Roku debuts new Streaming Stick 4K bundles, software update with voice and mobile features

Weeks after Amazon introduced an updated Fire TV lineup that included, for the first time, its own TVs, Roku today is announcing its own competitive products in a race to capture consumers’ attention before the holiday shopping season. Its updates include a new Roku Streaming Stick 4K and Roku Streaming Stick 4K+ — the latter which ships with Roku’s newer hands-free voice remote. The company is also refreshing the Roku Ultra LT, a Walmart-exclusive version of its high-end player. And it announced the latest software update, Roku OS 10.5, which adds updated voice features, a new Live TV channel for home screens, and other minor changes.

The new Streaming Stick 4K builds on Roku’s four-year-old product, the Streaming Stick+, as it offers the same type of stick form factor designed to be hidden behind the TV set. This version, however, has a faster processor which allows the device to boot up to 30% faster and load channels more quickly, Roku claims. The Wi-Fi is also improved, offering faster speeds and smart algorithms that help make sure users get on the right band for the best performance in their homes where network congestion is an increasingly common problem  — especially with the pandemic-induced remote work lifestyle. The new Stick adds support for Dolby Vision and HDR 10+, giving it the “4K” moniker.

This version ships with Roku’s standard voice remote for the same price of $49.99. For comparison, Amazon’s new Fire TV Stick Max with a faster processor and speedier Wi-Fi is $54.99. However, Amazon is touting the addition of Wi-Fi 6 and support for its game streaming service, Luna, as reasons to upgrade.

Roku’s new Streaming Stick 4K+ adds the Roku Voice Remote Pro to the bundle instead. This is Roku’s new remote, launched in the spring, that offers rechargeability, a lost remote finder, and hands-free voice support via its mid-field microphone, so you can just say things like “hey Roku, turn on the TV,” or “launch Netflix,” instead of pressing buttons. Bought separately, this remote is $29.99. The bundle sells for $69.99, which translates to a $10 discount over buying the stick and remote by themselves.

Image Credits: Roku

Both versions of the Streaming Stick will be sold online and in stores starting in October.

The Roku Ultra LT ($79.99), built for Walmart exclusively, has also been refreshed with a faster processor, more storage, a new Wi-Fi radio with up to 50% longer range, support for Dolby Vision, Bluetooth audio streaming, and a built-in ethernet port.

Plus, Roku notes that TCL will become the first device partner to use the reference designs it introduced at CES for wireless soundbars, with its upcoming Roku TV wireless soundbar. This device connects over Wi-Fi to the TV and works with the Roku remote, and will arrive at major retailers in October where it will sell for $179.99.

The other big news is Roku’s OS 10.5 software release. The update isn’t making any dramatic changes this time around, but is instead focused largely on voice and mobile improvements.

The most noticeable consumer-facing change is the ability to add a new Live TV channel to your home screen which lets you more easily launch The Roku Channel’s 200+ free live TV channels, instead of having to first visit Roku’s free streaming hub directly, then navigate to the Live TV section. This could make the Roku feel more like traditional TV for cord-cutters abandoning their TV guide for the first time.

Other tweaks include expanded support for launching channels using voice commands, with most now supported; new voice search and podcast playback with a more visual “music and podcast” row and Spotify as a launch partner; the ability to control sound settings in the mobile app; an added Voice Help guide in settings; and additional sound configuration options for Roku speakers and soundbars (e.g. using the speaker pairs and soundbar in a left/center/right) or in full 5.1 surround sound system).

A handy feature for entering in email and passwords in set-up screens using voice commands is new, too. Roku says it sends the voice data off-device to its speech-to-text partner, and the audio is anonymized. Roku doesn’t get the password or store it, as it goes directly to the channel partner. While there are always privacy concerns with voice data, the addition is a big perk from an accessibility standpoint.

Image Credits: Roku

One of the more under-the-radar, but potentially useful changes coming in OS 10.5 is an advanced A/V sync feature that lets you use the smartphone camera to help Roku make further refinements to the audio delay when using wireless headphones to listen to the TV. This feature is offered through the mobile app.

The Roku mobile app in the U.S. is also gaining another feature with the OS 10.5 update with the addition of a new Home tab for browsing collections of movies and shows across genres, and a “Save List, which functions as a way to bookmark shows or movies you might hear about — like when chatting with friends — and want to remember to watch later when you’re back home in front of the TV.

The software update will roll out to Roku devices over the weeks ahead. It typically comes to Roku players first, then rolls out to TVs.

#amazon, #amazon-fire-tv, #apple-tv-app, #computing, #digital-media-players, #ethernet, #gadgets, #hardware, #internet-radio, #internet-television, #luna, #media, #mobile, #netflix, #now, #roku, #smartphone, #speaker, #spotify, #telecommunications, #united-states, #voice-search, #walmart, #wi-fi, #wireless-headphones, #wireless-soundbar

Google Workspace opens up spaces for all users

Employee location has become a bit more complicated as some return to the office, while others work remotely. To embrace those hybrid working conditions, Google is making more changes to its Google Workspace offering by going live with spaces — its tool for small group sharing — in Google Chat for all users.

Spaces integrates with Workspace tools, like the calendar, Drive and documents, to provide a more hybrid work experience where users can see the full history, content and context of conversations regardless of their location.

Google’s senior director of product management Sanaz Ahari wrote in a blog post that customers wanted spaces to be more like a “central hub for collaboration, both in real time and asynchronously. Instead of starting an email chain or scheduling a video meeting, teams can come together directly in a space to move projects and topics along.”

Here are some new features users can see in spaces:

  • One interface for everything — inbox, chats, spaces and meetings.
  • Spaces, and content therein, can be made discoverable for people to find and join in the conversation.
  • Better search ability within a team’s knowledge base.
  • Ability to reply to any message within a space.
  • Enhanced security and admin tools to monitor communication.

Employees can now indicate if they will be virtual or in-person on certain days in Calendar for collaboration expectations. As a complement, users can call colleagues on both mobile and desktop devices in Google Meet.

Calendar work location

In November, all customers will be able to use Google Meet’s Companion Mode to join a meeting from a personal device while tapping into in-room audio and video. Also later this year, live-translated captions will be available in English to French, German, Portuguese and Spanish, with more languages being added in the future.

In addition, Google is also expanding its Google Meet hardware portfolio to include two new all-in-one video conferencing devices, third-party devices — Logitech’s video bar and Appcessori’s mobile device speaker dock — and interoperability with Webex by Cisco.

Google is tying everything together with a handbook for navigating hybrid work, which includes best practice blueprints for five common hybrid meetings.

 

#apps, #cloud, #computing, #enterprise, #google, #google-meet, #google-workspace, #groupware, #mobile-device, #mobile-software, #tc, #technology, #telecommunications, #video-conferencing, #web-conferencing, #webex

Box, Zoom chief product officers discuss how the changing workplace drove their latest collaboration

If the past 18 months is any indication, the nature of the workplace is changing. And while Box and Zoom already have integrations together, it makes sense for them to continue to work more closely.

Their newest collaboration is the Box app for Zoom, a new type of in-product integration that allows users to bring apps into a Zoom meeting to provide the full Box experience.

While in Zoom, users can securely and directly access Box to browse, preview and share files from Zoom — even if they are not taking part in an active meeting. This new feature follows a Zoom integration Box launched last year with its “Recommended Apps” section that enables access to Zoom from Box so that workflows aren’t disrupted.

The companies’ chief product officers, Diego Dugatkin with Box and Oded Gal with Zoom, discussed with TechCrunch why seamless partnerships like these are a solution for the changing workplace.

With digitization happening everywhere, an integration of “best-in-breed” products for collaboration is essential, Dugatkin said. Not only that, people don’t want to be moving from app to app, instead wanting to stay in one environment.

“It’s access to content while never having to leave the Zoom platform,” he added.

It’s also access to content and contacts in different situations. When everyone was in an office, meeting at a moment’s notice internally was not a challenge. Now, more people are understanding the value of flexibility, and both Gal and Dugatkin expect that spending some time at home and some time in the office will not change anytime soon.

As a result, across the spectrum of a company, there is an increasing need for allowing and even empowering people to work from anywhere, Dugatkin said. That then leads to a conversation about sharing documents in a secure way for companies, which this collaboration enables.

The new Box and Zoom integration enables meeting in a hybrid workplace: chat, video, audio, computers or mobile devices, and also being able to access content from all of those methods, Gal said.

“Companies need to be dynamic as people make the decision of how they want to work,” he added. “The digital world is providing that flexibility.”

This long-term partnership is just scratching the surface of the continuous improvement the companies have planned, Dugatkin said.

Dugatkin and Gal expect to continue offering seamless integration before, during and after meetings: utilizing Box’s cloud storage, while also offering the ability for offline communication between people so that they can keep the workflow going.

“As Diego said about digitization, we are seeing continuous collaboration enhanced with the communication aspect of meetings day in and day out,” Gal added. “Being able to connect between asynchronous and synchronous with Zoom is addressing the future of work and how it is shaping where we go in the future.”

#apps, #artificial-intelligence, #box, #cloud-computing, #computing, #diego-dugatkin, #enterprise, #mobile-devices, #oded-gal, #remote-work, #saas, #tc, #telecommunications, #video, #web-conferencing, #zoom

T-Mobile says at least 47M current and former customers affected by data breach

T-Mobile has confirmed that millions of current and former customers had their information stolen in a data breach, following reports of a hack over the weekend.

In a statement, T-Mobile, which has more than 100 million customers, said its preliminary analysis shows 7.8 million current postpaid T-Mobile customers had information taken in the data breach. The carrier said that some personal data on current and former postpaid was also taken, including customer names, dates of birth, Social Security numbers, and driver’s license information for a “subset” of current and former postpay customers and prospective T-Mobile customers.

The company also said that 40 million records of former and prospective customers was taken, but that “no phone numbers, account numbers, PINs, passwords, or financial information were compromised.”

But the company warned that approximately 850,000 active T-Mobile customer names, phone numbers, and account PINs were in fact compromised, and that customer names, phone numbers and account PINs were exposed. T-Mobile said it’s reset those customer PINs. T-Mobile said it was “recommending all postpaid customers” to proactively change their account PIN, which protects their accounts from SIM-swapping attacks.

Vice reported this weekend that T-Mobile was investigating a possible hack after a seller on a known criminal forum claimed to be in possession of millions of records. The seller told Vice that they had 100 million records on T-Mobile customers, which included customer account names, phone numbers, and the IMEI numbers of phones on the account.

T-Mobile warned that there could be more fallout to come, noting that it confirmed there was “some additional information from inactive prepaid accounts accessed through prepaid billing files,” but did not say what, only that it was not financial information.

This is the fifth time that T-Mobile was hacked in recent years, following incidents as recently as January and other incidents dating back to 2018.

#data-breach, #deutsche-telekom, #driver, #security, #sim-card, #t-mobile, #t-mobile-uk, #telecommunications, #virgin-mobile

T-Mobile confirms it was hacked after customer data posted online

T-Mobile has confirmed “unauthorized access” to its systems, days after a portion of customer data was listed for sale on a known cybercriminal forum.

The U.S. cell giant, which last year completed a $26 billion merger with Sprint, confirmed an intrusion but that it has “not yet determined that there is any personal customer data involved.” The company said that its investigation will “take some time,” and no timeline was given.

“We are confident that the entry point used to gain access has been closed, and we are continuing our deep technical review of the situation across our systems to identify the nature of any data that was illegally accessed,” the company said.

Vice reported this weekend that T-Mobile was investigating a possible intrusion after a seller was claiming to be in possession of millions of records. The seller told Vice that they had 100 million records on T-Mobile customers, which included customer account names, phone numbers, the IMEI numbers of phones on the account, and Social Security number and driver’s license information — details that the company often collects to verify the identities of its customers.

Vice verified a sample of the records from the seller, suggesting the data is in at least partially valid.

The forum post, which TechCrunch has seen, asks for 6 bitcoin, or about $275,000, for data on a 30 million subset of customer data. The data was allegedly obtained from a T-Mobile-run database server that was connected to the internet, according to a screenshot posted by Bleeping Computer, which also reported that the seller has the IMEI database “going back to 2004.” IMEI and ISMI numbers can be used to uniquely identify and locate a cellphone user.

An earlier post seen by TechCrunch from the same seller and using the same sample of data claimed to have 124 million records, but still did not name T-Mobile as the source of the data. The post was deleted in the past few days.

This is by our count the fifth time that T-Mobile was hacked in recent years.

In January, T-Mobile said it had a data breach that saw cybercriminals steal about 200,000 call records and other subscriber data. Last year, T-Mobile had two incidents — it admitted a breach on its email systems that saw hackers access some T-Mobile employee email accounts and access customer data; and a breach of a million prepaid customers’ personal and billing information months later. In 2018, T-Mobile said as many as two million customers may have had their personal information scraped.


You can send tips securely over Signal and WhatsApp to +1 646-755-8849. You can also send files or documents using our SecureDrop.

#deutsche-telekom, #driver, #securedrop, #security, #sprint, #t-mobile, #t-mobile-uk, #technology, #telecommunications, #telephony, #united-states, #whatsapp

Bring your own environment: The future of work

The world has just witnessed one of the fastest work transformations in history. COVID-19 saw businesses send people home en masse, leaning on technology to maintain business as usual. Working from home, once the exception rather than the rule, became responsible for two-thirds of economic activity as an estimated 1.1 billion people around the world were forced to perform their daily jobs remotely, up from 350 million in 2019.

As we explain in the 2021 Accenture Technology Vision report, this transformation is just the beginning. Looking ahead, where and how people work will be much more flexible concepts with the potential to bring benefits to employees and employers alike. In fact, 87% of executives Accenture surveyed believe that the remote workforce opens up the market for difficult-to-find talent.

These benefits will only be fully realized if enterprises adopt a strategic approach to the future of work. Think back to a few years ago, when the bring your own device (BYOD) trend was in vogue. Faced with demand from workers to use their own devices in the enterprise setting, businesses had to think through new policies and controls to support this model.

Employers must now do the same thing, but on a much bigger scale. BYOD has become “BYOE”: Employees are bringing their entire environments to work. These environments include a broader range of worker-owned tech (smart speakers, home networks, gaming consoles, security cameras and more) and their work setting. One person may have a home office set up in a shed in their garden, another may be working from the kitchen table, surrounded by their family.

Businesses need to accept that their employees’ environments are a permanent part of their enterprise and adjust them accordingly.

The workplace reimagined

Looking ahead, the BYOE-style of work won’t be limited to employees’ homes. People will be free to work from anywhere, and they will want to work in the environment that’s best for them — whether that’s the office, home or a hybrid mix of the two. This is something leaders must accommodate rather than fight.

Indeed, leaders can rethink the purpose of working at the warehouses, depots, factories, offices, labs and other locations that make up their businesses. They should consider carefully when it makes sense for people to be at certain sites and with certain people. They will thereby be able to optimize their operations.

A few years from now, the organizations that succeed will be the ones that resisted the urge to race everyone back to the office and instead rethought how their workforce operates. They will have put in place a robust strategy for change that includes the adoption of technology enablers like the cloud, AI, IoT and XR. But more importantly, this will outline how their reimagined workforce model can support and enable their people and how this can be reflected in the corporate culture.

Enabling the new

The first step toward this future requires gaining visibility into the employee experience. With BYOE, the employee experience has never been more important, but it has also never been harder to monitor. Workplace analytics will therefore be critical to understanding how employees’ environments are impacting their work and finding insights that can improve their experience and productivity.

Security is another primary enabler. Businesses need to accept that their employees’ environments are a permanent part of their enterprise and adjust them accordingly. IT security teams will have to do more than ensure that a worker’s laptop is secured with the latest firewall patches, and consider the worker’s network security and the security of all devices linked to that network, such as baby monitors and smart TVs.

Once the technology, analytics and security foundations are in place, businesses will be better positioned to unlock the full value of BYOE: operating model transformation. When companies go virtual-first, they have new opportunities to integrate emerging technologies into the workforce. With a virtual-first BYOE strategy, for example, businesses can have a warehouse full of robots doing the physical work, coupled with offsite employees safely monitoring and overseeing strategy.

Cultural change is key

Success in BYOE will also come down to culture. The enterprise must accept that the employee environment is now part of the “workplace” and accommodate people’s needs. This will be a large, slow-to-emerge cultural shift, but there will be quick wins, too.

Take the disconnect between in-person and remote workers as an example. So much is currently tied to geography, but the future will be all about balance. Workers in different roles will benefit from the work environment best suited to their needs. However, without careful implementation, the approach could lead to a divided workforce, where in-office and remote workers struggle to collaborate. Quora is already looking to overcome this challenge by requiring all employees who are attending meetings, regardless of whether they’re home or in the office, to appear on their own video screen.

Reimagining the organization for BYOE is a moving target and best practices are still emerging. But one thing is already clear: You can’t afford to wait. To attract the best talent and keep employees engaged, start planning now.

#accenture, #column, #consulting, #ec-column, #ec-future-of-work, #firewall, #labor, #mobile-device-management, #opinion, #quora, #remote-work, #remote-working, #telecommunications, #telecommuting, #working-remotely

Airtel Africa gets an extra $200M for its mobile money business from QIA

Three months ago, Mastercard invested $100 million in Airtel Mobile Commerce BV (AMC BV) — the mobile money business of telecom Airtel Africa. This was two weeks after it also received $200 million from TPG’s Rise Fund.

Today, the African telecoms operator has announced that it has secured another investment for its mobile money arm. The investor? Qatar Holding LLC, an affiliate of the Qatar Investment Authority (QIA) which is the sovereign wealth fund of the State of Qatar with over $300 billion assets. The Middle Eastern corporation is set to invest $200 million into AMC BV through a secondary purchase of shares from Airtel Africa.

AMC BV is an Airtel Africa subsidiary and the holding company for several of Airtel Africa’s mobile money operations across 14 African countries, including Kenya, Uganda and Nigeria. The mobile money arm operates one of the largest financial services on the continent. It provides users access to mobile wallets, support for international money transfers, loans and virtual credit cards.

According to a statement released by the telecoms operator, the proceeds of the investment will be used to reduce debt and invest in network and sales infrastructure in the respective operating countries. The deal will close in two tranches — $150 million invested at the first close, most likely in August. The remaining $50 million will be invested at second close.

Airtel Africa claims QIA will hold a minority stake while it continues to hold the majority stake. This transaction still values Airtel Africa at $2.65 billion on a cash and debt-free basis like other deals. However, what’s different this time is that QIA is entitled to appoint a director to AMC BV’s board and “to certain customary information and minority protection rights.”

Airtel Africa’s most recent report for Q1 2021 shows signs of growth. The telecoms operator saw a year on year revenue growth of 53.7%, pushed by a 24.6% growth in customer base to 23.1 million. Transaction value went up 64.4% to $14.7 billion ($59 billion annualised); and EBITDA stood at $60 million ($240 million annualised) at a margin of 48.8%. The company also generated $124 million in revenue ($496 million annualised), while its profits before tax year-on-year for Q1 2021 stood at $185 million.

Mansoor bin Ebrahim Al-Mahmoud, CEO of QIA, said the sovereign’s wealth fund investment in Airtel Africa would help promote financial inclusion in Sub-Saharan Africa. “Airtel Money plays a critical role in facilitating economic activity, including for customers without access to traditional financial services. We firmly believe in its mission to expand these efforts over the coming years,” he added.

In February, Airtel Africa first made it known that it wanted to sell a minority stake in AMC BV to raise cash and sell off some assets. The subsequent month, it sold off telecommunication towers in Madagascar and Malawi to Helios Towers for $119 million and raised $500 million from outside investors.

#africa, #airtel-africa, #financial-services, #mastercard, #mobile-money, #private-equity, #qatar-investment-authority, #tc, #telecommunications, #tpg

The RapidSOS EC-1

Three digits, so little time.

Numbers can take on profound cultural significance, but few numbers have quite the resonance as 911, the emergency number for the United States. Few want to dial it, but when they must, it works — every single time. One industry trade association estimates that 240 million 911 phone calls are made every year, ranging from the quotidian loud dog to the exceptional terrorist attack.

While it may be a singular number, 911 calls are directed to roughly 5,700 public safety answering points (PSAPs) across the country, all with independent operations, variegated equipment, disparate software, multifarious organizational structures, and vast inequalities of staffing and resources.

“Every 911 center is very different and they are as diverse and unique as the communities that they serve,” Karin Marquez, who we will meet later, put it. You have massive urban centers with dozens of staffers and the best equipment, and “you have agencies in rural America that have one person working 24/7 and they’re there to answer three calls a day.”

These organizations face a tough challenge: Transitioning their systems to incorporate information from billions of new consumer devices into the heart of 911 response. Location from mobile GPS, medical information from health profiles, video footage from cameras — all of this could be useful when police, firefighters and paramedics arrive on a scene. But how do you connect hundreds of tech companies to a myriad of 911 technology providers?

Over the last eight years, RapidSOS has become the go-to solution for addressing this problem. With more than $190 million raised, including an $85 million round this past February, RapidSOS now covers nearly 5,000 PSAPs and processes more than 150 million emergencies every year, and it’s technology is almost certainly integrated into the smartphone you’re carrying and many of the devices you have lying around (the company counts about 350 million connected devices with its software).

Yet, like many emergencies, the company’s story is one of reverses, misdirections and urgency as its founders worked to find a model to jump-start 911 response. RapidSOS may well be the only startup to pivot from a consumer app to a govtech/enterprise hybrid, and it has the most extensive directory of partnerships and integration relationships of any startup I have ever seen. Now, as it expands to Mexico, the United Kingdom and elsewhere, this startup with its roots in a rural farm in Indiana, is redefining emergency response globally for the 21st Century.

The lead writer of this EC-1 is Danny Crichton. In addition to being the EC-1 series editor, managing editor at TechCrunch, and regularly talking about himself in the third person, Danny has been writing about disaster tech and first covered RapidSOS back in 2015 prior to its public launch. The lead editor for this story was Ram Iyer, the copy editor was Richard Dal Porto, and illustrations were drawn by Nigel Sussman.

RapidSOS had no say in the content of this analysis and did not get advance access to it. Crichton has no financial ties to RapidSOS, and his ethics disclosure statement is available here.

The RapidSOS EC-1 comprises four articles numbering 12,400 words and a reading time of 50 minutes. Here are the topics we’ll be dialing into:

We’re always iterating on the EC-1 format. If you have questions, comments or ideas, please send an email to TechCrunch Managing Editor Danny Crichton at danny@techcrunch.com.

#911, #america, #communication, #ec-enterprise-applications, #ec-1, #emergency-response, #extra-crunch-ec-1, #federal-communications-commission, #government, #govtech, #gps, #indiana, #rapidsos, #rapidsos-ec-1, #smartphone, #startups, #tc, #telecommunications, #united-kingdom, #united-states

Smoking pizza ovens and pilfered dollar bills, or the early story of RapidSOS

The irony of 911 is that it’s a number that everyone knows (at least in the United States), and yet, no one really thinks about it. Few of us will dial 911 more than a handful of times in our lives, and even when we do, we will meet the police officers and paramedics who respond, never the 911 call taker who handled the dispatch. These systems and the people behind them garner meager attention, whether from Congress, state legislatures, the public or anyone else outside the emergency response community.

Except, that is, for Michael Martin.

RapidSOS’ story is one of a mission, a community, a team and a dream that every emergency should have the best chance to be resolved as positively as possible.

He, along with Nick Horelik and Matt Bozik very early on, became fascinated by the complexity and lack of innovation in the sector. “Uber had just come out. I could press a button and get a car. Why can’t I just press a button and get an ambulance? And then it sparks this curiosity,” Martin said. He sought knowledge, but for such a critical system, information was sparse. “The Wikipedia article on George Clooney is way longer than the one on 911,” he noted.

So began a nearly decade-long journey with RapidSOS that would see Martin and his team first attempt to build a consumer-safety app called Haven before pivoting exclusively to helping dozens of tech companies, including Apple and Google and device companies like SiriusXM, connect to a myriad of 911 software vendors. Along the way, they experienced the full vagaries of startup life, frenetically pivoting from product to product as they tried to get consumers to even care about emergencies.

It wasn’t easy, and it took years before the company finally hit its stride. But RapidSOS’s story is one of a mission, a community, a team and a dream that every emergency should have the best chance to be resolved as positively as possible.

Indiana: The callroads of America

Martin grew up outside the rural town of Rockport, Indiana, population about 2,500 today. His mother was the local doctor, and he and his brother habituated to the openness and ennui of rural farming life. “We grew up on 35 acres of land; we had an enormous garden and a little hobby orchard and stuff like that,” he said. “We had ‘Drive-Your-Tractor-To-School Day.’”

#911, #api, #apple, #braemar-energy-ventures, #ec-1, #emergency-response, #extra-crunch-ec-1, #federal-communications-commission, #finance, #google, #government, #harvard, #highland-capital, #indiana, #kickstarter, #michael-martin, #motorola-solutions, #nashville, #rapidsos, #rapidsos-ec-1, #startups, #tc, #telecommunications, #teller, #uber, #venture-capital

After a decade, Congress might finally bring 911 into the internet age

When it comes to user-interface design, 911 is about as good as it gets. It’s the “most recognized number in the United States,” Steve Souder, a prominent 911 leader, points out. Simple, fast, and it works from any telephone in the United States. No matter what the emergency is, the call takers on the other side will triage and dispatch assistance.

I’ve taken that ubiquity and simplicity for granted over the past three parts of this EC-1 on RapidSOS as we’ve looked at the startup’s origin story, business and products, as well as its partnerships and business development engine. The company is deeply enmeshed with 911, which means that the prospects of 911 as a system will heavily determine the trajectory of RapidSOS in the coming years, or at least, until its international expansion hits scale and it isn’t so dependent on the U.S. market.

Right now, a $15 billion funding bill to invest in NG911 has been proposed in Congress as part of the LIFT America infrastructure bill that is currently winding its way through the appropriations process and negotiations between Democratic and Republican leaders.

Now, you might think, “911, how could they screw that up?” But this is America, and you’d be surprised.

Despite the daily heroic work of tens of thousands of 911 personnel who keep this brittle system afloat, the reality today is that America’s emergency call infrastructure is in a perilous state. After more than a decade of heavy advocacy, the transition to the “next generation” of 911 (dubbed NG911), which would replace a voice-centric model with an internet-based one designed around data streams, has been trundling along, with some early traction but little universality.

As a Congressional Research Service report described it just a few years ago, “funding has been a challenge, and progress has been relatively slow.” Three years later, the words are just as true as they were then.

Given that RapidSOS’ future ultimately relies on a competent government capable of providing core infrastructure, this fourth and final part of the EC-1 will look at the current state of 911 services and what their prospects are, and finally, how one should ultimately judge RapidSOS given all that we have seen.

The three-digit number that feels like it is three-digits old

911 was invented in the late 1960s to unify America around one emergency number. Early forays to create emergency lines had sprouted up across cities and states, but each used their own system and telephone number, creating massive complications for travelers and people living on jurisdictional boundaries. President Lyndon Johnson’s 1967 crime task force recommended creating a single number for emergency calls as a crime-prevention tool, and on February 16, 1968, the first 911 call was dialed in Haleyville, Alabama.

#911, #america, #amy-klobuchar, #anna-eshoo, #communication, #congress, #ec-consumer-applications, #ec-enterprise-applications, #ec-1, #extra-crunch-ec-1, #federal-communications-commission, #government, #gps, #home-security-systems, #michael-martin, #rapidsos, #rapidsos-ec-1, #senate, #startups, #tc, #telecommunications, #united-states

Lightyear nabs $13M Series A as online network procurement takes shape

It seems like everything is being pushed online now, but network procurement stubbornly has remained an in-person or phone-based negotiation. Lightyear, an early stage New York City startup decided to change that last year, and the company announced a $13.1 million Series A today.

The round was led by Ridge Ventures with participation from Zigg Capital and a slew of individual investors. Today’s investment comes on the heels of a $3.7 million seed round last October, bringing the total raised to $16.8 million.

CEO and co-founder Dennis Thankachan says that the company has been able to gain customers by offering a new way to procure network resources, which was a great improvement over manual negotiating.

“Last year we launched Lightyear, which was the first tool for buying your telecom infrastructure on the web. And although changing behaviors and the way that enterprises have done things for years is difficult, the status quo in telecom has been zero transparency, no web-based ways to do things, and oftentimes interfacing with really, really large vendors where you have no negotiating leverage even if you’re a big enterprise. That experience was so poor that a lot of enterprises were extremely happy to see what we put in the market,” he said.

What Lightyear offers is an online marketplace where companies can interact with vendors and get a range of price quotes to make a more informed buying decision. The company spent a lot of time improving the product since last October when you could configure some basic stuff, get a price quote, and Lightyear would help you buy it.

Now Thankachan says that the solution covers the full lifecycle of services including configuring a bigger array of services, helping manage the installation of the services and helping reduce the amount of delays and errors in installs. Finally, they help track and manage network inventory and can automate renewal for a whole group of services,

That has resulted in 4X growth in just 9 months since the last round. In addition, the company had relationships with 400 vendors in October and has grown that to mid-500 vendors today. The startup has also doubled the number of employees to around 20.

Thankachan says that as a person of color he is particularly cognizant about building a diverse and inclusive culture. “I’m a person of color, who has been a minority in different work environments in the past, and I know how that feels and how frustrating that can be for a person who feels like their voice is not heard. […] So I think we can start to build a culture that is not necessarily the norm in [the telecommunications industry] by trying to give opportunities to [underrepresented] people,” he said.

Yousuf Khan, a partner at Ridge Ventures, who is leading the round and will be joining the board under the terms of the deal, says that as a former CIO he found Lightyear’s approach quite appealing.

“As a former CIO and someone who has led global technology operations, it’s refreshing to see Lightyear transforming the way business infrastructure gets bought…I wish Lightyear existed during my years as a CIO,” Khan said in a statement.

 

#enterprise, #funding, #lightyear, #procurement, #recent-funding, #ridge-ventures, #startups, #tc, #telecommunications

UK tells messaging apps not to use e2e encryption for kids’ accounts

For a glimpse of the security and privacy dystopia the UK government has in store for its highly regulated ‘British Internet’, look no further than guidance put out by the Department of Digital, Media, Culture and Sport (DCMS) yesterday — aimed at social media platforms and private messaging services — which includes the suggestion that the latter should “prevent’ the use of end-to-end encryption on “child accounts”.

That’s right, the UK government is saying: ‘No end-to-end encryption for our kids please, they’re British’.

And while this is merely guidance for now, the chill is real — because legislation is already on the table.

The UK’s Online Safety Bill was published back in May, with Boris Johnson’s government setting out a sweeping plan to force platforms to regulate user generated content by imposing a legal duty to protect users from illegal (or merely just “harmful”) content.

The bill controversially bundles up requirements to report illegal stuff like child sexual exploitation content to law enforcement with far fuzzier mandates that platforms take action against a range of much-harder-to-define ‘harms’ (from cyber bullying to romance scams).

The end result looks like a sledgehammer to crack a nut. Except the ‘nut’ that could get smashed to pieces in this ministerial vice is UK Internet users’ digital security and privacy. (Not to mention any UK startups and digital businesses that aren’t on board with mass-surveillance-as-a-service.)

That’s the danger if the government follows through on its wonky idea that — on the Internet — ‘safety’ means security must be replaced with blanket surveillance in order to ‘keep kids safe’.

The Online Safety Bill is not the first wonky tech policy plan the UK has come up with. An earlier bid to force adult content providers to age verify users was dropped in 2019, having been widely criticized as unworkable as well as a massive privacy intrusion and security risk.

However, at the time, the government said it was only abandoning the ‘porn blocks’ measure because it was planning to bring forward “the most comprehensive approach possible to protecting children”. Hence the Online Safety Bill now stepping forward to push platforms to remove robust encryption in the name of ‘protecting children’.

Age verification technologies — and all sorts of content monitoring solutions (surveillance tech, doubtless badged as ‘safety’ tech) — also look likely to proliferate as a consequence of this approach.

Pushing platforms to proactively police speech and surveil usage in the hopes of preventing an ill-defined grab-bag of ‘harms’ — or, from the platforms’ perspective, to avoid the risk of eye-watering fines from the regulator if it decides they’ve failed in this ‘duty of care’ — also obviously conjures up a nightmare scenario for online freedom of expression.

Aka: ‘Watch what you type, even in the privacy of your private messaging app, because the UK Internet safety thought police are watching/might block you…’

Privacy rights for UK minors appear to be first on the chopping block, via what DCMS’ guidance refers to as “practical steps to manage the risk of online harm if your online platform allows people to interact, and to share text and other content”.

So, pretty much, if your online platform has any kind of communication layer at all then.

Letting kids have their own safe spaces to express themselves is apparently incompatible with ministers’ populist desire to brand the UK ‘the safest place to go online in the world’, as they like to spin it.

How exactly the UK will achieve safety online if government zealots force service providers to strip away robust security (e2e encryption) — torching the standard of data protection and privacy wrapping Brits’ personal information — is quite the burning question.

Albeit, it’s not one the UK government seems to have considered for even a split second.

“We’ve known for a long time that one of government’s goals for the Online Safety Bill is the restriction, if not the outright criminalisation, of the use of end-to-end encryption,” said Heather Burns, a policy manager for the digital rights organization Open Rights Group (ORG), one of many vocal critics of the government’s approach — discussing the wider implications of the policy push with TechCrunch.

“Recent messaging strategies promoted by government and the media have openly sought to associate end-to-end encryption with child abuse, and to imply that companies which use it are aiding and abetting child exploitation. So DCMS’s newly-published guidance advising the voluntary removal of encryption from children’s accounts is a precursor to it becoming a likely legal requirement.

“It’s also part of government’s drive, again as part of the Online Safety Bill, to require all services to implement mandatory age verification on all users, for all content or applications, in order to identify child users, in order to withhold encryption from them, thanks to aggressive lobbying from the age verification industry.”

That ministerial rhetoric around the Online Safety Bill is heavy on tub-thumping emotional appeals (to ‘protect our children from online nasties’) and low on sequential logic or technological coherence is not a surprise: Successive Conservative governments have, after all, had a massive bee in their bonnets about e2e encryption — dating back to the David Cameron years.

Back then ministers were typically taking aim at strong encryption on counter-terrorism grounds, arguing the tech is bad because it prevents law enforcement from catching terrorists. (And they went on to pass beefed up surveillance laws which also include powers to limit the use of robust encryption.)

However, under more recent PMs Theresa May and Boris Johnson, the child protection rhetoric has stepped up too — to the point where messaging channels are now being actively encouraged not to use e2e encryption altogether.

Next stop: State-sanctioned commercial mass surveillance. And massive risks for all UK Internet users subject to this anti-security, anti-privacy ‘safety’ regime.

“Despite government’s claim that the Bill will make the UK ‘the safest place in the world to be online’, restricting or criminalising encryption will actually make the UK an unsafe place for any company to do business,” warned Burns. “We will all need to resort to VPNs and foreign services, as happens in places like China, in order to keep our data safe. It’s likely that many essential services will block UK customers, or leave the UK altogether, rather than be compelled to act as a privatised nanny state over insecure data flows.”

In a section of the DCMS guidance entitled “protect children by limiting functionality”, the government department literally suggests that “private channels” (i.e. services like messaging apps) “prevent end-to-end encryption for child accounts”. And since accurately age identifying online users remains a challenge it follows that in-scope services may simply decide it’s less legally risky if they don’t use e2e at all.

DCMS’s guidance also follows up with an entirely bolded paragraph — in which the government then makes a point of highlighting e2e encryption as a “risk” to users, generally — and, therefore by implication, to future compliance with the forthcoming Online Safety legislation…

End-to-end encryption makes it more difficult for you to identify illegal and harmful content occurring on private channels. You should consider the risks this might pose to your users,” the UK government writes, emphasis its.

Whether anything can stop this self-destructive policy train now it’s left the Downing Street station is unclear. Johnson has a whopping majority in parliament — and years left before he has to call a general election.

The only thing that could derail the most harmful elements of the Online Safety Bill is if the UK public wakes up to the dangers it poses to everyone’s security and privacy — and if enough MPs take notice and push for amendments.

Earlier this month the ORG, along with some 30 other digital and humans rights groups, called on MPs to do just that and “help keep constituents’ data safe by protecting e2e encryption from legislative threats” — warning that this “basic and essential” security protocol is at risk from clauses in the bill that introduce requirements for companies to scan private and personal messages for evidence of criminal wrongdoing.

Zero access encryption is seen by the UK government as a blocker to such scanning.

“In order to do this, the use of end-to-end encryption is likely to be defined as a violation of the law,” the ORG also warned. “And companies operating in the UK who want to continue to defend user privacy through end-to-end encryption could, under the draft Bill, be threatened with partial shutdowns, being blocked from the UK, or even personal arrests.”

“We call on Parliament to ensure that end-to-end encryption must not be threatened or undermined by the Online Safety Bill, and that services utilising strong encryption are left out of the Bill’s content monitoring and filtering requirements,” it added in the online appeal.

DMCS has been contacted with questions on the logic of the government’s policy toward e2e encryption.

In a statement yesterday, the digital minister Caroline Dinenage said: “We’re helping businesses get their safety standards up to scratch before our new online harms laws are introduced and also making sure they are protecting children and users right now.

“We want businesses of all sizes to step up to a gold standard of safety online and this advice will help them to do so.”

#boris-johnson, #computer-security, #cryptography, #data-protection, #data-security, #e2e-encryption, #encryption, #end-to-end-encryption, #europe, #human-rights, #law-enforcement, #online-freedom, #online-safety-bill, #open-rights-group, #policy, #privacy, #security, #social-media-platforms, #telecommunications, #uk-government, #united-kingdom

Forto raises $240M in funding round led by Softbank, taking its valuation to $1.2Bn

Freight technology startup, Forto, which we most recently covered when it raised $50 million late last year, is upping the stakes.

It’s now raised $240 million in a round led by Softbank Vision Fund 2 to expand its trade shipments between China and Europe. Forto manages shipping containers from origin to destination. Softbank is also hedging its bets after investing in China’s Full Truck Alliance (YMM.N), which plans a $20 billion IPO.

That means Forto’s valuation close to $1.2 billion, after it’s raised a total of $360 million. Also participating in the round were new investors Citi Ventures and G Squared. Existing investors including Northzone, Cherry Ventures and Unbound also took part, Forto said.

German logistics startups are proliferating. Trucking specialist Sennder, a digital road freight forwarder, raised $160 million in Series D financing earlier this year.

Forto says it has 2,500 clients, including Home 24 and German supermarket chain Edeka, and ships up to 10,000 containers a year by sea, rail and air.

#cherry-ventures, #china, #citi-ventures, #companies, #europe, #northzone, #softbank, #softbank-group, #softbank-vision-fund, #tc, #telecommunications, #vodafone

Transmit Security raises $543M Series A to kill off the password

Transmit Security, a Boston-based startup that’s on a mission to rid the world of passwords, has raised a massive $543 million in Series A funding.

The funding round, said to be the largest Series A investment in cybersecurity history and one of the highest valuations for a bootstrapped company, was led by Insight Partners and General Atlantic, with additional investment from Cyberstarts, Geodesic, SYN Ventures, Vintage, and Artisanal Ventures. 

Transmit Security said it has a pre-money valuation of $2.2 billion, and will use the new funds to expand its reach and investing in key global areas to grow the organization.

Ultimately, however, the funding round will help the company to accelerate its mission to help the world go passwordless. Organizations lose millions of dollars every year due to “inherently unsafe” password-based authentication, according to the startup; not only do weak passwords account for more than 80% of all data breaches, but the average help desk labor cost to reset a single password stands at more than $70. 

Transmit says its biometric-based authenticator is the first natively passwordless identity and risk management solution, and it has already been adopted by a number of big-name brands including Lowes, Santander, and UBS. The solution, which currently handles more than 9,000 authentication requests per second, can reduce account resets by 96%, the company says, and reduces customer authentication from 1 minute to 2 seconds. 

“By eliminating passwords, businesses can immediately reduce churn and cart abandonment and provide superior security for personal data,” said Transmit Security CEO Mickey Boodaei, who co-founded the company in 2014. “Our customers, whether they are in the retail, banking, financial, telecommunications, or automotive sectors, understand that providing an optimized identity experience is a multimillion-dollar challenge. With this latest round of funding from premier partners, we can significantly expand our reach to help rid the world of passwords.”

Transmit Security isn’t the only company that’s on a mission to kill off the password. Microsoft has announced plans to make Windows 10 password-free, and Apple recently previewed Passkeys in iCloud Keychain, a method of passwordless authentication powered by WebAuthn, and Face ID and Touch ID.

#access-control, #authenticator, #banking, #boston, #ceo, #computer-security, #cryptography, #funding, #general-atlantic, #identification, #insight-partners, #lowes, #microsoft, #microsoft-windows, #password, #retail, #security, #telecommunications, #transmit-security, #ubs

US lawmakers want to restrict police use of ‘Stingray’ cell tower simulators

According to BuzzFeed News, Democratic Senator Ron Wyden and Representative Ted Lieu will introduce legislation later today that seeks to restrict police use of international mobile subscriber identity (IMSI) catchers. More commonly known as Stingrays, police frequently use IMSI catchers and cell-site simulators to collect information on suspects and intercept calls, SMS messages and other forms of communication. Law enforcement agencies in the US currently do not require a warrant to use the technology. The Cell-Site Simulator Act of 2021 seeks to change that.

IMSI catchers mimic cell towers to trick mobile phones into connecting with them. Once connected, they can collect data a device sends out, including its location and subscriber identity key. Cell-site simulators pose a two-fold problem.

The first is that they’re surveillance blunt instruments. When used in a populated area, IMSI catchers can collect data from bystanders. The second is that they can also pose a safety risk to the public. The reason for this is that while IMSI catchers act like a cell tower, they don’t function as one, and they can’t transfer calls to a public wireless network. They can therefore prevent a phone from connecting to 9-1-1. Despite the dangers they pose, their use is widespread. In 2018, the American Civil Liberties Union found at least 75 agencies in 27 states and the District of Columbia owned IMSI catchers.

In trying to address those concerns, the proposed legislation would make it so that law enforcement agencies would need to make a case before a judge on why they should be allowed to use the technology. They would also need to explain why other surveillance methods wouldn’t be as effective. Moreover, it seeks to ensure those agencies delete any data they collect from those not listed on a warrant.

Although the bill reportedly doesn’t lay out a time limit on IMSI catcher use, it does push agencies to use the devices for the least amount of time possible. It also details exceptions where police could use the technology without a warrant. For instance, it would leave the door open for law enforcement to use the devices in contexts like bomb threats where an IMSI catcher can prevent a remote detonation.

“Our bipartisan bill ends the secrecy and uncertainty around Stingrays and other cell-site simulators and replaces it with clear, transparent rules for when the government can use these invasive surveillance devices,” Senator Ron Wyden told BuzzFeed News.

The bill has support from some Republicans. Senator Steve Daines of Montana and Representative Tom McClintock of California are co-sponsoring the proposed legislation. Organizations like the Electronic Frontier Foundation and the Electronic Privacy Information Center have also endorsed the bill.

This article was originally published on Engadget.

 

#american-civil-liberties-union, #california, #catcher, #column, #electronic-frontier-foundation, #imsi-catcher, #judge, #law-enforcement, #mobile-phone, #mobile-phones, #mobile-security, #montana, #ron-wyden, #sim-card, #sms, #surveillance, #technology, #ted-lieu, #telecommunications, #united-states

Ukrainian police arrest multiple Clop ransomware gang suspects

Multiple suspects believed to be linked to the Clop ransomware gang have been detained in Ukraine after a joint operation from law enforcement agencies in Ukraine, South Korea, and the United States.

The Cyber Police Department of the National Police of Ukraine confirmed that six arrests were made after searches at 21 residences in the capital Kyiv and nearby regions. While it’s unclear whether the defendants are affiliates or core developers of the ransomware operation, they are accused of running a “double extortion” scheme, in which victims who refuse to pay the ransom are threatened with the leak of data stolen from their networks prior to their files being encrypted.

“It was established that six defendants carried out attacks of malicious software such as ‘ransomware’ on the servers of American and [South] Korean companies,” alleged Ukraine’s national police force in a statement.

The police also seized equipment from the alleged Clop ransomware gang, said to behind total financial damages of about $500 million. This includes computer equipment, several cars — including a Tesla and Mercedes, and 5 million Ukrainian Hryvnia (around $185,000) in cash. The authorities also claim to have successfully shut down the server infrastructure used by the gang members to launch previous attacks.

“Together, law enforcement has managed to shut down the infrastructure from which the virus spreads and block channels for legalizing criminally acquired cryptocurrencies,” the statement added.

These attacks first began in February 2019, when the group attacked four Korean companies and encrypted 810 internal services and personal computers. Since, Clop — often styled as “Cl0p” — has been linked to a number of high-profile ransomware attacks. These include the breach of U.S. pharmaceutical giant ExecuPharm in April 2020 and the attack on South Korean e-commerce giant E-Land in November that forced the retailer to close almost half of its stores.

Clop is also linked to the ransomware attack and data breach at Accellion, which saw hackers exploit flaws in the IT provider’s File Transfer Appliance (FTA) software to steal data from dozens of its customers. Victims of this breach include Singaporean telecom Singtel, law firm Jones Day, grocery store chain Kroger, and cybersecurity firm Qualys.

At the time of writing, the dark web portal that Clop uses to share stolen data is still up and running, although it hasn’t been updated for several weeks. However, law enforcement typically replaces the targets’ website with their own logo in the event of a successful takedown, which suggests that members of the gang could still be active.

“The Cl0p operation has been used to disrupt and extort organizations globally in a variety of sectors including telecommunications, pharmaceuticals, oil and gas, aerospace, and technology,” said John Hultquist, vice president of analysis at Mandiant’s threat intelligence unit. “The actor FIN11 has been strongly associated with this operation, which has included both ransomware and extortion, but it is unclear if the arrests included FIN11 actors or others who may also be associated with the operation.”

Hultquist said the efforts of the Ukrainian police “are a reminder that the country is a strong partner for the U.S. in the fight against cybercrime and authorities there are making the effort to deny criminals a safe harbor.”

The alleged perpetrators face up to eight years in prison on charges of unauthorized interference in the work of computers, automated systems, computer networks, or telecommunications networks and laundering property obtained by criminal means.

News of the arrests comes as international law enforcement turns up the heat on ransomware gangs. Last week, the U.S. Department of Justice announced that it had seized most of the ransom paid to members of DarkSide by Colonial Pipeline.

#aerospace, #colonial-pipeline, #crime, #cybercrime, #e-commerce, #extortion, #government, #kroger, #law, #law-enforcement, #malware, #mandiant, #oil-and-gas, #pharmaceuticals, #qualys, #ransomware, #security, #security-breaches, #singtel, #south-korea, #telecommunications, #tesla, #ukraine, #united-states

Could Claap, an asynchronous video meetings platform, end the tyranny of Zoom calls?

Because of the pandemic, we’re all a lot more familiar with remote working than we used to be, whether we like it or not. But the remote tools of the pre-pandemic era – Slack, Trello, Zoom, Asana, etc, etc, etc – are, if we admit it to ourselves, barely scratching the surface of what we really need to be productive. Luckily a new era of remote-working tools is fast emerging. As I recently tweeted, we need to think far more in asynchronous terms if remote working is to be productive (and healthy!), long term.

Older tools can offer asynchronous collaboration, but a new wave of tools is coming. Loom, for instance, is one-way video for ’show and tell’. It’s raised $203.6M – however, it has a drawback: it doesn’t have many collaboration features.

Now a new European startup hopes to address this.

Claap, an asynchronous meeting platform with video and collaboration, thinks it might have part of the solution and a private beta launch is planned for this month.

It’s now raised $3 million in pre-seed funding from LocalGlobe, Headline, E.Ventures, Kima Ventures and angels including Front co-founder Mathilde Collin, Oyster co-founder Tony Jamous, Nest and GoCardless founder Matt Robinson and Automattic’s head of product Aadil Mamujee. It also includes a group of 30 angels such as Ian Hogarth (Songkick), Olivier Godement (Stripe), Roxanne Varza (Station F), Chris Herd (FirstBase), and Xavier Niel (Kima), Shane Mac (investor in Remote).

We all now know that what were previously small catch-ups are now 30-minute Zoom calls, which are pointless. ‘Asynchronous meetings’ could be the way forward.

Claap says its product allows employees to record a short video update on a topic, allow others to comment on the relevant part, and set a due date for team members to respond. Colleagues then view the video and respond in their own time. Claap bulls itself as the remote working equivalent of the ‘quick hallway catch-up’. It integrates with other workplace tools such as Trello or Jira so that when a decision is made on a project, it’s recorded for everyone on the team to see and refer back to. A subscription model is planned which will have a sliding scale depending on team size.

Because it doesn’t require real-time interaction, you don’t need t find a time that suits everyone for a meeting, so in fact the ‘meeting’ sort of disappears. . Instead, the platform creates a space for feedback and iterations.

Founders Robin Bonduelle and Pierre Touzeau looked at solutions already adopted by companies such as Automattic, and GitLab. Touzeau was previously at 360Learning which employed a strict limiting policy for meetings. Bonduelle has 10 years of product management experience, working at various startups and scaleups including Ogury where he was VP of Product, and Rocket Internet. He developed asynchronous communication habits while managing 50 people across 4 different countries and time zones. Touzeau has worked for businesses including L’Oreal and 360Learning, where he was most recently VP of Marketing.

However, asynchronous communication is not always perfect. As we know, Emails and Slack messages can go unread. Video MIGHT be the solution.

Robin Bonduelle, co-founder and CEO at Claap, said: “After a year of working remotely, people are realizing the benefits of not working in an office but at the same time grappling with one of its worst consequences: back-to-back video meetings. A query that in the office would take five minutes to solve now takes at least 30, leaving everyone more exhausted in the process. Claap is designed to solve this issue, allowing colleagues the tools to keep them engaged and connected but without taking up all their time. It’s a new meeting format that allows people to make quick decisions.”

Touzeau said: “Meetings are a necessary part of working, but it doesn’t need to be your entire day. Asynchronous meetings are the key to freeing up our calendars but making sure work still gets done and deadlines are met. We’re excited by the potential Claap has to empower people to work from anywhere.”

George Henry, General Partner at LocalGlobe, said: “We were impressed with Robin and Pierre’s vision and the potential for Claap to allow employees to connect on a project when they need to and facilitate the ability to work from anywhere.”

Jonathan Userovici, Partner at Headline, said: “Zoom may have been the go-to enterprise app over the past 12 months but for the thousands of businesses that are now going to be remote-first, video conferencing alone won’t be enough to keep teams connected and get work done. Claap is the challenger tool to end video-calling fatigue.”

#articles, #asana, #automattic, #chris-herd, #e-ventures, #europe, #general-partner, #gitlab, #gocardless, #groupware, #ian-hogarth, #jonathan-userovici, #kima-ventures, #localglobe, #matt-robinson, #rocket-internet, #songkick, #station-f, #tc, #technology, #telecommunications, #telecommuting, #trello, #video-conferencing, #web-conferencing, #zoom

US removes Xiaomi’s designation as a Communist Chinese Military Company

Xiaomi, one of China’s high-profile tech firms that fell in the crosshairs of the Trump administration, has been removed from a U.S. government blacklist that designated it as a Communist Chinese Military Company.

The U.S. District Court for the District of Columbia has vacated the Department of Defence’s designation of Xiaomi as a CCMC in January, a document filed on May 25 shows.

In February, Xiaomi sued the U.S. government over its inclusion in the military blacklist. In March, the D.C. court granted Xiaomi a preliminary injunction against the DoD designation, which would have forbidden all U.S. persons from purchasing or possessing Xiaomi’s securities, saying the decision was “arbitrary and capricious.” The ruling was made to prevent “irreparable harm” to the Chinese phone maker.

Xiaomi has this to say about getting off the blacklist:

The Company is grateful for the trust and support of its global users, partners, employees and shareholders. The Company reiterates that it is an open, transparent, publicly traded, independently operated and managed corporation. The Company will continue to provide reliable consumer electronics products and services to users, and to relentlessly build amazing products with honest prices to let everyone in the world enjoy a better life through innovative technology.

Xiaomi’s domestic competitor Huawei is still struggling with its inclusion in the U.S. trade blacklist, which bans it from accessing critical U.S. technologies and has crippled its smartphone sales around the world.

#asia, #china, #gadgets, #government, #telecommunications, #trump-administration, #u-s-government, #united-states, #xiaomi

Google Cloud teams up with SpaceX’s Starlink for enterprise connectivity at network’s edge

SpaceX’s bourgeoning Starlink satellite-based broadband internet service just got a big boost from a significant new partner: Google Cloud. Thanks to a new partnership between the two, SpaceX will now be locating Starlink ground stations right within Google’s existing data centers, providing the Starlink network with direct access to ground-based network infrastructure to help facilitate network connections for customers who are on the edges of the footprint of existing network access.

Starlink’s entire aim is to provide reliable, broadband-quality connections to areas that have typically be hard or impossible to reach with legacy ground-based network infrastructure, including cellular networks. The tie-up with Google means that not only will business and public sector customers taking advantage of that new network reach have access to internet connections, but also to cloud-based infrastructure and applications, including AI and machine learning capabilities, analytics and more.

This should not only bolster Starlink’s reliability in terms of its consumer clients, but also provide key capabilities for serving enterprise customers — another key target demographic for the growing Starlink business, though much of the public focus thus far for Starlink’s roll-out has been on residential access across its expanding beta.

Google and Starlink expect to begin to become available to enterprise customers soon — sometime pin the “second half of 2021” according to a press release issued by the companies.

SpaceX has been very aggressive in building out the Starlink network in the past few months, launching 480 in just around there months. All that in-space infrastructure build out could well have been pre-amble to this collaboration and enterprise-focused service launch, in addition to helping SpaceX expand Starlink consumer service quality and availability.

#artificial-intelligence, #broadband, #google, #google-cloud, #internet-access, #machine-learning, #space, #spacecraft, #spaceflight, #spacex, #starlink, #tc, #telecommunications

Google Fi turns 6 and gets a new unlimited plan

Google Fi, Google’s cell network, is turning six today and to celebrate, the team is launching a new pricing plan, dubbed ‘Simply Unlimited’ starting at $60 per month for a single line (down to $30 per line for 3 lines or more). The new plan features unlimited calls and texts in the U.S., plus unlimited data and texting in the U.S., Canada and Mexico.

Image Credits: Google

You may recall that Fi’s original promise was a single, affordable pay-as-you-go plan where you would pay a fixed price per month for the basic call and texting service and then pay an extra $10 per GB of data you used per billing cycle, capped at $80 per month. In 2019, Google then turned this into what is essentially an unlimited plan, dubbed Fi Unlimited, starting at $70 per month for a single line, with discounts for additional lines.

The new ‘Simply Unlimited’ plan is a pared-down version of the original Unlimited plan, which is now called the Unlimited Plus plan (yeah, that’s a lot of names). Now, that plan has still a lot of extra features that power users aren’t likely willing to give up for a slightly lower price. In addition to everything in the new Simply Unlimited plan, this plan still features free international calls to more than 50 countries and international data in more than 200 destinations, plus full-speed hotspot tethering and 100GB of Google One cloud storage.

The Flexible plan is also still an option, with its base fee of $20 per month for texting and calling for a single line (down to $17 per month for three lines) and $10 per GB of data, no matter whether you use if abroad or at home — or for hotspot tethering. Google says that’s the plan to choose if you’re mostly on WiFi — as most of us are right now.

Basically, if you’re not planning to use your phone outside of North America, the new Simply Unlimited plan looks like a good deal that, depending on your use case, compares favorably with similarly priced plans from other carriers — especially if international data is important to you.

Image Credits: Google

#canada, #free, #google, #google-fi, #mexico, #mobile, #north-america, #telecommunications, #tethering, #text-messaging, #united-states, #wireless

First findings with Apple’s new AirTag location devices

I’ve been playing around with Apple’s new AirTag location devices for a few hours now and they seem to work pretty much as advertised. The setup flow is simple and clean, taking clear inspiration from the one Apple developed for AirPods. The precision finding feature enabled by the U1 chip works as a solid example of utility-driven augmented reality, popping up a virtual arrow and other visual identifiers on the screen to make finding a tag quicker.

The basic way that AirTags work, if you’re not familiar, is that they use Bluetooth beaconing technology to announce their presence to any nearby devices running iOS 14.5 and above. These quiet pings are encrypted and invisible (usually) to any passer by, especially if they are with their owners. This means that no one ever knows what device actually ‘located’ your AirTag, not even Apple.

With you, by the way, means in relative proximity to a device signed in to the iCloud account that the AirTags are registered to. Bluetooth range is typically in the ~40 foot range depending on local conditions and signal bounce. 

In my very limited testing so far, AirTag location range fits in with that basic Bluetooth expectation. Which means that it can be foiled by a lot of obstructions or walls or an unflattering signal bounce. It often took 30 seconds or more to get an initial location from an AirTag in another room, for instance. Once the location was received, however, the instructions to locate the device seemed to update quickly and were extremely accurate down to a few inches.

The AirTags run for a year on a standard CR2032 battery that’s user replaceable. They offer some water resistance including submersion for some time. There are a host of accessories that seem nicely designed like leather straps for bags, luggage tags and key rings.

So far so good. More testing to come. 

Some protections

As with anything to do with location, security and privacy are a top of mind situation for AirTags, and Apple has some protections in place.

You cannot share AirTags — they are meant to be owned by one person. The only special privileges offered by people in your iCloud Family Sharing Group is that they can silence the ‘unknown AirTag nearby’ alerts indefinitely. This makes AirTags useful for things like shared sets of keys or maybe even a family pet. This means that AirTags will not show up on your family Find My section like other iOS devices might. There is now a discrete section within the app just for ‘Items’ including those with Find My functionality built in. 

The other privacy features include a ‘warning’ that will trigger after some time that a tag is in your proximity and NOT in the proximity of its owner (aka, traveling with you perhaps in a bag or car). Your choices are then to make the tag play a sound to locate it — look at its information including serial number and to disable it by removing its battery. 

Any AirTag that has been away from its owner for a while — this time is variable and Apple will tweak it over time as it observes how AirTags work — will start playing a sound whenever it is moved. This will alert people to its presence. 

You can, of course, also place an AirTag into Lost Mode, offering a choice to share personal information with anyone who locates it as it plays an alert sound. Anyone with any smart device with NFC, Android included, can tap the device to see a webpage with information that you choose to share. Or just a serial number if you do not choose to do so. 

This scenario addresses what happens if you don’t have an iOS device to alert you to a foreign AirTag in your presence, as it will eventually play a sound even if it is not in lost mode and the owner has no control over that.

It’s clear that Apple has thought through many of the edge cases, but some could still crop up as it rolls out, we’ll have to see.

Apple has some distinct market advantages here:

  • Nearly a billion devices out in the world that can help to locate an AirTag.
  • A built-in U1 wideband chip that communicates with a similar U1 chip in iPhones to enable super precise (down to inches) location.
  • A bunch of privacy features that don’t appear on competing tags.

Important to note that Apple has announced the development of a specification for chipset makers that lets third-party devices with Ultra Wideband radios access the U1 chip onboard iPhones ‘later this Spring’. This should approximate the Precision Finding feature’s utility in accessories that don’t have the advantage of having a U1 built in like the AirTags do. And, of course, Apple has opened up the entire Find My mesh network to third party devices from Belkin, Chipolo and VanMoof that want to offer a similar basic finding function as offered by AirTags. Tile has announced plans to offer a UWB version of its tracker as well, even as it testified in Congress yesterday that Apple’s advantages made its entry into this market unfair. 

It will be interesting to see these play out once AirTags are out getting lost in the wild. I have had them for under 12 hours so I’ve not been able to test edge cases, general utility in public spaces or anything like that. 

The devices go on sale on April 23rd.

#airpods, #airtag, #airtags, #android, #apple, #apple-inc, #belkin, #bluetooth, #congress, #find-my, #icloud, #ios, #ios-14, #iphone, #mesh-network, #smart-device, #tc, #technology, #telecommunications, #u1, #u1-chip, #ultra-wideband

Pipe, which aims to be the ‘Nasdaq for revenue,’ raises more money at a $2B valuation

Fast-growing fintech Pipe has raised another round of funding at a $2 billion valuation, just weeks after raising $50M in growth funding, according to sources familiar with the deal.

Although the round is still ongoing, Pipe has reportedly raised $150 million in a “massively oversubscribed” round led by Baltimore, Md.-based Greenspring Associates. While the company has signed a term sheet, more money could still come in, according to the source. Both new and existing investors have participated in the fundraise.

The increase in valuation is “a significant step up” from the company’s last raise. Pipe has declined to comment on the deal.

A little over one year ago, Pipe raised a $6 million seed round led by Craft Ventures to help it pursue its mission of giving SaaS companies a funding alternative outside of equity or venture debt.

The buzzy startup’s goal with the money was to give SaaS companies a way to get their revenue upfront, by pairing them with investors on a marketplace that pays a discounted rate for the annual value of those contracts. (Pipe describes its buy-side participants as “a vetted group of financial institutions and banks.”)

Just a few weeks ago, Miami-based Pipe announced a new raise — $50 million in “strategic equity funding” from a slew of high-profile investors. Siemens’ Next47 and Jim Pallotta’s Raptor Group co-led the round, which also included participation from Shopify, Slack, HubSpot, Okta, Social Capital’s Chamath Palihapitiya, Marc Benioff, Michael Dell’s MSD Capital, Republic, Alexis Ohanian’s Seven Seven Six and Joe Lonsdale.

At that time, Pipe co-CEO and co-founder Harry Hurst said the company was also broadening the scope of its platform beyond strictly SaaS companies to “any company with a recurring revenue stream.” This could include D2C subscription companies, ISP, streaming services or a telecommunications companies. Even VC fund admin and management are being piped on its platform, for example, according to Hurst.

“When we first went to market, we were very focused on SaaS, our first vertical,” he told TC at the time. “Since then, over 3,000 companies have signed up to use our platform.” Those companies range from early-stage and bootstrapped with $200,000 in revenue, to publicly-traded companies.

Pipe’s platform assesses a customer’s key metrics by integrating with its accounting, payment processing and banking systems. It then instantly rates the performance of the business and qualifies them for a trading limit. Trading limits currently range from $50,000 for smaller early-stage and bootstrapped companies, to over $100 million for late-stage and publicly traded companies, although there is no cap on how large a trading limit can be.

In the first quarter of 2021, tens of millions of dollars were traded across the Pipe platform. Between its launch in late June 2020 through year’s end, the company also saw “tens of millions” in trades take place via its marketplace. Tradable ARR on the platform is currently in excess of $1 billion.

#alexis-ohanian, #baltimore, #banking, #chamath-palihapitiya, #corporate-finance, #craft-ventures, #finance, #funding, #fundings-exits, #greenspring-associates, #hubspot, #investment, #isp, #joe-lonsdale, #marc-benioff, #maryland, #miami, #okta, #payment-processing, #pipe, #raptor-group, #recent-funding, #saas, #shopify, #siemens, #social-capital, #startups, #streaming-services, #tc, #telecommunications, #venture-capital

Astra awarded NASA launch contract for storm observation satellites

Astra, the Alameda-based space launch startup that recently announced its intent to go public via a SPAC merger, has secured a contract to deliver six cube satellites to space on behalf of NASA. Astra stands to be paid $7.95 million by the agency for fulfilment of the contract. This will be a key test of Astra’s responsive rocket capabilities, with a planned three-launch mission profile spanning up to four months, currently targeting sometime between January 8 and July 31 of 2022.

The satellites are for NASA’s Time-Resolved Observations of Precipitation Structure and Storm Intensity with a Constellation of SmallSats (TROPICS) mission, which is a science mission that will collect data about hurricanes and their formation, including temperature, pressure and humidity readings. Like the extremely long, tortured-for-an-acronym name of the mission suggests, the data will be collected using a small constellation of satellites, each roughly the size of a shoebox.\

Astra completed its second of three planned launches designed to ultimately achieve orbit late last year, and exceeded its own expectations by reaching space and nearly achieving orbit. The company said that based on the data it collected from that mission, the final remaining barriers to actually making orbit are all fixable via changes to its software. Based on that, Astra CEO and founder Chris Kemp said that it believes it’s now ready to begin flying commercial payloads.

Kemp was formerly CTO of NASA, and has co-founded a number of technology companies over the years as well. This latest NASA mission isn’t its first contracted launch – far from it, in fact, since the company has said it currently has more than 50 total missions on its slate from both private and government customers, with a total value of over $150 million in revenue.

#aerospace, #astra, #ceo, #chris-kemp, #cto, #nasa, #outer-space, #rocket-lab, #satellite, #science, #small-satellite, #space, #spacecraft, #spaceflight, #tc, #technology, #telecommunications

Rode’s Wireless Go II delivers key upgrades to the best mobile mic for creators

Rode Microphones has a new and improved version of its much-loved Go portable mic, the Wireless Go II, which uses the same form factor as the original but adds a list of new and improved features. Most notably, the Go II offers two transmitter packs that can simultaneously talk to a single receiver, letting you record two individual speakers to the same camera or connected device.

Basics

The Rode Wireless Go II ($299) ships with everything you need to begin recording high-quality audio to a camera or anything else that can connect to a 3.5mm jack. The transmitter packs – there are two of them in the box – have built-in microphones that offer great sound on their own, or you can use them with any 3.5mm-equipped lavalier mic depending on your needs.

The receiver pack can output to 3.5mm TRS, but it can also transmit using USB Type-C (which is also for charging). This is new for this generation, and Rode also sells USB-C to USB-C and USB-C to Lightning cables so that you can use them with modern Android devices, iPhones, iPads, Macs and PCs.

Image Credits: Rode

Each of the three packs has a built-in rechargeable battery that can provide up to 7 hours of operating time on a single charge. You can independently adjust the gain on each of the transmitters, and mute each individually or both from the receiver pack. You can also swap between mono recording with each transmitter as a channel, and stereo recording modes.

The transmitters can operate at a range of 200 meters (roughly 650 feet) from the receiver, provided they have line-of-sight, and the receiver has a display to show you input levels, battery status, connectivity and more. The transmitters each have two LEDs that provide visual feedback for connectivity and gain. Each also automatically records locally, with the ability to store more than 24 hours of audio on built-in storage in case of dropouts in connectivity.

Design and performance

With this update, it really feels like Rode has thought of everything. You can get started immediately, for one, since the transmitter packs and receiver come pre-paired and assigned to left and right channels by default. They’re incredibly user-friendly, and while Rode has introduced a new Windows and Mac app for centralized control of them called Rode Central, you don’t actually need any additional software to get started recording with them.

This updated version also uses a new RF transmission tech that has 128-bit encryption built in, with a much farther line-of-site range for their use. This is designed to make them much more reliable in areas where there’s a lot of RF traffic happening already – like a busy shopping mall (once COVID times are behind us), conference halls, or other public areas with lots of people and smartphones around.

The onboard memory is also new, and means you’ll never have to worry about any potential dropped connections since you’ll always have a local file to rely on on the transmitter packs themselves. A similar peace-of-mind feature is a safety channel that records a back-up track at -20db, so that if you encounter any overloud sounds that cause peaking in your primary recording, you’ll have another option. Both of these features have to be turned on proactively in the Rode Central app, which Rode will also use to deliver future firmware updates for the Go II, but they’re very welcome additions.

Image Credits: Darrell Etherington

Meanwhile, the best new feature might be that you get all these improvements in the same great package. Rode’s original Go was remarkable in large part because it came in such a small, portable package, with transmitters that featured built-in mics as well as being great body packs. The size here is exactly the same, and these use the same integrated clips that make them compatible with all of Rode’s existing Go accessories.

Bottom line

There’s a concept of ‘lapping’ in racing, where you’re so far ahead of a competitor that you overtake them again. That’s basically what Rode has done with the Go II, which pads the lead for the best mobile video/field podcasting mic on the market, with smart features that address the few downsides of the original.

#android, #darrell-etherington, #gadgets, #hardware, #ipads, #microphone, #microphones, #reviews, #rode-microphones, #smartphones, #tc, #technology, #telecommunications, #transmitter, #usb, #wireless

Atlanta area gets a 5G incubator courtesy of T-Mobile and Georgia Tech

The Atlanta area is getting a new incubator for startups working with 5G technology courtesy of T-Mobile and Georgia Tech’s Advanced Technology Development Center, the companies announced today.

It’s an expansion of the T-Mobile Accelerator program and part of the big carrier’s efforts to boost 5G innovation.

Located in the Atlanta adjacent exurb of Peachtree Corners’ technology development park, which is already equipped with T-Mobile’s 5G services, the incubator will help developers build and test 5G use cases including autonomous vehicles, robotics, industrial drone applications, mixed reality training and entertainment, remote medical care and personal health, the company said.

Startups working with the 5G Connected Future program will work directly with folks at T-Mobile’s accelerator, Georgia Tech, and Curiosity Lab, an initiative in the Peachtree Corners campus.

“In addition to the normal startup concerns, entrepreneurs in the 5G space face a unique set of challenges such as regulatory issues at the state and local levels, network security, and integration testing,” said ATDC Director John Avery.

Peachtree Corners’ setup may help folks navigate that roll out. As part of its involvement ATDC will offer programing, recruit and evaluate startups, and hire staff to manage the vertical in Peachtree Corners, the organization said.

“This collaboration is a great opportunity for ATDC and Georgia Tech, the city of Peachtree Corners and Curiosity Lab, and T-Mobile, a Fortune 50 company, to create a unique collection to work with these companies, refine their ideas into scalable companies, and bring these solutions to market more quickly,” Avery said.

 

Such a partnership underscores “Georgia Tech’s commitment to enabling tomorrow’s technology leaders, which remains as strong as when ATDC was founded 41 years ago,” said Chaouki T. Abdallah, Georgia Tech’s executive vice president for research. “Innovation cannot take place in a vacuum, which is why entrepreneurs and startups require the knowledge and resources provided through partnerships such as ours.”

#5g, #atlanta, #director, #georgia-tech, #science-and-technology, #startup-company, #t-mobile, #tc, #technology, #telecommunications

Isotropic Systems raises $40 million for a satellite antenna that could make the most of new constellations

UK-based Isotropic Systems has raised a $40 million funding in an “oversubscribed” round that the startup says will help it get its next-generation broadband terminal to the production phase by its 2022 target. The funding, a Series B that brings the company’s total raised to $60 million, was led by SES and included participation form Boeing HorizonX, Space Angels, Orbital Ventures on the venture side, and that includes UK government grant support as well.

Isotropic’s business is centred around a new type of broadband terminal it’s developing that can communicate across multiple frequencies, making it possible for it to connect to more than one satellite network at the same time without any loss in signal quality or network speed for any individual connection. The final product would then offer ground connectivity to customers that could potentially maintain connections with more than one of the emerging satellite broadband networks in development, including those being set up by OneWeb, SpaceX, Intelsat, SES, Amazon and more.

The startup will be stand-in cup a 20,000 square-foot testing and prediction facility near Reading in the UK, and expects to have the first operational version of its ground terminal in production by 2022. If its final product works as advertised, it could be a major boon both for satellite network connectivity providers and for clients, since it would mean that customers who can afford the service don’t have to either select from among the available options, and can instead use one hardware solution to connect to multiple in order to take advantage of potential speed benefits, as well as network redundancy.

The benefits are obvious, provided the financials make sense. Imagine, for instance, using onboard wifi on an international flight. Typically, these networks have been unreliable to say the least. Coverage and quality drop-outs are common, and speeds tend to be weak in even the best of cases. Networks like Starlink aim to correct a lot of these legacy problems, but even better would be a solution that offers connection to multiple satellite networks simultaneously, switching between each connection as necessary to maintain the best possible network quality – and potentially combining available bandwidth when possible to boost speeds.

Isotropic’s potential customer list for such an offering spans military, government, and civilian markets, across both broadband and low-data IoT networks. This latest funding should help it prove its groundbreaking technology can attain the production scale and efficacy required to live up to its promise.

#aerospace, #amazon, #boeing, #broadband, #europe, #funding, #intelsat, #internet-service-providers, #national-broadband-plan, #oneweb, #reading, #recent-funding, #satellite-broadband, #satellites, #ses, #space, #spacecraft, #spacex, #starlink, #startups, #tc, #telecommunications, #uk-government, #united-kingdom

T-Mobile says hackers accessed some customer call records in data breach

T-Mobile, the third largest cell carrier in the U.S. after completing its recent $26 billion merger with Sprint, ended 2020 by announcing its second data breach of the year.

The cell giant said in a notice buried on its website that it recently discovered unauthorized access to some customers’ account information, including the data that T-Mobile makes and collects on its customers in order to provide cell service.

From the notice: “Our cybersecurity team recently discovered and shut down malicious, unauthorized access to some information related to your T-Mobile account. We immediately started an investigation, with assistance from leading cybersecurity forensics experts, to determine what happened and what information was involved. We also immediately reported this matter to federal law enforcement and are now in the process of notifying impacted customers.”

Known as customer proprietary network information (CPNI), this data can include call records — such as when a call was made, for how long, the caller’s phone number and the destination phone numbers for each call, and other information that might be found on the customer’s bill.

But the company said that the hackers did not access names, home or email addresses, financial data, and account passwords (or PINs).

The notice didn’t say when T-Mobile detected the breach, only that it was now notifying affected customers.

A spokesperson for T-Mobile did not respond to requests for comment, but told one news site that the breach affects about 0.2% of all T-Mobile customers — or approximately 200,000 customers.

It’s the latest security incident to hit the cell giant in recent years.

In 2018, T-Mobile said as many as two million customers may have had their personal information scraped. A year later, the company confirmed hackers accessed records on another million prepaid customers. Just months into 2020, T-Mobile admitted a breach on its email systems that saw hackers access some T-Mobile employee email accounts, exposing some customer data.

#data-breach, #mobile, #security, #spokesperson, #t-mobile, #t-mobile-uk, #telecommunications, #united-states

NSO used real people’s location data to pitch its contact-tracing tech, researchers say

Spyware maker NSO Group used real phone location data on thousands of unsuspecting people when it demonstrated its new COVID-19 contact-tracing system to governments and journalists, researchers have concluded.

NSO, a private intelligence company best known for developing and selling governments access to its Pegasus spyware, went on the charm offensive earlier this year to pitch its contact-tracing system, dubbed Fleming, aimed at helping governments track the spread of COVID-19. Fleming is designed to allow governments to feed location data from cell phone companies to visualize and track the spread of the virus. NSO gave several news outlets each a demo of Fleming, which NSO says helps governments make public health decisions “without compromising individual privacy.”

But in May, a security researcher told TechCrunch that he found an exposed database storing thousands of location data points used by NSO to demonstrate how Fleming works — the same demo seen by reporters weeks earlier.

TechCrunch reported the apparent security lapse to NSO, which quickly secured the database, but said that the location data was “not based on real and genuine data.”

NSO’s claim that the location data wasn’t real differed from reports in Israeli media, which said NSO had used phone location data obtained from advertising platforms, known as data brokers, to “train” the system. Academic and privacy expert Tehilla Shwartz Altshuler, who was also given a demo of Fleming, said NSO told her that the data was obtained from data brokers, which sell access to vast troves of aggregate location data collected from the apps installed on millions of phones.

TechCrunch asked researchers at Forensic Architecture, an academic unit at Goldsmiths, University of London that studies and examines human rights abuses, to investigate. The researchers published their findings on Wednesday, concluding that the exposed data was likely based on real phone location data.

The researchers said if the data is real, then NSO “violated the privacy” of 32,000 individuals across Rwanda, Israel, Bahrain, Saudi Arabia and the United Arab Emirates — countries that are reportedly customers of NSO’s spyware.

The researchers analyzed a sample of the exposed phone location data by looking for patterns they expected to see with real people’s location data, such as a concentration of people in major cities and by measuring the time it took for individuals to travel from one place to another. The researchers also found spatial irregularities that would be associated with real data, such as star-like patterns that are caused by a phone trying to accurately pinpoint its location when the line of sight to the satellite is obstructed by tall buildings.

“The spatial ‘irregularities’ in our sample — a common signature of real mobile location tracks — further support our assessment that this is real data. Therefore, the dataset is most likely not ‘dummy’ nor computer generated data, but rather reflects the movement of actual individuals, possibly acquired from telecommunications carriers or a third-party source,” the researchers said.

The researchers built maps, graphs, and visualizations to explain their findings, while preserving the anonymity of the individuals whose location data was fed into NSO’s Fleming demo.

Gary Miller, a mobile network security expert and founder of cyber intelligence firm Exigent Media, reviewed some of the datasets and graphs, and concluded it was real phone location data.

Miller said the number of data points increased around population hubs. “If you take a scatter plot of cell phone locations at a given point in time, there will be consistency in the number of points in suburban versus urban locations,” he said. Miller also found evidence of people traveling together, which he said “looked consistent with real phone data.”

He also said that even “anonymized” location data sets can be used to tell a lot about a person, such as where they live and work, and who they visit. “One can learn a lot of details about individuals simply by looking at location movement patterns,” he said.

“If you add up all of the similarities it would be very difficult to conclude that this was not actual mobile network data,” he said.

A timeline of one person’s location data in Bahrain over a three-week period. Researchers say these red lines represent travel that seems plausible within the indicated time. (Image: Forensic Architecture/supplied)

John Scott-Railton, a senior researcher at Citizen Lab, said the data likely originated from phone apps that use a blend of direct GPS data, nearby Wi-Fi networks, and the phone’s in-built sensors to try to improve the quality of the location data. “But it’s never really perfect,” he said. “If you’re looking at advertising data — like the kind that you buy from a data broker — it would look a lot like this.”

Scott-Railton also said that using simulated data for a contact-tracing system would be “counterproductive,” as NSO would “want to train [Fleming] on data that is as real and representative as possible.”

“Based on what I saw, the analysis provided by Forensic Architecture is consistent with the previous statements by Tehilla Shwartz Altshuler,” said Scott-Railton, referring to the academic who said NSO told her that was based on real data.

“The whole situation paints a picture of a spyware company once more being cavalier with sensitive and potentially personal information,” he said.

NSO rejected the researchers’ findings.

“We have not seen the supposed examination and have to question how these conclusions were reached. Nevertheless, we stand by our previous response of May 6, 2020. The demo material was not based on real and genuine data related to infected COVID-19 individuals,” said an unnamed spokesperson. (NSO’s earlier statement made no reference to individuals with COVID-19.)

“As our last statement details, the data used for the demonstrations did not contain any personally identifiable information (PII). And, also as previously stated, this demo was a simulation based on obfuscated data. The Fleming system is a tool that analyzes data provided by end users to help healthcare decision-makers during this global pandemic. NSO does not collect any data for the system, nor does NSO have any access to collected data.”

NSO did not answer our specific questions, including where the data came from and how it was obtained. The company claims on its website that Fleming is “already being operated by countries around the world,” but declined to confirm or deny its government customers when asked.

Contact Us

Got a tip? Contact us securely using SecureDrop. Find out more here.

The Israeli spyware maker’s push into contact tracing has been seen as a way to repair its image, as the company battles a lawsuit in the United States that could see it reveal more about the governments that buy access to its Pegasus spyware.

NSO is currently embroiled in a lawsuit with Facebook-owned WhatsApp, which last year blamed NSO for exploiting an undisclosed vulnerability in WhatsApp to infect some 1,400 phones with Pegasus, including journalists and human rights defenders. NSO says it should be afforded legal immunity because it acts on behalf of governments. But Microsoft, Google, Cisco, and VMware filed an amicus brief this week in support of WhatsApp, and calling on the court to reject NSO’s claim to immunity.

The amicus brief came shortly after Citizen Lab found evidence that dozens of journalists were also targeted with Pegasus spyware by NSO customers, including Saudi Arabia and the United Arab Emirates. NSO disputed the findings.

#covid-19, #database, #espionage, #forensic-architecture, #government, #health, #mobile-phone, #nso-group, #privacy, #security, #simulation, #spyware, #telecommunications