FreshRSS

🔒
❌ About FreshRSS
There are new available articles, click to refresh the page.
Yesterday — August 2nd 2021Your RSS feeds

Amazon will pay you $10 in credit for your palm print biometrics

By Zack Whittaker

How much is your palm print worth? If you ask Amazon, it’s about $10 in promotional credit if you enroll your palm prints in its checkout-free stores and link it to your Amazon account.

Last year, Amazon introduced its new biometric palm print scanners, Amazon One, so customers can pay for goods in some stores by waving their palm prints over one of these scanners. By February, the company expanded its palm scanners to other Amazon grocery, book and 4-star stores across Seattle.

Amazon has since expanded its biometric scanning technology to its stores across the U.S., including New York, New Jersey, Maryland and Texas.

The retail and cloud giant says its palm scanning hardware “captures the minute characteristics of your palm — both surface-area details like lines and ridges as well as subcutaneous features such as vein patterns — to create your palm signature,” which is then stored in the cloud and used to confirm your identity when you’re in one of its stores.

Amazon’s latest promotion: $10 promotional credit in exchange for your palm print. (Image: Amazon)

What’s Amazon doing with this data exactly? Your palm print on its own might not do much — though Amazon says it uses an unspecified “subset” of anonymous palm data to improve the technology. But by linking it to your Amazon account, Amazon can use the data it collects, like shopping history, to target ads, offers and recommendations to you over time.

Amazon also says it stores palm data indefinitely, unless you choose to delete the data once there are no outstanding transactions left, or if you don’t use the feature for two years.

While the idea of contactlessly scanning your palm print to pay for goods during a pandemic might seem like a novel idea, it’s one to be met with caution and skepticism given Amazon’s past efforts in developing biometric technology. Amazon’s controversial facial recognition technology, which it historically sold to police and law enforcement, was the subject of lawsuits that allege the company violated state laws that bar the use of personal biometric data without permission.

“The dystopian future of science fiction is now. It’s horrifying that Amazon is asking people to sell their bodies, but it’s even worse that people are doing it for such a low price,” said Albert Fox Cahn, the executive director of the New York-based Surveillance Technology Oversight Project, in an email to TechCrunch.

“Biometric data is one of the only ways that companies and governments can track us permanently. You can change your name, you can change your Social Security number, but you can’t change your palm print. The more we normalize these tactics, the harder they will be to escape. If we don’t [draw a] line in the sand here, I am very fearful what our future will look like,” said Cahn.

When reached, an Amazon spokesperson declined to comment.

 

Before yesterdayYour RSS feeds

Introducing the Open Cap Table Coalition

By Ram Iyer
Aron Solomon Contributor
Aron Solomon, J.D., is the head of Strategy for Esquire Digital and the editor of Today’s Esquire. He has taught entrepreneurship at McGill University and the University of Pennsylvania, and was the founder of LegalX, a legal technology accelerator.

On Tuesday, the Open Cap Table Coalition announced its launch through an inaugural Medium post. The goal of this project is to standardize startup capitalization table data as well as make it far more accessible, transparent and portable.

For those unfamiliar with a cap table, it’s a list of who owns your company’s securities, which includes your company shares, options and more. A clear and simple cap table should quickly indicate who owns what and how much of it they own. For a variety of reasons (sometimes inexperience or bad advice) too many equity holders often find companies’ capitalization information to be opaque and not easily accessible.

This is particularly important for the small percentage of startups that survive in the long term, as growth makes for far more complicated cap tables.

A critical part of good startup hygiene is to always have a clean and updated cap table. Since there is no set format and cap tables are generally not out in the open, they are often siloed rather than collaborative.

Cap tables are near and dear to me as someone who has advised hundreds of startups over the past two decades as the founder of an accelerator, a venture partner and a senior adviser at a government-funded startup launchpad. I have been on the shareholder side of the equation as well and can assure you that pretty much nothing destroys trust between shareholders and startups quicker than poor communication, especially around issues such as the current status of the cap table.

A critical part of good startup hygiene is to always have a clean and updated cap table.

I really like the idea of a cap table being an open corporate record, because the value proposition to the companies is clear. From the time a startup creates a cap table, it’s prone to inaccuracy, friction and mistakes. What this means in practice is that startups may spend money on cap-table-related issues that they should be spending on other things. From a legal process perspective, the law firm that is brought in to help with these issues has to deal with tedious back-end work, so the legal time isn’t high value for either the startup or the law firm.

The value proposition for equity holders is equally clear. All equity holders have a general and legal interest in a company’s capitalization information. They have the right to this information, which they may need for a variety of reasons (including, if things ever get really bad, an aggrieved shareholder action). So making this information clear and easily accessible is a service to equity holders and can also encourage more investment, especially from less experienced investors.

When I imagine what this project could become in the next couple of years, I think back to late 2013, when Y Combinator announced the SAFE (simple agreement for future equity). I think the SAFE is a good analogy here, as no one knew what it was and people wondered if this was a nice-to-have rather than a must-have for startups. But the end result was a dramatic improvement in the early-stage capital-raising process.

While the coalition’s founders include Morgan Stanley’s Shareworks, LTSE Software and Carta, it’s also heavy on Big Law, with Cooley, Goodwin Procter, Wilson Sonsini Goodrich & Rosati, Orrick, Gunderson Dettmer, Latham & Watkins, and Fenwick & West rounding out the group of 10 founding members.

So what’s the real motivation of seven law firms, which together saw revenue of over $10 billion in 2020 to collaborate on an open cap table product for startups? Deal flow.

Big Law has been trying for a couple of decades to build relationships with startups at the stage where it makes no sense for a startup to be dealing with a massive and expensive law firm. Their efforts to build startup programs have often fallen short and received mixed reviews. They have also been far too heavy on the self-serve and too light on the “we’re going to give you our regular Big Law level of services at a small fraction of the costs just in case you make it big and can one day pay our regular fees.” So these firms are trying to separate themselves from the rest of the Big Law pack by building this entrepreneur-friendly tech.

The coalition has already produced its initial version of the open cap table. The real question is whether this is going to be a big deal, as the SAFE was, or whether it’s going to be a vanity solution in search of a real problem. My best guess is that if this coalition gets all the relationships right, doesn’t get greedy and understands that there is a social good component at play here, this could be, reasonably quickly, as impactful as the SAFE was.

Scarlett Johansson files suit over Disney+ ‘Black Widow’ release

By Brian Heater

With Scarlett Johansson’s time as an Avenger seemingly in the rearview, the “Black Widow” star has filed a breach of contract suit against Marvel-owner Disney. The lawsuit, filed in Los Angeles Superior Court this week, alleges that the studio breached its agreement with the star when it released the film on Disney+ alongside its theatrical debut.

“As Ms. Johansson, Disney, Marvel, and most everyone else in Hollywood knows, a ‘theatrical release’ is a release that is exclusive to movie theatres,” the filing writes, matter of factly. “Disney was well aware of this promise, but nonetheless directed Marvel to violate its pledge and instead release the Picture on the Disney+ streaming service the very same day it was released in movie theatres.”

The pandemic has fundamentally transformed the way first-run movies are delivered and consumed — at least in the short term. In 2020, Disney and other studios opted to release films straight to streaming, rather than suffer perpetual delays and poor box office numbers as restrictions closed the non-essential business of movie theaters. More recently they’ve split the difference as movie theaters have reopened, offering same day streaming.

According to a copy of the suit obtained by TechCrunch, Johansson’s concerns about streaming services pre-date the pandemic. When Disney launched the streaming service Disney+, the suit claims, Johansson’s representatives sought assurances from Disney/Marvel that the Black Widow solo film would still get a theatrical release, in spite of the company’s bids to boost subscription numbers.

It cites an email with Marvel’s chief counsel from May of that year:

We totally understand that Scarlett’s willingness to do the film and her whole deal is based on the premise that the film would be widely theatrically released like our other pictures. We understand that should the plan change, we would need to discuss this with you and come to an understanding as the deal is based on a series of (very large) box office bonuses.

“It’s no secret that Disney is releasing films like “Black Widow” directly onto Disney+ to increase subscribers and thereby boost the company’s stock price — and that it’s hiding behind COVID-19 as a pretext to do so,” the actress’s attorney John Berlinski said in a statement provided to TechCrunch. “But ignoring the contracts of the artists responsible for the success of its films in furtherance of this short-sighted strategy violates their rights and we look forward to proving as much in court. This will surely not be the last case where Hollywood talent stands up to Disney and makes it clear that, whatever the company may pretend, it has a legal obligation to honor its contracts.”

The statement accuses Disney of “hiding behind COVID-19,” though certainly the studio wasn’t alone in rethinking its release strategy over the past year. The question remains whether the pandemic will serve as sufficient extenuating circumstances for its release decisions. The outcome of the trial, meanwhile, could well have a profound effect on how studios release blockbusters post-pandemic.

We’ve reached out to Disney for comment and will update accordingly.

Dear Sophie: Should we sponsor international hires for H-1B transfers and green cards? 

By Ram Iyer
Sophie Alcorn Contributor
Sophie Alcorn is the founder of Alcorn Immigration Law in Silicon Valley and 2019 Global Law Experts Awards’ “Law Firm of the Year in California for Entrepreneur Immigration Services.” She connects people with the businesses and opportunities that expand their lives.

Here’s another edition of “Dear Sophie,” the advice column that answers immigration-related questions about working at technology companies.

“Your questions are vital to the spread of knowledge that allows people all over the world to rise above borders and pursue their dreams,” says Sophie Alcorn, a Silicon Valley immigration attorney. “Whether you’re in people ops, a founder or seeking a job in Silicon Valley, I would love to answer your questions in my next column.”

Extra Crunch members receive access to weekly “Dear Sophie” columns; use promo code ALCORN to purchase a one- or two-year subscription for 50% off.


Dear Sophie,

My startup is desperately recruiting, and we see a lot of engineering candidates on H-1Bs. They’re looking for H-1B transfers and green cards. What should we do?

— Baffled in the Bay Area

Dear Baffled,

Yes, you should absolutely sponsor international talent for green cards! Listen to my podcast in which I discuss how to hire international professionals who are already in the United States by transferring their H-1B visa and using green cards as a benefit to attract and retain them.

The severe shortage of tech talent currently in the U.S. is prompting professionals to negotiate better compensation packages, and companies are increasingly using green card sponsorship as a benefit to attract and retain international talent.

Green card sponsorship as a benefit

Companies need to offer green card sponsorship to remain competitive. In fact, Envoy’s 2021 Immigration Trends Report found that 74% of employers said they have sponsored an individual for permanent residence (a green card), which is the highest percentage in the six years Envoy has asked this question in its annual survey. Rather than waiting until the last possible moment to sponsor an H-1B visa holder for a green card, 58% of employers say they are starting the process with the employee’s first year at the company on an H-1B visa. Most employers — 96% — said that sourcing international talent is important to their company’s talent acquisition strategy.

A composite image of immigration law attorney Sophie Alcorn in front of a background with a TechCrunch logo.

Image Credits: Joanna Buniak / Sophie Alcorn (opens in a new window)

Sponsoring international talent for a green card is a way for companies to show they invest in and prioritize their employees and are willing to make a long-term commitment to a prospective employee. Employers can further distinguish themselves by offering to cover expenses for green card applications for a spouse and children, as well as a work permit application for a spouse.

Employers should also consider paying for an employee’s marriage-based green card as a third-party payor, particularly since marriage-based green cards take about one-third of the time and one-third of the investment compared to employment-based green cards. What’s more, most marriage-based green cards are not subject to annual quotas.

H-1B transfers are most common right now

Because most U.S. embassies and consulates abroad remain closed for routine visa processing due to COVID-19, most employers are hiring international talent who are already in the United States on an H-1B sponsored by another employer. In these situations, an employer must file for an H-1B transfer for the prospective employee. Take a look at a previous Dear Sophie column for more details on the H-1B transfer process.

The questions that employers ask me most often about the H-1B transfer process include:

Dear Sophie: Should we look to Canada to retain international talent?

By Annie Siebert
Sophie Alcorn Contributor
Sophie Alcorn is the founder of Alcorn Immigration Law in Silicon Valley and 2019 Global Law Experts Awards’ “Law Firm of the Year in California for Entrepreneur Immigration Services.” She connects people with the businesses and opportunities that expand their lives.

Here’s another edition of “Dear Sophie,” the advice column that answers immigration-related questions about working at technology companies.

“Your questions are vital to the spread of knowledge that allows people all over the world to rise above borders and pursue their dreams,” says Sophie Alcorn, a Silicon Valley immigration attorney. “Whether you’re in people ops, a founder or seeking a job in Silicon Valley, I would love to answer your questions in my next column.”

Extra Crunch members receive access to weekly “Dear Sophie” columns; use promo code ALCORN to purchase a one- or two-year subscription for 50% off.


Dear Sophie,

I handle people ops as a consultant at several different tech startups. Many have employees on OPT or STEM OPT who didn’t get selected in this year’s H-1B lottery.

The companies want to retain these individuals, but they’re running out of options. Some companies will try again in next year’s H-1B lottery, even though they face long odds, particularly if the H-1B lottery becomes a wage-based selection process next year.

Others are looking into O-1A visas, but find that many employees don’t yet have the experience to meet the qualifications. Should we look at Canada?

— Specialist in Silicon Valley

Dear Specialist,

That’s what we’re all about — finding creative immigration solutions to help U.S. employers attract and retain international talent and help international talent reach their dreams of living and working in the United States.

I’ve written a lot on how U.S. tech startups can keep their international team members in the United States. One strategy is to help the startup employees become qualified for O-1As. Another is to obtain unlimited H-1B visas without the lottery through nonprofit programs affiliated with universities. Sometimes candidates return to school for master’s degrees that offer a work option called CPT, or curricular practical training.

A composite image of immigration law attorney Sophie Alcorn in front of a background with a TechCrunch logo.

Image Credits: Joanna Buniak / Sophie Alcorn (opens in a new window)

But sometimes, companies end up deciding to move some of their international talent to Canada to work remotely. Recently, Marc Pavlopoulos and I discussed how to help U.S. employers and international talent on my podcast. Through his two companies, Syndesus and Path to Canada, Pavlopoulos helps both U.S. tech employers and international tech talent when their employees or they themselves run out of immigration options in the United States. He most often assists U.S. tech employers when their current or prospective employees are not selected in the H-1B lottery.

Through Syndesus, a Canada-based remote employer — also known as a professional employment organization (PEO) — Pavlopoulos helps U.S. employers retain international tech workers who either no longer have visa or green card options that will enable them to remain in the United States or those who were born in India and are fed up by the decades-long wait for a U.S. green card. U.S. employers that don’t have an office in Canada can relocate these workers to Canada with the help of Syndesus, which employs these tech workers on behalf of the U.S. company, sponsoring them for a Canadian Global Talent Stream work visa.

Syndesus also helps U.S. tech startups without a presence in Canada find Canadian tech workers and employ them on the startup’s behalf. As an employer of record, Syndesus handles payroll, HR, healthcare, stock options and any issues related to Canadian employment law.

Pavlopoulos’ other company, Path to Canada, currently focuses on connecting international engineers and other tech talent working in the U.S. — including those whose OPT or STEM OPT has run out — who cannot remain in the U.S. find employment in Canada, either at a Canadian company or at the Canadian office of a U.S. company. These employees get a Global Talent Stream work visa and eventually permanent residence in Canada. Pavlopoulos intends to expand Path to Canada to help tech talent from around the world live and work in Canada.

Biden taps Google critic to lead the DOJ’s antitrust division

By Taylor Hatmaker

The Biden administration tripled down on its commitment to reining in powerful tech companies Tuesday, proposing committed Big Tech critic Jonathan Kanter to lead the Justice Department’s antitrust division.

Kanter is a lawyer with a long track record of representing smaller companies like Yelp in antitrust cases against Google. He currently practices law at his own firm, which specializes in advocacy for state and federal antitrust enforcement.

“Throughout his career, Kanter has also been a leading advocate and expert in the effort to promote strong and meaningful antitrust enforcement and competition policy,” the White House press release stated. Progressives celebrated the nomination as a win, though some of Biden’s new antitrust hawks have enjoyed support from both political parties.

Jonathan Kanter's nomination to lead @TheJusticeDept’s Antitrust Division is tremendous news for workers and consumers. He’s been a leader in the fight to check consolidated corporate power and strengthen competition in our markets. https://t.co/mLQACA0c4j

— Elizabeth Warren (@SenWarren) July 20, 2021

The Justice Department already has a major antitrust suit against Google in the works. The lawsuit, filed by Trump’s own Justice Department, accuses the company of “unlawfully maintaining monopolies” through anti-competitive practices in its search and search advertising businesses. If successfully confirmed, Kanter would be positioned to steer the DOJ’s big case against Google.

In a 2016 NYT op-ed, Kanter argued that Google is notorious for relying on an anti-competitive “playbook” to maintain its market dominance. Kanter pointed to Google’s long history of releasing free ad-supported products and eventually restricting competition through “discriminatory and exclusionary practices” in a given corner of the market.

Kanter is just the latest high-profile Big Tech critic that’s been elevated to a major regulatory role under Biden. Last month, Biden named fierce Amazon critic Lina Khan as FTC chair upon her confirmation to the agency. In March, Biden named another noted Big Tech critic, Columbia law professor Tim Wu, to the National Economic Council as a special assistant for tech and competition policy.

All signs point to the Biden White House gearing up for a major federal fight with Big Tech. Congress is working on a set of Big Tech bills, but in lieu of — or in tandem with — legislative reform, the White House can flex its own regulatory muscle through the FTC and DOJ.

In new comments to MSNBC, the White House confirmed that it is also “reviewing” Section 230 of the Communications Decency Act, a potent snippet of law that protects platforms from liability for user-generated content.

Maine’s facial recognition law shows bipartisan support for protecting privacy

By Annie Siebert
Alison Beyea Contributor
Alison Beyea is the executive director of the ACLU of Maine.
Michael Kebede Contributor
Michael Kebede is a policy counsel at the ACLU of Maine.

Maine has joined a growing number of cities, counties and states that are rejecting dangerously biased surveillance technologies like facial recognition.

The new law, which is the strongest statewide facial recognition law in the country, not only received broad, bipartisan support, but it passed unanimously in both chambers of the state legislature. Lawmakers and advocates spanning the political spectrum — from the progressive lawmaker who sponsored the bill to the Republican members who voted it out of committee, from the ACLU of Maine to state law enforcement agencies — came together to secure this major victory for Mainers and anyone who cares about their right to privacy.

Maine is just the latest success story in the nationwide movement to ban or tightly regulate the use of facial recognition technology, an effort led by grassroots activists and organizations like the ACLU. From the Pine Tree State to the Golden State, national efforts to regulate facial recognition demonstrate a broad recognition that we can’t let technology determine the boundaries of our freedoms in the digital 21st century.

Facial recognition technology poses a profound threat to civil rights and civil liberties. Without democratic oversight, governments can use the technology as a tool for dragnet surveillance, threatening our freedoms of speech and association, due process rights, and right to be left alone. Democracy itself is at stake if this technology remains unregulated.

Facial recognition technology poses a profound threat to civil rights and civil liberties.

We know the burdens of facial recognition are not borne equally, as Black and brown communities — especially Muslim and immigrant communities — are already targets of discriminatory government surveillance. Making matters worse, face surveillance algorithms tend to have more difficulty accurately analyzing the faces of darker-skinned people, women, the elderly and children. Simply put: The technology is dangerous when it works — and when it doesn’t.

But not all approaches to regulating this technology are created equal. Maine is among the first in the nation to pass comprehensive statewide regulations. Washington was the first, passing a weak law in the face of strong opposition from civil rights, community and religious liberty organizations. The law passed in large part because of strong backing from Washington-based megacorporation Microsoft. Washington’s facial recognition law would still allow tech companies to sell their technology, worth millions of dollars, to every conceivable government agency.

In contrast, Maine’s law strikes a different path, putting the interests of ordinary Mainers above the profit motives of private companies.

Maine’s new law prohibits the use of facial recognition technology in most areas of government, including in public schools and for surveillance purposes. It creates carefully carved out exceptions for law enforcement to use facial recognition, creating standards for its use and avoiding the potential for abuse we’ve seen in other parts of the country. Importantly, it prohibits the use of facial recognition technology to conduct surveillance of people as they go about their business in Maine, attending political meetings and protests, visiting friends and family, and seeking out healthcare.

In Maine, law enforcement must now — among other limitations — meet a probable cause standard before making a facial recognition request, and they cannot use a facial recognition match as the sole basis to arrest or search someone. Nor can local police departments buy, possess or use their own facial recognition software, ensuring shady technologies like Clearview AI will not be used by Maine’s government officials behind closed doors, as has happened in other states.

Maine’s law and others like it are crucial to preventing communities from being harmed by new, untested surveillance technologies like facial recognition. But we need a federal approach, not only a piecemeal local approach, to effectively protect Americans’ privacy from facial surveillance. That’s why it’s crucial for Americans to support the Facial Recognition and Biometric Technology Moratorium Act, a bill introduced by members of both houses of Congress last month.

The ACLU supports this federal legislation that would protect all people in the United States from invasive surveillance. We urge all Americans to ask their members of Congress to join the movement to halt facial recognition technology and support it, too.

In an increasingly hot biotech market, protecting IP is key

By Ram Iyer
John Flavin Contributor
John Flavin is founder and CEO of Portal Innovations, LLC.
Kevin O’Connor Contributor
Kevin A. O'Connor, Ph.D., is a partner in the Intellectual Property practice group at Neal Gerber Eisenberg.

After a record year for biotech investment in 2020 — during which the industry saw $28.5 billion invested across 1,073 deals — the market for new innovations remains strong. What’s more, these innovations are increasingly coming to market by way of early-stage startups and/or their scientific founders from academia.

In 2018, for instance, U.S. campuses conducted $79 billion worth of sponsored research, much of it thanks to the federal government. That number spiked amid the pandemic and could increase even more if President Biden’s infrastructure plan, which includes $180 billion to enhance R&D efforts, passes.

Since 1996, 14,000 startups have licensed technology out of those universities, and 67% of licenses were taken by startups or small companies. Meanwhile, the median step-up from seed to Series A is now 2x — higher than all other stages, suggesting that biotech startups are continuing to attract investment at earlier stages.

When it comes to protecting IP, early and consistent communication with investors, tech transfer offices and advisers can make all the difference.

For biotech startups and their founders, these headwinds signal immense promise. But initial funding is only one part of a long journey that (ideally) ends with bringing a product to market. Along the way, founders will need to procure additional investments, develop strategic partnerships and stave off competition. All of which starts by protecting the fundamental asset of any biotech company: its intellectual property.

Here are three key considerations for startups and founders as they get started.

Start with an option agreement

Most early-stage biotechnology starts in a university lab. Then, a disclosure is made with the university’s tech transfer office and a patent is filed with the hopes that the product can be taken out into the market (by, for instance, a new startup). More often than not, the vehicle to do this is a licensing agreement.

A licensing agreement is important because it shows investors the company has exclusive access to the technology in question. This in turn allows them to attract the investments required to truly grow the company: hire a team, build strategic partnerships and conduct additional studies.

But that doesn’t mean jumping right to a full-blown licensing agreement is the best way to start. An option agreement is often the better move.

Google fined $592M in France for breaching antitrust order to negotiate copyright fees for news snippets

By Natasha Lomas

France has hit Google with a fine of half a billion euros after finding major breaches in how it negotiated with publishers to remunerate them for reuse of their content — as is required under a pan-EU reform of digital copyright law which extended neighbouring rights to news snippets.

The size of the fine is notable as it’s over half of the entire $1BN news licensing pot that Google announced last October — when it said it would be paying news publishers “to create and curate high-quality content” to appear on its platforms.

At the time, the move that looked intended to shrink Google’s exposure to legal mandates to pay publishers for content reuse by pushing them to accept commercial terms which give it broad rights to ‘showcase’ their content.

France’s watchdog has now called out — and sanctioned — the practice.

The half a billion euro penalty is also notable for being considerably more than Google had already agreed to pay French publishers, according to Reuters — which reported, back in February, that the tech giant had inked a deal with a group of 121 publishers to pay them just $76M over three years.

France’s competition authority said today that it’s applying the sanction of €500 million ($592M) against the tech giant for failing to comply with a number of injunctions related to its earlier, April 2020 decision — when the watchdog ordered Google to negotiate in good faith with publishers to remunerate them for displaying their protected content.

Initially, Google sought to evade the neighbouring news right by stopping displaying snippets of content alongside links it showed in Google News in France. But the watchdog found that was likely to be an abuse of its dominant position — and ordered Google to stop circumventing the law and negotiate with publishers to pay for the reuse in good faith.

The Autorité de la Concurrence is not happy with how Google has gone about this, though.

A number of publishers complained to it that the negotiations were not carried out in good faith and that Google did not provide them with key information necessary to inform payments.

The Syndicate of magazine press publishers (SEPM), the Alliance de Presse d’Information Générale (APIG) and Agence France Presse (AFP) made complaints in August/September 2020 — kicking off the investigation by the watchdog and today’s announcement of a major penalty.

Further fines — of up to €900,000 per day — could be headed Google’s way if it continues to breach the watchdog’s injunctions and fails to supply publishers with all the required information within a new two-month deadline.

In a press release detailing its investigation, the Autorité said Google sought to unilaterally impose its global news licensing product, aka ‘Showcase’, under a partnership the tech giant calls Publisher Curated News — in negotiations with publishers — pushing for the legal neighbouring right to be incorporated as “an ancillary component with no separate financial valuation”.

Publishers requests to break out copyright remuneration negotiations were denied, per the watchdog’s investigation.

It also found Google “unjustifiably” reduced the scope of negotiations with regard to the scope of income derived from the display of protected news content — with Google telling publishers that only advertising income from Google Search pages posting news content should be taken into account in determining the level of remuneration due.

The authority found this exclusion of income from other Google services and all indirect income related to this content to be in breach of the copyright law and its earlier compliance order.

Google also “deliberately circumscribed” the scope of the law on neighboring rights by excluding titles that do not have a Political and General Information certificate — which the watchdog couched as a “bad faith” interpretation of the code on intellectual property.

It also found the tech giant sought to exclude press agencies from renumeration related to their content when used by third party publishers — highlighting that as another breach of its April 2020 decision, by further noting: “The French legislator has been very explicit on the need to include press agencies.”

In another finding, it said Google had only provided publishers with “partial” and “insufficient” information for a “transparency assessment of renumeration due”; and further accused the tech giant of delaying until just a few days before the injunction deadline to provide it — so of being “late” too.

The authority’s investigation highlights compliance problems with another injunction — related to an obligation of neutrality in how protected content is presented on Google’s platforms — with the watchdog writing on that: “The strategy put in place by Google has thus strongly encouraged publishers to accept the contractual conditions of the Showcase service and to renounce negotiations relating specifically to the current uses of protected content, which was the subject of the Injunctions, under penalty of seeing their exposure and their remuneration degraded compared to their competitors who would have accepted the proposed terms. Google cannot therefore claim to have taken the necessary measures to prevent its negotiations from affecting the presentation of protected content in its services.”

Another injunction sought to prevent Google from seeking to leverage its dominance by offsetting remunerations paid to publishers for the neighbouring rights.

On this the watchdog also took issue with its approach — noting that its Showcase product requires publishers to make not just snippets of their content available for display on Google’s platforms but “large extracts” and even whole articles.

It also found that Google linked participation in the Showcase program to subscription to another service called Subscribe with Google (SwG) — enabling it to link negotiation on neighboring rights with the subscription of new services that could financially benefit its business.

Under a subhead which denounces what it found as “extremely serious practices”, the authority goes on to accuse Google of “a deliberate, elaborate and systematic strategy of non-compliance” — and of continuing an already years-long “opposition strategy” to the principle of neighbouring rights; and then, after they’d been baked into EU and French law, seeking to “minimize the concrete scope of those rights as much as possible”.

Google has, the authority asserts, sought to use a global strategy to close down publishers’ ability to negotiate for remuneration for their content reuse at a national level — using its Showcase product as a cloak for “avoiding or limiting as much as possible” payments to publishers; and, simultaneously, seeking to use negotiations on neighboring rights as an opportunity to obtain access to new content by press publishers that could allow it to collect additional income, such as from subscriptions to press titles.

“The sanction of 500 million euros takes into account the exceptional seriousness of the breaches observed and that the behavior of Google has further delayed the proper application of the law on neighboring rights, which aimed to better take into account the value of content from publishers and news agencies included on the platforms. The Authority will be extremely vigilant about the correct application of its decision, as non-execution can now lead to periodic penalty payments,” added the watchdog’s president, Isabelle de Silva, in a statement (which we’ve translated from French).

The half a billion euro fine and the warning to Google that its practices will attract daily fines if it persists in ignoring the injunctions put the tech giant on notice that the detail of commercial deals won’t be allowed to fly under the radar in France.

Any more attempts to shape a self-serving version of ‘compliance’ are likely to attract further sanction from the watchdog — which also recently applied a number of interoperability requirements on Google’s ad business (and slapped it with a $268M fine), also acting on complaints from publishers.

While anything Google agrees to in France on the neighbouring rights issue is likely to set the bar for what it can achieve with commercial deals elsewhere — at least in other EU markets, where the copyright extension also applies (once it’s been transposed into a Member State’s national law).

In a statement responding to the authority’s sanction, Google expressed disappointment with the outcome of the investigation — claiming to have acted in good faith throughout negotiations with publishers:

“We are very disappointed with this decision — we have acted in good faith throughout the entire process. The fine ignores our efforts to reach an agreement, and the reality of how news works on our platforms. To date, Google is the only company to have announced agreements on neighbouring rights. We are also about to finalize an agreement with AFP that includes a global licensing agreement, as well as the remuneration of their neighbouring rights for their press publications.”

The tech giant went on to suggest that the authority’s decision is “primarily” related to negotiations in France which took place between May and September 2020, further claiming it has continued to engage with publishers and press agencies since then to find “solutions”.

By way of example it pointed to a January 2021 framework agreement inked with the Alliance de la Presse d’Information Générale — which it claims covers every IPG title (Information de Presse Générale) in a “transparent and non-discriminatory way”. It also pointed to agreements it has inked with other publications in the market, including Le Monde, Courrier International, L’Obs, Le Figaro, Libération, and L’Express.

Google also reiterated its confident it can sign a global licensing agreement with Agence France Presse — which it said it also wants to include remuneration of neighbouring rights for press publications from the agency.

“Our objective remains the same: We want to turn the page with a definitive agreement,” it added, saying it would take the French Competition Authority’s “feedback into consideration and adapt our offers” and that: “We are already engaging with press publishers and agencies beyond IPG, by covering publications that are recognised by the CPPAP as ‘online press services’, and we reiterate our offer to have an independent third party in a position to evaluate our offers and allow us to base our discussions on facts.”

Other major fines for Google in France in recent years include the aforementioned $268M for adtech abuses last month; $120 for dropping tracking cookies without consent back in December; $166M in December 2019 for opaque and inconsistent ad rules; and $57M for privacy violations in January 2019.

Beyond the EU, Australia recently passed a law which requires tech giants, Google and Facebook, to enter mandatory arbitration with publishers for reuse of their content if they fail to agree commercial terms on their own.

Its law has attracted considerable attention worldwide as legislators grapple with how to rein in powerful tech platforms and ensure the sustainability of traditional news businesses whose revenues have been hit by the Internet-driven shift to digital publishing.

The UK’s Competition and Markets Authority has, for example, described Australia’s backstop of mandatory arbitration if commercial negotiations fail as a “sensible” approach — at at time when the government is working on shaping an ex ante regulation regime to enable competition authorities to pro-actively tackle abuses by platforms with strategic market power.

Ahead of Australia’s law being passed, Google had warned that it might have to close its services in the country if legislators went ahead and also suggested the quality could degrade or that it may have to start to charge for products. In the event, it did not shut up shop down under.

The tech giant was also an active lobbyist against the EU’s plan to extend digital copyright to cover snippets of news content — and, as recently as 2019, it was vowing never to pay for news.

A few years later it announced the $1BN pot to pay publishers to licence content. But Google’s eventual bill for its ad business piggybacking upon others’ journalism may be rather larger than that.

Elon Musk defends Tesla’s $2.6B acquisition of SolarCity in Delaware court

By Aria Alamalhodaei

Elon Musk is testifying Monday morning in a lawsuit over Tesla’s 2016 acquisition of SolarCity, a $2.6 billion transaction that a group of shareholders allege was a “bailout” of the failing solar company. The shareholders are seeking repayment to Tesla of the cost to purchase SolarCity.

The suit, filed in the Delaware District Court in 2017, alleges that SolarCity was near bankruptcy at the time of the acquisition. Musk, who was the ailing company’s chairman of the board of directors and its largest stockholder, directly benefited from the transaction, as did some of his friends and family, the lawsuit alleges. SolarCity’s founders, Lyndon and Peter Rive, are Musk’s cousins.

SolarCity “had consistently failed to turn a profit, had mounting debt, and was burning through cash at an unsustainable rate,” the plaintiffs say. The suit goes on to note that the company had accumulated over $3 billion in debt in its ten-year history, nearly half of which was due for repayment before the end of 2017. The purchase by Tesla was approved by vote by 85% of shareholders.

Attorneys for Musk say that the acquisition was part of the CEO’s longer-term vision to transform Tesla into a transportation and energy company. In a blog post titled “Master Plan, Part Deux,” published to Tesla’s website around the time of the deal’s closing, Musk says that combining SolarCity and the electric vehicle startup was key to realizing his vision of combining Powerwall (Tesla’s home and industry battery storage product) and solar roof panels.

A Model X stood ready for inspection by attendees at the Kauai solar storage facility launch. Tesla acquired SolarCity in November 2016. 

In his testimony Monday, Musk said Tesla was forced to shift focus away from its solar business to meet production deadlines for the Model 3 sedan, the Washington Post’s Will Oremus tweeted from outside the courtroom. USA Today reporter Isabel Hughes, also at the courtroom, tweeted that Musk blamed the pandemic for poor performance of the company’s solar division. He was being questioned by attorney for the plaintiffs Randall Baron, whom Musk called “a shameful person” at a 2019 deposition.

Musk’s lawyers say that he recused himself from board discussions and negotiations relating to the acquisition – but the plaintiffs maintain that the recusal was “superficial.” A primary question for the court will be whether Musk exerted undue influence over the transaction, and whether he and other board members concealed information relating to the transaction from shareholders.

The other board members named in the suit – Robyn Denholm, Ira Ehrenpreis, Antonio Gracias, Kimbal Musk and Stephen Jurvetson – settled for $60 million last year, plus $16.8 million in legal fees and expenses, paid for by insurance. The trial, with Musk as the sole defendant, was postponed a year due to the coronavirus pandemic.

The trial is expected to last ten business days. The Delaware Court of Chancery, where the suit is being heard, does not have a jury; instead, the case will be heard by judge Vice-Chancellor Joseph Slights III. Even if Slights finds that the deal was improper, he could order Musk to pay far less than the $2.6 billion that Tesla paid for SolarCity at the time.

Biden’s sweeping executive order takes on Big Tech’s ‘bad mergers,’ ISPs and more

By Taylor Hatmaker

The Biden administration just introduced a sweeping, ambitious plan to forcibly inject competition into some consolidated sectors of the American economy — the tech sector prominent among them — through executive action.

“Today President Biden is taking decisive action to reduce the trend of corporate consolidation, increase competition, and deliver concrete benefits to America’s consumers, workers, farmers, and small businesses,” a new White House fact sheet on the forthcoming order states.

The order, which Biden will sign Friday, initiates a comprehensive “whole-of-government” approach that loops in more then twelve different agencies at the federal level to regulate monopolies, protect consumers and curtail bad behavior from some of the world’s biggest corporations.

In the fact sheet, the White House lays out its plans to take matters to regulate big business into its own hands at the federal level. As far as tech is concerned, that comes largely through emboldening the FTC and the Justice Department — two federal agencies with antitrust enforcement powers.

Most notably for Big Tech, which is already bracing for regulatory existential threats, the White House explicitly asserts here that those agencies have legal cover to “challenge prior bad mergers that past Administrations did not previously challenge” — i.e., unwinding acquisitions that built a handful of tech companies into the behemoths they are today. The order calls on antitrust agencies to enforce antitrust laws “vigorously.”

Federal scrutiny will prioritize “dominant internet platforms, with particular attention to the acquisition of nascent competitors, serial mergers, the accumulation of data, competition by ‘free’ products, and the effect on user privacy.” Facebook, Google and Amazon are particularly on notice here, though Apple isn’t likely to escape federal attention either.

“Over the past 10 years, the largest tech platforms have acquired hundreds of companies — including alleged ‘killer acquisitions’ meant to shut down a potential competitive threat,” the White House wrote in the fact sheet. “Too often, federal agencies have not blocked, conditioned, or, in some cases, meaningfully examined these acquisitions.”

The biggest tech companies have regularly defended their longstanding strategy of buying up the competition by arguing that because those acquisitions went through without friction at the time, they shouldn’t be viewed as illegal in hindsight. In no uncertain terms, the new executive order makes it clear that the Biden administration isn’t having any of it.

The White House also specifically singles out internet service providers for scrutiny, ordering the FCC to prioritize consumer choice and institute broadband “nutrition labels” that clearly state speed caps and hidden fees. The FCC began working on the labels in the Obama administration but the work was scrapped after Trump took office.

The order also directly calls on the FCC to restore net neutrality rules, which were stripped in 2017 to the widespread horror of open internet advocates and most of the tech industry outside of the service providers that stood to benefit.

The White House will also tell the FTC to create new privacy rules meant to guard consumers against surveillance and the “accumulation of extraordinarily amounts of sensitive personal information,” which free services like Facebook, YouTube and others have leveraged to build their vast empires. The White House also taps the FTC to create rules that protect smaller businesses from being preempted by large platforms, which in many cases abuse their market dominance with a different sort of data-based surveillance to out-compete up-and-coming competitors.

Finally, the executive order encourages the FTC to put right-to-repair rules in place that would free consumers from constraints that discourage DIY and third-party repairs. A new White House Competition Council under the director of the National Economic Council will coordinate the federal execution of the proposals laid out in the new order.

The antitrust effort from the executive branch mirrors parallel actions in the FTC and Congress. In the FTC, Biden has installed a fearsome antitrust crusader in Lina Khan, a young legal scholar and fierce Amazon critic who proposes a philosophical overhaul to the way the federal government defines monopolies. Khan now leads the FTC as its chair.

In Congress, a bipartisan flurry of bills intended to rein in the tech industry are slowly wending their way toward becoming law, though plenty of hurdles remain. Last month, the House Judiciary Committee debated the six bills, which were crafted separately to help them survive opposing lobbying pushes from the tech industry. These legislative efforts could modernize antitrust laws, which have failed to keep pace with the modern realities of giant, internet-based businesses.

“Competition policy needs new energy and approaches so that we can address America’s monopoly problem,” Sen. Amy Klobuchar, a prominent tech antitrust hawk in Congress, said of the executive order. “That means legislation to update our antitrust laws, but it also means reimagining what the federal government can do to promote competition under our current laws.”

Citing the acceleration of corporate consolidation in recent decades, the White House argues that a handful of large corporations dominates across industries, including healthcare, agriculture and tech and consumers, workers and smaller competitors pay the price for their outsized success. The administration will focus antitrust enforcement on those corners of the market as well as evaluating the labor market and worker protections on the whole.

“Inadequate competition holds back economic growth and innovation … Economists find that as competition declines, productivity growth slows, business investment and innovation decline, and income, wealth, and racial inequality widen,” the White House wrote.

 

The Accellion data breach continues to get messier

By Carly Page

Morgan Stanley has joined the growing list of Accellion hack victims — more than six months after attackers first breached the vendor’s 20-year-old file-sharing product. 

The investment banking firm — which is no stranger to data breaches — confirmed in a letter this week that attackers stole personal information belonging to its customers by hacking into the Accellion FTA server of its third-party vendor, Guidehouse. In a letter sent to those affected, first reported by Bleeping Computer, Morgan Stanley admitted that threat actors stole an unknown number of documents containing customers’ addresses and Social Security numbers.

The documents were encrypted, but the letter said that the hackers also obtained the decryption key, though Morgan Stanley said the files did not contain passwords that could be used to access customers’ financial accounts.

“The protection of client data is of the utmost importance and is something we take very seriously,” a Morgan Stanley spokesperson told TechCrunch. “We are in close contact with Guidehouse and are taking steps to mitigate potential risks to clients.”

Just days before news of the Morgan Stanley data breach came to light, an Arkansas-based healthcare provider confirmed it had also suffered a data breach as a result of the Accellion attack. Just weeks before that, so did UC Berkely. While data breaches tend to grow past initially reported figures, the fact that organizations are still coming out as Accellion victims more than six months later shows that the business software provider still hasn’t managed to get a handle on it. 

The cyberattack was first uncovered on December 23, and Accellion initially claimed the FTA vulnerability was patched within 72 hours before it was later forced to explain that new vulnerabilities were discovered. Accellion’s next (and final) update came in March, when the company claimed that all known FTA vulnerabilities — which authorities say were exploited by the FIN11 and the Clop ransomware gang — have been remediated.

But incident responders said Accellion’s response to the incident wasn’t as smooth as the company let on, claiming the company was slow to raise the alarm in regards to the potential danger to FTA customers.

The Reserve Bank of New Zealand, for example, raised concerns about the timeliness of alerts it received from Accellion. In a statement, the bank said it was reliant on Accellion to alert it to any vulnerabilities in the system — but never received any warnings in December or January.

“In this instance, their notifications to us did not leave their system and hence did not reach the Reserve Bank in advance of the breach. We received no advance warning,” said RBNZ governor Adrian Orr.

This, according to a discovery made by KPMG International, was due to the fact that the email tool used by Accellion failed to work: “Software updates to address the issue were released by the vendor in December 2020 soon after it discovered the vulnerability. The email tool used by the vendor, however, failed to send the email notifications and consequently the Bank was not notified until 6 January 2021,” the KPMG’s assessment said. 

“We have not sighted evidence that the vendor informed the Bank that the System vulnerability was being actively exploited at other customers. This information, if provided in a timely manner is highly likely to have significantly influenced key decisions that were being made by the Bank at the time.”

In March, back when it was releasing updates about the ongoing breach, Accellion was keen to emphasize that it was planning to retire the 20-year-old FTA product in April and that it had been working for three years to transition clients onto its new platform, Kiteworks. A press release from the company in May says 75% of Accellion customers have already migrated to Kiteworks, a figure that also highlights the fact that 25% are still clinging to its now-retired FTA product. 

This, along with Accellion now taking a more hands-off approach to the incident, means that the list of victims could keep growing. It’s currently unclear how many the attack has claimed so far, though recent tallies put the list at around 300. This list includes Qualys, Bombardier, Shell, Singtel, the University of Colorado, the University of California, Transport for New South Wales, Office of the Washington State Auditor, grocery giant Kroger and law firm Jones Day.

“When a patch is issued for software that has been actively exploited, simply patching the software and moving on isn’t the best path,” Tim Mackey, principal security strategist at the Synopsys Cybersecurity Research Center, told TechCrunch. “Since the goal of patch management is protecting systems from compromise, patch management strategies should include reviews for indications of previous compromise.”

Accellion declined to comment.

Amazon and Google face UK CMA probe over fake reviews

By Natasha Lomas

The UK’s competition watchdog, the CMA, has opened another investigation into Big Tech — this one targeted at Amazon and Google over how they handle (or, well, don’t) fake reviews.

The Competition and Markets Authority has taken an interest in online reviews for several years, as far back as 2015.

It also went after eBay and Facebook back in 2019 to try to squeeze the trade in fake reviews it found thriving on their marketplaces. After continuing to pressure those platforms the watchdog was given pledges they’d do more. Albeit, in the case of Facebook, it took until April 2021 for it to take down 16,000 groups that had been trading fake reviews — and the CMA expressed disappointment that it had taken Facebook over a year to take meaningful action.

Now the CMA has Amazon and Google in its sites, both of which control platforms hosting user reviews — saying it will be gathering evidence to determine whether they may have broken UK law by taking insufficient action to protect shoppers from fake reviews.

Businesses that mislead consumers or don’t take action to prevent consumers being misled may be in breach of UK laws intended to protect consumers from unfair trading.

The CMA says its investigation into Amazon and Google follows an initial probe, which it started in May 2020, which was focused on assessing several platforms’ internal systems and processes for identifying and dealing with fake reviews.

That work raised specific concerns about whether the two tech giants have been doing enough to:

  • Detect fake and misleading reviews or suspicious patterns of behaviour. For example, where the same users have reviewed the same range of products or businesses at similar times to each other and there is no connection between those products or businesses – or where the review suggests that the reviewer has received a payment or other incentive to write a positive review.
  • Investigate and, where necessary, remove promptly fake and misleading reviews from their platforms.
  • Impose adequate sanctions on reviewers or businesses to deter them and others from posting fake or misleading reviews on their platforms – including those who have published these types of reviews many times.

The regulator also said it’s concerned that Amazon’s systems have been “failing adequately to prevent and deter some sellers from manipulating product listings” — such as, for example, by co-opting positive reviews from other products.

And, well, who hasn’t been browsing product reviews on Amazon, only to be drawn up short by a reviewer earnestly referring to product attributes that clearly bear no relation to the sale item in question?

While the user reviews that pop up on, for example, Google Maps after a search for a local business can also display unusual patterns of 5-starring (or 1-starring) behaviour.

Commenting on its investigation into concerns that Amazon and Google are not doing enough to combat the problem of fake reviews the CMA’s CEO Andrea Coscelli had this to say, in a statement:

“Our worry is that millions of online shoppers could be misled by reading fake reviews and then spending their money based on those recommendations. Equally, it’s simply not fair if some businesses can fake 5-star reviews to give their products or services the most prominence, while law-abiding businesses lose out.

“We are investigating concerns that Amazon and Google have not been doing enough to prevent or remove fake reviews to protect customers and honest businesses. It’s important that these tech platforms take responsibility and we stand ready to take action if we find that they are not doing enough.”

Amazon and Google were contacted for comment.

A Google Spokesperson sent us this statement:

“Our strict policies clearly state reviews must be based on real experiences, and when we find policy violations, we take action — from removing abusive content to disabling user accounts. We look forward to continuing our work with the CMA to share more on how our industry-leading technology and review teams work to help users find relevant and useful information on Google.”

An Amazon spokesperson also said:

“To help earn the trust of customers, we devote significant resources to preventing fake or incentivized reviews from appearing in our store. We work hard to ensure that reviews accurately reflect the experience that customers have had with a product.  We will continue to assist the CMA with its enquiries and we note its confirmation that no findings have been made against our business. We are relentless in protecting our store and will take action to stop fake reviews regardless of the size or location of those who attempt this abuse.”

In a blog post earlier this month, Amazon — likely aware of the CMA’s attention on the issue — discussed the problem of bogus online reviews, claiming it “relentlessly innovates to allow only genuine product reviews in our store”; and offering up some illustrative stats (such as that, in 2020 alone, it stopped more than 200M “suspected fake reviews” before they were seen by any customers, mostly via the use of “proactive detection”).

However the blog post was also heavily on the defensive — with the ecommerce giant seeking to spread the blame for the fake reviews problem — saying, for example, that there’s an “increasing trend of bad actors attempting to solicit fake reviews outside Amazon, particularly via social media services”. 

It sought to frame fake reviews as an industry-wide problem, needing a coordinated, industry-wide solution — while reserving its heaviest fire for (unnamed) “social media companies” (cough Facebook cough) — and suggesting, for example, that they are the weak link in the chain:

We need social media companies whose services are being used to facilitate fake reviews to proactively invest in fraud and fake review controls, partner with us to stop these bad actors, and help consumers shop with confidence. It will take constant innovation and partnership across industries and law enforcement to fully protect consumers and our honest selling partners.”

Amazon’s blog post also called for coordinated assistance from consumer protection regulators “around the world” to support its existing efforts to litigate against “bad actors”, aka “those who have purchased reviews and the service providers who provided them”.

The company also told us it has won “dozens” of injunctions against providers of fake reviews across Europe — adding that it won’t shy away from taking legal action. (It noted, for example, a lawsuit it filed on June 9 with the London Commercial Court against the owners of the websites, AMZ Tigers and TesterJob — seeking a prohibitory injunction and damages.)

In light of the CMA’s investigation being opened now, Amazon’s blog post calling for regulatory assistance to support litigation against purveyors of fake reviews looks like a pre-emptive plea to the CMA to swivel its gaze back onto Facebook’s marketplace — and check back in on how the trade in fake reviews is looking over there.

We reached out to the CMA to ask whether its investigation into Amazon and Google will dig into the role that review trading groups hosted elsewhere, such as on social media platforms, may play in exacerbating the issue and will update this port with any response.

The CMA has been increasingly active in regulating Big Tech as it dials up attention on digital markets to prepare for planned UK reforms to competition law that look set to usher in an ex ante regime for dealing with competition-denting platform power.

The watchdog has a number of other open investigations into Big Tech — including into Google’s planned deprecation of tracking cookies. It also recently initiated a market study into Apple and Google’s dominance of the mobile ecosystem.

Given the watchdog’s focus on major platforms — as well as its long standing interest in fake reviews — it’s interesting to speculate whether iOS maker Apple may not face some UK scrutiny on this issue.

Concerns have also been raised over fake ratings and reviews on its App Store.

Earlier this year, for example, iOS app developer, Kosta Eleftheriou, filed suit against Apple — alleging it enticed developers to build apps by claiming the App Store is a safe and trustworthy place but that it doesn’t protect legitimate developers against scammers profiting from their hard work.

The CMA already has an open investigation into Apple’s App Store. So it will be paying close attention to aspects of the store, saying back in March that it would be investigating whether Apple imposes unfair or anti-competitive terms on developers — which then ultimately result in users having less choice or paying higher prices for apps and add-ons.

For now, though, the watchdog’s attention toward the fake reviews issue has been publicly focused elsewhere.

Archer Aviation hits back against rival Wisk Aero’s request for injunction in trade secret suit

By Aria Alamalhodaei

Archer Aviation is ramping up its defense against claims by rival Wisk Aero that it misappropriated trade secrets. Archer, which unveiled its Maker eVTOL earlier this month, alleged in a court filing late Wednesday that Wisk learned of Archer’s aircraft design weeks before it filed its patent design application – effectively reversing claims that it stole Wisk’s design.

Wisk claimed in its April lawsuit that its design is nearly identical to Archer’s, and that the similarities are the result of a former Wisk employee (who was later hired by Archer) stealing proprietary work files. In this new filing, Archer alleged that it shared its plans for a 12-rotor tilting design with Geoff Long, a senior engineer at Wisk, whom Archer was considering recruiting. Archer alleges that Long shared Archer’s plans with Wisk executives weeks before Wisk filed its patent application.

Still following? Archer also says that it hired a third party to conduct a forensic analysis, which found no evidence of any of the allegedly stolen documents on Archer’s systems or the devices belonging to the former Wisk-now-Archer employee.

The filing was made in response to an injunction Wisk filed in May, requesting that the court immediately prohibit its rival from using any of the 52 trade secrets it alleges were stolen. It’s a request that could have potentially catastrophic effects on Archer, as the company itself admits in the filing. Archer argues that approving the injunction would take it “offline indefinitely” and pose a “grave danger” to Archer and its network of partners and suppliers.

“Wisk’s legal and media blitz is threatening to derail Archer’s anticipated merger and its business partnerships and compelling Archer to redirect significant resources to defend this lawsuit,” Archer says in the filing. The company further requested that if an injunction should be granted, it should also require a $1.1 billion bond – which Wisk would have to pay should the court ultimately side with Archer.

Wisk, in response to the filing, sent the following statement to TechCrunch: “Archer’s latest filing is full of inaccuracies and attempts to distract from the serious and broad scope of misappropriation claims it faces. The filing changes nothing. We look forward to continuing our case in court to demonstrate Archer’s improper use of Wisk’s intellectual property.”

The suit was filed in the U.S. District Court for the Northern District of California under case no. 5:21-cv-2450.

Deliveroo defeats another workers’ rights challenge in UK courts

By Natasha Lomas

Deliveroo has had another win in the UK courts, beating back an appeal by the IWGB union which has sought for years to challenge the gig platform over couriers’ rights but has continued to fail to overturn the company’s classification of riders as self-employed.

The latest appeals court ruling is the fourth judgment in the UK that supports Deliveroo’s contention that its riders are self-employed, following earlier judgments by the Central Arbitration Committee and two at the High Court.

The on-demand food delivery platform operates a different gig model to ride-hailing giant Uber — which has, by contrast, failed to prevent UK courts from judging its drivers to be workers not self-employed contractors.

Deliveroo, for example, allows riders to use a substitute to fulfil a shift with only limited restrictions on the practice. And the interpretation of how exactly employment law applies typically hinges on exactly such nuanced details as the level of flexibility being offered to platform workers.

Despite a string of legal loses against Deliveroo over the years, the IWGB did not give up its fight. Most recently honing in on the issue of collective bargaining, and seeking to challenge the platform giant’s stance under the European Convention on Human Rights — by arguing riders have a legal right to form or join a union.

It hasn’t had much success with this line of argument against Deliveroo either, though.

And today the UK Court of Appeal dismissed its latest appeal — ruling that riders do not fall under the scope of the trade union freedom right set out in the European Convention of Human Rights.

Although the Court did suggest that riders do fall under “the more general right of freedom of association under article 11 [of the ECoHR]”.

In conclusion the judges also make a point of noting that other gig economy legal challenges may have a different outcome, writing that: “It may be thought that those in the gig economy have a particular need of the right to organise as a trade union. So I quite accept that there may be other cases where, on different facts and with a broader range of available arguments, a different result may eventuate.”

The IWGB’s president, Alex Marshall, seized on this element of the ruling — commenting in a statement:

“The judgment recognises that riders would benefit from organising collectively to represent their interests and admits the conclusion reached in the judgment might seem counter intuitive. We will now consider our legal position, but one thing is for sure: We will continue to grow in numbers and fight on the streets until Deliveroo give these key worker heroes the pay and conditions they more than deserve.”

In further remarks, Marshall attacked Deliveroo’s stance toward riders — claiming it has sought to “silence” their voices and deny them opportunities to negotiate better terms:

“Deliveroo couriers have been working on the frontline of the pandemic and whilst being applauded by the public and even declared heroes by their employer, they have been working under increasingly unfair and unsafe working conditions. The reward they have received for their Herculean effort? Deliveroo continuing to invest thousands of pounds in litigation to silence workers’ voices and deny them the opportunity to negotiate better terms and conditions. A recent investigation by the Bureau of Investigative Journalism revealed riders were making as little as £2 per hour. Is this the kind of pay workers would accept if they really were their own boss? It appears that when Deliveroo talk about flexibility and being your own boss, it is talking about the flexibility of choosing when to make poverty wages and work in unsafe conditions.”

In a statement welcoming the appeal court ruling, Deliveroo claimed the contrary — saying:

“Today is good news for Deliveroo riders and marks an important milestone. UK courts have now tested and upheld the self-employed status of Deliveroo riders four times.

“Our message to riders is clear. We will continue to back your right to work the way you want and we will continue to listen to you and respond to the things that matter to you most.

“Deliveroo’s model offers the genuine flexibility that is only compatible with self-employment, providing riders with the work they tell us they value. Those campaigning to remove riders’ flexibility do not speak for the vast majority of riders and seek to impose a way of working that riders do not want. Deliveroo will continue to campaign for companies like ours to be able to offer the full flexibility of self employment along with greater benefits and more security.”

Before an exit, founders must get their employment law ducks in a row

By Ram Iyer
Rob Hudock Contributor
Rob Hudock is an experienced litigator focusing his 20-plus years in practice on helping companies recruit the best talent available while avoiding distracting workplace issues or lawsuits.

Successfully selling a business has much to do with timing. For many entrepreneurs, it’s the high-stakes end game where they cash out and reap the rewards of their efforts. At a certain point, when both buyers and sellers are working hard to close the deal, negotiations can move very quickly. If you’re the seller, this is not the time to discover unanticipated problems in your business.

Distressingly often, these problems are related to employment. Inattention to employment issues can have a significant impact on deals — from preventing closings and reducing the deal value to altering the deal terms or significantly limiting the pool of potential buyers.

Poor compliance, lack of policies or flawed practices mean potential liability exposure or expensive policy revisions and employee retraining — all of which can devalue your business.

Fortunately, such issues typically can be resolved well in advance with a little forethought and legal guidance. It’s important to get your employment ducks in a row long before you start planning your exit.

What follows is an overview of the three main categories of employment issues that can derail or delay a sale. For the most part, these assume an asset sale, but may vary in the case of a stock sale.

Compliance

By far the most significant problem is general employment law compliance. This means creating strong employment policies and practices that are documented, in place and operating long before you pursue a deal. The key area is wage and hour issues — timekeeping and payroll practices, worker classification issues (employee vs. independent contractor; exempt vs. non-exempt), meal and rest periods, PTO policies and payouts at termination.

Clop ransomware gang doxes two new victims days after police raids

By Carly Page

The notorious Clop ransomware operation appears to be back in business, just days after Ukrainian police arrested six alleged members of the gang.

Last week, a law enforcement operation conducted by the National Police of Ukraine along with officials from South Korea and the U.S. saw the arrest of multiple suspects believed to be linked to the Clop ransomware gang. It’s believed to be the first time a national law enforcement group carried out mass arrests involving a ransomware group.

The Ukrainian police also claimed at the time to have successfully shut down the server infrastructure used by the gang. But it doesn’t seem the operation was completely successful.

While the Clop operation fell silent following the arrests, the gang has this week published a fresh batch of confidential data which it claims to have stolen from two new victims — a farm equipment retailer and an architects office — on its dark web site, seen by TechCrunch.

If true — and neither of the alleged victims responded to TechCrunch’s request for comment — this would suggest that the ransomware gang remains active, despite last week’s first-of-its-kind law enforcement sting. This is likely because the suspects cuffed included only those who played a lesser role in the Clop operation. Cybersecurity firm Intel 471 said it believes that last week’s arrests targeted the money laundering portion of the operation, with core members of the gang not apprehended.

“We do not believe that any core actors behind Clop were apprehended,” the security company said. “The overall impact to Clop is expected to be minor although this law enforcement attention may result in the Clop brand getting abandoned as we’ve recently seen with other ransomware groups like DarkSide and Babuk.”

Clop appears to still be in business, but it remains to be seen how long the group will remain operational. Not only have law enforcement operations dealt numerous blows to ransomware groups this year, such as U.S. investigators’ recent recovery of millions in cryptocurrency they claim was paid in ransom to the Colonial Pipeline hackers, but Russia has this week confirmed it will begin to work with the U.S. to locate cybercriminals.

Russia has until now taken a hands-off approach when it comes to dealing with hackers. Reuters reported Wednesday that the head of the country’s Federal Security Service (FSB) Alexander Bortnikov was quoted as saying it will co-operate with U.S. authorities on future cybersecurity operations.

Intel 471 previously said that it does not believe the key members of Clop were arrested in last week’s operation because “they are probably living in Russia,” which has long provided safe harbor to cybercriminals by refusing to take action.

The Clop ransomware gang was first spotted in early 2019, and the group has since been linked to a number of high-profile attacks. These include the breach of U.S. pharmaceutical giant ExecuPharm in April 2020 and the recent data breach at Accellion, which saw hackers exploit flaws in the IT provider’s software to steal data from dozens of its customers including the University of Colorado and cloud security vendor Qualys.

Dear Sophie: What options would allow me to start something on my own?

By Annie Siebert
Sophie Alcorn Contributor
Sophie Alcorn is the founder of Alcorn Immigration Law in Silicon Valley and 2019 Global Law Experts Awards’ “Law Firm of the Year in California for Entrepreneur Immigration Services.” She connects people with the businesses and opportunities that expand their lives.

Here’s another edition of “Dear Sophie,” the advice column that answers immigration-related questions about working at technology companies.

“Your questions are vital to the spread of knowledge that allows people all over the world to rise above borders and pursue their dreams,” says Sophie Alcorn, a Silicon Valley immigration attorney. “Whether you’re in people ops, a founder or seeking a job in Silicon Valley, I would love to answer your questions in my next column.”

Extra Crunch members receive access to weekly “Dear Sophie” columns; use promo code ALCORN to purchase a one- or two-year subscription for 50% off.


Dear Sophie,

I’ve been working on an H-1B in the U.S. for nearly two years. While I’m grateful to have made it through the H-1B lottery and to be working, I’m feeling unhappy and frustrated with my job.

I really want to start something of my own and work on my own terms in the United States. Are there any immigration options that would allow me to do that?

— Seeking Satisfaction

Dear Seeking,

Job dissatisfaction and frustration while on H-1B is normal, according to Edward Gorbis. He is the founder of Career Meets World and a performance coach who specifically works with immigrants and first-generation professionals to help them find fulfillment and thrive in their careers and life. I recently spoke with him for my podcast, “Immigration Law For Tech Startups.”

He says that “once immigrants reach stability, they start to think, ‘Who am I, what do I value, what’s my core identity?’” He partners with people to help them to gain a better understanding of why they think the way they do, teach them how our brain really works, and then reshape and retrain the brain for success.

Gorbis says that imagining overcoming the hurdles that stand in the way of doing the work that will fulfill you is the first step. So, here are some options that can help you imagine how to move toward building the life of your dreams.

A composite image of immigration law attorney Sophie Alcorn in front of a background with a TechCrunch logo.

Image Credits: Joanna Buniak / Sophie Alcorn (opens in a new window)

Raise $250,000 and be the CEO

A great new option for aspiring entrepreneurs is International Entrepreneur Parole, a new immigration program in the United States that allows CEOs, CTOs, and others to obtain a 2.5-year immigration status. You can live in the U.S. and run your company. Your spouse can work and you could be eligible for a 2.5-year extension.

How to qualify? You’ll need to own at least 10% of a U.S. company, such as a Delaware C corporation registered in California. Ideally, you’ll want to show that your company bank account has at least $250,000 raised from qualifying U.S. investors prior to applying, but you can demonstrate other evidence to show that your company has the potential to grow rapidly and create jobs in the U.S.

See yourself at another company

There is technically no limit on how many H-1B employers you can have or how many hours you work — or how few hours you work — in an H-1B position. So, think about other companies.

Mitiga raises $25M Series A to help organizations respond to cyberattacks

By Carly Page

Israeli cloud security startup Mitiga has raised $25 million in a Series A round of funding as it moves to “completely change” the traditional incident response market.

Mitiga, unlike other companies in the cybersecurity space, isn’t looking to prevent cyberattacks, which the startup claims are inevitable no matter how much protection is in place. Rather, it’s looking to help organizations manage their incident response, particularly as they transition to hybrid and multi-cloud environments. 

The early-stage startup, which raised $7 million in seed funding in July last year, says its incident readiness and response tech stack accelerates post-incident bounce back from days down to hours. Its subscription-based offering automatically detects when a network is breached and quickly investigates, collects case data, and translates it into remediation steps for all relevant divisions within an organization so they can quickly and efficiently respond. Mitiga also documents each event, allowing organizations to fix the cause in order to prevent future attacks.

Mitiga’s Series A was led by ClearSky Security, Atlantic Bridge, and DNX, and the startup tells TechCrunch that it will use the funds to “continue to disrupt how incident readiness and response is delivered,” as well as “significantly” increasing its cybersecurity, engineering, sales, and marketing staff.

The company added that the funding comes amid a “changing mindset” for enterprise organizations when it comes to incident readiness and response. The pandemic has accelerated cloud adoption, and it’s predicted that spending on cloud services will surpass $332 billion this year alone. This acceleration, naturally, has provided a lucrative target for hackers, with cyberattacks on cloud services increasing 630% in the first four months of 2020, according to McAfee. 

“The cloud represents new challenges for incident readiness and response and we’re bringing the industry’s first incident response solution in the cloud, for the cloud,” said Tal Mozes, co-founder and CEO of Mitiga. 

“This funding will allow us to further our engagements with heads of enterprise security who are looking to recover from an incident in real-time, attract even more of the most innovative cybersecurity minds in the industry, and expand our partner network. I couldn’t be more excited about what Mitiga is going to do for cloud-first organizations who understand the importance of cybersecurity readiness and response.”

Mitiga was founded in 2019 by Mozes, Ariel Parnes and Ofer Maor, and the team of 42 currently works in Tel Aviv with offices in London and New York. It has customers in multiple sectors, including financial service institutions, banks, e-commerce, law enforcement and government agencies, and Mitiga also provides emergency response to active network security incidents such as ransomware and data breaches for non-subscription customers.

Recent funding:

EU puts out final guidance on data transfers to third countries

By Natasha Lomas

The European Data Protection Board (EDPB) published its final recommendations yesterday setting on guidance for making transfers of personal data to third countries to comply with EU data protection rules in light of last summer’s landmark CJEU ruling (aka Schrems II).

The long and short of these recommendations — which are fairly long; running to 48 pages — is that some data transfers to third countries will simply not be possible to (legally) carry out. Despite the continued existence of legal mechanisms that can, in theory, be used to make such transfers (like Standard Contractual Clauses; a transfer tool that was recently updated by the Commission).

However it’s up to the data controller to assess the viability of each transfer, on a case by case basis, to determine whether data can legally flow in that particular case. (Which may mean, for example, a business making complex assessments about foreign government surveillance regimes and how they impinge upon its specific operations.)

Companies that routinely take EU users’ data outside the bloc for processing in third countries (like the US), which do not have data adequacy arrangements with the EU, face substantial cost and challenge in attaining compliance — in a best case scenario.

Those that can’t apply viable ‘special measures’ to ensure transferred data is safe are duty bound to suspend data flows — with the risk, should they fail to do that, of being ordered to by a data protection authority (which could also apply additional sanctions).

One alternative option could be for such a firm to store and process EU users’ data locally — within the EU. But clearly that won’t be viable for every company.

Law firms are likely to be very happy with this outcome since there will be increased demand for legal advice as companies grapple with how to structure their data flows and adapt to a post-Schrems II world.

In some EU jurisdictions (such as Germany) data protection agencies are now actively carrying out compliance checks — so orders to suspend transfers are bound to follow.

While the European Data Protection Supervisor is busy scrutinizing EU institutions’ own use of US cloud services giants to see whether high level arrangements with tech giants like AWS and Microsoft pass muster or not.

Last summer the CJEU struck down the EU-US Privacy Shield — only a few years after the flagship adequacy arrangement was inked. The same core legal issues did for its predecessor, ‘Safe Harbor‘, though that had stood for some fifteen years. And since the demise of Privacy Shield the Commission has repeatedly warned there will be no quick fix replacement this time; nothing short of major reform of US surveillance law is likely to be required.

US and EU lawmakers remain in negotiations over a replacement EU-US data flows deal but a viable outcome that can stand up to legal challenge as the prior two agreements could not, may well require years of work, not months.

And that means EU-US data flows are facing legal uncertainty for the foreseeable future.

The UK, meanwhile, has just squeezed a data adequacy agreement out of the Commission — despite some loudly enunciated post-Brexit plans for regulatory divergence in the area of data protection.

If the UK follows through in ripping up key tenets of its inherited EU legal framework there’s a high chance it will also lose adequacy status in the coming years — meaning it too could face crippling barriers to EU data flows. (But for now it seems to have dodged that bullet.)

Data flows to other third countries that also lack an EU adequacy agreement — such as China and India — face the same ongoing legal uncertainty.

The backstory to the EU international data flows issues originates with a complaint — in the wake of NSA whistleblower Edward Snowden’s revelations about government mass surveillance programs, so more than seven years ago — made by the eponymous Max Schrems over what he argued were unsafe EU-US data flows.

Although his complaint was specifically targeted at Facebook’s business and called on the Irish Data Protection Commission (DPC) to use its enforcement powers and suspend Facebook’s EU-US data flows.

A regulatory dance of indecision followed which finally saw legal questions referred to Europe’s top court and — ultimately — the demise of the EU-US Privacy Shield. The CJEU ruling also put it beyond legal doubt that Member States’ DPAs must step in and act when they suspect data is flowing to a location where the information is at risk.

Following the Schrems II ruling, the DPC (finally) sent Facebook a preliminary order to suspend its EU-US data flows last fall. Facebook immediately challenged the order in the Irish courts — seeking to block the move. But that challenge failed. And Facebook’s EU-US data flows are now very much operating on borrowed time.

As one of the platform’s subject to Section 702 of the US’ FISA law, its options for applying ‘special measures’ to supplement its EU data transfers look, well, limited to say the least.

It can’t — for example — encrypt the data in a way that ensures it has no access to it (zero access encryption) since that’s not how Facebook’s advertising empire functions. And Schrems has previously suggested Facebook will have to federate its service — and store EU users’ information inside the EU — to fix its data transfer problem.

Safe to say, the costs and complexity of compliance for certain businesses like Facebook look massive.

But there will be compliance costs and complexity for thousands of businesses in the wake of the CJEU ruling.

Commenting on the EDPB’s adoption of final recommendations, chair Andrea Jelinek said: “The impact of Schrems II cannot be underestimated: Already international data flows are subject to much closer scrutiny from the supervisory authorities who are conducting investigations at their respective levels. The goal of the EDPB Recommendations is to guide exporters in lawfully transferring personal data to third countries while guaranteeing that the data transferred is afforded a level of protection essentially equivalent to that guaranteed within the European Economic Area.

“By clarifying some doubts expressed by stakeholders, and in particular the importance of examining the practices of public authorities in third countries, we want to make it easier for data exporters to know how to assess their transfers to third countries and to identify and implement effective supplementary measures where they are needed. The EDPB will continue considering the effects of the Schrems II ruling and the comments received from stakeholders in its future guidance.”

The EDPB put out earlier guidance on Schrems II compliance last year.

It said the main modifications between that earlier advice and its final recommendations include: “The emphasis on the importance of examining the practices of third country public authorities in the exporters’ legal assessment to determine whether the legislation and/or practices of the third country impinge — in practice — on the effectiveness of the Art. 46 GDPR transfer tool; the possibility that the exporter considers in its assessment the practical experience of the importer, among other elements and with certain caveats; and the clarification that the legislation of the third country of destination allowing its authorities to access the data transferred, even without the importer’s intervention, may also impinge on the effectiveness of the transfer tool”.

Commenting on the EDPB’s recommendations in a statement, law firm Linklaters dubbed the guidance “strict” — warning over the looming impact on businesses.

“There is little evidence of a pragmatic approach to these transfers and the EDPB seems entirely content if the conclusion is that the data must remain in the EU,” said Peter Church, a Counsel at the global law firm. “For example, before transferring personal data to third country (without adequate data protection laws) businesses must consider not only its law but how its law enforcement and national security agencies operate in practice. Given these activities are typically secretive and opaque, this type of analysis is likely to cost tens of thousands of euros and take time. It appears this analysis is needed even for relatively innocuous transfers.”

“It is not clear how SMEs can be expected to comply with these requirements,” he added. “Given we now operate in a globalised society the EDPB, like King Canute, should consider the practical limitations on its power. The guidance will not turn back the tides of data washing back and forth across the world, but many businesses will really struggle to comply with these new requirements.”

 

❌