Year: 2020

As countries work to reopen after weeks of lockdown, contact-tracing apps help to understand the spread of the deadly coronavirus strain, COVID-19.

While most governments lean toward privacy-focused apps that use Bluetooth signals to create an anonymous profile of a person’s whereabouts, others, like Israel, use location and cell phone data to track the spread of the virus.

Israel-based private security firm NSO Group, known for making mobile hacking tools, is leading one of Israel’s contact-tracing efforts.

Security researcher Bob Diachenko discovered one of NSO’s contact-tracing systems on the internet, unprotected and without a password, for anyone to access. After he contacted the company, NSO pulled the unprotected database offline. Diachenko said he believes the database contains dummy data.

NSO told TechCrunch that the system was only for demonstrating its technology and denied it was exposed because of a security lapse. NSO is still waiting for the Israeli government’s approval to feed cell records into the system. But experts say the system should not have been open to begin with, and that centralized databases of citizens’ location data pose a security and privacy risk.

Codename ‘Fleming’

NSO began work on its contact-tracing system codenamed Fleming in March.

Fleming is designed to “pour” in confirmed coronavirus test data from the health authorities and phone location data from the cell networks to identify people who may have been exposed to a person with the virus. Anyone who came into close proximity to a person diagnosed with coronavirus would be notified.

The unprotected database was hosted on an Amazon Web Services server in Frankfurt, where the data protection regime is one of the strictest in the world.

It contained about six weeks of location data, spanning around March 10 to April 23. It also included specific dates, times and the location of a “target” — a term that NSO used in the database to describe people — that may have come into contact with a potentially infected person.

The data also included the duration of the encounter to help score the likelihood of a transmitted infection.

The login page for NSO’s Fleming is protected with a password. Its backend database was unprotected. (Image: TechCrunch)

“NSO Group has successfully developed ‘Fleming’, an innovative, unique and purely analytical system designed to respond to the coronavirus pandemic,” said Oren Ganz, a director at NSO Group. “Fleming has been designed for the benefit of government decision-makers, without compromising individual privacy. This system has been demonstrated worldwide with great transparency to media organizations, and approximately 100 individual countries,” he said.

TechCrunch was also given a demonstration of how the system works.

“This transparent demo, the same shown to individual countries and media organizations, was the one located on the open random server in question, and the very same demo observed today by TechCrunch. All other speculation about this overt, open system is not correct, and does not align with the basic fact this transparent demonstration has been seen by hundreds of people in media and government worldwide,” said Ganz.

John Scott-Railton, a senior researcher at the Citizen Lab, part of the Munk School at the University of Toronto, said that any database storing location data poses a privacy risk.

“Not securing a server would be an embarrassment for a school project,” said Scott-Railton. “For a billion-dollar company to not password protect a secretive project that hopes to handle location and health data suggest a quick and sloppy roll out.”

“NSO’s case is the precedent that proves the problem: rushed COVID-19 tracking efforts will imperil our privacy and online safety,” he said.

Israel’s two tracing systems

As global coronavirus infections began to spike in March, the Israeli government passed an emergency law giving its domestic security service Shin Bet “unprecedented access” to collect vast amounts of cell data from the phone companies to help identify possible infections.

By the end of March, Israeli defense minister Naftali Bennett said the government was working on a new contact tracing system, separate from the one used by Shin Bet.

It was later revealed that NSO was building the second contact-tracing system.

Tehilla Shwartz Altshuler, a privacy expert and a senior fellow at the Israel Democracy Institute, told TechCrunch that she too was given a demonstration of Fleming over a Zoom call in the early days of the outbreak.

Without the authority to obtain cell records, NSO told her that it used location data gathered from advertising platforms, or so-called data brokers. Israeli media also reported that NSO used advertising data for “training” the system.

Data brokers amass and sell vast troves of location data collected from the apps installed on millions of phones. The apps that track your movements and whereabouts are often also selling those locations to data brokers, which then resell the data to advertisers to serve more targeted ads.

NSO denied it used location data from a data broker for its Fleming demo.

“The Fleming demo is not based on real and genuine data,” said Ganz. “The demo is rather an illustration of public obfuscated data. It does not contain any personal identifying information of any sort.”

Since governments began to outline their plans for contact-tracing systems, experts warned that location data is not accurate and can lead to both false positives and false negatives. Currently, NSO’s system appears to rely on this data for its core functions.

“This kind of location data will not get you a reliable measure of whether two people came into close contact,” said Scott-Railton.

NSO’s connection to the Middle East

Israel is not the only government interested in Fleming. Bloomberg reported in March that a dozen nations were allegedly testing NSO’s contact-tracing technology.

A review of the unprotected database showed large amounts of location data points in Israel, but also Rwanda, Saudi Arabia and the United Arab Emirates.

Spokespeople for the Saudi, Rwandan and Emirati consulates in New York did not respond to our emails. NSO did not answer our questions about its relationship — if any — with these governments.

A map showing a sample of about 20,000 location data points across Israel (top-left); Abu Dhabi and Dubai, United Arab Emirates (top-right); Riyadh, Saudi Arabia (bottom-left) and Rwanda (bottom-right). (Image: TechCrunch)

Saudi Arabia is a known customer of NSO Group. United Nations experts have called for an investigation into allegations that the Saudi government used NSO’s Pegasus spyware to hack into the phone of Amazon chief executive Jeff Bezos. NSO has denied the claims.

NSO is also embroiled in a legal battle with Facebook-owned WhatsApp for allegedly building a hacking tool designed to be delivered over WhatsApp, which was used to hack into the cell phones of 1,400 users, including government officials, journalists and human rights activists, using AWS servers based in the U.S. and Frankfurt. NSO also rebuffed the claims.

Privacy concerns

Experts have expressed concerns over the use of centralized data, fearing that it could become a target for hackers.

Most countries are favoring decentralized efforts, like the joint project between Apple and Google, which uses anonymized Bluetooth signals picked up from phones in near proximity, instead of collecting cell location data into a single database. Bluetooth contact tracing has won the support of academics and security researchers over location-based contact-tracing efforts, which they say would enable large-scale surveillance.

Shwartz Altshuler told TechCrunch that location-based contact tracing is a “huge infringement” of privacy.

“It means that you can’t have any secrets,” she said. “You can’t have any meetings if you’re a journalist, and you can’t go to places where people want to know where you are.”

Favoring their own contact-tracing efforts, Apple and Google have already banned governments building contact-tracing apps utilizing their joint API from using location tracking, fearing that data stored on a centralized server could be breached.

Alan Woodward, a professor at the University of Surrey. said location data makes it “possible to build social graphs and to begin identifying who met who, when and where.”

“Even if it is just trial data, it’s still sensitive if it’s real people,” he said.

Just this week, the U.S. and U.K. governments warned that nation-state hackers are targeting organizations involved in the coronavirus response.

When Uber rolled out its selfie system for drivers in 2016, the ride-hailing company was focused on preventing fraud. In the future, it could be used to ensure drivers are wearing a mask.

Uber said earlier this week — CEO Dara Khosrowshahi reiterated today — that it is working through plans to require drivers and riders to wear face masks or face coverings as it prepares to ramp its ride-hailing business back up after being hobbled by the COVID-19 pandemic. The mask requirement will be issued in certain countries, including the United States.

Uber is leaning on a combination of logistics and technology to ensure when rides do ramp up that drivers are properly protected, Khosrowshahi said during Thursday’s earnings call.

“We’re shipping millions of PPE and masks, cleaning supplies etc., to our drivers to make sure that first drive, and the second, and the continuing drives, that our riders are safe and they feel safe,” he said.

Some gig workers, including those who work for Shipt, Uber, Lyft and Instacart have complained that they are struggling to get masks, gloves and other personal protective equipment. Supply chains, which are stretched as hospitals and healthcare facilities as well as companies gearing up to bring workers back to the office, compete for this equipment.

On the technology front, Khosrowshahi honed in on its existing products.

“We are looking at technologies such as, for example, our selfie technology where we make sure that the driver who signed up is the actual driver who is driving,” Khosrowshahi said. “We can use that technology, for example potentially, to make sure that the driver is wearing a mask where appropriate.”

Khosrowshahi didn’t provide further details of when the mask requirement would begin, and when the selfie technology might be used for mask verification.

The driver selfie technology, officially known as Real-Time ID Check, is a security feature that uses Microsoft Cognitive Services. Real-Time ID Check prompts drivers periodically to share a selfie before being allowed to accept fares. The account is temporarily locked if the selfie doesn’t match the photo that Uber has on file. The aim of technology is to prevent fraud and protect riders and drivers.

If you’ve ever been stuck using a health provider’s clunky online patient portal or had to make multiple calls to transfer medical records, you know how difficult it is to access your health data.

In an era when control over personal data is more important than ever before, the healthcare industry has notably lagged behind — but that’s about to change. This past month, the U.S. Department of Health and Human Services (HHS) published two final rules around patient data access and interoperability that will require providers and payers to create APIs that can be used by third-party applications to let patients access their health data.

This means you will soon have consumer apps that will plug into your clinic’s health records and make them viewable to you on your smartphone.

Critics of the new rulings have voiced privacy concerns over patient health data leaving internal electronic health record (EHR) systems and being surfaced to the front lines of smartphone apps. Vendors such as Epic and many health providers have publicly opposed the HHS rulings, while others, such as Cerner, have been supportive.

While that debate has been heated, the new HHS rulings represent a final decision that follows initial rules proposed a year ago. It’s a multi-year win for advocates of greater data access and control by patients.

The scope of what this could lead to — more control over your health records, and apps on top of it — is immense. Apple has been making progress with its Health Records app for some time now, and other technology companies, including Microsoft and Amazon, have undertaken healthcare initiatives with both new apps and cloud services.

It’s not just big tech that is getting in on the action: startups are emerging as well, such as Commure and Particle Health, which help developers work with patient health data. The unlocking of patient health data could be as influential as the unlocking of banking data by Plaid, which powered the growth of multiple fintech startups, including Robinhood, Venmo and Betterment.

What’s clear is that the HHS rulings are here to stay. In fact, many of the provisions require providers and payers to provide partial data access within the next 6-12 months. With this new market opening up, though, it’s time for more health entrepreneurs to take a deeper look at what patient data may offer in terms of clinical and consumer innovation.

The incredible complexity of today’s patient data systems

“Waco,” a Paramount Network series that recently started streaming on Netflix, dramatizes the tragic real-life standoff between the FBI, the ATF and the Branch Davidians.

A couple of your Original Content podcast hosts only had a fuzzy idea of what actually went down in Waco, Texas in 1993. And all of us were  surprised by the depiction of the Branch Davidian cult as creepy and delusional, but not particularly dangerous.

Instead, the show puts much of the blame for what transpired on law enforcement agencies that were becoming increasingly militarized — not to mention eager for positive publicity. While the depiction of law enforcement bungling and brutality was pretty persuasive, we argued about whether the show ended up soft-pedaling the troubling aspects of the Branch Davidians and their leader David Koresh (played by Taylor Kitsch) in the process.

And while we all agreed that it was a compelling story, we were also disappointed that the stellar cast (Michael Shannon, Melissa Benoist, Andrea Riseborough, Shea Whigham, John Leguizamo, Julia Garner and others) weren’t given more memorable characters to portray.

You can listen to our review in the player below, subscribe using Apple Podcasts or find us in your podcast player of choice. If you like the show, please let us know by leaving a review on Apple. You can also send us feedback directly. (Or suggest shows and movies for us to review!)

And if you’d like to skip ahead, here’s how the episode breaks down:
0:00 Intro
1:50 “Waco” review (mild real-life spoilers)
25:56 “Waco” spoiler discussion

Back when movie theaters were a thing we could go to, Alamo Drafthouse was my one and only. Known for actively insisting that audience members shut the hell up during the movie and for having a damned fine beer selection, it’s like my personal paradise. If it was a movie I was excited to see, I’d drive an hour-plus to see it at Alamo rather than go anywhere else.

Like most other theater operations, Alamo’s theaters are sadly — but understandably! — shuttered until we beat this pandemic. In the meantime, they’re launching a streaming service: Alamo On Demand.

Building an on-demand video platform is quite the technical challenge… and, well, not exactly something that a relatively small theater chain (roughly around 40 locations) should probably tackle on its own. So Alamo is building this in partnership with ScreenPlus.

Alamo will be handling the curation and movie selection, while ScreenPlus is handling most of the technical stuff – things like DRM, geoblocking, etc. Most films on the platform are available to rent or buy, with prices varying by title.

Alamo isn’t looking to take on the Google Plays and Amazons of the world here by striving for a daunting, bottomless selection of movies; instead, each film they’re offering is personally nominated by at least one member of their team. If it’s on there, it’s got Alamo’s stamp of approval.

The current selection is eclectic and worth perusing, from award winners like Apocalypse Now or Parasite to lesser known cult flicks you’d probably pass up unless someone suggested it… which, well, is exactly the point of this shop.

Alamo notes that while the first build is live now, they’ve got more in the works: iOS and Android apps are on the way, and theyre aiming to tie-in the Alamo Victory loyalty program (allowing for things like discounts when purchasing movies you previously saw in the theater) at some point down the road.

During the waning days of the first dot-com boom, some of the biggest names in venture capital invested in marketplaces and directories whose sole function was to consolidate information and foster transparency in industries that had remained opaque for decades.

The thesis was that thousands of small businesses were making specialized products consumed by larger businesses in huge industries, but the reach of smaller players was limited by their dependence on a sales structure built on conferences and personal interactions.

Companies making pharmaceuticals, chemicals, construction materials and medical supplies represented trillions in sales, but those huge aggregate numbers hide how fragmented these supply chains are — and how difficult it is for buyers to see the breadth of sellers available.

Now, similar to the way business models popularized by Kozmo.com and Webvan in decades past have since been reincarnated as Postmates and DoorDash, the B2B directory and marketplace rises from the investment graveyard.

The first sign of life for the directory model came with the success of GoodRX back in 2011. The company proved that when information about pricing in a previously opaque industry becomes available, it can unleash a torrent of new demand.

The X-37B spaceplane sounds like something out of a sci-fi novel, and its mysterious past is equally evocative. What does the military put in this long-term orbital vehicle? Turns out it’s exactly the kind of neat, but not mind-blowing, science you’d expect to find in such a thing — though solar-powered masers do sound pretty cool.

Also known as the Orbital Test Vehicle, the Boeing -designed X-37B has performed five prior missions, amounting to a total of nearly eight years in orbit; The last mission alone was 780 days. But while the craft’s owners (the Air Force, though it is used by many others) are proud to tout its remarkable longevity and reliability, they rarely if ever admit what they’re sending up, or what (if anything) it brings down.

While it’s fun to think that it may be truly top secret Area 51 type stuff, it’s much more likely that it’s just run-of-the-mill classified military research. The Defense Department bankrolls an enormous amount of basic science as well as advanced technology, and some of that is bound to require testing in space. While we love and respect our Russian friends with whom we share the ISS, the Pentagon would seem to prefer they didn’t run its experiments, so they have the X-37B.

On one occasion the Air Force said that the craft tests “advanced guidance, navigation and control, thermal protection systems, avionics, high temperature structures and seals, conformal reusable insulation, lightweight electromechanical flight systems, advanced propulsion systems, advanced materials and autonomous orbital flight, reentry and landing,” which narrows it down a bit.

For the spaceplane’s sixth mission, the various departments involved have broken tradition and given details on the payloads. That’s no small feat given it’s an operation combining the resources of the Air Force, Space Force, Naval Research Lab, and NASA.

The most broadly interesting experiment has to be a solar-powered microwave laser, or maser, built by the NRL. The device “will transform solar power into radio frequency microwave energy which could then be transmitted to the ground.”

Image Credits: U.S. Air Force courtesy photo

The key word there is could, since this type of wireless energy transmission has been pursued for decades. It’s doubtful that a foot-wide solar cell can produce enough energy to be beamed to the surface in measurable levels, but proving the concept piece by piece is something that has to be done in space. And for all we know they’ve already sent multiple precursor device up there on previous missions.

Don’t worry that this is some kind of orbital beam weapon that fries surface-dwellers: The total amount of energy collected by a foot-wide cell would be difficult to change into a form that’s harmful a few feet away, let alone 200 miles up through the entire atmosphere. It could, however, be used to beam power to receptive spacecraft or (conceivably) to interfere with poorly protected adversary spacecraft.

Two other experiments on board are from NASA, and they have to do with seeing how various items react to being exposed to the space environment. “One is a sample plate evaluating the reaction of select significant materials to the conditions in space. The second studies the effect of ambient space radiation on seeds,” said Air Force Secretary Barbara Barrett.

Last — that we know of — is FalconSat-8, an Air Force Academy satellite that will be performing its own, unspecified experiments once released into its own orbit by the X-37B. It is itself “an educational platform that will carry five experimental payloads for USAFA to operate

This rather large number of items being brought to space is made possible by a “service module” attached for the first time to the aft of the craft and containing some of the hardware.

It’s unknown how long this mission will be, but if it’s anything like the others, it will be on the order of months or years.

Ahead of its earnings report today, shares of Uber rose around 11%, buoyed by a set of financial results and promises about the future from Lyft that were rated highly by investors. That optimism lapped over the edges onto Uber.

Today after the bell, however, the global ride-hailing giant reported its own financial results. Analysts had anticipated a loss of $0.83 per share against $3.51 billion in revenue, though top line estimates varied from $2.31 billion to $4.33 billion — an unusually large range driven by COVID-19-led uncertainty.

Uber reported a Q1 per-share loss of $1.70 and revenues of $3.54 billion, making for a mixed set of results when compared to expectations. The company lost a staggering $2.94 billion in the quarter counting all costs, a figure that even for Uber feels excessively large.

Here are the key numbers from Uber’s earnings report, starting with platform spend and working our way down to profitability and how much cash the firm was left with at the end of Q1 2020:

• Gross bookings (the value of goods and services sold on Uber’s platform) rose 8% compared to Q1 2019 to $15.8 billion.
• Ride-hailing gross bookings fell some, while Uber’s food delivery service saw gross sales growth of 54%.
• Uber’s revenue grew 14% from $3.1 billion to $3.51 billion in the quarter on a year-over-year basis.
• Uber’s net loss of $2.94 billion was worse than its other profit metrics, including its adjusted EBITDA for the quarter which came to a loss of$612 million. (Recall that it is adjusted EBITDA that Uber had previously promised to push into positive territory in Q4 of this year before COVID-19 upended its market.)
• Uber wrapped Q1 with $9 billion in cash and equivalents, and the firm’s operations burned $463 million in cash in the first quarter.

Got all of that? The headline from Uber’s quarter is that its ride-hailing business shrank and Uber Eats, its food delivery service, grew like hell. Here are the numbers for the latter:

• Gross bookings of $4.68 billion, up from $3.07 billion in the year-ago quarter, or 52%
• GAAP revenue of $819 million, up from $536 million in the year-ago quarter, or 53%
• Adjusted net revenue of $527 million, up from $239 million in the year-ago quarter, or 121%
• Resulting adjusted EBITDA of a $313 million loss, worse than its year-ago result of $309 million

This is mostly bullish. Huge bookings gains are good, big GAAP revenue gains are good, the adjusted net revenue gains are very good, and, for Uber, not losing more money as it scales — heavily adjusted losses for Uber Eats were effectively flat on a year-over-year basis — is good.

The company will need to lose less money over all, however, as its business is struggling more in Q2 than it did in Q1. We’ll know more during its impending earnings call.

Uber about 14% of its staff this week, and led an investment in Lime, a scooter company into which it intends to offload its own micromobility efforts.

Shares of Uber are off about 2% in after-hours trading. More shortly from its call.

Unity announced today that they are acquiring Finger Food Advanced Technology Group, a Vancouver-based studio best known for their AR/VR services. The 225-person team will be joining Unity with CEO Ryan Peterson becoming Unity’s “VP of Solutions.”

Finger Food, founded in 2011, builds custom software for enterprise clients. They appear to have put a big emphasis on augmented and virtual reality over the years, partnering closely with Microsoft on HoloLens-related projects. The company has also pursued a number of other buzzy tech solution in the AI, blockchain, robotics and IoT spaces.

Some of Finger Food’s past clients include Lowe’s, Enbridge and Softbank Robotics.

“Through the acquisition of Finger Food, Unity’s enterprise customers will have a suite of professional services at their fingertips and immediately create in real-time 3D without needing to ramp up on internal expertise, retraining or upending established processes,” a Unity spokesperson told TechCrunch.

For Unity, the purchase doubles down on the startup’s keen interests in AR/VR development and further pushes ahead the company’s desires to move beyond game development customers and bring on enterprise clients. The company’s game engine powers more than half of all new video games, but as the company’s valuation has surged, so has the startup’s ambitions to court my high value customers. Recently, the company has been building out their Unity Industrial arm, which Finger Foods is being brought into.

It’s been a busy and occasionally turbulent past year for Unity. This past June, a former VP filed a sexual harassment lawsuit against the company’s CEO — allegations that the company claims are false. The SF company has raised over $1.3 billion to date, nearly half of which they’ve raised in the past year.

After $25 million in funding and three years of development, the Boston-based medical device and software development company Activ Surgical is bringing its first product to market, the company said yesterday.

The company’s ActivEdge platform, an artificial intelligence and machine learning software system using data from a hardware attachment that can be fixed to existing surgical equipment, is intended to provide real-time intelligence and visualization to improve patient outcomes, the company said.

The platform and its associated products will be initially available in the U.S. with expectations to expand to the rest of the world next year. 

“The future of surgery is collaborative, with human judgement and wisdom augmented by robotics precision,” said chief executive Todd Usen in a statement.

Activ’s software purports to help surgeons avoid the medical errors which kill 400,000 people in the U.S. alone every year. Preventable medical errors are the third leading cause of death after heart attacks and cancer and 26 percent of those errors are the result of surgical mistakes.

Aside from the human toll these medical errors are costly, hitting healthcare facilities with a roughly $36 billion bill in the U.S.

Initially, Activ Surgical will work to integrate its technology into the 2.2 million most common laparoscopic procedures that are conducted in the U.S. including cholecystectomy, colectomy, hysterectomy and gastrectomy, where identification of blood flow and critical structures matter the most.

“Innovation in the surgical vision category is long overdue; the most commonly employed surgical imaging process, ICG, uses fluorescent dye invented more than 70 years ago and does not offer real-time, objective physiologic information to surgeons when they critically need it during procedures,” said Dr. Peter Kim, co-founder and chief science officer, Activ Surgical, in a statement. 

The company’s hardware-based technology works with existing visualization systems to provide real-time data and new visualizations of the surgical environment. The connected platform attaches to laparoscopic and arthroscopic systems.

The technology hasn’t been cleared by the FDA yet, but is in pilot tests with eight hospital networks around the country.

In addition to its hardware offering, Activ Surgical is developing a software tool to provide more refined data and visualization to surgeons. That ActivInsight product is still in development, the company said.

“We’re trying to bring new visual data to doctors that they don’t see today,” said Usen in an interview. “We figured out a way to make a small module that fits on existing scopes in hospitals already and augments surgical visualization.”

Usen ultimately sees the device as a technology that can improve the integration of robotics into surgical procedures. “We want to make [surgery] foolproof by taking the great things about autonomous robotics and bring it to mainstream surgery to prove out the concept,” he said.