the card network and Apple, Apple would get a portion of the fees for the card issuer.

It could also be a way to evangelize Apple Pay. While most cards are now compatible with Apple Pay in the U.S., many people still don’t think about paying with their iPhone or Apple Watch.

This is also uncharted territory for Goldman Sachs . According to the WSJ, the new card would represent Goldman’s first card. The company could be investing as much as $200 million to build a support team and the IT infrastructure to handle payments. You could expect a cash back on some purchases.

More interestingly, Apple could also be working on an Apple Wallet overhaul for this credit card. You would be able to set up spending goals (like the rings in the Activity app), get notifications about your spending habits (like Screen Time) and track your rewards. It’s unclear if Apple plans to open up those new features to other banks.

By partnering with Apple, Goldman Sachs would get a great distribution channel. And by launching a card, Apple would prove once again that, given enough time, all companies eventually become banks.

JFrog, the popular DevOps startup now valued at over $1 billion after raising $165 million last October, is making a move to expand the tools and services it provides to developers on its software operations platform: it has acquired Shippable, a cloud-based continuous integration and delivery platform (CI/CD) that developers use to ship code and deliver app and microservices updates, and plans to integrate it into its Enterprise+ platform.

Terms of the deal — JFrog’s fifth acquisition — are not being disclosed, said Shlomi Ben Haim, JFrog’s co-founder and CEO, in an interview. From what I understand, though, it was in the ballpark of Shippable’s most recent valuation, which was $42.6 million back in 2014 when it raised $8 million, according to PitchBook data.  (And that was the last time it had raised money.)

Shippable employees are joining JFrog and plan to release the first integrations with Enterprise+ this coming summer, and a full integration by Q3 of this year.

Shippable, founded in 2013, made its name early on as a provider of a containerized continuous integration and delivery platform based on Docker containers, but as Kubernetes has overtaken Docker in containerized deployments, the startup had also shifted its focus beyond Docker containers.

The acquisition speaks to the consolidation that is afoot in the world of DevOps, where developers and organizations are looking for more end-to-end toolkits not just to help develop, update, and run their apps and microservices, but to provide security and more — or at least, makers of DevOps tools hope they will be, as they themselves look to grow their margins and business.

As more organizations run ever more of their opertions as apps and microservices, DevOps have risen in prominence and are offered both toolkits from standalone businesses as well as those whose infrastructure is touched and used by DevOps tools. That means a company like JFrog has an expanding pool of competitors that include not just the likes of Docker, Sonatype and GitLab, but also AWS, Google Cloud Platform and Azure and “the Red Hats of the world,” in the words of Ben Haim.

For Shippable customers, the integration will give them access to security, binary management and other enterprise development tools.

“We’re thrilled to join the JFrog family and further the vision around Liquid Software,” said Avi Cavale, founder and CEO of Shippable, in a statement. “Shippable users and customers have long enjoyed our next-generation technology, but now will have access to leading security, binary management and other high-powered enterprise tools in the end-to-end JFrog Platform. This is truly exciting, as the combined forces of JFrog and Shippable can make full DevOps automation from code to production a reality.”

On the part of JFrog, the company will be using Shippable to provide a native CI/CD tool directly within JFrog.

“Before most of our users would use Jenkins, Circle CI and other CI/CD automation tools,” Ben Haim said. “But what you are starting to see in the wider market is a gradual consolidation of CI tools into code repository.”

He emphasized that this will not mean any changes for developers who are already happy using Jenkins or other integrations: just that it will now be offering a native solution that will be offered alongside these (presumably both with easier functionality and with competitive pricing).

JFrog today has 5,000 paying customers, up from 4,500 in October, including “most of the Fortune 500,” with marquee customers including the likes of Apple and Adobe, but also banks, healthcare organizations and insurance companies — “conservative businesses,” said Ben Haim, that are also now realizing the importance of using DevOps.

Redis Labs, fresh off its latest funding round, today announced a change to how it licenses its Redis Modules. This may not sound like a big deal, but in the world of open-source projects, licensing is currently a big issue. That’s because organizations like Redis, MongoDB, Confluent and others have recently introduced new licenses that make it harder for their competitors to take their products and sell them as rebranded services without contributing back to the community (and most of these companies point directly at AWS as the main offender here).

“Some cloud providers have repeatedly taken advantage of successful opensource projects, without significant contributions to their communities,” the Redis Labs team writes today. “They repackage software that was not developed by them into competitive, proprietary service offerings and use their business leverage to reap substantial revenues from these open source projects.”

The point of these new licenses it to put a stop to this.

This is not the first time Redis Labs has changed how it licenses its Redis Modules (and I’m stressing the “Redis Modules” part here because this is only about modules from Redis Labs and does not have any bearing on how the Redis database project itself is licensed). Back in 2018, Redis Labs changed its license from AGPL to Apache 2 modified with Commons Clause. The “Commons Clause” is the part that places commercial restrictions on top of the license.

That created quite a stir, as Redis Labs co-founder and CEO Ofer Bengal told me a few days ago when we spoke about the company’s funding.

“When we came out with this new license, there were many different views,” he acknowledged. “Some people condemned that. But after the initial noise calmed down — and especially after some other companies came out with a similar concept — the community now understands that the original concept of open source has to be fixed because it isn’t suitable anymore to the modern era where cloud companies use their monopoly power to adopt any successful open source project without contributing anything to it.”

The way the code was licensed, though, created a bit of confusion, the company now says, because some users thought they were only bound by the terms of the Apache 2 license. Some terms in the Commons Clause, too, weren’t quite clear (including the meaning of “substantial,” for example).

So today, Redis Labs is introducing the Redis Source Available License. This license, too, only applies to certain Redis Modules created by Redis Labs. Users can still get the code, modify it and integrate it into their applications — but that application can’t be a database product, caching engine, stream processing engine, search engine, indexing engine or ML/DL/AI serving engine.

By definition, an open-source license can’t have limitations. This new license does, so it’s technically not an open-source license. In practice, the company argues, it’s quite similar to other permissive open-source licenses, though, and shouldn’t really affect most developers who use the company’s modules (and these modules are RedisSearch, RedisGraph, RedisJSON, RedisML and RedisBloom).

This is surely not the last we’ve heard of this. Sooner or later, more projects will follow the same path. By then, we’ll likely see more standard licenses that address this issue so other companies won’t have to change multiple times. Ideally, though, we won’t need it because everybody will play nice — but since we’re not living in a utopia, that’s not likely to happen.

Last year Microsoft introduced several mixed reality business solutions under the Dynamics 365 enterprise product umbrella. Today, the company announced it would be moving these to smartphones in the spring, starting with previews.

The company announced Remote Assist on HoloLens last year. This tool allows a technician working onsite to show a remote expert what they are seeing. The expert can then walk the less experienced employee through the repair. This is great for those companies that have equipped their workforce with HoloLens for hands-free instruction, but not every company can afford the new equipment.

Starting in the spring, Microsoft is going to help with that by introducing Remote Assist for Android phones. Just about everyone has a phone with them, and those with Android devices will be able to take advantage of Remote Assist capabilities without investing in HoloLens. The company is also updating Remote Assist to include mobile annotations, group calling, deeper integration with Dynamics 365 for Field Service along with improved accessibility features on the HoloLens app.

IPhone users shouldn’t feel left out though because the company announced a preview of Dynamics 365 Product Visualize for iPhone. This tool enables users to work with a customer to visualize what a customized product will look like as they work with them. Think about a furniture seller working with a customer in their homes to customize the color, fabrics and design in place in the room where they will place the furniture, or a car dealer offering different options such as color and wheel styles. Once a customer agrees to a configuration, the data gets saved to Dynamics 365 and shared in Microsoft Teams for greater collaboration across a group of employees working with a customer on a project.

Both of these features are part of the Dynamics 365 spring release and are going to be available in preview starting in April. They are part of a broader release that includes a variety of new artificial intelligence features such as customer service bots and a unified view of customer data across the Dynamics 365 family of products.

Spotinst, the startup that helps customers automate selecting the cheapest set of resources to complete a job, announced a strategic partnership with Amazon Web Services today, joining the AWS Partner Network (APN) Global Startups program.

Under the agreement, Amazon will help with Spotinst’s go-to-market efforts, bringing their considerable financial and sales and marketing resources to the table. Spotinst CEO, Amiram Shachar says the partnership gives the company resources it could never get on its own as a startup.

“AWS is going to take the product we have developed and we’re going to do a kind of go to market together, and actually go to their customers and offer them everything that we’ve built in the past few years,” Shachar explained.

What Spotinst does is find the cheapest resources to meet the customer requirements. Cloud platforms like AWS, Microsoft Azure and Google Cloud Platform, all of which Spotinst supports, have to maintain more resources than they need at any given time. The companies offer steep discounts to customers who want to access these resources, but they come with a strict condition that the platforms can take those resources back whenever they need them.

Spotinst manages this process, finding the best resources for the job based on customer requirements, and seamlessly shifts those resources before the cloud platform takes them back, ensuring that workloads keep functioning, but giving the customer the best possible price.

These capabilities are what attracted Spotinst to AWS. “Spotinst provides additional options for our customers to combine AWS features and pricing choices, for a variety of customer workloads,” Joshua Burgin, general manager for compute services at AWS said in a statement.

Shachar says that even though the company is teaming up with AWS, it will continue to support a multi-cloud environment. He wouldn’t speculate if this was the beginning of a deeper relationship that could eventually result in acquisition, but it certainly makes sense that AWS would be testing the waters here. Neither party would confirm that, however.

Spotinst was founded in 2015 and has raised $50M to this point. Its most recent round was a $35M Series B last August.

Spotinst, the startup that helps customers automate selecting the cheapest set of resources to complete a job, announced a strategic partnership with Amazon Web Services today, joining the AWS Partner Network (APN) Global Startups program.

Under the agreement, Amazon will help with Spotinst’s go-to-market efforts, bringing their considerable financial and sales and marketing resources to the table. Spotinst CEO, Amiram Shachar says the partnership gives the company resources it could never get on its own as a startup.

“AWS is going to take the product we have developed and we’re going to do a kind of go to market together, and actually go to their customers and offer them everything that we’ve built in the past few years,” Shachar explained.

What Spotinst does is find the cheapest resources to meet the customer requirements. Cloud platforms like AWS, Microsoft Azure and Google Cloud Platform, all of which Spotinst supports, have to maintain more resources than they need at any given time. The companies offer steep discounts to customers who want to access these resources, but they come with a strict condition that the platforms can take those resources back whenever they need them.

Spotinst manages this process, finding the best resources for the job based on customer requirements, and seamlessly shifts those resources before the cloud platform takes them back, ensuring that workloads keep functioning, but giving the customer the best possible price.

These capabilities are what attracted Spotinst to AWS. “Spotinst provides additional options for our customers to combine AWS features and pricing choices, for a variety of customer workloads,” Joshua Burgin, general manager for compute services at AWS said in a statement.

Shachar says that even though the company is teaming up with AWS, it will continue to support a multi-cloud environment. He wouldn’t speculate if this was the beginning of a deeper relationship that could eventually result in acquisition, but it certainly makes sense that AWS would be testing the waters here. Neither party would confirm that, however.

Spotinst was founded in 2015 and has raised $50M to this point. Its most recent round was a $35M Series B last August.

A privacy complaint targeting the behavioral advertising industry has a new piece of evidence that shows the Internet Advertising Bureau (IAB) shedding doubt on whether it’s possible to obtain informed consent from web users for the programmatic ad industry’s real-time bidding (RTB) system to broadcast their personal data.

The adtech industry functions by harvesting web users’ data, packaging individual identifiers and browsing data in bid requests that are systematically shared with third parties in order to solicit and scale advertiser bids for the user’s attention.

However a series of RTB complaints — filed last fall by Jim Killock, director of the Open Rights Group; Dr Johnny Ryan of private browser Brave; and Michael Veale, a data and policy researcher at University College London — allege this causes “wide-scale and systemic breaches” of European Union data protection rules.

So far complaints have been filed with data protection agencies in Ireland, the UK and Poland, though the intent is for the action to expand across the EU given that behavioral advertising isn’t region specific.

Google and the IAB set the RTB specifications used by the online ad industry and are thus the main targets here, with complainants advocating for amendments to the specification to bring the system into compliance with the bloc’s data protection regime.

We’ve covered the complaint before, including an earlier submission showing the highly sensitive inferences that can be included in bid requests. But documents obtained by the complainants via freedom of information request and newly published this week show the IAB itself warned in 2017 that the RTB system risks falling foul of the bloc’s privacy rules, and specifically the rules around consent under the EU’s General Data Protection Regulation (GDPR), which came into force last May.

The complainants have published the latest evidence on a new campaign website.

At the very least the admission looks awkward for online ad industry body.

“incompatible with consent under GDPR “

In an email sent to senior personnel at the European Commission in June 2017 by Townsend Feehan, the CEO of IAB Europe — and now being used as evidence in the complaints — she writes that she wants to expand on concerns voiced at a roundtable session about the Commission’s ePrivacy proposals that she claims could “mean the end of the online advertising business model”.

Feehan attached an 18-page document to the email in which the IAB can be seen lobbying against the Commission’s ePrivacy proposal — claiming it will have “serious negative impacts on the digital advertising industry, on European media, and ultimately on European citizens’ access to information and other online content and services”.

The IAB goes on to push for specific amendments to the proposed text of the regulation. (As we’ve written before a major lobbying effort has blow up since GDPR was agreed to try to block updating the ePrivacy rules which operate alongside, covering marketing and electronic communications and cookies and other online tracking technologies.)

As it lobbies to water down ePrivacy rules, the IAB suggests it’s “technically impossible” for informed consent to function in a real-time bidding scenario — writing the following, in a segment entitled ‘Prior information requirement will “break” programmatic trading’:

As it is technically impossible for the user to have prior information about every data controller involved in a real-time bidding (RTB) scenario, programmatic trading, the area of fastest growth in digital advertising spend, would seem, at least prima facie, to be incompatible with consent under GDPR – and, as noted above, if a future ePrivacy Regulation makes virtually all interactions with the Internet subject solely to the consent legal basis, and consent is unavailable, then there will be no legal be no basis for such processing to take place or for media to monetise their content in this way.

The notion that it’s impossible to obtain informed consent from web users for processing their personal data prior to doing so is important because the behavioral ad industry, as it currently functions, includes personal data in bid requests that it systematically broadcasts to what can be thousands of third party companies.

Indeed, the crux of the RTB complaints are that personal data should be stripped out of these requests — and only contextual information broadcast for targeting ads, exactly because the current system is systematically breaching the rights of European web users by failing to obtain their consent for personal data to be sucked out and handed over to scores of unknown entities.

In its lobbying efforts to knock the teeth out of the ePrivacy Regulation the IAB can here be seen making a similar point — when it writes that programmatic trading “would seem, at least prima facie, to be incompatible with consent under GDPR”. (Albeit, injecting some of its own qualifiers into the sentence.)

The IAB is certainly seeking to deploy pro-privacy arguments to try to dilute Europeans’ privacy rights.

Despite it’s own claimed reservations about there being no technical fix to get consent for programmatic trading under GDPR the IAB nonetheless went on to launch a technical mechanism for managing — and, it claimed — complying with GDPR consent requirements in April 2018, when it urged the industry to use its GDPR “Consent & Transparency Framework”.

But in another piece of evidence obtained by the group of individuals behind the RTB complaints — an IAB document, dated May 2018, intended for publishers making use of this framework — the IAB also acknowledges that: “Publishers recognize there is no technical way to limit the way data is used after the data is received by a vendor for decisioning/bidding on/after delivery of an ad”.

In a section on liability, the IAB document lays out other publisher concerns that each bid request assumes “indiscriminate rights for vendors” — and that “surfacing thousands of vendors with broad rights to use data without tailoring those rights may be too many vendors/permissions”.

So again, er, awkward.

Another piece of evidence now attached to the RTB complaints shows a set of sample bid requests from the IAB and Google’s documentation for users of their systems — with annotations by the complainants showing exactly how much personal data gets packaged up and systematically shared.

This can include a person’s latitude and longitude GPS coordinates; IP address; device specific identifiers; various ID codes; inferred interests (which could include highly sensitive personal data); and the current webpage they’re looking at;

“The fourteen sample bid requests further prove that very personal data are contained in bid requests,” the complainants argue.

They have also included an estimated breakdown of seven major ad exchanges’ daily bid requests — Index Exchange, OpenX, Rubicon Project, Oath/AOL*, AppNexus, Smaato, Google DoubleClick — showing they collectively broadcast “hundreds of billions of bid requests per day”, to illustrate the scale of data being systematically broadcast by the ad industry.

“This suggests that the New Economics Foundation’s estimate in December that bid requests broadcast data about the average UK internet user 164 times a day was a conservative estimate,” they add.

The IAB has responded to the new evidence by couching the complainants’ claims as “false” and “intentionally damaging to the digital advertising industry and to European digital media”.

Regarding its 2017 document, in which it wrote that it was “technically impossible” for an Internet user to have prior information about every data controller involved in a RTB “scenario”, the IAB responds that “that was true at the time, but has changed since” — pointing to its Transparency & Consent framework (TCF) as the claimed fix for that, and further claiming it “demonstrates that real-time bidding is certainly not ‘incompatible with consent under GDPR'”.

Here are the relevant paras of IAB rebuttal on that:

The TCF provides a way to provide transparency to users about how, and by whom, their personal data is processed. It also enables users to express choices. Moreover, the TCF enables vendors engaged in programmatic advertising to know ahead of time whether their own and/or their partners’ transparency and consent status allows them to lawfully process personal data for online advertising and related purposes. IAB Europe’s submission to the European Commission in April 2017 showed that the industry needed to adapt to meet higher standards for transparency and consent under the GDPR. The TCF demonstrates how complex challenges can be overcome when industry players come together. But most importantly, the TCF demonstrates that real-time bidding is certainly not “incompatible with consent under GDPR”.

The OpenRTB protocol is a tool that can be used to determine which advertisement should be served on a given web page at a given time. Data can inform that determination. Like all technology, OpenRTB must be used in a way that complies with the law. Doing so is entirely possible and greatly facilitated by the IAB Europe Transparency & Consent Framework, whose whole raison d’être is to help ensure that the collection and processing of user data is done in full compliance with EU privacy and data protection rules.

The IAB goes on to couch the complaints as stemming from a “hypothetical possibility for personal data to be processed unlawfully in the course of programmatic advertising processes”.

“This hypothetical possibility arises because neither OpenRTB nor the TCF are capable of physically preventing companies using the protocol to unlawfully process personal data. But the law does not require them to,” the IAB claims.

However the crux of the RTB complaint is that programmatic advertising’s processing of personal data is not adequately secure — and they have GDPR Article 5, paragraph 1, point f to point to; which requires that personal data be “processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss”.

So it will be down to data protection authorities to determine what “appropriate security of personal data” means in this context. And whether behavioral advertising is inherently hostile to data protection law (not forgetting that other forms of non-personal-data-based advertising remain available, e.g. contextual advertising).

Discussing the complaint with TechCrunch late last year, Brave’s Ryan likened the programmatic ad system to dumping truck-loads of briefcases in the middle of a busy railway station in “the full knowledge that… business partners will all scramble around and try and grab them” — arguing that such a dysfunctional and systematic breaching of people’s data is lurking at the core of the online ad industry.

The solution Ryan and the other complainants are advocating for is not pulling the plug on the online ad industry entirely — but rather an update to the RTB spec to strip out personal data so that it respects Internet users’ rights. Ads can still be targeted contextually and successfully without Internet users having to be surveilled 24/7 online, is the claim.

They also argue that this would lead to a much better situation for quality online publishers because it would make it harder for their high value audiences to be arbitraged and commodified by privacy-hostile tracking technologies which — as it stands — trail Internet users everywhere they go. Albeit they freely concede that purveyors of low quality clickbait might fair less well.

*Disclosure: TechCrunch is owned by Verizon Media Group, aka Oath/AOL . We also don’t consider ourselves to be purveyors of low quality clickbait