Category: UNCATEGORIZED

A new flurry of tweets from President Trump is pushing the limits of social platform policies designed explicitly to keep users safe from the spread of the novel coronavirus, both online and off.

In a series of rapid-fire messages on Friday morning, Trump issued a call to “LIBERATE” Virginia, Minnesota, and Michigan, all states led by Democratic governors. Trump’s tweets promoted protests in those states against ongoing public safety measures, many designed by his own administration, meant to keep residents safe from the virus. Trump also shared the messages on his Facebook page.

In the case of Minnesota, the tweet was not a generic message to his supporters in the state—it referenced a Friday protest event by its name, “Liberate Minnesota.”

In Minnesota, the in-person protest event gathered a group of Trump supporters outside the St. Paul home of Minnesota Governor Tim Walz to protest the state’s ongoing lockdown. According to a reporter on the scene Friday, the protest had attracted attendees in the “low hundreds” so far and few were practicing social distancing or wearing masks. The event was organized on Facebook.

“President Trump has been very clear that we must get America back to work very quickly or the “cure” to this terrible disease may be the worse option!” the event’s Facebook description states. In a later disclaimer, event organizers encourage attendees to exercise “personal responsibility” at the protest, stating that they “are not responsible for your current health situation or future health.”

Over the last month, Facebook and Twitter both rolled out relatively aggressive new policies designed to protect users from content contradicting the guidance of health experts, particularly anything that could result in real-world harm.

The president’s tweets contradict his administration’s own guidance, detailed yesterday in coordination with health experts, on reopening state economies. Earlier this week, Trump claimed that a president has “total authority” to reopen the national economy, a sentiment that his tweets Friday appeared to undermine.

Trump’s calls to action in support of state-based protests would also appear to contradict both Twitter and Facebook’s new rules specific to the pandemic, which in both cases explicitly forbid any COVID-19 content that could result in the real-world spread of the virus.

In late March, Twitter updated its safety policy to prohibit any tweets that “could place people at a higher risk of transmitting COVID-19.” The stance banned tweets claiming social distancing doesn’t work as well as anything with a “call to action” that could promote risky behaviors, like encouraging people to go out to a local bar.

On April 1, Twitter again broadened its definition for the kind of harmful COVID-19 content it forbids, stating that it would “continue to prioritize removing content when it has a clear call to action that could directly pose a risk to people’s health or well-being.”

Facebook similarly  expanded its platform rules to match the existential health threat posed by the coronavirus. In guidance on its policies for the pandemic, Facebook says that it “remove[s] COVID-19 related misinformation that could contribute to imminent physical harm.” As an example, the company noted that it in March it began removing “claims that physical distancing doesn’t help prevent the spread of the coronavirus.”

Social media companies signaled early in the U.S. spread of the coronavirus that they would take health misinformation—and the safety of their users—more seriously than ever. In some instances, this tough talks appears to have manifested in improvements: Facebook, which has generally been more proactive about health misinformation compared to other topics, moved to promote health expertise and limit the spread of misleading coronavirus content on the platform, even announcing that it would notify anyone who had interacted with COVID-19 misinformation with a special message in their newsfeed.

When asked about the protest events and the president’s tweets, Twitter pointed TechCrunch to its existing COVID-19 policy page. Facebook did not provide answers to questions about the protests organized on its platform by the time of publication.

A coalition of EU scientists and technologists that’s developing what’s billed as a “privacy-preserving” standard for Bluetooth-based proximity tracking, as a proxy for COVID-19 infection risk, wants Apple and Google to make changes to an API they’re developing for the same overarching purpose.

The Pan-European Privacy-Preserving Proximity Tracing (PEPP-PT) uncloaked on April 1, calling for developers of contacts tracing apps to get behind a standardized approach to processing smartphone users’ data to co-ordinate digital interventions across borders and shrink the risk of overly intrusive location-tracking tools gaining momentum as a result of the pandemic.

PEPP-PT said today it has seven governments signed up to apply its approach to national apps, with a claimed pipeline of a further 40 in discussions about joining.

“We now have a lot of governments interacting,” said PEPP-PT’s Hans-Christian Boos, speaking during a webinar for journalists. “Some governments are publicly declaring that their local applications will be built on top of the principles of PEPP-PT and also the various protocols supplied inside this initiative.

“We know of seven countries that have already committed to do this — and we’re currently in conversation with 40 countries that are in various states of onboarding.”

Boos said a list of the governments would be shared with journalists, though at the time of writing we haven’t seen it. But we’ve asked PEPP-PT’s PR firm for the info and will update this report when we get it.

“The pan-European approach has worked,” he added. “Governments have decided at a speed previously unknown. But with 40 more countries in the queue of onboarding we definitely have outgrown just the European focus — and to us this shows that privacy as a model and as a discussion point… is a statement and it is something that we can export because we’re credible on it.”

Paolo de Rosa, the CTO at the Ministry of Innovation Technology and Digital Transformation for the Italian government, was also on the webinar — and confirmed its national app will be built on top of PEPP-PT.

“We will have an app soon and obviously it will be based on this model,” he said, offering no further details.

PEPP-PT’s core ‘privacy-preserving’ claim rests on the use of system architectures that do not require location data to be collected. Rather devices that come near each other would share pseudonymized IDs — which could later be used to send notifications to an individual if the system calculates an infection risk has occurred. An infected individual’s contacts would be uploaded at the point of diagnosis — allowing notifications to be sent to other devices they had come into contact with.

Boos, a spokesman for and coordinator of PEPP-PT, told TechCrunch earlier this month the project will support both centralized and decentralized approaches. The former meaning IDs are uploaded to a trusted server, such as one controlled by a health authority; the latter meaning IDs are held locally on devices, where the infection risk is also calculated — a backend server is only in the loop to relay info to devices.

It’s just such a decentralized contacts tracing system that Apple and Google are collaborating on supporting — fast-following PEPP-PT last week by announcing a plan for cross-platform COVID-19 contacts tracing via a forthcoming API and then a system-wide (opt-in) for Bluetooth-based proximity tracking.

That intervention, by the only two smartphone platforms that matter when the ambition is mainstream app adoption, is a major development — putting momentum in the Western world behind decentralized contacts tracing for responding digitally to the coronavirus crisis, certainly at the platform level.

In a resolution passed today the European parliament also called for a decentralized approach to COVID-19 proximity tracking. MEPs are pushing for the Commission and Member States to be “fully transparent on the functioning of contact tracing apps, so that people can verify both the underlying protocol for security and privacy, and check the code itself to see whether the application functions as the authorities are claiming”. (The Commission has previously signalled a preference for decentralization too.)

However backers of PEPP-PT aren’t giving up on the option of a “privacy-preserving” centralized option — which some in their camp are dubbing ‘pseudo-decentralized’ — with Boos claiming today that discussions are ongoing with Apple and Google about making changes to their approach.

As it stands, contacts tracing apps that don’t use a decentralized infrastructure won’t be able to carry out Bluetooth tracking in the background on Android or iOS — as the platforms limit how general apps can access Bluetooth — meaning users of such apps would have to have the app open and active all the time for proximity tracking to function, with associated (negative() impacts on battery life and device usability.

There are also (intentional) restrictions on how contracts tracing data could be centralized, as a result of the relay server model being deployed in the joint Apple-Google model.

“We very much appreciate that Google and Apple are stepping up to making the operating system layer available — or putting what should be the OS actually there, which is the Bluetooth measurement and the handling of crypto and the background running of such tasks which have to keep running resiliently all the time — if you look at their protocols and if you look at whom they are provided by, the two dominant players in the mobile ecosystem, then I think that from a government perspective especially, or from lots of government perspectives, there is many open points to discuss,” said Boos today.

“From a PEPP-PT perspective there’s a few points to discuss because we want choice and implementing choice in terms of model — decentralized or centralized on top of their protocol creates actually the worst of both worlds — so there are many points to discuss. But contrary to the behavior that many of us who work with tech companies are used to Google and Apple are very open in these discussions and there’s no point in getting up in arms yet because these discussions are ongoing and it looks like agreement can be reached with them.”

It wasn’t clear what specific changes PEPP-PT wants from Apple and Google — we asked for more detail during the webinar but didn’t get a response. But the group and its government backers may be hoping to dilute the tech giants’ stance to make it easier to create centralized graphs of Bluetooth contacts to feed national coronavirus responses.

As it stands, Apple and Google’s API is designed to block contact matching on a server — though there might still be ways for governments (and others) to partially workaround the restrictions and centralize some data.

We reached out to Apple and Google with questions about the claimed discussions with PEPP-PT. At the time of writing neither had responded.

As well as Italy, the German and French governments are among those that have indicated they’re backing PEPP-PT for national apps — which suggests powerful EU Member States could be squaring up for a fight with the tech giants, along the lines of Apple vs the FBI, if pressure to tweak the API fails.

Another key strand to this story is that PEPP-PT continues to face strident criticism from privacy and security experts in its own backyard — including after it removed a reference to a decentralized protocol for COVID-19 contacts tracing that’s being developed by another European coalition (called DP-3T), comprised of privacy and security experts. Coindesk reported on the silent edit to PEPP-PT’s website yesterday.

Backers of DP-3T have also repeatedly queried why PEPP-PT hasn’t published code or protocols for review to-date — and even gone so far as to dub the effort a ‘trojan horse’.

ETH Zürich’s Dr. Kenneth Paterson, who is both a part of the PEPP-PT effort and a designer of DP-3T, couldn’t shed any light on the exact changes the coalition is hoping to extract from ‘Gapple’ when we asked.

“They’ve still not said exactly how their system would work, so I can’t say what they would need [in terms of changes to Apple and Google’s system],” he told us in an email exchange.

Today Boos couched the removal of the reference to DP-3T on PEPP-PT’s website as a mistake — which he blamed on “bad communication”. He also claimed the coalition is still interested in including the former’s decentralized protocol within its bundle of standardized technologies. So the already sometimes fuzzy lines between the camps continue to be redrawn. (It’s also interesting to note that press emails to Boos are now being triaged by Hering Schuppener; a communications firm that sells publicity services including crisis PR.)

“We’re really sorry for that,” Boos said of the DP-3T excision. “Actually we just wanted to put the various options on the same level that are out there. There are still all these options and we very much appreciate the work that colleagues and others are doing.

“You know there is a hot discussion in the crypto community about this and we actually encourage this discussion because it’s always good to improve on protocols. What we must not lose sight of is… that we’re not talking about crypto here, we’re talking about pandemic management and as long as an underlying transport layer can ensure privacy that’s good enough because governments can choose whatever they want.”

Boos also said PEPP-PT would finally be publishing some technical documents this afternoon — opting to release information some three weeks after its public unveiling and on a Friday evening (a 7-page ‘high level overview’ has since been put on their Github here — but still a far cry from code for review) — while making a simultaneous plea for journalists to focus on the ‘bigger picture’ of fighting the coronavirus rather than keep obsessing over technical details. 

During today’s webinar some of the scientists backing PEPP-PT talked about how they’re testing the efficacy of Bluetooth as a proxy for tracking infection risk.

“The algorithm that we’ve been working on looks at the cumulative amount of time that individuals spend in proximity with each other,” said Christophe Fraser, professor at the Nuffield Department of Medicine and Senior Group Leader in Pathogen Dynamics at the Big Data Institute, University of Oxford, offering a general primer on using Bluetooth proximity data for tracking viral transmission.

“The aim is to predict the probability of transmission from the phone proximity data. So the ideal system reduces the requested quarantine to those who are the most at risk of being infected and doesn’t give the notification — even though some proximity event was recorded — to those people who’re not at risk of being infected.”

“Obviously that’s going to be an imperfect process,” he went on. “But the key point is that in this innovative approach that we should be able to audit the extent to which that information and those notifications are correct — so we need to actually be seeing, of the people who have been sent the notification how many of them actually were infected. And of those people who were identified as contacts, how many weren’t.

“Auditing can be done in many different ways for each system but that step is crucial.”

Evaluating the effectiveness of the digital interventions will be vital, per Fraser — whose presentation could have been interpreted as making a case for public health authorities to have fuller access to contacts graphs. But it’s important to note that DP-3T’s decentralized protocol makes clear provision for app users to opt-in to voluntarily share data with epidemiologists and research groups to enable them to reconstruct the interaction graph among infected and at risk users (aka to get access to a proximity graph).

“It’s really important that if you’re going to do an intervention that is going to affect millions of people — in terms of these requests to [quarantine] — that that information be the best possible science or the best possible representation of the evidence at the point at which you give the notification,” added Fraser. “And therefore as we progress forwards that evidence — our understanding of the transmission of the virus — is going to improve. And in fact auditing of the app can allow that to improve, and therefore it seems essential that that information be fed back.”

None of the PEPP-PT aligned apps that are currently being used for testing or reference are interfacing with national health authority systems, per Boos — though he cited a test in Italy that’s been plugged into a company’s health system to run tests.

“We have supplied the application builders with the backend, we have supplied them with sample code, we have supplied them with protocols, we have supplied them with the science of measurement, and so on and so forth. We have a working application that simply has no integration into a country’s health system — on Android and on iOS,” he noted.

On its website PEPP-PT lists a number of corporate “members” as backing the effort — including the likes of Vodafone — alongside several research institutions including Germany’s Fraunhofer Heinrich Hertz Institute for telecoms (HHI) which has been reported as leading the effort.

The HHI’s executive director, Thomas Wiegand, was also on today’s call. Notably, his name initially appeared on the authorship list for the DP-3T’s White Paper. However on April 10 he was removed from the README and authorship list, per its Github document history. No explanation for the change was given.

During today’s press conference Wiegand made an intervention that seems unlikely to endear him to the wider crypto and digital rights community — describing the debate around which cryptography system to use for COVID-19 contacts tracing as a ‘side show’ and expressing concern that what he called Europe’s “open public discussion” might “destroy our ability to get ourselves as Europeans out of this”.

“I just wanted to make everyone aware of the difficulty of this problem,” he also said. “Cryptography is only one of 12 building blocks in the system. So I really would like to have everybody go back and reconsider what problem we are in here. We have to win against this virus… or we have another lockdown or we have a lot of big problems. I would like to have everybody to consider that and to think about it because we have a chance if we get our act together and really win against the virus.”

The press conference had an even more inauspicious start after the Zoom call was disrupted by racist spam in the chat. Right before this Boos had kicked off the call saying he had heard from “some more technically savvy people that we should not be using Zoom because it’s insecure — and for an initiative that wants security and privacy it’s the wrong tool”.

“Unfortunately we found out that many of our international colleagues only had this on their corporate PCs so over time either Zoom has to improve — or we need to get better installations out there. It’s certainly not our intention to leak the data on this Zoom,” he added.

Stripe raises new funding, Uber acknowledges financial uncertainty and a controversial facial recognition startup accidentally exposes its source code.

Here’s your Daily Crunch for April 17, 2020.

1. Stripe raises $600M at $36B valuation in Series G extension, says it has $2B on its balance sheet

The economy may be contracting as a result of the COVID-19 pandemic, but promising startups are still continuing to raise money to shore up finances for whatever may lie ahead.

The latest development: Stripe, a well-known payments unicorn, announced that it had raised another $600 million in new capital, money that it plans to use to continue investing in product development, further global expansion and strategic initiatives.

2. Uber withdraws 2020 guidance

“Given the evolving nature of COVID-19 and the uncertainty it has caused for every industry in every part of the world, it is impossible to predict with precision the pandemic’s cumulative impact on our future financial results,” Uber said in a statement.

3. Security lapse exposed Clearview AI source code

The controversial facial recognition startup allows its law enforcement users to take a picture of a person, upload it and match it against its alleged database of 3 billion images, which the company scraped from public social media profiles. And for a time, a misconfigured server exposed the company’s internal files, apps and source code for anyone on the internet to find.

4. Changing policy, Y Combinator cuts its pro rata stake and makes investments case-by-case

Under its new policy, the accelerator is reducing its pro rata investment size from 7% to 4% and is only investing on a case-by-case basis going forward. Apparently the portfolio has gotten too large for blanket investments, and some of the limited partners who back the accelerator’s operations are balking at making commitments to the pro rata program.

5. Announcing the Extra Crunch Live event series

First up: We’ll be chatting with Aileen Lee (former KPCB partner, founder and managing director at Cowboy.vc and coiner of the term “Unicorn”) and Ted Wang (Cowboy.vc partner, former partner at Fenwick & West, and former outside counsel to Facebook, Twitter, Dropbox, Square and more) on Monday, April 20. And yes, you’ll need to be an Extra Crunch member to tune in.

6. NASA reveals ambitious multi-spacecraft plan to bring a piece of Mars back to Earth

NASA has said many times that it intends to collect a sample from Mars and return it to Earth. But how will the organization go about scooping up soil from the surface of a distant planet and getting it back here? With a newly-revealed plan that sounds straight out of sci-fi.

7. Facebook’s annual virtual reality conference goes virtual-only

Facebook announced that it will be shelving the in-person component of its virtual reality-focused Oculus Connect 7 conference due to COVID-19 concerns and focusing on a digital format. Although the company hadn’t announced dates for the event, the conference is typically held in late September or early October.

The Daily Crunch is TechCrunch’s roundup of our biggest and most important stories. If you’d like to get this delivered to your inbox every day at around 9am Pacific, you can subscribe here.

Apple has done a good job closing the gap between Spotify and its own music streaming service. But the former still maintains some advantages, a list that until recently included a robust web interface. As a Spotify user myself, I find myself frequently using the browser interface on different devices.

Apple’s been working on its own version of course, but for the past six months, it’s only been available as a beta. The interface dropped that tag today, officially going live sans-beta URL. As noted by MacRumors, the interface looks nearly identical to the desktop app, but bringing it to browsers allows for a lot more cross-platform flexibility.

Once logged in with an Apple ID, your music library should be visible. The news also comes Apple prepares for tonight’s One World: Together at Home concert, cohosted by three late night comedians and featuring everyone from Paul McCartney and Elton John to Lady Gaga and Lizzo.

Would you pay with a “Google Card?” TechCrunch has attained imagery that shows Google is developing its own physical and virtual debit cards. The Google card and associated checking account will allow users to buy things with a card, mobile phone or online. It connects to a Google app with new features that let users easily monitor purchases, check their balance or lock their account. The card will be co-branded with different bank partners, including CITI and Stanford Federal Credit Union.

A source provided TechCrunch with the images seen here, as well as proof that they came from Google. Another source confirmed that Google has recently worked on a payments card that its team hopes will become the foundation of its Google Pay app — and help it rival Apple Pay and the Apple Card. Currently, Google Pay only allows online and peer-to-peer payments by connecting a traditionally issued payment card. A “Google Pay Card” would vastly expand the app’s use cases, and Google’s potential as a fintech giant.

Google the financial services company?

By building a smart debit card, Google has the opportunity to unlock new streams of revenue and data. It could potentially charge interchange fees on purchases made with the card or other checking account fees, and then split them with its banking partners. Depending on its privacy decisions, Google could use transaction data on what people buy to improve ad campaign measurement or even targeting. Brands might be willing to buy more Google ads if the tech giant can prove they drive a sales lift.

The long-term implications are even greater. While once the industry joke was that every app eventually becomes a messaging app, more recently it’s been that every tech company eventually becomes a financial services company. A smart debit card and checking accounts could pave the way for Google offering banking, stock brokerage, financial advice or robo-advising, accounting, insurance or lending.

Google’s vast access to data could allow it to more accurately manage risk than traditional financial institutions. Its deep connection to consumers via apps, ads, search and the Android operating system gives it ample ways to promote and integrate financial services. With the COVID-19 downturn taking shape, high-margin finance products could help Google develop efficient revenue opportunities and build its share price back up.

When TechCrunch asked Google for confirmation, it did not dispute our findings or assertions. The company offered us a statement it provided reporters following a November story, wherein Google told The Wall Street Journal it was experimenting in the checking account space. TechCrunch is the first to report Google’s debit card plans:

We’re exploring how we can partner with banks and credit unions in the US to offer smart checking accounts through Google Pay, helping their customers benefit from useful insights and budgeting tools, while keeping their money in an FDIC or NCUA-insured account. Our lead partners today are Citi and Stanford Federal Credit Union, and we look forward to sharing more details in the coming months.

For now, Google’s strategy is to let partnered banks and credit unions provide the underlying financial infrastructure and navigate regulation while it builds smarter interfaces and user experiences. With people around the world suddenly more concerned about their finances amidst the coronavirus economic disaster, a debit card with more transparency and controls could be appealing.

First look at the Google Card

Traditional banking products can be clunky, often requiring phone communication with customer service or sifting through cluttered websites to address security issues. Google hopes to make financial management as intuitive as its email and mapping apps. The card and app designs shown here are not final, and it’s unclear when Google’s debit card may launch. But let’s take a look at what these internal Google materials reveal about its ambitions for its payment instrument.

The Google debit card will come co-branded with the Google name and its partnered bank. In the designs, it’s a chip card on the Visa network, though Google could potentially support other networks like Mastercard. Users are able to add money or transfer funds out of their account from the connected Google app, which is likely to be Google Pay, and use a fingerprint and PIN for account security.

Once connected to their bank or credit union account, users could pay for purchases in retail stores with a physical Google debit card, including with contactless payments, by just holding it up to a card reader. A virtual version of the card that lives on a user’s phone can also be used for Bluetooth mobile payments. Meanwhile, a virtual card number can be used for online or in-app payments.

Users are shown a list of recent transactions, with each including the merchant name, date and price. They can dig into each transaction to see the location on a map, get directions or call the store. If users don’t recognize a transaction, it’s easy to protect themselves with the card’s vast security options.

If a customer suspects foul play because they lost their card, they can lock it and optionally order a replacement while still being able to pay with their phone or online, thanks to Google’s virtual card number system that’s different than the one on their physical card. If instead they suspect their virtual card number was stolen by a hacker, they can quickly reset it. And if they believe someone has gained unauthorized access to their account, they can lock it entirely to block all types of payments and transfers.

The settings reveal options for notifications and privacy controls to “decide what information you share,” though we don’t have imagery of what’s contained in those menus. It’s unclear how much power Google will give customers to limit the company or merchant’s data access. Google’s decisions there could impact how transaction data might fuel its other businesses.

Fintech everywhere

Google is a relative late-comer to offering its own card. Apple launched its Apple Card in August, offering a slickly designed titanium Mastercard credit card backed by Goldman Sachs. It charges minimal customer fees, comes with a virtual card for use through Apple Pay and generates interest.

Apple does collect interchange fees from merchants, though, which Google could similarly gather to earn revenue. Last month, Apple changed the Card’s privacy settings to share more data with Goldman Sachs that might also help the two provide additional financial services. Apple Pay now accounts for 5% of global card transactions, and is forecast to hit 10% by 2024, according to Bernstein research. The underlines the gigantic market Google is gunning for here.

The stock brokerage and robo-advisor apps have also joined the payments race. Wealthfront launched cash accounts and debit cards last February, bringing in $1 billion in assets in two months and doubling the company’s total holdings to $20 billion by September. Betterment launched its checking product in October 2019 with a Visa debit card, but it doesn’t generate interest.

Robinhood botched the December 2018 launch of its checking accounts due to ineligible insurance, but relaunched in October 2019 with debit card withdrawls from 75,000 ATMs and a solid interest rate. It’s unclear how Google’s card will work with ATMs or how its checking accounts will generate interest.

The appeal for Google and the rest is clear. It seems whenever companies help move people’s money around, some of it inevitably “falls off the truck” and lands in their pockets. Financial services are typically low-overhead ways to generate revenue. That could be especially enticing, as Google has found many of its side hustle “other bets” to be unsustainable. It’s moved to prune some of these tertiary projects, such as its Makani wind energy kites.

Google may never find businesses as lucrative as its core in search and advertising, but it has the advantages to become a serious player in fintech. Its vast sums of cash, deep bench of engineering talent, experience building complex utilities, numerous consumer touch points and near-bottomless well of data could give it an edge over stodgier old banks and scrappier startups. And while Facebook slams into regulatory scrutiny and is forced to scale back its Libra cryptocurrency, Google’s more familiar approach via debit cards could pay off.