Year: 2021

Expensify may be the most ambitious software company ever to mostly abandon the Bay Area as the center of its operations.

The startup’s history is tied to places representative of San Francisco: The founding team worked out of Peet’s Coffee on Mission Street for a few months, then crashed at a penthouse lounge near the 4th and King Caltrain station, followed by a tiny office and then a slightly bigger one in the Flatiron building near Market Street.

Thirteen years later, Expensify still has an office a few blocks away on Kearny Street, but it’s no longer a San Francisco company or even a Silicon Valley firm. The company is truly global with employees across the world — and it did that before COVID-19 made remote working cool.

“Things got so much better when we stopped viewing ourselves as a Silicon Valley company. We basically said, no, we’re just a global company,” CEO David Barrett told TechCrunch. That globalism led to it opening a major office in — of all places —a small town in rural Michigan. That Ironwood expansion would eventually lead to a cultural makeover that would see the company broadly abandon its focus on the Bay Area, expanding from a headquarters in Portland to offices around the globe.

It makes sense that a company founded by internet pirates would let its workforce live anywhere they please and however they want to. Yet, how does it manage to make it all work well enough to reach $100 million in annual revenue with just a tad more than 100 employees?

As I described in Part 2 of this EC-1, that staffing efficiency is partly due to its culture and who it hires. It’s also because it has attracted top talent from across the world by giving them benefits like the option to work remotely all year as well as paying SF-level salaries even to those not based in the tech hub. It’s also got annual fully paid month-long “workcations” for every employee, their partner and kids.

Yet the real story is how a company can become untethered from its original geography, willing to adapt to new places and new cultures, and ultimately, give up the past while building the future.

As we transition from the pandemic to whatever comes next, Airbnb is evolving. The company announced a major redesign of its website and introduced a bevy of features focused on both hosts and guests today. All told, the release includes more than 100 new features or upgrades, with the goal of increasing and diversifying the supply side of the business to not only fuel overall growth but also meet the changing demands of guests.

The changes come in response to the way travel has evolved during the pandemic; Airbnb as a company has changed, too.

TechCrunch sat down with Brian Chesky, Airbnb co-founder and CEO, to discuss the future of travel, how his company worked to support a changing market and what it was like leading the world’s biggest travel startup during a global pandemic.

If you want to read more about today’s update, you can check out our article on it here.

The TL;DR version is as follows:

• New search flexibility around dates, destinations and matching criteria
• Easier onboarding and efficiency for hosts
• Increased and enhanced customer support

From a very high level, the first change is designed to help drive demand, the second to boost supply and the third to keep both sides of the marketplace healthy.

TechCrunch’s interview with Chesky follows. It has been lightly edited for length and clarity.

TechCrunch: A lot of the announcement today comes from the fact that we’ve been through more than a year of a pandemic and travel has evolved, and you are responding to that. As a CEO, you’ve been through so many big moments, from the IPO to the early launch days to a long regulatory journey. Where does leading a company during a pandemic fit into the CEO journey for you?

Brian Chesky: Yeah, Jordan, I would probably say that I never thought we would do anything as crazy as starting Airbnb. I kind of assumed, until last year, that that would probably be the craziest story I’ll ever have. Little did I know that a travel company in a pandemic might even be crazier than starting a company based on strangers living together. I kind of feel like I’m now 39 going on 49. It was definitely the craziest year ever.

Our business initially dropped 80% in eight weeks. I say it’s like driving a car. You can’t go 80 miles an hour, slam on the brakes, and expect nothing really bad to happen. Now imagine you’re going 80 miles an hour, slam on the brakes, then rebuild the car kind of while still moving, and then try to accelerate into an IPO, all on Zoom.

Microsoft today announced PyTorch Enterprise, a new Azure service that provides developers with additional support when using PyTorch on Azure. It’s basically Microsoft’s commercial support offering for PyTorch

PyTorch is a Python-centric open-source machine learning framework with a focus on computer vision and natural language processing. It was originally developed by Facebook and is, at least to some degree, comparable to Google’s popular TensorFlow framework.

Frank X. Shaw, Microsoft’s corporate VP for communications, described the new PyTorch Enterprise service as providing developers with “a more reliable production experience for organizations using PyTorch in their data sciences work.”

With PyTorch Enterprise, members of Microsoft’s Premier and Unified support program will get benefits like prioritized requests, hands-on support and solutions for hotfixes, bugs and security patches, Shaw explained. Every year, Microsoft will also select one PyTorch support for long-term support.

Azure already made it relatively easy to use PyTorch and Microsoft has long invested in the library by, for example, taking over the development of PyTorch for Windows last year. As Microsoft noted in today’s announcement, the latest release of PyTorch will be integrated with Azure Machine Learning and the company promises to feed back the PyTorch code it developers back to the public PyTorch distribution.

Enterprise support will be available for PyTorch version 1.8.1 and up on Windows 10 and a number of popular Linux distributions.

“This new enterprise-level offering by Microsoft closes an important gap. PyTorch gives our researchers unprecedented flexibility in designing their models and running their experiments,” said Jeremy Jancsary, Senior Principal Research Scientist at Nuance. “Serving these models in production, however, can be a challenge. The direct involvement of Microsoft lets us deploy new versions of PyTorch to Azure with confidence.”

With this new offering, Microsoft is taking a page out of the open-source monetization playbook for startups by offering additional services on top of an open-source project. Since PyTorch wasn’t developed by a startup, only to have a major cloud provider then offer its own commercial version on top of the open-source code, this feels like a rather uncontroversial move.

Unlike in other years, this year’s Microsoft Build developer conference is not packed with huge surprises — but there’s one announcement that will surely make developers’ ears perk up: The company is now using OpenAI’s massive GPT-3 natural language model in its no-code/low-code Power Apps service to translate spoken text into code in its recently announced Power Fx language.

Now don’t get carried away. You’re not going to develop the next TikTok while only using natural language. Instead, what Microsoft is doing here is taking some of the low-code aspects of a tool like Power Apps and using AI to essentially turn those into no-code experiences, too. For now, the focus here is on Power Apps formulas, which despite the low-code nature of the service, is something you’ll have to write sooner or later if you want to build an app of any sophistication.

“Using an advanced AI model like this can help our low-code tools become even more widely available to an even bigger audience by truly becoming what we call no code,” said Charles Lamanna, corporate vice president for Microsoft’s low-code application platform.

In practice, this looks like the citizen programmer writing “find products where the name starts with ‘kids’ ” — and Power Apps then rendering that as “Filter(‘BC Orders’ Left(‘Product Name’,4)=”Kids”)”.

Because Microsoft is an investor in OpenAI, it’s no surprise the company chose its model to power this experience.

It’s important to note that while this makes programming easier, Microsoft itself stresses that users still have to understand the logic of the application they are building. “The features don’t replace the need for a person to understand the code they are implementing but are designed to assist people who are learning the Power Fx programming language and help them choose the right formulas to get the result they need. That can dramatically expand access to more advanced app building and more rapidly train people to use low code tools,” the company explains in today’s announcement.

To some degree, this isn’t all that different from using the natural language query functions that are now available in tools like Excel, PowerBI or Google Sheets. These, too, translate natural language into a formula, after all. GPT-3 is probably a bit more sophisticated than this and capable of understanding more complex queries, but translating natural language into formulas isn’t all that new.

The long-term promise here, though, is for tools like this to become smarter over time and be able to handle more complicated programming tasks. But that’s a big step up from what is essentially a translation problem, though. More complex queries require more of an understanding of a program as a whole. A formula, for the most part, is a pretty self-contained statement but a similar model that could generate “real” code would have to contend with a lot more context.

These new features will go live in public preview in English to users in North America by the end of June.

At its annual Build conference today, Microsoft announced a couple of new features for version 91 of its Edge browser that, like so much at Build this year, aren’t earth-shattering (developer velocity!) but nice quality-of-life upgrades for its users. Since Microsoft develops Edge in the open, these may also feel familiar to those who keep a close eye on the Edge roadmap – indeed, I think I’ve seen most of these in Edge 90 already…

One new feature is Startup Boost, which allows Edge to start up almost instantly. The way Microsoft does this is pretty straightforward. It simply loads some of the core Edge processes whenever you boot up your Windows machine, so when you task Edge with starting up, there isn’t all that much work left to do. This shouldn’t have too much of an effect on your Windows 10 bootup time, so it’s probably a trade-off worth making, but I also can’t recall anybody complaining about browser startup times in the last couple of years either.

The other new feature is ‘sleeping tabs,’ which does pretty much what you expect it to do. It puts your tabs to sleep so they don’t use up unnecessary memory and CPU cycles.

Microsoft first announced that it was testing this feature back in December and at the time, the Edge team said that it reduces memory usage by 32% and helps improve battery life as well, given that sleeping tabs use 37% less CPU on average compared to non-sleeping tabs.

It’s worth noting that Google’s Chrome browser, which shares many of its underlying technology with Edge, also features tools to limit resource usage, including what Google calls ‘tab freezing,’ as does virtually every other major browser today.

At its (virtual) Build conference today, Microsoft launched a number of new features, tools and services for developers who want to integrate their services with Teams, the company’s Slack competitor. It’s no secret that Microsoft basically looks at Teams, which now has about 145 million daily active users, as the new hub for employees to get work done, so it’s no surprise that it wants third-party developers to bring their services right to Teams as well. And to do so, it’s now offering a set of new tools that will make this easier and enable developers to build new user experiences in Teams.

There’s a lot going on here, but maybe the most important news is the launch of the enhanced Microsoft Teams Toolkit for Visual Studio and Visual Studio Code.

“This essentially enables developers to build apps easier and faster — and to build very powerful apps tapping into the rich Microsoft stack,” Microsoft group program manager Archana Saseetharan explained. “With the updated toolkit […], we enable flexibility for developers. We want to meet developers where they are.”

The toolkit offers support for tools and frameworks like React, SharePoint and .NET. Some of the updates the team enabled with this release are integration with Aure Functions, the SharePoint Framework integration and a single-line integration with the Microsoft Graph. Microsoft is also making it easier for developers to integrate an authorization workflow into their Teams apps. “Login is the first kind of experience of any user with an app — and most of the drop-offs happen there,” Saseetharan said. “So [single-sign on] is something we completely are pushing hard on.”

The team also launched a new Developer Portal for Microsoft Teams that makes it easier for developers to register and configure their apps from a single tool. ISVs will also be able to use the new portal to offer their apps for in-Teams purchases.

Other new Teams features for developers include ways for developers to build real-time multi-user experiences like whiteboards and project boards, for example, as well as a new meeting event API to build meeting-related workflows for when a meeting starts and ends, for example, as well as new features for the Teams Together mode that will let developers design their own Together experiences.

There are a few other new features here as well, but what it all comes down to is that Microsoft wants developers to consider Teams as a viable platform for their services — and with 145 million daily active users, that’s potentially a lucrative way for software firms to get their services in front of a new audience.

“Teams is enabling a new class of apps called collaborative apps,” said Karan Nigam, Microsoft’s director of product marketing for Teams. “We are uniquely positioned to bring the richness to the collaboration space — a ton of innovation to the extensibility side to make apps richer, making it easier with the toolkit update, and then have a single-stop shop with the developer portal where the entire lifecycle can be managed. Ultimately, for a developer, they don’t have to go to multiple places, it’s one single flow from the business perspective for them as well.”

At its Build developer conference today, Microsoft announced a new set of Azure services (in preview) that businesses can now run on virtually any CNCF-conformant Kubernetes cluster with the help of its Azure Arc multi-cloud service.

Azure Arc, similar to tools like Google’s Anthos or AWS’s upcoming EKS Anywhere, provides businesses with a single tool to manage their container clusters across clouds and on-premises data centers. Since its launch back in late 2019, Arc enabled some of the core Azure services to run directly in these clusters as well, though the early focus was on a small set of data services, with the team also later adding some machine learning tools to Arc as well. With today’s update, the company is greatly expanding this set of containerized Azure services that work with Arc.

These new services include Azure App Service for building and managing web apps and APIs, Azure Functions for event-driven programming, Azure Logic Apps for building automated workflows, Azure Event Grid for event routing, and Azure API Management for… you guessed it… managing internal and external APIs.

“The app services are now Azure Arc-enabled, which means customers can deploy Web Apps, Functions, API gateways, Logic Apps and Event Grid services on pre-provisioned Kubernetes clusters,” Microsoft explained in its annual “Book of News” for this year’s Build. “This takes advantage of features including deployment slots for A/B testing, storage queue triggers and out-of-box connectors from the app services, regardless of run location. With these portable turnkey services, customers can save time building apps, then manage them consistently across hybrid and multicloud environments using Azure Arc.”

The highest chamber of the European Court of Human Rights (ECHR) has delivered a blow to anti-surveillance campaigners in Europe by failing to find that bulk interception of digital comms is inherently incompatible with human rights law — which enshrines individual rights to privacy and freedom of expression.

However today’s Grand Chamber judgement underscores the need for such intrusive intelligence powers to be operated with what the judges describe as “end-to-end safeguards”.

Governments in Europe that fail to do so are opening such laws up to further legal challenge under the European Convention on Human Rights.

The Grand Chamber ruling also confirms that the UK’s historic surveillance regime — under the Regulation of Investigatory Powers Act 2000 (aka RIPA) — was unlawful because it lacked the necessary safeguards.

Per the court, ‘end-to-end’ safeguards means that bulk intercept powers need to involve assessments at each stage of the process of the necessity and proportionality of the measures being taken; that bulk interception should be subject to independent authorisation at the outset, when the object and scope of the operation are being defined; and that the operation should be subject to supervision and independent ‘ex post facto’ review.

The Grand Chamber judgement identified a number of deficiencies with the bulk regime operated in the UK at the time of RIPA — including that bulk interception had been authorised by the Secretary of State, rather than by a body independent of the executive; categories of search terms defining the kinds of communications that would become liable for examination had not been included in the application for a warrant; and search terms linked to an individual (e.g. specific identifiers such as an email address) had not been subject to prior internal authorisation.

The court also found that the UK’s bulk intercept regime had breached Article 10 (freedom of expression) because it had not contained sufficient protections for confidential journalistic material.

“The Court considered that, owing to the multitude of threats States face in modern society, operating a bulk interception regime did not in and of itself violate the Convention,” it added in a press release. 

The RIPA regime has since replaced by the UK’s Investigatory Powers Act (IPA) — which put bulk intercept powers explicitly into law (albeit with claimed layers of oversight).

The IPA has also been subject to a number of human rights challenges — and in 2018 the government was ordered by the UK High Court to revise parts of the law which had been found to be incompatible with human rights law.

Today’s Grand Chamber judgement relates specifically to RIPA and to a number of legal challenges brought against the UK’s mass surveillance regime by journalists and privacy and digital rights campaigners in the wake of the 2013 mass surveillance revelations by NSA whistleblower Edward Snowden which the ECHR heard simultaneously.

In a similar ruling back in 2018 the lower Chamber found some aspects of the UK’s regime violated human rights law — with a majority vote then finding that its bulk interception regime had violated Article 8 because there was insufficient oversight (such as of selectors and filtering; and of search and selection of intercepted communications for examination; as well as inadequate safeguards governing the selection of related comms data). 

Human rights campaigners followed up by requesting and securing a referral to the Grand Chamber — which has now handed down its view.

It unanimously found there had been a violation of Article 8 in respect of the regime for obtaining communications data from communication service providers.

But by 12 votes to 5 it ruled there had been no violation of Article 8 in respect of the UK’s regime for requesting intercepted material from foreign governments and intelligence agencies.

In another unanimous vote the Grand Chamber found there had been a violation of Article 10, concerning both the bulk interception regime and the regime for obtaining communications data from comms service providers.

But, again, by 12 votes to 5 it ruled there had been no violation of Article 10 in respect of the regime for requesting intercepted material from foreign governments and intelligence agencies.

Responding to the judgement in a statement, the privacy rights group Big Brother Watch — which was one of the parties involved in the challenges — said the judgement “confirms definitively that the UK’s bulk interception practices were unlawful for decades”, thereby vindicating Snowden’s whistleblowing.

The organization also highlighted a dissenting opinion from Judge Pinto de Alburquerque, who wrote that:

“Admitting non-targeted bulk interception involves a fundamental change in how we view crime prevention and investigation and intelligence gathering in Europe, from targeting a suspect who can be identified to treating everyone as a potential suspect, whose data must be stored, analysed and profiled (…) a society built upon such foundations is more akin to a police state than to a democratic society. This would be the opposite of what the founding fathers wanted for Europe when they signed the Convention in 1950.”

In further remarks on the judgement, Silkie Carlo, director of Big Brother Watch, added: “Mass surveillance damages democracies under the cloak of defending them, and we welcome the Court’s acknowledgement of this. As one judge put it, we are at great risk of living in an electronic ‘Big Brother’ in Europe. We welcome the judgment that the UK’s surveillance regime was unlawful, but the missed opportunity for the Court to prescribe clearer limitations and safeguards mean that risk is current and real.”

“We will continue our work to protect privacy, from parliament to the courts, until intrusive mass surveillance practices are ended,” she added.

Privacy International — another party to the case — sought to put a more positive spin on the outcome, saying the Grand Chamber goes further than the ECHR’s 2018 ruling by “providing for new and stronger safeguards, adding a new requirement of prior independent or judicial authorisation for bulk interception”.

“Authorisation must be meaningful, rigorous and check for proper ‘end-to-end safeguards’,” it added in a statement.

Also commenting publicly, the Open Rights Group’s executive director, Jim Killock, said: “The court has shown that the UK Government’s legal framework was weak and inadequate when we took them to court with Big Brother Watch and Constanze Kurz in 2013. The court has set out clear criteria for assessing future bulk interception regimes, but we believe these will need to be developed into harder red lines in future judgments, if bulk interception is not to be abused.”

“As the court sets out, bulk interception powers are a great power, secretive in nature, and hard to keep in check. We are far from confident that today’s bulk interception is sufficiently safeguarded, while the technical capacities continue to deepen. GCHQ continues to share technology platforms and raw data with the US,” Killock went on to say, couching the judgment as “an important step on a long journey”.

 

The highest chamber of the European Court of Human Rights (ECHR) has delivered a blow to anti-surveillance campaigners in Europe by failing to find that bulk interception of digital comms is inherently incompatible with human rights law — which enshrines individual rights to privacy and freedom of expression.

However today’s Grand Chamber judgement underscores the need for such intrusive intelligence powers to be operated with what the judges describe as “end-to-end safeguards”.

Governments in Europe that fail to do so are opening such laws up to further legal challenge under the European Convention on Human Rights.

The Grand Chamber ruling also confirms that the UK’s historic surveillance regime — under the Regulation of Investigatory Powers Act 2000 (aka RIPA) — was unlawful because it lacked the necessary safeguards.

Per the court, ‘end-to-end’ safeguards means that bulk intercept powers need to involve assessments at each stage of the process of the necessity and proportionality of the measures being taken; that bulk interception should be subject to independent authorisation at the outset, when the object and scope of the operation are being defined; and that the operation should be subject to supervision and independent ‘ex post facto’ review.

The Grand Chamber judgement identified a number of deficiencies with the bulk regime operated in the UK at the time of RIPA — including that bulk interception had been authorised by the Secretary of State, rather than by a body independent of the executive; categories of search terms defining the kinds of communications that would become liable for examination had not been included in the application for a warrant; and search terms linked to an individual (e.g. specific identifiers such as an email address) had not been subject to prior internal authorisation.

The court also found that the UK’s bulk intercept regime had breached Article 10 (freedom of expression) because it had not contained sufficient protections for confidential journalistic material.

“The Court considered that, owing to the multitude of threats States face in modern society, operating a bulk interception regime did not in and of itself violate the Convention,” it added in a press release. 

The RIPA regime has since replaced by the UK’s Investigatory Powers Act (IPA) — which put bulk intercept powers explicitly into law (albeit with claimed layers of oversight).

The IPA has also been subject to a number of human rights challenges — and in 2018 the government was ordered by the UK High Court to revise parts of the law which had been found to be incompatible with human rights law.

Today’s Grand Chamber judgement relates specifically to RIPA and to a number of legal challenges brought against the UK’s mass surveillance regime by journalists and privacy and digital rights campaigners in the wake of the 2013 mass surveillance revelations by NSA whistleblower Edward Snowden which the ECHR heard simultaneously.

In a similar ruling back in 2018 the lower Chamber found some aspects of the UK’s regime violated human rights law — with a majority vote then finding that its bulk interception regime had violated Article 8 because there was insufficient oversight (such as of selectors and filtering; and of search and selection of intercepted communications for examination; as well as inadequate safeguards governing the selection of related comms data). 

Human rights campaigners followed up by requesting and securing a referral to the Grand Chamber — which has now handed down its view.

It unanimously found there had been a violation of Article 8 in respect of the regime for obtaining communications data from communication service providers.

But by 12 votes to 5 it ruled there had been no violation of Article 8 in respect of the UK’s regime for requesting intercepted material from foreign governments and intelligence agencies.

In another unanimous vote the Grand Chamber found there had been a violation of Article 10, concerning both the bulk interception regime and the regime for obtaining communications data from comms service providers.

But, again, by 12 votes to 5 it ruled there had been no violation of Article 10 in respect of the regime for requesting intercepted material from foreign governments and intelligence agencies.

Responding to the judgement in a statement, the privacy rights group Big Brother Watch — which was one of the parties involved in the challenges — said the judgement “confirms definitively that the UK’s bulk interception practices were unlawful for decades”, thereby vindicating Snowden’s whistleblowing.

The organization also highlighted a dissenting opinion from Judge Pinto de Alburquerque, who wrote that:

“Admitting non-targeted bulk interception involves a fundamental change in how we view crime prevention and investigation and intelligence gathering in Europe, from targeting a suspect who can be identified to treating everyone as a potential suspect, whose data must be stored, analysed and profiled (…) a society built upon such foundations is more akin to a police state than to a democratic society. This would be the opposite of what the founding fathers wanted for Europe when they signed the Convention in 1950.”

In further remarks on the judgement, Silkie Carlo, director of Big Brother Watch, added: “Mass surveillance damages democracies under the cloak of defending them, and we welcome the Court’s acknowledgement of this. As one judge put it, we are at great risk of living in an electronic ‘Big Brother’ in Europe. We welcome the judgment that the UK’s surveillance regime was unlawful, but the missed opportunity for the Court to prescribe clearer limitations and safeguards mean that risk is current and real.”

“We will continue our work to protect privacy, from parliament to the courts, until intrusive mass surveillance practices are ended,” she added.

Privacy International — another party to the case — sought to put a more positive spin on the outcome, saying the Grand Chamber goes further than the ECHR’s 2018 ruling by “providing for new and stronger safeguards, adding a new requirement of prior independent or judicial authorisation for bulk interception”.

“Authorisation must be meaningful, rigorous and check for proper ‘end-to-end safeguards’,” it added in a statement.

Also commenting publicly, the Open Rights Group’s executive director, Jim Killock, said: “The court has shown that the UK Government’s legal framework was weak and inadequate when we took them to court with Big Brother Watch and Constanze Kurz in 2013. The court has set out clear criteria for assessing future bulk interception regimes, but we believe these will need to be developed into harder red lines in future judgments, if bulk interception is not to be abused.”

“As the court sets out, bulk interception powers are a great power, secretive in nature, and hard to keep in check. We are far from confident that today’s bulk interception is sufficiently safeguarded, while the technical capacities continue to deepen. GCHQ continues to share technology platforms and raw data with the US,” Killock went on to say, couching the judgment as “an important step on a long journey”.

 

The highest chamber of the European Court of Human Rights (ECHR) has delivered a blow to anti-surveillance campaigners in Europe by failing to find that bulk interception of digital comms is inherently incompatible with human rights law — which enshrines individual rights to privacy and freedom of expression.

However today’s Grand Chamber judgement underscores the need for such intrusive intelligence powers to be operated with what the judges describe as “end-to-end safeguards”.

Governments in Europe that fail to do so are opening such laws up to further legal challenge under the European Convention on Human Rights.

The Grand Chamber ruling also confirms that the UK’s historic surveillance regime — under the Regulation of Investigatory Powers Act 2000 (aka RIPA) — was unlawful because it lacked the necessary safeguards.

Per the court, ‘end-to-end’ safeguards means that bulk intercept powers need to involve assessments at each stage of the process of the necessity and proportionality of the measures being taken; that bulk interception should be subject to independent authorisation at the outset, when the object and scope of the operation are being defined; and that the operation should be subject to supervision and independent ‘ex post facto’ review.

The Grand Chamber judgement identified a number of deficiencies with the bulk regime operated in the UK at the time of RIPA — including that bulk interception had been authorised by the Secretary of State, rather than by a body independent of the executive; categories of search terms defining the kinds of communications that would become liable for examination had not been included in the application for a warrant; and search terms linked to an individual (e.g. specific identifiers such as an email address) had not been subject to prior internal authorisation.

The court also found that the UK’s bulk intercept regime had breached Article 10 (freedom of expression) because it had not contained sufficient protections for confidential journalistic material.

“The Court considered that, owing to the multitude of threats States face in modern society, operating a bulk interception regime did not in and of itself violate the Convention,” it added in a press release. 

The RIPA regime has since replaced by the UK’s Investigatory Powers Act (IPA) — which put bulk intercept powers explicitly into law (albeit with claimed layers of oversight).

The IPA has also been subject to a number of human rights challenges — and in 2018 the government was ordered by the UK High Court to revise parts of the law which had been found to be incompatible with human rights law.

Today’s Grand Chamber judgement relates specifically to RIPA and to a number of legal challenges brought against the UK’s mass surveillance regime by journalists and privacy and digital rights campaigners in the wake of the 2013 mass surveillance revelations by NSA whistleblower Edward Snowden which the ECHR heard simultaneously.

In a similar ruling back in 2018 the lower Chamber found some aspects of the UK’s regime violated human rights law — with a majority vote then finding that its bulk interception regime had violated Article 8 because there was insufficient oversight (such as of selectors and filtering; and of search and selection of intercepted communications for examination; as well as inadequate safeguards governing the selection of related comms data). 

Human rights campaigners followed up by requesting and securing a referral to the Grand Chamber — which has now handed down its view.

It unanimously found there had been a violation of Article 8 in respect of the regime for obtaining communications data from communication service providers.

But by 12 votes to 5 it ruled there had been no violation of Article 8 in respect of the UK’s regime for requesting intercepted material from foreign governments and intelligence agencies.

In another unanimous vote the Grand Chamber found there had been a violation of Article 10, concerning both the bulk interception regime and the regime for obtaining communications data from comms service providers.

But, again, by 12 votes to 5 it ruled there had been no violation of Article 10 in respect of the regime for requesting intercepted material from foreign governments and intelligence agencies.

Responding to the judgement in a statement, the privacy rights group Big Brother Watch — which was one of the parties involved in the challenges — said the judgement “confirms definitively that the UK’s bulk interception practices were unlawful for decades”, thereby vindicating Snowden’s whistleblowing.

The organization also highlighted a dissenting opinion from Judge Pinto de Alburquerque, who wrote that:

“Admitting non-targeted bulk interception involves a fundamental change in how we view crime prevention and investigation and intelligence gathering in Europe, from targeting a suspect who can be identified to treating everyone as a potential suspect, whose data must be stored, analysed and profiled (…) a society built upon such foundations is more akin to a police state than to a democratic society. This would be the opposite of what the founding fathers wanted for Europe when they signed the Convention in 1950.”

In further remarks on the judgement, Silkie Carlo, director of Big Brother Watch, added: “Mass surveillance damages democracies under the cloak of defending them, and we welcome the Court’s acknowledgement of this. As one judge put it, we are at great risk of living in an electronic ‘Big Brother’ in Europe. We welcome the judgment that the UK’s surveillance regime was unlawful, but the missed opportunity for the Court to prescribe clearer limitations and safeguards mean that risk is current and real.”

“We will continue our work to protect privacy, from parliament to the courts, until intrusive mass surveillance practices are ended,” she added.

Privacy International — another party to the case — sought to put a more positive spin on the outcome, saying the Grand Chamber goes further than the ECHR’s 2018 ruling by “providing for new and stronger safeguards, adding a new requirement of prior independent or judicial authorisation for bulk interception”.

“Authorisation must be meaningful, rigorous and check for proper ‘end-to-end safeguards’,” it added in a statement.

Also commenting publicly, the Open Rights Group’s executive director, Jim Killock, said: “The court has shown that the UK Government’s legal framework was weak and inadequate when we took them to court with Big Brother Watch and Constanze Kurz in 2013. The court has set out clear criteria for assessing future bulk interception regimes, but we believe these will need to be developed into harder red lines in future judgments, if bulk interception is not to be abused.”

“As the court sets out, bulk interception powers are a great power, secretive in nature, and hard to keep in check. We are far from confident that today’s bulk interception is sufficiently safeguarded, while the technical capacities continue to deepen. GCHQ continues to share technology platforms and raw data with the US,” Killock went on to say, couching the judgment as “an important step on a long journey”.