Category: Tech news

Looks like things haven’t gone completely smoothly with Quibi‘s launch.

The issue appears to have been resolved, but the Quibi customer support account tweeted this afternoon that “some users may be experiencing problems with the Quibi app,” only to add an hour later that “Users should once again be able to use the Quibi app normally. Thank you for your patience.”

It’s not clear how widespread the outage was, but according to The Verge, one staffer saw an error screen and was unable to browse the app, while another was unable to create an account. The app seems to be working normally as I write this shortly after 4pm Eastern.

If nothing else, it’s a reminder that reliably delivering streaming video is hard, even for a startup that’s raised $1.75 billion. Heck, even Disney experienced widespread streaming issues when it launched Disney+ in November. (It all worked out fine.)

A quick catch-up for those of you still wondering what Quibi even is: It’s a short-form video service founded by Hollywood executive Jeffrey Katzenberg and led by CEO Meg Whitman (previously CEO of Hewlett Packard Enterprise and eBay).

The app is launching with nearly 50 shows today, all of them created specifically for mobile, with episodes that are less than 10 minutes long. After a 90-day free trial, it’ll cost you $4.99 with ads or $7.99 per month without ads.

Stocks rallied Monday, with all major indices snapping back into positive territories as investors seized on any positive developments in the fight to mitigate the spread of COVID-19, the disease caused by the coronavirus.

The stock market is, of course, not the economy. And this is likely a dead-cat bounce — a temporary recovery after a big fall. The question is how many dead-cat bounces will we see in the coming weeks?

And while the economic fallout from the COVID-19 pandemic is continuing, that didn’t stop investors from grasping at data from John Hopkins University that suggests the number of new COVID-19 cases is slowing. The institution’s coronavirus map, which has become a go-to source, showed 25,200 new cases rising on March 31, then rising to 33,300 new cases by April 3. Those numbers dropped to 28,200 new cases April 4, per its data; other trackers have posted slightly different results.

Today’s rally will be tested in the days and weeks to come as COVID-19 cases continue and eventually hit a peak before plateauing. Anthony Fauci, director of the National Institute of Allergy and Infectious Diseases and a member of the White House coronavirus task force, has warned that cases, and deaths, will likely surge in the next week.

Here are the day’s results:

• Dow Jones Industrial Average: up 7.59%, or 1,597.21 points, to close at 22.649.74
• S&P 500: rose 6.95%, or 172.86 points, to close at 2,661.51
• Nasdaq composite: popped 7.33%, or 540.15 points, to close at 7,913.24

There were other indirect COVID-19 fundamentals, such as new sales guidance or analyst notes that also moved certain stocks.

E-commerce stocks, including eBay and Amazon, saw positive movement. Online retailer Wayfair was perhaps the biggest mover in this category. The company’s shares opened 36% higher after reporting its gross revenue growth rate more than doubled at the end of March. Wayfair shares closed up 41.7% to $71.50.

Music streaming company Spotify saw shares decline more than 4% after Raymond James downgraded the stock from “strong buy” to “market perform,” citing that COVID-19 was causing less engagement and fewer downloads as users spend more time indoors. Spotify shares did manage to bounce back during the day and ended closing up nearly 0.33%, to $122.52.

Shares of SaaS companies rallied on the day as well, with the Bessemer cloud index rising 6.79% on the day; shares of SaaS companies, modern software firms, have enjoyed strong revenue multiples in recent years. They have tracked the broader indices down, however, and remain in bear-market territory.

Looking ahead, we’re entering earnings season during a period of intense economic uncertainty; how the stock market performs in the future will at least partially depend on how companies performed in Q1 2020, and what they project for the future. Get ready.

While a number of startups have been hard hit by efforts to curb the spread of the COVID-19 virus, refurbishing firm Back Market is showing increased growth globally.

The Paris -based startup encourages customers to send in their old devices so they can be refurbished and resold into the e-commerce secondhand market. The growth achieved in the midst of the COVID-19 crisis is partly due to increased laptop sales as people seek better devices to work remotely.

For people who are unsure whether refurbished products are reliable, Back Market permits customers to send in old devices, exchange them for newer versions and pay the difference. CEO Thibaud Hug de Larauze said this payback service is currently possible only in France, but starting in Q2, it will be available in other markets.

Founded in 2014, Back Market has raised a total of €48 million in funding over two rounds, most recently a Series B in June 2018. The company is profitable and reportedly still has money to spend from its last funding round.

“We don’t release the gross merchandise volume, but it’s a three-digit growth rate,” Hug de Larauze told TechCrunch. “We saw an increase in demand for laptops, printers and other devices needed for working at home. Demand for refurbished phones is going down as people seek to get the first necessity items, like food for their situation.”

Over the past two weeks, Back Market saw skyrocketing demand from Italy, a nation with a high coronavirus death toll where citizens were warned they would be confined to their homes for four weeks.

Another factor that helped the platform’s growth: Smartphone brands like Apple and Samsung closed their retail stores, a move that turned Back Market into a major supply channel. While offline retailers and carriers are shut down in Europe, Hug de Larauze says Chinese offline retailers and refurbishing factories are starting to get back to work.

TechCrunch confirmed today that BounceX (the firm is rebranding this year) has executed layoffs and salary cuts in the wake of recent COVID-19-led economic disruptions.

Many startups are undergoing staff cuts as the domestic and global economies slow, making individual reductions less newsworthy as the layoff tally rises. However, as BounceX is a company we’ve recently highlighted for its growth and capital efficiency, its own cuts are worth noting.

Reductions

TechCrunch was tipped concerning the BounceX staff cuts and salary reductions earlier today, events that the company confirmed this afternoon. Our original tipster pegged the cuts at around 20% of staff, with pay cuts for the rest of its denizens.

The company confirmed the existence of salary cuts and layoffs, but did not affirm our figures. Here’s BounceX on its hard day; the firm confirmed pay cuts via a spokesperson separately from this comment:

COVID-19 has hit our client base really hard, especially if they had significant retail presence. In order to accommodate clients and help stabilize our business & their businesses, we made the immensely difficult decision to move forward with a reduction in force. While we expected over 30% growth this year and adding 150 new roles by year end, we were forced to consolidate roles in order to do everything we could to take care of as many of our people as possible and continue to help our clients get through this.

It is not a surprise that BounceX was planning revenue growth and 150 new roles; the company recently crossed the $100 million ARR threshold, an event that TechCrunch covered as part of our long-running series focused on companies that reach the revenue threshold.

Indeed, in February, when BounceX shared the milestone, the firm also announced a rebrand, stating that it would change its name to Wunderkind. As you can read from the name, BounceX was feeling good at the time, looking to the future, proud of its growth and track record of efficient capital use.

As TechCrunch wrote at the time:

Wunderkind has been super efficient to date, with [CEO Ryan] Urban telling TechCrunch that “the amount of equity [his company has] actually put to work is probably sub-$35 million,” with less than $50 million in equity capital raised. The company also has debt lines that it can use, the CEO noted.

Given its history of conservative capital management, it doesn’t seem likely that BounceX is in existential danger after its layoffs. The company’s debt line — though we don’t know anything about its covenants — could provide more cushion. But its quick turnaround in fortunes shows how fast things can change.

The impact of COVID-19 on BounceX shows that no company, no matter how successful they were in February, is safe in April. Heck, TripActions was crowing about a huge new debt facility it secured right before COVID-19; the firm has since pared staff as well.

A new COVID-19 vaccine candidate is entering Phase 1 clinical human testing today, after the U.S. Food and Drug Administration (FDA) accepted an application from Inovio Pharmaceuticals under the regulator’s Investigational New Drug program. Inovio plans to inject its first volunteer test subject with the INO-4800 DNA vaccine candidate it has developed, following promising results from preclinical studies performed on animals that did indicate increased immune response.

The Inovio DNA vaccine candidate works by injecting a specifically engineered plasmid (a small, independent genetic structure) into a patient so that their cells can produce a desired, targeted antibody to fight off a specific infection. DNA vaccines, while available and approved for a variety of animal infections in veterinary medicine, have not yet been approved for human use.

That said, Inovio’s work isn’t starting from scratch: The company previously completed a Phase 1 study for a DNA vaccine candidate for Middle East Respiratory Syndrome (MERS), where it showed promising results and a high level of antibodies produced in subjects that persisted for an extended period of time.

Inovio has been able to scale up quickly, developing and producing “thousands of doses” of INO-4800 in just a few short weeks in order to support its Phase 1 and Phase 2 trials. The company has done so in part thanks to backing from the Bill and Melinda Gates Foundation, as well as funding from other nonprofits and organizations. If clinical trials are successful, Inovio says it will be able to have up to one million doses of the vaccine ready by the end of the year, for use both in additional trials and for potential emergency use pending authorization.

This is the second vaccine to undertake Phase 1 clinical testing on human subjects: Moderna began its trial in mid-March. Inovio’s trial will be made up of 40 volunteers, all healthy adults selected via screening conducted at either Philadelphia’s Perelman School of Medicine at the University of Pennsylvania, or the Center for Pharmaceutical Research in Kansas City. It’ll span the next several weeks, and the company expects data around the immune responses from test subjects, as well as info pertaining to the safety of the treatment for humans, to be available by late this summer.

Any broad clearance or approval for use is still likely at least a year to 18 months away, but the pace with which human trials are beginning is still exceptional, so hopefully we won’t have to wait too much longer than that.

It has the simplest name, but the sort of shadowy overtones that national security writers lust after.

Team Telecom, a mostly informal working committee of the Departments of Defense, Homeland Security and Justice (along with affiliated agencies) has for years been quietly tasked with evaluating and maintaining the security of America telecom infrastructure in concert with the FCC. Its primary objective as far as we have been able to ascertain is to monitor the ownership of key telecom assets to ensure they don’t fall into the hands of suspect nations (think China, Russia, etc).

Last year, Mark Harris over on Extra Crunch took an in-depth look at the extreme delays companies can experience going through a Team Telecom review (membership required), which in the case of China Mobile’s expansion into the U.S., extended up to seven years before the Team rejected the Chinese bid for market entry.

That informal arrangement is disappearing, as the administration over the weekend published a new executive order formally instantiating Team Telecom as a legal process for reviewing applications for telecom licenses, deals and other requests made to the FCC.

Under a newly christened “Committee for the Assessment of Foreign Participation in the United States Telecommunications Services Sector” (CAFPUSTSS?), the Committee will be charged with assisting “the FCC in its public interest review of national security and law enforcement concerns that may be raised by foreign participation in the United States telecommunications services sector.”

Like its Team Telecom forerunner, the Committee will be made up of the heads of Justice, Defense and Homeland Security, with the attorney general playing the role of chair. Applications to the Committee will be referred to the U.S. government’s highest-ranking intelligence officer, the Director of National Intelligence, for analysis.

Unlike in the past, where the timeline for reviews was anything but standardized, the executive order provides for a 120-day adjudication process, with a 90-day extension if the Committee has additional concerns and goes through a secondary review.

In a brief press statement, FCC Chairman Ajit Pai said, “I applaud the President for formalizing Team Telecom review and establishing a process that will allow the Executive Branch to provide its expert input to the FCC in a timely manner.” The FCC intends to finish its own rulemaking around Team Telecom, a process which was first proposed at the tail end of the Obama administration and has been on-going ever since.

These reforms to Team Telecom are in line with similar reforms made to CFIUS, the Committee for Foreign Investment in the United States, which were finalized at the beginning of this year after Congress passed a reform bill in 2018.

While the new rules will provide some certainty to areas of telecom like fiber optic cable expansion and wireless services, expect the new rules to be used to put even more restrictions on countries like China hoping to get a slice of the U.S. infrastructure market. Indeed, in the FCC’s statement today, the agency said, “As we demonstrated last year in rejecting the China Mobile application, this FCC will not hesitate to act to protect our networks from foreign threats.”

The COVID-19 outbreak has closed schools across most of the U.S., impacting more than 55 million students who are now learning at home. That’s created an increased demand for homeschool resources. Today, National Geographic is responding to that need with the launch of a new online hub, NatGeo@Home, which pulls together all of National Geographic’s family-friendly educational content into a one-stop shop for parents and teachers alike.

The free digital resource combines the educational content from the National Geographic Society with those from National Geographic Kids and other tools and services. This includes access to the National Geographic Society’s Learn at Home portal, where you’ll find educational content like articles, lessons, videos, other online activities and more.

The content on the site, aimed at K-12 students, is organized by grade and tagged as either “read,” “watch” or “play,” depending on whether it’s an article, video or activity. There are also lesson plans available, which parents and teachers can favorite to save to their library, if signed in.

The new site is also home to the Explorer Classroom, which offers live video talks from conservationists, scientists, filmmakers, explorers and other experts, that will air weekdays at 2 PM EDT. The talks will cover topics like wildlife, ocean conversation, photography, space exploration and more.

In addition to the educational resources, the portal offers families advice and information about how to navigate online learning and talking to kids about COVID-19. Some of its recent stories include a how-to on working from home with kids and a Coronavirus 101 explainer for parents who need help in better understanding the complicated health crisis themselves so they can answer questions from their children.

The portal will also be featured as part of #DisneyMagicMoments, Disney’s new family website that pulls together stories, videos and activities from across Disney’s properties, including Disney, Pixar, Star Wars, Marvel and National Geographic.

“Juggling your work life and your kid’s school life is hard enough. When those two worlds collide, as they have for so many families, it adds so many layers of challenges,” said Rachel Buchholz, editor in chief and vice president of National Geographic Kids, in a statement about the launch. “That’s why our goal here is to keep kids of all ages educated, entertained, and inspired, helping them become global stewards of the future,” she added.

Disney is not the only organization to have launched a set of homeschool resources in recent days. Children’s media nonprofit Common Sense just last week debuted Wide Open School, a comprehensive collection of resources for parents and teachers that included age-appropriate educational activities as well as daily schedules. National Geographic was one of the partners in that effort.

Apple, a Wide Open School partner, also launched the Apple Education Learning Series, a collection of videos designed to help schools and educators make the most of remote learning using Apple devices. And Comcast made nearly 2,000 hours of educational programming available to Xfinity subscribers, also in partnership with Common Sense.

In NatGeo’s case, its educational content was already being used by a number of educators across the U.S. to supplement classroom learning before the COVID-19 outbreak, so it makes sense for the organization to step up to fill the gaps in homeschool curricula, as well.

NatGeo@Home is currently available for free, though that could change at some point in the future when schools re-open.

What’s it like to take a company with 3,000 employees distributed across 25 offices and make it fully remote with just a few weeks’ notice?

I hopped on a call with Twilio CEO Jeff Lawson to hear about how their transition has gone so far, and what he’s learned from the process.

Twilio CEO Jeff Lawson

Remote work isn’t brand-new for Twilio; as with a lot of software companies, many employees have worked remotely. But it’s still a massive shift: Prior to the coronavirus outbreak, Lawson says around 10% of the company worked remotely. Today, it’s everyone.

“For a company like us to go from partially virtual to fully virtual in a short period of time,” he says, “it’s not without its hiccups, but it has worked pretty well.”

Things are weird for everyone right now, so compassion is key

Shifting to remote work might make things feel different for a while — but those differences pale in comparison to the other changes people are coping with in the shadow of the COVID-19 pandemic.

“I think the fact that you are distributed is lesser than the fact that you’re like, not allowed to go outside,” says Lawson. “You’re worried about friends and family and you’re reading the news… those things are more impactful.”

A group of European privacy experts has proposed a decentralized system for Bluetooth-based COVID-19 contacts tracing which they argue offers greater protection against abuse and misuse of people’s data than apps which pull data into centralized pots.

The protocol — which they’re calling Decentralized Privacy-Preserving Proximity Tracing (DP-PPT) — has been designed by around 25 academics from at least seven research institutions across Europe, including the Swiss Federal Institute of Technology, ETH Zurich and KU Leuven in the Netherlands.

They’ve published a White Paper detailing their approach here.

The key element is that the design entails local processing of contacts tracing and risk on the user’s device, based on devices generating and sharing ephemeral Bluetooth identifiers (referred to as EphIDs in the paper).

A backend server is used to push data out to devices — i.e. when an infected person is diagnosed with COVID-19 a health authority would sanction the upload from the person’s device of a compact representation of EphIDs over the infectious period which would be sent to other devices so they could locally compute whether there is a risk and notify the user accordingly.

Under this design there’s no requirement for pseudonymized IDs to be centralized, where the pooled data would pose a privacy risk. Which in turn should make it easier to persuade EU citizens to trust the system — and voluntarily download contacts tracing app using this protocol — given it’s architected to resist being repurposed for individual-level state surveillance.

The group does discuss some other potential threats — such as posed by tech savvy users who could eavesdrop on data exchanged locally, and decompile/recompile the app to modify elements — but the overarching contention is such risks are small and more manageable vs creating centralized pots of data that risk paving the way for ‘surveillance creep’, i.e. if states use a public health crisis as an opportunity to establish and retain citizen-level tracking infrastructure.

The DP-PPT has been designed with its own purpose-limited dismantling in mind, once the public health crisis is over.

“Our protocol is demonstrative of the fact that privacy-preserving approaches to proximity tracing are possible, and that countries or organisations do not need to accept methods that support risk and misuse,” writes professor Carmela Troncoso, of EPFL. “Where the law requires strict necessity and proportionality, and societal support is behind proximity tracing, this decentralized design provides an abuse-resistant way to carry it out.”

In recent weeks governments all over Europe have been leaning on data controllers to hand over user data for a variety of coronavirus tracking purposes. Apps are also being scrambled to market by the private sector — including symptom reporting apps that claim to help researchers fight the disease. While tech giants spy PR opportunities to repackage persistent tracking of Internet users for a claimed public healthcare cause, however vague the actual utility.

The next big coronavirus tech push looks likely to be contacts-tracing apps: Aka apps that use proximity-tracking Bluetooth technology to map contacts between infected individuals and others.

This is because without some form of contacts tracing there’s a risk that hard-won gains to reduce the rate of infections by curtailing people’s movements will be reversed, i.e. once economic and social activity is opened up again. Although whether contacts tracing apps can be as effective at helping to contain COVID-19 as policymakers and technologists hope remains an open question.

What’s crystal clear right now, though, is that without a thoughtfully designed protocol that bakes in privacy by design contacts-tracing apps present a real risk to privacy — and, where they exist, to hard-won human rights. 

Torching rights in the name of combating COVID-19 is neither good nor necessary is the message from the group backing the DP-PPT protocol.

“One of the major concerns around centralisation is that the system can be expanded, that states can reconstruct a social graph of who-has-been-close-to-who, and may then expand profiling and other provisions on that basis. The data can be co-opted and used by law enforcement and intelligence for non-public health purposes,” explains University College London’s Dr Michael Veale, another backer of the decentralized design.

“While some countries may be able to put in place effective legal safeguards against this, by setting up a centralised protocol in Europe, neighbouring countries become forced to interoperate with it, and use centralised rather than decentralised systems too. The inverse is true: A decentralised system puts hard technical limits on surveillance abuses from COVID-19 bluetooth tracking across the world, by ensuring other countries use privacy-protective approaches.”

“It is also simply not necessary,” he adds of centralizing proximity data. “Data protection by design obliges the minimisation of data to that which is necessary for the purpose. Collecting and centralising data is simply not technically necessary for Bluetooth contact tracing.”

Last week we reported on another EU effort — by a different coalition of technologists and scientists, led by by Germany’s Fraunhofer Heinrich Hertz Institute for telecoms (HHI) — which has said it’s working on a “privacy preserving” standard for Covid-19 contacts tracing which they’ve dubbed: Pan-European Privacy-Preserving Proximity Tracing (PEPP-PT).

At the time it wasn’t clear whether or not the approach was locked to a centralized model of handling the pseudoanonymized IDs. Speaking to TechCrunch today, Hans-Christian Boos, one of the PEPP-PT project’s co-initiators, confirmed the standardization effort will support both centralized and decentralized approaches to handling contacts tracing.

The effort had faced criticizm from some in the EU privacy community for appearing to favor a centralized rather than decentralized approach — thereby, its critics contend, undermining the core claim to preserve user privacy. But, per Boos, it will in fact support both approaches — in a bid to maximize uptake around the world.

He also said it will be interoperable regardless of whether data is centralized or decentralized. (In the centralized scenario, he said the hope is that the not-for-profit that’s being set up to oversee PEPP-PT will be able to manage the centralized servers itself, pending proper financing — a step intended to further shrink the risk of data centralization in regions that lacks a human rights frameworks, for example.)

“We will have both options — centralized and decentralized,” Boos told TechCrunch. “We will offer both solutions, depending on who wants to use what, and we’ll make them operable. But I’m telling you that both solutions have their merits. I know that in the crypto community there is a lot of people who want decentraliztion — and I can tell you that in the health community there’s a lot of people who hate decentralization because they’re afraid that too many people have information about infected people.”

“In a decentralized system you have the simple problem that you would broadcast the anonymous IDs of infected people to everybody — so some countries’ health legislation will absolutely forbid that. Even though you have a cryptographic method, you’re broadcasting the IDs to all over the place — that’s the only way your local phone can find out have I been in contact or no,” Boos went on.

“That’s the drawback of a decentralized solution. Other than that it’s a very good thing. On a centralized solution you have the drawback that there is a single operator, whom you can choose to trust or not to trust — has access to anonymized IDs, just the same as if they were broadcast. So the question is you can have one party with access to anonymized IDs or do you have everybody with access to anonymized IDs because in the end you’re broadcasting them over the network [because] it’s spoofable.”

“If your assumption is that someone could hack the centralized service… then you have to also assume that someone could hack a router, which stuff goes through,” he added. “Same problem.

“That’s why we offer both solutions. We’re not religious. Both solutions offer good privacy. Your question is who would you trust more and who would you un-trust more? Would you trust more a lot of users that you broadcast something to or would you trust more someone who operates a server? Or would you trust more that someone can hack a router or that someone can hack the server? Both is possible, right. Both of these options are totally valid options — and it’s a religious discussion between crypto people… but we have to balance it between what crypto wants and what healthcare wants. And because we can’t make that decision we will end up offering both solutions.

“I think there has to be choice because if we are trying to build an international standard we should try and not be part of a religious war.”

Boos also said the project aims to conduct research into the respective protocols (centralized vs decentralized) to compare and conduct risk assessments based on access to the respective data.

“From a data protection point of view that data is completely anonymized because there’s no attachment to location, there’s no attachment to time, there’s no attachment to phone number, MAC address, SIM number, any of those. The only thing you know there is a contact — a relevant contact between two anonymous IDs. That’s the only thing you have,” he said. “The question that we gave the computer scientists and the hackers is if we give you this list — or if we give you this graph, what could you derive from it? In the graph they are just numbers connected to each other, the question is how can you derive anything from it? They are trying — let’s see what’s coming out.”

“There are lots of people trying to be right about this discussion. It’s not about being right; it’s about doing the right thing — and we will supply, from the initiative, whatever good options there are. And if each of them have drawbacks we will make those drawbacks public and we will try to get as much confirmation and research in on these as we can. And we will put this out so people can make their choices which type of the system they want in their geography,” he added.

“If it turns out that one is doable and one is completely not doable then we will drop one — but so far both look doable, in terms of ‘privacy preserving’, so we will offer both. If one turns out to be not doable because it’s hackable or you could derive meta-information at an unacceptable risk then we would drop it completely and stop offering the option.”

On the interoperability point Boos described it as “a challenge” which he said boils down to how the systems calculate their respective IDs — but he emphasized it’s being worked on and is an essential piece.

“Without that the whole thing doesn’t make sense,” he told us. “It’s a challenge why the option isn’t out yet but we’re solving that challenge and it’ll definitely work… There’s multiple ideas how to make that work.”

“If every country does this by itself we won’t have open borders again,” he added. “And if in a country there’s multiple applications that don’t share data then we won’t have a large enough set of people participating who can actually make infection tracing possible — and if there’s not a single place where we can have discussions about what’s the right thing to do about privacy well then probably everybody will do something else and half of them will use phone numbers and location information.”

The PEPP-PT coalition has not yet published its protocol or any code. Which means external experts wanting to chip in with informed feedback on specific design choices related to the proposed standard haven’t been able to get their hands on the necessary data to carry out a review.

Boos said they intend to open source the code this week, under a Mozilla licence. He also said the project is willing to take on “any good suggestions” as contributions.

“Currently only beta members have access to it because those have committed to us that they will update to the newest version,” he said. “We want to make sure that when we publish the first release of code it should have gone through data privacy validation and security validation — so we are as sure as we can be that there’s no major change that someone on an open source system might skip.”

The lack of transparency around the protocol had caused concern among privacy experts — and led to calls for developers to withhold support pending more detail. And even to speculation that European governments may be intervening to push the effort towards a centralized model — and away from core EU principles of data protection by design and default.

As it stands, the EU’s long-standing data protection law bakes in principles such as data minimization. Transparency is another core requirement. And just last week the bloc’s lead privacy regulator, the EDPS, told us it’s monitoring developments around COVID-19 contacts tracing apps.

“The EDPS supports the development of technology and digital applications for the fight against the coronavirus pandemic and is monitoring these developments closely in cooperation with other national Data Protection Supervisory Authorities. It is firmly of the view that the GDPR is not an obstacle for the processing of personal data which is considered necessary by the Health Authorities to fight the pandemic,” a spokesman told us.

“All technology developers currently working on effective measures in the fight against the coronavirus pandemic should ensure data protection from the start, e.g. by applying apply data protection by design principles. The EDPS and the data protection community stand ready to assist technology developers in this collective endeavour. Guidance from data protection authorities is available here: EDPB Guidelines 4/2019 on Article 25 Data Protection by Design and by Default; and EDPS Preliminary Opinion on Privacy by Design.”

We also understand the European Commission is paying attention to the sudden crop of coronavirus apps and tools — with effectiveness and compliance with European data standards on its radar.

However, at the same time, the Commission has been pushing a big data agenda as part of a reboot of the bloc’s industrial strategy that puts digitization, data and AI at the core. And just today Euroactiv reported on leaked documents from the EU Council which say EU Member States and the Commission should “thoroughly analyse the experiences gained from the COVID-19 pandemic” in order to inform future policies across the entire spectrum of the digital domain.

So even in the EU there is a high level appetite for data that risks intersecting with the coronavirus crisis to drive developments in a direction that might undermine individual privacy rights. Hence the fierce push back from certain pro-privacy quarters for contacts tracing to be decentralized — to guard against any state data grabs.

For his part Boos argues that what counts as best practice ‘data minimization’ boils down to a point of view on who you trust more. “You could make an argument [for] both [deccentralized and centralized approaches] that they’re data minimizing — just because there’s data minimization at one point doesn’t mean you have data minimization overall in a decentralized system,” he suggests.

“It’s a question who do you trust? It’s who would you trust more — that’s the real question. I see the critical point of data as not the list of anonymized contacts — the critical data is the confirmed infected.

“A lot of this is an old, religious discussion between centralization and decentralization,” he added. “Generally IT oscillates between those tools; total distribution, total centralization… Because none of those is a perfect solution. But here in this case I think both offer valid security options, and then they have both different implications on what you’re willing to do or not willing to do with medical data. And then you’ve got to make a decision.

“What we have to do is we’ve got to make sure that the options are available. And we’ve got to make sure there’s sound research, not just conjecture, in heavyweight discussions: How does what work, how do they compare, and what are the risks?”

In terms of who’s involved in PEPP-PT discussions, beyond direct project participants, Boos said governments and health ministries are involved for the practical reason that they “have to include this in their health processes”. “A lot of countries now create their official tracing apps and of course those should be connected to the PEPP-PT,” he said.

“We also talk to the people in the health systems — whatever is the health system in the respective countries — because this needs to in the end interface with the health system, it needs to interface with testing… it should interface with infectious disease laws so people could get in touch with the local CDCs without revealing their privacy to us or their contact information to us, so that’s the conversation we’re also having.”

Developers with early (beta) access are kicking the tyres of the system already. Asked when the first apps making use of PEPP-PT technologies might be in general circulation Boos suggested it could be as soon as a couple of weeks.

“Most of them just have to put this into their tracing layer and we’ve already given them enough information so that they know how they can connect this to their health processes. I don’t think this will take long,” he said, noting the project is also providing a tracing reference app to help countries that haven’t got developer resource on tap.

“For user engagement you’ll have to do more than just tracing — you’ll have to include, for example, the information from the CDC… but we will offer the skeletal implementation of an app to make starting this as a project [easier],” he said.

“If all the people that have emailed us since last week put it in their apps [we’ll get widespread uptake],” Boos added. “Let’s say 50% do I think we get a very good start. I would say that the influx from countries and I would say companies especially who want their workforce back — there’s a high pressure especially to go on a system that allows international exchange and interoperability.”

On the wider point of whether contacts tracing apps is a useful tool to help control the spread of this novel coronavirus — which has shown itself to be highly infectious, more so than flu, for example — Boos said: “I don’t think there’s much argument that isolating infection is important, the problem with this disease is there’s zero symptoms while you’re already contagious. Which means that you can’t just go and measure the temperature of people and be fine. You actually need that look into the past. And I don’t think that can be done accurately without digital help.

“So if the theory that you need to isolate infection chains is true at all, which many diseases have shown that it is — but each disease is different, so there’s no 100% guarantee, but all the data speaks for it — then that is definitely something that we need to do… The argument [boils down to] if we have so many infected as we currently have, does this make sense — do we not end up very quickly, because the world is so interconnected, with the same type of lockdown mechanism?

“This is why it only makes sense to come out with an app like this when you have broken these R0 values [i.e how many other people one infected person can infect] — once you’ve got it under 1 and got the number of cases in your country down to a good level. And I think that in the language of an infectious disease person this means going back to the approach of containing the disease, rather than mitigating the disease — what we’re doing now.”

“The approach of contact chain evaluation allows you to put better priorities on testing — but currently people don’t have the real priority question, they have a resource question on testing,” he added. “Testing and tracing are independent of each other. You need both; because if you’re tracing contacts and you can’t get tested what’s that good for? So yes you definitely [also] need the testing infrastructure for sure.”

The Safari vulnerabilities have been patched, but they would have given an alarming amount of access.

Hours after security researchers at Citizen Lab reported that some Zoom calls were routed through China, the video conferencing platform has offered an apology and a partial explanation.

To recap, Zoom has faced a barrage of headlines this week over its security policies and privacy practices, as hundreds of millions forced to work from home during the coronavirus pandemic still need to communicate with each other.

The latest findings landed earlier today when Citizen Lab researchers said that some calls made in North America were routed through China — as were the encryption keys used to secure those calls. But as was noted this week, Zoom isn’t end-to-end encrypted at all, despite the company’s earlier claims, meaning that Zoom controls the encryption keys and can therefore access the contents of its customers’ calls. Zoom said in an earlier blog post that it has “implemented robust and validated internal controls to prevent unauthorized access to any content that users share during meetings.” The same can’t be said for Chinese authorities, however, which could demand Zoom turn over any encryption keys on its servers in China to facilitate decryption of the contents of encrypted calls.

Zoom now says that during its efforts to ramp up its server capacity to accommodate the massive influx of users over the past few weeks, it “mistakenly” allowed two of its Chinese data centers to accept calls as a backup in the event of network congestion.

From Zoom’s CEO Eric Yuan:

During normal operations, Zoom clients attempt to connect to a series of primary datacenters in or near a user’s region, and if those multiple connection attempts fail due to network congestion or other issues, clients will reach out to two secondary datacenters off of a list of several secondary datacenters as a potential backup bridge to the Zoom platform. In all instances, Zoom clients are provided with a list of datacenters appropriate to their region. This system is critical to Zoom’s trademark reliability, particularly during times of massive internet stress.”

In other words, North American calls are supposed to stay in North America, just as European calls are supposed to stay in Europe. This is what Zoom calls its data center “geofencing.” But when traffic spikes, the network shifts traffic to the nearest data center with the most available capacity.

China, however, is supposed to be an exception, largely due to privacy concerns among Western companies. But China’s own laws and regulations mandate that companies operating on the mainland must keep citizens’ data within its borders.

Zoom said in February that “rapidly added capacity” to its Chinese regions to handle demand was also put on an international whitelist of backup data centers, which meant non-Chinese users were in some cases connected to Chinese servers when data centers in other regions were unavailable.

Zoom said this happened in “extremely limited circumstances.” When reached, a Zoom spokesperson did not quantify the number of users affected.

Zoom said that it has now reversed that incorrect whitelisting. The company also said users on the company’s dedicated government plan were not affected by the accidental rerouting.

But some questions remain. The blog post only briefly addresses its encryption design. Citizen Lab criticized the company for “rolling its own” encryption — otherwise known as building its own encryption scheme. Experts have long rejected efforts by companies to build their own encryption, because it doesn’t undergo the same scrutiny and peer review as the decades-old encryption standards we all use today.

Zoom said in its defense that it can “do better” on its encryption scheme, which it says covers a “large range of use cases.” Zoom also said it was consulting with outside experts, but when asked, a spokesperson declined to name any.

Bill Marczak, one of the Citizen Lab researchers that authored today’s report, told TechCrunch he was “cautiously optimistic” about Zoom’s response.

“The bigger issue here is that Zoom has apparently written their own scheme for encrypting and securing calls,” he said, and that “there are Zoom servers in Beijing that have access to the meeting encryption keys.”

“If you’re a well-resourced entity, obtaining a copy of the internet traffic containing some particularly high-value encrypted Zoom call is perhaps not that hard,” said Marcak.

“The huge shift to platforms like Zoom during the COVID-19 pandemic makes platforms like Zoom attractive targets for many different types of intelligence agencies, not just China,” he said. “Fortunately, the company has (so far) hit all the right notes in responding to this new wave of scrutiny from security researchers, and have committed themselves to make improvements in their app.”

Zoom’s blog post gets points for transparency. But the company is still facing pressure from New York’s attorney general and from two class-action lawsuits. Just today, several lawmakers demanded to know what it’s doing to protect users’ privacy.

Will Zoom’s mea culpas be enough?

Facebook’s WhatsApp is in the midst of a lawsuit against Israeli mobile surveillance outfit NSO Group. But before complaining about the company’s methods, Facebook seems to have wanted to use them for its own purposes, according to testimony from NSO founder Shalev Hulio.

Last year brought news of an exploit that could be used to install one of NSO’s spyware packages, Pegasus, on devices using WhatsApp. The latter sued the former over it, saying that over a hundred human rights activists, journalists and others were targeted using the method.

Last year also saw Facebook finally shut down Onavo, the VPN app it purchased in 2013 and developed into a backdoor method of collecting all manner of data about its users — but not as much as they’d have liked, according to Hulio. In a document filed with the court yesterday he states that Facebook in 2017 asked NSO Group for help collecting data on iOS devices resistant to the usual tricks:

In October 2017, NSO was approached by two Facebook representatives who asked to purchase the right to use certain capabilities of Pegasus, the same NSO software discussed in Plaintiffs’ Complaint.

The Facebook representatives stated that Facebook was concerned that its method for gathering user data through Onavo Protect was less effective on Apple devices than on Android devices. The Facebook representatives also stated that Facebook wanted to use purported capabilities of Pegasus to monitor users on Apple devices and were willing to pay for the ability to monitor Onavo Protect users. Facebook proposed to pay NSO a monthly fee for each Onavo Protect user.

NSO declined, as it claims to only provide its software to governments for law enforcement purposes. But there is a certain irony to Facebook wanting to employ against its users the very software it would later decry being employed against its users. (WhatsApp maintains some independence from its parent company, but these events come well after the purchase by and organizational integration into Facebook.)

A Facebook representative did not dispute that representatives from the company approached NSO Group at the time, but said the testimony was an attempt to “distract from the facts” and contained “inaccurate representations about both their spyware and a discussion with people who work at Facebook.” We can presumably expect a fuller rebuttal in the company’s own filings soon.

Facebook and WhatsApp are, quite correctly, concerned that effective, secret intrusion methods like those developed and sold by NSO Group are dangerous in the wrong hands — as demonstrated by the targeting of activists and journalists, and potentially even Jeff Bezos. But however reasonable Facebook’s concerns are, the company’s status as the world’s most notorious collector and peddler of private information makes its righteous stance hard to take seriously.

The massive surge of COVID-19-related layoffs has put tech in a unique position. While the startup world is facing layoffs itself, it is also trying to help get people back to work.

Back at the end of 2019, the SoftBank-backed belt-tightening period led to a flurry of crowdsourced spreadsheets with employee names from companies like Oyo, WeWork, Zume and more. The spreadsheets popped up as a bet on the network effect, with the ultimate goal of hoping the sheets land in the hands of a recruiter looking to hire one of hundreds laid off. Now, as COVID-19 cripples the economy, layoffs have surged dramatically past that one period.

On one end, we’ve reported on numbers of tech companies cutting staff, from Oyo, to ZipRecruiter, to TripActions. But on the other, brighter end, we’ve also seen the rise of platforms to connect those laid off and pledges from employers to not fire any employees during this trying time.

In a world where people are laid off on Zoom, tech’s efforts to give community, and a course of action, to those laid off is undeniably important.

The current climate of the pandemic, and the massive unemployment that has resulted, means that a spreadsheet with a long list of employee names and unverified contact information doesn’t cut it.

Shannon Anderson, the director of talent at Madrona Venture Group in Seattle, saw her firm’s portfolio companies struggling with layoffs and the changing economy. Two of the  portfolio companies, Textio and Rover, laid off staff, along with a number of other companies.

“We wanted to anticipate a reduction in force across the ecosystem,” said Anderson. “It’s a global problem.”

So, to help boost the network of those laid off, Anderson reached out to a number of HR leaders, including Chris Brownridge, the founder of Silver Lining, a job platform for those who have been laid off. He started Silver Lining after he shut down his startup last summer and had to lay off his staff of 20.

“I felt the pain [of layoffs] from the employer side, and it is painful for the employer, especially when you care about [your workers],” he said back in January. “I don’t want to keep seeing spreadsheets thrown around; I think that is not the right answer. We need a standardized way to deal with it, with a community behind it.”

Silver Lining is a platform that lets candidates submit profiles for recruiters from top companies to review. Job seekers on the site range from architects, UX designers, engineers, community managers and more.

Then COVID-19 spread across the world, forcing people to stay home and spend less. The economy’s downturn unevenly impacted companies around the world: where layoffs exist for the travel sector, usage surges exist for the remote work companies. But as a whole, the labor force is struggling, with 6.6 million Americans filing for unemployment just last week alone.

Madrona said it is donating a portion of its budget to help Silver Lining offer more services to those laid off. The firm declined to share the total amount of the donation.

Silver Lining will also now offer coaching, resume writing and emotional support to folks on the platform, Brownridge says. Thanks to donations from Madrona, Skytap, Bandwidth, Voodle, Female Founders Alliance and more, the site is free to use.

The uptick in layoffs has led Boston-based Drafted, a referral startup, to launch a product called the Layoff Network to help those who have been laid off. The startup previously was sending out a newsletter, Layoff List, of weekly list of layoffs with spreadsheets hyperlinked. During the SoftBank layoffs, Olivia Clark, the creator of the newsletter, noticed a surge in traffic — more than 1,000 recruiters subscribed.

Now she says traffic is “up 2,000%” and, in just two weeks, Drafted’s engineering team has productized that newsletter into a job search network.

The Layoff Network connects with recruiters people who have been recommended by their colleagues and “endorsed” for their skills. If you’re laid off, you can sign up and create a profile and ask a previous employer or colleague to recommend you. Clark says this is similar to LinkedIn’s “endorse” feature to make sure the people are credible.

Once the person has been endorsed, they will be added to a talent feed. That is where recruiters can search for nominees, job titles, companies or locations. Unlike a spreadsheet, this is clearly easier to navigate and adds another layer of human touch.

Clark says that the platform will be free for individuals who have been laid off, and who are recruiting or hiring. Drafted has a paid enterprise level that is for organizations that are conducting mass layoffs and want to provide support for former employees.

The grassroots efforts are vast and diverse. Here’s a list that posts companies that are actively hiring. Here’s a list for Canadian tech workers, and one for Colorado’s tech scene. And here’s a live tracker of startups that have issued layoffs, started by the team over at Human Interest, a startup that has nothing to do with layoffs.

Megan Murphy, who created Chicago Superstars for those laid off from the Chicago tech scene, has not received donations or support yet. As the number of unemployed people increases, Murphy says she’s noticing a lack of clarity on which companies are hiring, and which job postings are still active. If a company was hiring for a position in January, it might not be anymore (to help keep costs down).

“I can’t waste time crafting cover letters and custom resumes for jobs that won’t actually move forward,” she said. “There are tons of crowdsourced tools trying to flag who’s actually hiring still, while others are trying to flag who’s instituted a hiring freeze or laid people off, and in the meantime, company career pages aren’t up to date. We need one source of truth — and right now nobody’s really set up to do that.”

For now, Murphy says she’s getting creative in her own search, and asking for others to do the same. “Virtual communities and experiences are about to be more important than ever.” She notes guerrilla Slack channels and Reddit as an example of organic communication.

As for how she’s able to keep up with the demand of people needing help for their next job? Murphy, who is looking for a job herself after getting laid off, says she has fewer interviews from potential employers, so she’s been able to help those reaching out.

The work done by these entrepreneurs scratches at the same hope that lies within the hundreds of lines of contact information within a crowdsourced layoff spreadsheet: a need for a community in a trying time. And these days, more than most, remind us of the power of having a group of people together in the first place.

The game’s release is being postponed due to logistical concerns caused by the spread of the coronavirus.

Staying home is still the best way to protect yourself from the coronavirus. But the CDC now says that masks are effective as an additional measure.