FreshRSS

🔒
❌ About FreshRSS
There are new available articles, click to refresh the page.
Before yesterdayYour RSS feeds

What3Words sends legal threat to a security researcher for sharing an open-source alternative

By Zack Whittaker

A U.K. company behind digital addressing system What3Words has sent a legal threat to a security researcher for offering to share an open-source software project with other researchers, which What3Words claims violate its copyright.

Aaron Toponce, a systems administrator at XMission, received a letter on Thursday from a law firm representing What3Words, requesting that he delete tweets related to the open source alternative, WhatFreeWords. The letter also demands that he disclose to the law firm the identity of the person or people with whom he had shared a copy of the software, agree that he would not make any further copies of the software, and to delete any copies of the software he had in his possession.

The letter gave him until May 7 to agree, after which What3Words would “waive any entitlement it may have to pursue related claims against you,” a thinly-veiled threat of legal action.

“This is not a battle worth fighting,” he said in a tweet. Toponce told TechCrunch that he has complied with the demands, fearing legal repercussions if he didn’t. He has also asked the law firm twice for links to the tweets they want deleting but has not heard back. “Depending on the tweet, I may or may not comply. Depends on its content,” he said.

The legal threat sent to Aaron Toponce. (Image: supplied)

U.K.-based What3Words divides the entire world into three-meter squares and labels each with a unique three-word phrase. The idea is that sharing three words is easier to share on the phone in an emergency than having to find and read out their precise geographic coordinates.

But security researcher Andrew Tierney recently discovered that What3Words would sometimes have two similarly-named squares less than a mile apart, potentially causing confusion about a person’s true whereabouts. In a later write-up, Tierney said What3Words was not adequate for use in safety-critical cases.

It’s not the only downside. Critics have long argued that What3Words’ proprietary geocoding technology, which it bills as “life-saving,” makes it harder to examine it for problems or security vulnerabilities.

Concerns about its lack of openness in part led to the creation of the WhatFreeWords. A copy of the project’s website, which does not contain the code itself, said the open-source alternative was developed by reverse-engineering What3Words. “Once we found out how it worked, we coded implementations for it for JavaScript and Go,” the website said. “To ensure that we did not violate the What3Words company’s copyright, we did not include any of their code, and we only included the bare minimum data required for interoperability.”

But the project’s website was nevertheless subjected to a copyright takedown request filed by What3Words’ counsel. Even tweets that pointed to cached or backup copies of the code were removed by Twitter at the lawyers’ requests.

Toponce — a security researcher on the side — contributed to Tierney’s research, who was tweeting out his findings as he went. Toponce said that he offered to share a copy of the WhatFreeWord code with other researchers to help Tierney with his ongoing research into What3Words. Toponce told TechCrunch that receiving the legal threat may have been a combination of offering to share the code and also finding problems with What3Words.

In its letter to Toponce, What3Words argues that WhatFreeWords contains its intellectual property and that the company “cannot permit the dissemination” of the software.

Regardless, several websites still retain copies of the code and are easily searchable through Google, and TechCrunch has seen several tweets linking to the WhatFreeWords code since Toponce went public with the legal threat. Tierney, who did not use WhatFreeWords as part of his research, said in a tweet that What3Words’ reaction was “totally unreasonable given the ease with which you can find versions online.”

We asked What3Words if the company could point to a case where a judicial court has asserted that WhatFreeWords has violated its copyright. What3Words spokesperson Miriam Frank did not respond to multiple requests for comment.

Heirlume raises $1.38M to remove the barriers of trademark registration for small businesses

By Darrell Etherington

Platforms like Shopify, Stripe and WordPress have done a lot to make essential business-building tools, like running storefronts, accepting payments, and building websites accessible to businesses with even the most modest budgets. But some very key aspects of setting up a company remain expensive, time-consuming affairs that can be cost-prohibitive for small businesses — but that, if ignored, can result in the failure of a business before it even really gets started.

Trademark registration is one such concern, and Toronto-based startup Heirlume just raised $1.7 million CAD (~$1.38 million) to address the problem with a machine-powered trademark registration platform that turns the process into a self-serve affair that won’t break the budget. Its AI-based trademark search will flag if terms might run afoul of existing trademarks in the U.S. and Canada, even when official government trademark search tools, and even top-tier legal firms might not.

Heirlume’s core focus is on levelling the playing field for small business owners, who have typically been significantly out-matched when it comes to any trademark conflicts.

“I’m a senior level IP lawyer focused in trademarks, and had practiced in a traditional model, boutique firm of my own for over a decade serving big clients, and small clients,” explained Heirlume co-founder Julie MacDonnell in an interview. “So providing big multinationals with a lot of brand strategy, and in-house legal, and then mainly serving small business clients when they were dealing with a cease-and-desist, or an infringement issue. It’s really those clients that have my heart: It’s incredibly difficult to have a small business owner literally crying tears on the phone with you, because they just lost their brand or their business overnight. And there was nothing I could do to help because the law just simply wasn’t on their side, because they had neglected to register their trademarks to own them.”

In part, there’s a lack of awareness around what it takes to actually register and own a trademark, MacDonnell says. Many entrepreneurs just starting out seek out a domain name as a first step, for instance, and some will fork over significant sums to register these domains. What they don’t realize, however, is that this is essentially a rental, and if you don’t have the trademark to protect that domain, the actual trademark owner can potentially take it away down the road. But even if business owners do realize that a trademark should be their first stop, the barriers to actually securing one are steep.

“There was an an enormous, insurmountable barrier, when it came to brand protection for those business owners,” she said. “And it just isn’t fair. Every other business service, generally a small business owner can access. Incorporating a company or even insurance, for example, owning and buying insurance for your business is somewhat affordable and accessible. But brand ownership is not.”

Heirlume brings the cost of trademark registration down from many thousands of dollars, to just under $600 for the first, and only $200 for each additional after that. The startup is also offering a very small business-friendly ‘buy now, pay later’ option supported by Clearbanc, which means that even businesses starting on a shoestring can take step of protecting their brand at the outset.

In its early days, Heirlume is also offering its core trademark search feature for free. That provides a trademark search engine that works across both U.S. and Canadian government databases, which can not only tell you if your desired trademark is available or already held, but also reveal whether it’s likely to be able to be successfully obtained, given other conflicts that might arise that are totally ignored by native trademark database search portals.

Heirlume search tool comparison

Image Credits: Heirlume

Heirlume uses machine learning to identify these potential conflicts, which not only helps users searching for their trademarks, but also greatly decreases the workload behind the scenes, helping them lower costs and pass on the benefits of those improved margins to its clients. That’s how it can achieve better results than even hand-tailored applications from traditional firms, while doing so at scale and at reduced costs.

Another advantage of using machine-powered data processing and filing is that on the government trademark office side, the systems are looking for highly organized, curated data sets that are difficult for even trained people to get consistently right. Human error in just data entry can cause massive backlogs, MacDonnell notes, even resulting in entire applications having to be tossed and started over from scratch.

“There are all sorts of datasets for those [trademark requirement] parameters,” she said. “Essentially, we synthesize all of that, and the goal through machine learning is to make sure that applications are utterly compliant with government rules. We actually have a senior level trademark examiner that that came to work for us, very excited that we were solving the problems causing backlogs within the government. She said that if Heirlume can get to a point where the applications submitted are perfect, there will be no backlog with the government.”

Improving efficiency within the trademark registration bodies means one less point of friction for small business owners when they set out to establish their company, which means more economic activity and upside overall. MacDonnell ultimately hopes that Heirlume can help reduce friction to the point where trademark ownership is at the forefront of the business process, even before domain registration. Heirlume has a partnership with Google Domains to that end, which will eventually see indication of whether a domain name is likely to be trademarkable included in Google Domain search results.

This initial seed funding includes participation from Backbone Angels, as well as the Future Capital collective, Angels of Many and MaRS IAF, along with angel investors including Daniel Debow, Sid Lee’s Bertrand Cesvet and more. MacDonnell notes that just as their goal was to bring more access and equity to small business owners when it comes to trademark protection, the startup was also very intentional in building its team and its cap table. MacDonnell, along with co-founders CTO Sarah Guest and Dave McDonnell, aim to build the largest tech company with a majority female-identifying technology team. Its investor make-up includes 65% female-identifying or underrepresented investors, and MacDonnell says that was a very intentional choice that extended the time of the raise, and even led to turning down interest from some leading Silicon Valley firms.

“We want underrepresented founders to be to be funded, and the best way to ensure that change is to empower underrepresented investors,” she said. “I think that we all have a responsibility to actually do do something. We’re all using hashtags right now, and hashtags are not enough […] Our CTO is female, and she’s often been the only female person in the room. We’ve committed to ensuring that women in tech are no longer the only person in the room.”

Europe charges Apple with antitrust breach, citing Spotify App Store complaint

By Natasha Lomas

The European Commission has announced that it’s issued formal antitrust charges against Apple, saying today that its preliminary view is Apple’s app store rules distort competition in the market for music streaming services by raising the costs of competing music streaming app developers.

The Commission begun investigating competition concerns related to iOS App Store (and also Apple Pay) last summer.

“The Commission takes issue with the mandatory use of Apple’s own in-app purchase mechanism imposed on music streaming app developers to distribute their apps via Apple’s App Store,” it wrote today. “The Commission is also concerned that Apple applies certain restrictions on app developers preventing them from informing iPhone and iPad users of alternative, cheaper purchasing possibilities.”

Commenting in a statement, EVP and competition chief Margrethe Vestager, said: “App stores play a central role in today’s digital economy. We can now do our shopping, access news, music or movies via apps instead of visiting websites. Our preliminary finding is that Apple is a gatekeeper to users of iPhones and iPads via the App Store. With Apple Music, Apple also competes with music streaming providers. By setting strict rules on the App store that disadvantage competing music streaming services, Apple deprives users of cheaper music streaming choices and distorts competition. This is done by charging high commission fees on each transaction in the App store for rivals and by forbidding them from informing their customers of alternative subscription options.”

Apple sent us this statement in response:

“Spotify has become the largest music subscription service in the world, and we’re proud for the role we played in that. Spotify does not pay Apple any commission on over 99% of their subscribers, and only pays a 15% commission on those remaining subscribers that they acquired through the App Store. At the core of this case is Spotify’s demand they should be able to advertise alternative deals on their iOS app, a practice that no store in the world allows. Once again, they want all the benefits of the App Store but don’t think they should have to pay anything for that. The Commission’s argument on Spotify’s behalf is the opposite of fair competition.”

Vestager is due to hold a press conference shortly — so stay tuned for updates.

This story is developing… 

A number of complaints against Apple’s practices have been lodged with the EU’s competition division in recent years — including by music streaming service Spotify; video games maker Epic Games; and messaging platform Telegram, to name a few of the complainants who have gone public (and been among the most vocal).

The main objection is over the (up to 30%) cut Apple takes on sales made through third parties’ apps — which critics rail against as an ‘Apple tax’ — as well as how it can mandate that developers do not inform users how to circumvent its in-app payment infrastructure, i.e. by signing up for subscriptions via their own website instead of through the App Store. Other complaints include that Apple does not allow third party app stores on iOS.

Apple, meanwhile, has argued that its App Store does not constitute a monopoly. iOS’ global market share of mobile devices is a little over 10% vs Google’s rival Android OS — which is running on the lion’s share of the world’s mobile hardware. But monopoly status depends on how a market is defined by regulators (and if you’re looking at the market for iOS apps then Apple has no competitors).

The iPhone maker also likes to point out that the vast majority of third party apps pay it no commission (as they don’t monetize via in-app payments). While it argues that restrictions on native apps are necessary to protect iOS users from threats to their security and privacy.

Last summer the European Commission said its App Store probe was focused on Apple’s mandatory requirement that app developers use its proprietary in-app purchase system, as well as restrictions applied on the ability of developers to inform iPhone and iPad users of alternative cheaper purchasing possibilities outside of apps.

It also said it was investigating Apple Pay: Looking at the T&Cs and other conditions Apple imposes for integrating its payment solution into others’ apps and websites on iPhones and iPads, and also on limitations it imposes on others’ access to the NFC (contactless payment) functionality on iPhones for payments in stores.

The EU’s antitrust regulator also said then that it was probing allegations of “refusals of access” to Apple Pay.

In March this year the UK also joined the Apple App Store antitrust investigation fray — announcing a formal investigation into whether it has a dominant position and if it imposes unfair or anti-competitive terms on developers using its app store.

US lawmakers have, meanwhile, also been dialling up attention on app stores, plural — and on competition in digital markets more generally — calling in both Apple and Google for questioning over how they operate their respective mobile app marketplaces in recent years.

Last month, for example, the two tech giants’ representatives were pressed on whether their app stores share data with their product development teams — with lawmakers digging into complaints against Apple especially that Cupertino frequently copies others’ apps, ‘sherlocking’ their businesses by releasing native copycats (as the practice has been nicknamed).

Back in July 2020 the House Antitrust Subcommittee took testimony from Apple CEO Tim Cook himself — and went on, in a hefty report on competition in digital markets, to accuse Apple of leveraging its control of iOS and the App Store to “create and enforce barriers to competition and discriminate against and exclude rivals while preferencing its own offerings”.

“Apple also uses its power to exploit app developers through misappropriation of competitively sensitive information and to charge app developers supra-competitive prices within the App Store,” the report went on. “Apple has maintained its dominance due to the presence of network effects, high barriers to entry, and high switching costs in the mobile operating system market.”

The report did not single Apple out — also blasting Google-owner Alphabet, Amazon and Facebook for abusing their market power. And the Justice Department went on to file suit against Google later the same month. So, over in the U.S., the stage is being set for further actions against big tech. Although what, if any, federal charges Apple could face remains to be seen.

At the same time, a number of state-level tech regulation efforts are brewing around big tech and antitrust — including a push in Arizona to relieve developers from Apple and Google’s hefty cut of app store profits.

While an antitrust bill introduced by Republican Josh Hawley earlier this month takes aim at acquisitions, proposing an outright block on big tech’s ability to carry out mergers and acquisitions.

Although that bill looks unlikely to succeed, a flurry of antitrust reform bills are set to introduced as U.S. lawmakers on both sides of the aisle grapple with how to cut big tech down to a competition-friendly size.

In Europe lawmakers are already putting down draft laws with the same overarching goal.

In the EU the Commission has proposed an ex ante regime to prevent big tech from abusing its market power, with the Digital Markets Act set to impose conditions on intermediating platforms who are considered ‘gatekeepers’ to others’ market access.

In the UK, which now sits outside the bloc, the government is also drafting new laws in response to tech giants’ market power — saying it will create a ‘pro-competition’ regime that will apply to platforms with so-called  ‘strategic market status’ — but instead of a set list of requirements it wants to target specific measures per platform.

EU’s top data protection supervisor urges ban on facial recognition in public

By Natasha Lomas

The European Union’s lead data protection supervisor has called for remote biometric surveillance in public places to be banned outright under incoming AI legislation.

The European Data Protection Supervisor’s (EDPS) intervention follows a proposal, put out by EU lawmakers on Wednesday, for a risk-based approach to regulating applications of artificial intelligence.

The Commission’s legislative proposal includes a partial ban on law enforcement’s use of remote biometric surveillance technologies (such as facial recognition) in public places. But the text includes wide-ranging exceptions, and digital and humans rights groups were quick to warn over loopholes they argue will lead to a drastic erosion of EU citizens’ fundamental rights. And last week a cross-party group of MEPs urged the Commission to screw its courage to the sticking place and outlaw the rights-hostile tech.

The EDPS, whose role includes issuing recommendations and guidance for the Commission, tends to agree. In a press release today Wojciech Wiewiórowski urged a rethink.

“The EDPS regrets to see that our earlier calls for a moratorium on the use of remote biometric identification systems — including facial recognition — in publicly accessible spaces have not been addressed by the Commission,” he wrote.

“The EDPS will continue to advocate for a stricter approach to automated recognition in public spaces of human features — such as of faces but also of gait, fingerprints, DNA, voice, keystrokes and other biometric or behavioural signals — whether these are used in a commercial or administrative context, or for law enforcement purposes.

“A stricter approach is necessary given that remote biometric identification, where AI may contribute to unprecedented developments, presents extremely high risks of deep and non-democratic intrusion into individuals’ private lives.”

Wiewiórowski had some warm words for the legislative proposal too, saying he welcomed the horizontal approach and the broad scope set out by the Commission. He also agreed there are merits to a risk-based approach to regulating applications of AI.

But the EDPB has made it clear that the red lines devised by EU lawmakers are a lot pinker in hue than he’d hoped for — adding a high profile voice to the critique that the Commission hasn’t lived up to its much trumpeted claim to have devised a framework that will ensure ‘trustworthy’ and ‘human-centric’ AI.

The coming debate over the final shape of the regulation is sure to include plenty of discussion over where exactly Europe’s AI red lines should be. A final version of the text isn’t expected to be agreed until next year at the earliest.

“The EDPS will undertake a meticulous and comprehensive analysis of the Commission’s proposal to support the EU co-legislators in strengthening the protection of individuals and society at large. In this context, the EDPS will focus in particular on setting precise boundaries for those tools and systems which may present risks for the fundamental rights to data protection and privacy,” Wiewiórowski added.

 

Proctorio sued for using DMCA to take down a student’s critical tweets

By Zack Whittaker

A university student is suing exam proctoring software maker Proctorio to “quash a campaign of harassment” against critics of the company, including accusations that the company misused copyright laws to remove his tweets that were critical of the software.

The Electronic Frontier Foundation, which filed the lawsuit this week on behalf of Miami University student Erik Johnson, who also does security research on the side, accused Proctorio of having “exploited the DMCA to undermine Johnson’s commentary.”

Twitter hid three of Johnson’s tweets after Proctorio filed a copyright takedown notice under the Digital Millennium Copyright Act, or DMCA, alleging that three of Johnson’s tweets violated the company’s copyright.

Schools and universities have increasingly leaned on proctoring software during the pandemic to invigilate student exams, albeit virtually. Students must install the school’s choice of proctoring software to grant access to the student’s microphone and webcam to spot potential cheating. But students of color have complained that the software fails to recognize non-white faces and that the software also requires high-speed internet access, which many low-income houses don’t have. If a student fails these checks, the student can end up failing the exam.

Despite this, Vice reported last month that some students are easily cheating on exams that are monitored by Proctorio. Several schools have banned or discontinued using Proctorio and other proctoring software, citing privacy concerns.

Proctorio’s monitoring software is a Chrome extension, which unlike most desktop software can be easily downloaded and the source code examined for bugs and flaws. Johnson examined the code and tweeted what he found — including under what circumstances a student’s test would be terminated if the software detected signs of potential cheating, and how the software monitors for suspicious eye movements and abnormal mouse clicking.

Johnson’s tweets also contained links to snippets of the Chrome extension’s source code on Pastebin.

Proctorio claimed at the time, via its crisis communications firm Edelman, that Johnson violated the company’s rights “by copying and posting extracts from Proctorio’s software code on his Twitter account.” But Twitter reinstated Johnson’s tweets after finding Proctorio’s takedown notice “incomplete.”

“Software companies don’t get to abuse copyright law to undermine their critics,” said Cara Gagliano, a staff attorney at the EFF. “Using pieces [of] code to explain your research or support critical commentary is no different from quoting a book in a book review.”

The complaint argues that Proctorio’s “pattern of baseless DMCA notices” had a chilling effect on Johnson’s security research work, amid fears that “reporting on his findings will elicit more harassment.”

“Copyright holders should be held liable when they falsely accuse their critics of copyright infringement, especially when the goal is plainly to intimidate and undermine them,” said Gagliano. “We’re asking the court for a declaratory judgment that there is no infringement to prevent further legal threats and takedown attempts against Johnson for using code excerpts and screenshots to support his comments.”

The EFF alleges that this is part of a wider pattern that Proctorio uses to respond to criticism. Last year Olsen posted a student’s private chat logs on Reddit without their permission. Olsen later set his Twitter account to private following the incident. Proctorio is also suing Ian Linkletter, a learning technology specialist at the University of British Columbia, after posting tweets critical of the company’s proctoring software.

The lawsuit is filed in Arizona, where Proctorio is headquartered. Proctorio CEO Mike Olson did not respond to a request for comment.

Dear Sophie: How can I get my startup off the ground and visit the US?

By Annie Siebert
Sophie Alcorn Contributor
Sophie Alcorn is the founder of Alcorn Immigration Law in Silicon Valley and 2019 Global Law Experts Awards’ “Law Firm of the Year in California for Entrepreneur Immigration Services.” She connects people with the businesses and opportunities that expand their lives.

Here’s another edition of “Dear Sophie,” the advice column that answers immigration-related questions about working at technology companies.

“Your questions are vital to the spread of knowledge that allows people all over the world to rise above borders and pursue their dreams,” says Sophie Alcorn, a Silicon Valley immigration attorney. “Whether you’re in people ops, a founder or seeking a job in Silicon Valley, I would love to answer your questions in my next column.”

Extra Crunch members receive access to weekly “Dear Sophie” columns; use promo code ALCORN to purchase a one- or two-year subscription for 50% off.


Dear Sophie,

I’m a female entrepreneur who created my first startup a few months ago.

Once my startup gets off the ground — and as COVID-19 gets under control — I’d like to visit the United States to test the market and meet with investors. Which visas would allow me to do that?

—Noteworthy in Nairobi

Dear Noteworthy,

Congratulations on founding your startup! There are many ways to engage with the U.S. startup ecosystem, and you can start now, even before you physically come to the United States.

I recommend doing some research into the programs and resources offered to entrepreneurs like you through the U.S. Embassy and Consulates near you in your home country. I recently interviewed Lilly Wahl-Tuco, a foreign service officer who has worked for the U.S. Department of State for 15 years, on my podcast.

Wahl-Tuco discussed some of the State Department resources — including programs, competitions and grants — made available by U.S. embassies and consulates for entrepreneurs living in the area.

A composite image of immigration law attorney Sophie Alcorn in front of a background with a TechCrunch logo.

Image Credits: Joanna Buniak / Sophie Alcorn (opens in a new window)

Serving as the first Environment, Science, Technology and Health (ESTH) officer at the U.S. Embassy in Bosnia and Herzegovina in 2015, Wahl-Tuco was tasked with energizing the entrepreneurs of Bosnia. After she traveled around the country, visiting every incubator and meeting several entrepreneurs, Wahl-Tuco said she was surprised that most of the people she talked with didn’t know about the resources that the U.S. government offers through its embassies.

She recommends that entrepreneurs reach out, network and do online research to figure out what’s offered in their country or even if other foreign embassies offer resources and programs aimed at entrepreneurs.

Wahl-Tuco also suggested that entrepreneurs reach out to their local U.S. Embassy. For example, you can contact the U.S. Embassy in Kenya to find out if you can discuss your startup and business plan with an ESTH officer (if there is one) or someone else there. Connecting with embassy staff can open up many opportunities.

Google misled consumers over location data settings, Australia court finds

By Natasha Lomas

Google’s historical collection of location data has got it into hot water in Australia where a case brought by the country’s Competition and Consumer Commission (ACCC) has led to a federal court ruling that the tech giant misled consumers by operating a confusing dual-layer of location settings in what the regulator describes as a “world-first enforcement action”.

The case relates to personal location data collected by Google through Android mobile devices between January 2017 and December 2018.

Per the ACCC, the court ruled that “when consumers created a new Google Account during the initial set-up process of their Android device, Google misrepresented that the ‘Location History’ setting was the only Google Account setting that affected whether Google collected, kept or used personally identifiable data about their location”.

“In fact, another Google Account setting titled ‘Web & App Activity’ also enabled Google to collect, store and use personally identifiable location data when it was turned on, and that setting was turned on by default,” it wrote.

The Court also ruled that Google misled consumers when they later accessed the ‘Location History’ setting on their Android device during the same time period to turn that setting off because it did not inform them that by leaving the ‘Web & App Activity’ setting switched on, Google would continue to collect, store and use their personally identifiable location data.

“Similarly, between 9 March 2017 and 29 November 2018, when consumers later accessed the ‘Web & App Activity’ setting on their Android device, they were misled because Google did not inform them that the setting was relevant to the collection of personal location data,” the ACCC added.

Similar complaints about Google’s location data processing being deceptive — and allegations that it uses manipulative tactics in order to keep tracking web users’ locations for ad-targeting purposes — have been raised by consumer agencies in Europe for years. And in February 2020 the company’s lead data regulator in the region finally opened an investigation. However that probe remains ongoing.

Whereas the ACCC said today that it will be seeking “declarations, pecuniary penalties, publications orders, and compliance orders” following the federal court ruling. Although it added that the specifics of its enforcement action will be determined “at a later date”. So it’s not clear exactly when Google will be hit with an order — nor how large a fine it might face.

The tech giant may also seek to appeal the court ruling.

Google said today it’s reviewing its legal options and considering a “possible appeal” — highlighting the fact the Court did not agree wholesale with the ACCC’s case because it dismissed some of the allegations (related to certain statements Google made about the methods by which consumers could prevent it from collecting and using their location data, and the purposes for which personal location data was being used by Google).

Here’s Google’s statement in full:

“The court rejected many of the ACCC’s broad claims. We disagree with the remaining findings and are currently reviewing our options, including a possible appeal. We provide robust controls for location data and are always looking to do more — for example we recently introduced auto delete options for Location History, making it even easier to control your data.”

While Mountain View denies doing anything wrong in how it configures location settings — while simultaneously claiming it’s always looking to improve the controls it offers its users — Google’s settings and defaults have, nonetheless, got it into hot water with regulators before.

Back in 2019 France’s data watchdog, the CNIL, fined it $57M over a number of transparency and consent failures under the EU’s General Data Protection Regulation. That remains the largest GDPR penalty issued to a tech giant since the regulation came into force a little under three years ago — although France has more recently sanctioned Google $120M under different EU laws for dropping tracking cookies without consent.

Australia, meanwhile, has forged ahead with passing legislation this year that directly targets the market power of Google (and Facebook) — passing a mandatory news media bargaining code in February which aims to address the power imbalance between platform giants and publishers around the reuse of journalism content.

Facebook faces ‘mass action’ lawsuit in Europe over 2019 breach

By Natasha Lomas

Facebook is to be sued in Europe over the major leak of user data that dates back to 2019 but which only came to light recently after information on 533M+ accounts was found posted for free download on a hacker forum.

Today Digital Rights Ireland (DRI) announced it’s commencing a “mass action” to sue Facebook, citing the right to monetary compensation for breaches of personal data that’s set out in the European Union’s General Data Protection Regulation (GDPR).

Article 82 of the GDPR provides for a ‘right to compensation and liability’ for those affected by violations of the law. Since the regulation came into force, in May 2018, related civil litigation has been on the rise in the region.

The Ireland-based digital rights group is urging Facebook users who live in the European Union or European Economic Area to check whether their data was breach — via the haveibeenpwned website (which lets you check by email address or mobile number) — and sign up to join the case if so.

Information leaked via the breach includes Facebook IDs, location, mobile phone numbers, email address, relationship status and employer.

Facebook has been contacted for comment on the litigation.

The tech giant’s European headquarters is located in Ireland — and earlier this week the national data watchdog opened an investigation, under EU and Irish data protection laws.

A mechanism in the GDPR for simplifying investigation of cross-border cases means Ireland’s Data Protection Commission (DPC) is Facebook’s lead data regulator in the EU. However it has been criticized over its handling of and approach to GDPR complaints and investigations — including the length of time it’s taking to issue decisions on major cross-border cases. And this is particularly true of Facebook.

With the three-year anniversary of the GDPR fast approaching, the DPC has multiple open investigations into various aspects of Facebook’s business but has yet to issue a single decision against the company.

(The closest it’s come is a preliminary suspension order issued last year, in relation to Facebook’s EU to US data transfers. However that complaint long predates GDPR; and Facebook immediately filed to block the order via the courts. A resolution is expected later this year after the litigant filed his own judicial review of the DPC’s processes).

Since May 2018 the EU’s data protection regime has — at least on paper — baked in fines of up to 4% of a company’s global annual turnover for the most serious violations.

Again, though, the sole GDPR fine issued to date by the DPC against a tech giant (Twitter) is very far off that theoretical maximum. Last December the regulator announced a €450k (~$547k) sanction against Twitter — which works out to around just 0.1% of the company’s full-year revenue.

That penalty was also for a data breach — but one which, unlike the Facebook leak, had been publicly disclosed when Twitter found it in 2019. So Facebook’s failure to disclose the vulnerability it discovered and claimed to fix by September 2019 — which led to the leak of 533M accounts now — suggests it should face a higher sanction from the DPC than Twitter received.

However even if Facebook ends up with a more substantial GDPR penalty for this breach the watchdog’s caseload backlog and plodding procedural pace makes it hard to envisage a swift resolution to an investigation that’s only now a few days old.

Judging by past performance it’ll be years before the DPC decides on this 2019 Facebook leak — which likely explains why the DRI sees value in instigating class-action style litigation in parallel to the regulatory investigation.

“Compensation is not the only thing that makes this mass action worth joining. It is important to send a message to large data controllers that they must comply with the law and that there is a cost to them if they do not,” DRI writes on its website.

It also submitted a complaint about the Facebook breach to the DPC earlier this month, writing then that it was “also consulting with its legal advisors on other options including a mass action for damages in the Irish Courts”.

It’s clear that the GDPR enforcement gap is creating a growing opportunity for litigation funders to step in in Europe and take a punt on suing for data-related compensation damages — with a number of other mass actions announced last year.

In the case of DRI its focus is evidently on seeking to ensure that digital rights are upheld. But it told RTE that it believes compensation claims which force tech giants to pay money to users whose privacy rights have been violated is the best way to make them legally compliant.

Facebook, meanwhile, has sought to play down the breach it failed to disclose — claiming it’s ‘old data’ — a deflection that ignores the fact that dates of birth don’t change (nor do most people routinely change their mobile number or email address).

Plenty of the ‘old’ data exposed in this latest massive Facebook data leak will be very handy for spammers and fraudsters to target Facebook users — and also now for litigators to target Facebook for data-related damages.

MEPs call for European AI rules to ban biometric surveillance in public

By Natasha Lomas

A cross-party group of 40 MEPs in the European parliament has called on the Commission to strengthen an incoming legislative proposal on artificial intelligence to include an outright ban on the use of facial recognition and other forms of biometric surveillance in public places.

They have also urged EU lawmakers to outlaw automated recognition of people’s sensitive characteristics (such as gender, sexuality, race/ethnicity, health status and disability) — warning that such AI-fuelled practices pose too great a rights risk and can fuel discrimination.

The Commission is expected to presented its proposal for a framework to regulate ‘high risk’ applications of AI next week — but a copy of the draft leaked this week (via Politico). And, as we reported earlier, this leaked draft does not include a ban on the use of facial recognition or similar biometric remote identification technologies in public places, despite acknowledging the strength of public concern over the issue.

“Biometric mass surveillance technology in publicly accessible spaces is widely being criticised for wrongfully reporting large numbers of innocent citizens, systematically discriminating against under-represented groups and having a chilling effect on a free and diverse society. This is why a ban is needed,” the MEPs write now in a letter to the Commission which they’ve also made public.

They go on to warn over the risks of discrimination through automated inference of people’s sensitive characteristics — such as in applications like predictive policing or the indiscriminate monitoring and tracking of populations via their biometric characteristics.

“This can lead to harms including violating rights to privacy and data protection; suppressing free speech; making it harder to expose corruption; and have a chilling effect on everyone’s autonomy, dignity and self-expression – which in particular can seriously harm LGBTQI+ communities, people of colour, and other discriminated-against groups,” the MEPs write, calling on the Commission to amend the AI proposal to outlaw the practice in order to protect EU citizens’ rights and the rights of communities who faced a heightened risk of discrimination (and therefore heightened risk from discriminatory tools supercharged with AI).

“The AI proposal offers a welcome opportunity to prohibit the automated recognition of gender, sexuality, race/ethnicity, disability and any other sensitive and protected characteristics,” they add.

The leaked draft of the Commission’s proposal does tackle indiscriminate mass surveillance — proposing to prohibit this practice, as well as outlawing general purpose social credit scoring systems.

However the MEPs want lawmakers to go further — warning over weaknesses in the wording of the leaked draft and suggesting changes to ensure that the proposed ban covers “all untargeted and indiscriminate mass surveillance, no matter how many people are exposed to the system”.

They also express alarm at the proposal having an exemption on the prohibition on mass surveillance for public authorities (or commercial entities working for them) — warning that this risks deviating from existing EU legislation and from interpretations by the bloc’s top court in this area.

“We strongly protest the proposed second paragraph of this Article 4 which would exempt public authorities and even private actors acting on their behalf ‘in order to safeguard public security’,” they write. “Public security is precisely what mass surveillance is being justified with, it is where it is practically relevant, and it is where the courts have consistently annulled legislation on indiscriminate bulk processing of personal data (e.g. the Data Retention Directive). This carve-out needs to be deleted.”

“This second paragraph could even be interpreted to deviate from other secondary legislation which the Court of Justice has so far interpreted to ban mass surveillance,” they continue. “The proposed AI regulation needs to make it very clear that its requirements apply in addition to those resulting from the data protection acquis and do not replace it. There is no such clarity in the leaked draft.”

The Commission has been contacted for comment on the MEPs’ calls but is unlikely to do so ahead of the official reveal of the draft AI regulation — which is expected around the middle of next week.

It remains to be seen whether the AI proposal will undergo any significant amendments between now and then. But MEPs have fired a swift warning shot that fundamental rights must and will be a key feature of the co-legislative debate — and that lawmakers’ claims of a framework to ensure ‘trustworthy’ AI won’t look credible if the rules don’t tackle unethical technologies head on.

Uber hit with default ‘robo-firing’ ruling after another EU labor rights GDPR challenge

By Natasha Lomas

Labor activists challenging Uber over what they allege are ‘robo-firings’ of drivers in Europe have trumpeted winning a default judgement in the Netherlands — where the Court of Amsterdam ordered the ride-hailing giant to reinstate six drivers who the litigants claim were unfairly terminated “by algorithmic means”.

The court also ordered Uber to pay the fired drivers compensation.

The challenge references Article 22 of the European Union’s General Data Protection Regulation (GDPR) — which provides protects for individuals against purely automated decisions with a legal or significant impact.

The activists say this is the first time a court has ordered the overturning of an automated decision to dismiss workers from employment.

However the judgement, which was issued on February 24, was issued by default — and Uber says it was not aware of the case until last week, claiming that was why it did not contest it (nor, indeed, comply with the order).

It had until March 29 to do so, per the litigants, who are being supported by the App Drivers & Couriers Union (ADCU) and Worker Info Exchange (WIE).

Uber argues the default judgement was not correctly served and says it is now making an application to set the default ruling aside and have its case heard “on the basis that the correct procedure was not followed”.

It envisages the hearing taking place within four weeks of its Dutch entity, Uber BV, being made aware of the judgement — which it says occurred on April 8.

“Uber only became aware of this default judgement last week, due to representatives for the ADCU not following proper legal procedure,” an Uber spokesperson told TechCrunch.

A spokesperson for WIE denied that correct procedure was not followed but welcomed the opportunity for Uber to respond to questions over how its driver ID systems operate in court, adding: “They [Uber] are out of time. But we’d be happy to see them in court. They will need to show meaningful human intervention and provide transparency.”

Uber pointed to a separate judgement by the Amsterdam Court last month — which rejected another ADCU- and WIE-backed challenge to Uber’s anti-fraud systems, with the court accepting its explanation that algorithmic tools are mere aids to human ‘anti-fraud’ teams who it said take all decisions on terminations.

“With no knowledge of the case, the Court handed down a default judgement in our absence, which was automatic and not considered. Only weeks later, the very same Court found comprehensively in Uber’s favour on similar issues in a separate case. We will now contest this judgement,” Uber’s spokesperson added.

However WIE said this default judgement ‘robo-firing’ challenge specifically targets Uber’s Hybrid Real Time ID System — a system that incorporates facial recognition checks and which labor activists recently found mis-identifying drivers in a number of instances.

It also pointed to a separate development this week in the UK where it said the City of London Magistrates Court ordered the city’s transport regulator, TfL, to reinstate the licence of one of the drivers revoked after Uber routinely notified it of a dismissal (also triggered by Uber’s real time ID system, per WIE).

Reached for comment on that, a TfL spokesperson said: “The safety of the travelling public is our top priority and where we are notified of cases of driver identity fraud, we take immediate licensing action so that passenger safety is not compromised. We always require the evidence behind an operator’s decision to dismiss a driver and review it along with any other relevant information as part of any decision to revoke a licence. All drivers have the right to appeal a decision to remove a licence through the Magistrates’ Court.”

The regulator has been applying pressure to Uber since 2017 when it took the (shocking to Uber) decision to revoke the company’s licence to operate — citing safety and corporate governance concerns.

Since then Uber has been able to continue to operate in the UK capital but the company remains under pressure to comply with a laundry list of requirements set by TfL as it tries to regain a full operator licence.

Commenting on the default Dutch judgement on the Uber driver terminations in a statement, James Farrar, director of WIE, accused gig platforms of “hiding management control in algorithms”.

“For the Uber drivers robbed of their jobs and livelihoods this has been a dystopian nightmare come true,” he said. “They were publicly accused of ‘fraudulent activity’ on the back of poorly governed use of bad technology. This case is a wake-up call for lawmakers about the abuse of surveillance technology now proliferating in the gig economy. In the aftermath of the recent UK Supreme Court ruling on worker rights gig economy platforms are hiding management control in algorithms. This is misclassification 2.0.”

In another supporting statement, Yaseen Aslam, president of the ADCU, added: “I am deeply concerned about the complicit role Transport for London has played in this catastrophe. They have encouraged Uber to introduce surveillance technology as a price for keeping their operator’s license and the result has been devastating for a TfL licensed workforce that is 94% BAME. The Mayor of London must step in and guarantee the rights and freedoms of Uber drivers licensed under his administration.”  

When pressed on the driver termination challenge being specifically targeted at its Hybrid Real-Time ID system, Uber declined to comment in greater detail — claiming the case is “now a live court case again”.

But its spokesman suggested it will seek to apply the same defence against the earlier ‘robo-firing’ charge — when it argued its anti-fraud systems do not equate to automated decision making under EU law because “meaningful human involvement [is] involved in decisions of this nature”.

 

Dear Sophie: How can I get an H-1B without the lottery?

By Annie Siebert
Sophie Alcorn Contributor
Sophie Alcorn is the founder of Alcorn Immigration Law in Silicon Valley and 2019 Global Law Experts Awards’ “Law Firm of the Year in California for Entrepreneur Immigration Services.” She connects people with the businesses and opportunities that expand their lives.

Here’s another edition of “Dear Sophie,” the advice column that answers immigration-related questions about working at technology companies.

“Your questions are vital to the spread of knowledge that allows people all over the world to rise above borders and pursue their dreams,” says Sophie Alcorn, a Silicon Valley immigration attorney. “Whether you’re in people ops, a founder or seeking a job in Silicon Valley, I would love to answer your questions in my next column.”

Extra Crunch members receive access to weekly “Dear Sophie” columns; use promo code ALCORN to purchase a one- or two-year subscription for 50% off.


Dear Sophie:

For the past few years, our company has put very promising candidates into the annual H-1B lottery. None of them have been selected — and none of them meet the requirements for other work visas like an O-1A.

We lost out again in this year’s H-1B lottery. Are there any other ways we can obtain H-1Bs for our team members?

— Soldiering On in Sunnyvale

Dear Soldiering:

Thank you for your timely question — you are not alone! Many employers face the same frustration given that the number of H-1B visas the government issues each year is capped at 85,000, while typically more than twice that number are sought by employers annually.

At my Silicon Valley immigration law firm, we’ve been delighted for the opportunity to collaborate with the nonprofit Open Avenues Foundation to support private companies with a Plan B: a cap-exempt, concurrent H-1B for their employees, without needing to go through the H-1B lottery.

It’s a timely, predictable solution that supports teams whether the beneficiary is currently outside or inside the United States.

A composite image of immigration law attorney Sophie Alcorn in front of a background with a TechCrunch logo.

Image Credits: Joanna Buniak / Sophie Alcorn (opens in a new window)

I recently interviewed Danielle Goldman, co-founder and executive director of Open Avenues, on my podcast. Through the Global Talent Fellowship program, the foundation offers a unique solution for employers like you to have a Plan B for H-1Bs: It’s possible to obtain an H-1B visa for an existing or prospective employee without going through the H-1B lottery process — or the randomness and timing restrictions that come with it. Goldman refers to the program as “innovation within legislation.”

So how does that work? Well, first off, you should know that four categories of employers are exempt from the annual H-1B lottery, meaning they can apply for an H-1B visa at any time of year and their pool of H-1B visas is not capped. The four categories of employers that are eligible for cap-exempt H-1Bs include:

Republican antitrust bill would block all Big Tech acquisitions

By Taylor Hatmaker

There are about to be a lot of antitrust bills taking aim at Big Tech, and here’s one more. Senator Josh Hawley (R-MO) rolled out a new bill this week that would take some severe measures to rein in Big Tech’s power, blocking mergers and acquisitions outright.

The “Trust-Busting for the Twenty-First Century Act” would ban any acquisitions by companies with a market cap of more than $100 billion, including vertical mergers. The bill also proposes changes that would dramatically heighten the financial pain for companies caught engaging in anti-competitive behavior, forcing any company that loses an antirust suit to forfeit profits made through those business practices.

At its core, Hawley’s legislation would snip some of the red tape around antitrust enforcement by amending the Sherman Act, which made monopolies illegal, and the Clayton Act, which expanded the scope of illegal anti-competitive behavior. The idea is to make it easier for the FTC and other regulators to deem a company’s behavior anti-competitive — a key criticism of the outdated antitrust rules that haven’t kept pace with the realities of the tech industry.

The bill isn’t likely to get too far in a Democratic Senate, but it’s not insignificant. Sen. Amy Klobuchar (D-MN), who chairs the Senate’s antitrust subcommittee, proposed legislation earlier this year that would also create barriers for dominant companies with a habit of scooping up their competitors. Klobuchar’s own ideas for curtailing Big Tech’s power similarly focus on reforming the antitrust laws that have shaped U.S. business for more than a century.

Click to access The%20Trust-Busting%20for%20the%20Twenty-First%20Century%20Act.pdf

The Republican bill may have some overlap with Democratic proposals, but it still hits some familiar notes from the Trump era of hyperpartisan Big Tech criticism. Hawley slams “woke mega-corporations” in Silicon Valley for exercising too much power over the information and products that Americans consume. While Democrats naturally don’t share that critique, Hawley’s bill makes it clear that antitrust reform targeting Big Tech is one policy area where both political parties could align on the ends, even if they don’t see eye to eye on the why.

Hawley’s bill is the latest, but it won’t be the last. Rep. David Cicilline (D-RI), who spearheads tech antitrust efforts in the House, previously announced his own plans to introduce a flurry of antitrust reform bills rather than one sweeping piece of legislation. Those bills, which will be more narrowly targeted to make them difficult for tech lobbyists to defeat, are due out in May.

Epic cries monopoly as Apple details secret ‘Project Liberty’ effort to provoke ‘Fortnite’ ban

By Devin Coldewey

The Epic v. Apple lawsuit alleging monopolistic practices by the latter will begin next month, and today the main arguments of each company were published, having been trimmed down somewhat at the court’s discretion. With the basic facts agreed upon, the two companies will go to battle over what they mean, and their CEOs will likely take the (virtual) stand to do so.

As we’ve covered in previous months, the thrust of Epic’s argument is that Apple’s hold over the app market and 30% standard fee amount to anti-competitive behavior that must be regulated by antitrust law. It rebelled against what it describes as an unlawful practice by slipping its own in-game currency store into the popular game Fortnite, circumventing Apple payment methods. (CEO Tim Sweeney would later, and unadvisedly, compare this to resisting unjust laws in the civil rights movement.)

Apple denies the charge of monopoly, pointing out it faces enormous competition all over the market, just not within its own App Store. And as for the size of the fees — well, perhaps it’s a matter that could stand some adjustment (the company dropped its take to 15% for any developer’s first million following criticism throughout 2020), but it hardly amounts to unlawfulness.

For its part, Apple contends that the whole antitrust allegation and associated dust-kicking is little more than a PR stunt, and it has something in the way of receipts.

Epic did, after all, have a whole PR strategy ready to go when it filed the lawsuit, and the filings describe “Project Liberty,” a long-term program within the company to, in Apple’s opinion, shore up sagging revenues from Fortnite. Epic does seem to have paid a PR firm some $300,000 to advise on the “two-phase communications plan,” involving a multi-company complaint campaign against Apple and Google via the “Coalition for App Fairness.”

Project Liberty makes up a whole section in Apple’s filing, detailing how the company and Sweeney planned to “draw Google into a legal battle over anti-trust,” (and presumably Apple) according to internal emails, by getting banned by the companies’ app stores for circumventing their payment systems. Epic only mentions Project Liberty in one paragraph, explaining that it kept the program secret because “Epic could not have disclosed it without causing Apple to reject Version 13.40 of Fortnite,” viz. the one with the offending payment system built in. It’s not much of a defense.

Whether Apple’s fees are too high, and whether Epic is doing this to extend Fortnite’s profitable days, the case itself will be determined on the basis of antitrust law and doctrine, and on this front things do not look particularly dire for Apple.

Although the legal arguments and summaries of fact run to hundreds of pages from both sides, the whole thing is summed up pretty well in the very first sentence of Epic’s filing: “This case is about Apple’s conduct to monopolize two markets within its iOS ecosystem.”

To be specific, it is about whether Apple can be said to be a monopolist over an ecosystem it created and administrated from the very beginning, and one that is provably assailed on all sides by competitors in the digital distribution and gaming space. This is a novel application of antitrust law and one that would carry a heavy burden of proof for Epic — and that an (admittedly amateur) review of the arguments doesn’t suggest there’s much chance of success.

But the opinion of a random reporter is not much in the accounting of things; there will have to be a trial, and one is scheduled to occur next month. There’s a lot of ground to cover, as Epic’s presentation of its arguments will need to be as meticulous as Apple’s dismantling of them. To that end we can expect live testimony from Apple CEO Tim Cook, Epic CEO Tim Sweeney, Apple’s former head of marketing and familiar face Phil Schiller, among others.

The timing and nature of that testimony or questioning will not be known until later, but it’s likely there will be some interesting interactions worth hearing about. The trial is scheduled to begin May 3 and last for about three weeks.

Notably there are a handful of other lawsuits hovering about relating to this, such as Apple’s countersuit against Epic alleging breach of contract. Many of these will depend entirely on the outcome of the main case — e.g. if Apple’s terms were found to be unlawful, there was no contract to break, or if not, Epic pretty much admitted to breaking the rules so the case is practically over already.

You can read the full “proposed findings of fact” documents from each party on the invaluable RECAP; the case number is 4:20-cv-05640.

Biden proposes gun control reforms to go after ‘ghost guns’ and close loopholes

By Devin Coldewey

President Biden has announced a new set of initiatives by which he hopes to curb the gun violence he described as “an epidemic” and “an international embarrassment.” Among other things, the ATF will be closing loopholes in unregulated online sales and so-called “ghost guns,” which can be built or printed with no serial numbers or background checks.

Speaking in the White House Rose Garden Thursday afternoon, Biden recounted the many recent mass shootings as horrific tragedies, but pointed out that over a hundred people are shot every day in this country. “This is an epidemic, for God’s sake,” he repeated, “and it has to stop.”

Before outlining his plans for combating the problem, he made sure to address the inevitable Second Amendment objections from people who believe it is a Constitutional right for anyone to own things like assault rifles.

“Nothing I’m about to recommend in any way impinges on the Second Amendment,” Biden said. “From the very beginning, you couldn’t own any weapon you wanted to own. From the very beginning of the Second Amendment existing, certain people weren’t allowed to have weapons.”

Of course federal laws often conflict with state laws on this point, giving rise to surprising sights like heavily armed protestors taking over the Michigan capitol building — quite legally. But the feds do have a few tricks up their sleeves.

Background checks and registration tracking involve federal authorities, and there are loopholes that have appeared or worsened over recent years as online traffic in guns has increased (social networks are notorious for thinly veiled gun trade) and the process of building weapons at home has become easier.

“I have directed ATF to begin work on an updated study of gun trafficking, one that takes into account the fact that modern guns are not simply cast or forged any more, but can be made of plastic, printed on a 3D printer, or sold in self assembly kits,” said U.S. Attorney General Merrick Garland, who took the podium after Biden. “We will ensure that we understand and measure the problem of criminal gun trafficking in a data driven way.”

“Ghost guns” were a hot topic a few years back when several people and organizations, among them Defense Distributed, attempted to popularize 3D-printed pistols and assault rifle components. The high-tech angle made the media bite, though of course traditional gun trafficking in the form of smuggling and in-person sales dwarf the scale of anything these sites and services delivered.

But gun building kits do represent a significant loophole in the ATF’s regulations, which do not require registration or background checks for them. So a person can get 80% of a gun that way, get the other 20% (usually the “receiver,” which component qualifies the assembly as a firearm) by printing or another method, and have a gun with no serial number or registration whatsoever.

Garland has proposed a rule for the ATF to adopt that would change this and a few other things, such as easily purchased modifications for pistols that effectively make them into short-barreled rifles; the new rule would require those conversion kits to be registered. This presumably will follow the confirmation of the ATF’s first director in five years — the position was vacant for the whole last administration — David Chipmen, whom Biden plans to nominate.

Other efforts by the administration include a $5 billion, 8-year investment in community violence intervention programs, a push for “red flag” laws that temporarily bar people in crisis from obtaining guns, and a nudge for Congress to start working on legislation that addresses things the Executive can’t.

Dear Sophie: Help! My H-1B wasn’t chosen!

By Annie Siebert
Sophie Alcorn Contributor
Sophie Alcorn is the founder of Alcorn Immigration Law in Silicon Valley and 2019 Global Law Experts Awards’ “Law Firm of the Year in California for Entrepreneur Immigration Services.” She connects people with the businesses and opportunities that expand their lives.

Here’s another edition of “Dear Sophie,” the advice column that answers immigration-related questions about working at technology companies.

“Your questions are vital to the spread of knowledge that allows people all over the world to rise above borders and pursue their dreams,” says Sophie Alcorn, a Silicon Valley immigration attorney. “Whether you’re in people ops, a founder or seeking a job in Silicon Valley, I would love to answer your questions in my next column.”

Extra Crunch members receive access to weekly “Dear Sophie” columns; use promo code ALCORN to purchase a one- or two-year subscription for 50% off.


Dear Sophie:

My startup registered two H-1B candidates in this year’s lottery. Sadly, neither was selected.

One is my co-founder, the other is on OPT. Help! We can’t afford for them to have to leave the U.S. What are our options?

— Lost in Los Angeles

Dear Lost:

Take a deep breath; I’ve got your back. There are many creative immigration pathways for you, your co-founder and your F-1 OPT employee to explore. We’ll take a look at several options, and you can also check out my recent podcast in which my colleague Nadia Zaidi and I explain them in greater depth.

I hope the below ideas inspire you and fill you with a sense of hope and possibility. As always, I suggest consulting with an experienced immigration attorney who can help you identify the strongest path forward, as well as backup options for your co-founder and employee. The particular immigration strategy that’s best for you is always an individual determination. It’s best identified through a personal consultation with an attorney such as myself based on a variety of factors, including each person’s immigration history and your particular startup’s goals.

Co-founder immigration options

For a funded startup, there’s a great H-1B Plan B: the Cap-Exempt H-1B. Especially if your co-founder has a STEM background (and possibly even for some founders who don’t have this), there’s a wonderful new triple-win option that supports startups, international candidates and even diverse U.S. STEM college students seeking better project-based learning opportunities.

What is this magical rainbow-striped unicorn option, you ask? Well, here’s the legal background: Some employers qualify to petition for an H-1B visa at any time without going through the lottery. These employers — called cap-exempt employers because they are not subject to the annual H-1B cap of 85,000 visas available to for-profit employers — include:

  • Institutions of higher education.
  • Nonprofits tied to institutions of higher education.
  • Nonprofit research organizations.
  • Government research organizations.

If your co-founder can get a part-time H-1B visa through one of these cap-exempt employers, your startup can concurrently sponsor your co-founder for an H-1B regardless of the recent lottery results.

A composite image of immigration law attorney Sophie Alcorn in front of a background with a TechCrunch logo.

Image Credits: Joanna Buniak / Sophie Alcorn (opens in a new window)

To take advantage of this special law, I’m a huge fan of Open Avenues Foundation, which offers a Global Talent Fellowship. In this program, international talent can receive cap-exempt H-1B visas by leading university students for about five hours a week in real-world, project-based work within their field of expertise for the startup that nominated them for the fellowship. The candidate gets to stay in (or come to) the U.S., your startup gets a team of students working on a group project that benefits your company and increases diversity in your hiring pipeline, and U.S. students get the benefit of hands-on high quality STEM learning.

Once your candidate’s first cap-exempt H-1B is in place, your startup can petition for a second, concurrent Cap-Exempt H-1B for direct startup employment.

Interested in variations? If you’re not in STEM but have a university that would host you (free to the university), you can potentially partner with OAF. In addition, many universities in the U.S have global entrepreneur-in-residence programs that can help international co-founders qualify for concurrent Cap-Exempt H-1Bs. Your startup should also consider sponsoring your co-founder for an O-1A visa or change of status.

Another option to consider is for your co-founder to apply for International Entrepreneur Parole (IEP), a new 30-month immigration status in the U.S. The International Entrepreneur Rule (IER) was created by President Barack Obama and is the closest thing the U.S. has right now to a startup visa. The Trump administration tried to eliminate it, but the National Venture Capital Association, led by Jeff Farrah, successfully challenged the administration’s effort in federal court, so IEP remains on the books.

A lot of folks don’t believe it’s an option yet, so I’m currently looking for international startup founders with a strong case to file for IEP to test out this new program and demonstrate its existence to the world. We’re currently seeking global startup founders holding at least 15% equity in a U.S. startup that’s less than five years old and has raised at least $250,000 from U.S. investors. If you want to be on our free interest list, you can fill out this form. If we think you have a strong application, we’ll reach out.

If your co-founder wants to remain permanently in the U.S., consider starting a green card now such as the EB-1A green card for individuals of extraordinary ability or an EB-2 NIW (National Interest Waiver) green card for individuals of exceptional ability. Of these, the EB-1A is the quickest option, but its qualification requirements are tougher than for the EB-2 NIW.

F-1 OPT employee immigration options

If your F-1 OPT employee graduated with a qualified STEM degree, that employee can apply for a 24-month work extension, known as STEM OPT. That will allow the employee to remain in the U.S. to continue working for you. In the meantime, you can register them again next year for the H-1B lottery. If there’s no possibility for STEM, please check out the Cap-Exempt H-1B option explained above.

If your F-1 OPT employee only has a bachelor’s degree, they might want to consider pursuing an advanced degree. Individuals with a master’s or higher degree from a U.S. university have better odds of being selected in the annual H-1B lottery. That’s because 20,000 of the 85,000 H-1B visas available each year are earmarked for individuals with a master’s or higher degree from a U.S. university.

You should be aware, however, that next year’s H-1B lottery will likely shift from the current random selection process to one based on the highest wages. Unless the Biden administration changes the policy, which was devised by the previous administration, employers who pay their H-1B candidates a Level III wage or higher have the best chance of getting selected to file for an H-1B visa.

As you know, sponsoring employers must agree to pay an H-1B candidate the higher of either the actual wage paid for the job or the prevailing wage, which is broken down into four levels based on experience required for the position and location of the position. Level I wage is basically for an entry-level position, while a Level IV wage is for a position requiring the most experience. While this will add greater predictability to the annual H-1B “lottery,” early-stage startups and small businesses may have a difficult time competing against more established companies on salary, particularly because stock options and equity are not included in the salary calculation.

If you need to find alternative visa solutions, you can always consult with an attorney. I hope all of these options help you realize the control and agency you have in this situation. You have choices!

All my best,

Sophie


Have a question for Sophie? Ask it here. We reserve the right to edit your submission for clarity and/or space.

The information provided in “Dear Sophie” is general information and not legal advice. For more information on the limitations of “Dear Sophie,” please view our full disclaimer. You can contact Sophie directly at Alcorn Immigration Law.

Sophie’s podcast, Immigration Law for Tech Startups, is available on all major platforms. If you’d like to be a guest, she’s accepting applications!

Clarence Thomas plays a poor devil’s advocate in floating First Amendment limits for tech companies

By Devin Coldewey

Supreme Court Justice Clarence Thomas flaunted a dangerous ignorance regarding matters digital in an opinion published today. In attempting to explain the legal difficulties of social media platforms, particularly those arising from Twitter’s ban of Trump, he makes an ill-informed, bordering on bizarre, argument as to why such companies may need their First Amendment rights curtailed.

There are several points on which Thomas seems to willfully misconstrue or misunderstand the issues.

The first is in his characterization of Trump’s use of Twitter. You may remember that several people sued after being blocked by Trump, alleging that his use of the platform amounted to creating a “public forum” in a legal sense, meaning it was unlawful to exclude anyone from it for political reasons. (The case, as it happens, was rendered moot after its appeal and dismissed by the court except as Thomas’ temporary soapbox.)

“But Mr. Trump, it turned out, had only limited control of the account; Twitter has permanently removed the account from the platform,” writes Thomas. “[I]t seems rather odd to say something is a government forum when a private company has unrestricted authority to do away with it.”

Does it? Does it seem odd? Because a few paragraphs later, he uses the example of a government agency using a conference room in a hotel to hold a public hearing. They can’t kick people out for voicing their political opinions, certainly, because the room is a de facto public forum. But if someone is loud and disruptive, they can ask hotel security to remove that person, because the room is de jure a privately owned space.

Yet the obvious third example, and the one clearly most relevant to the situation at hand, is skipped. What if it is the government representatives who are being loud and disruptive, to the point where the hotel must make the choice whether to remove them?

It says something that this scenario, so remarkably close a metaphor for what actually happened, is not considered. Perhaps it casts the ostensibly “odd” situation and actors in too clear a light, for Thomas’ other arguments suggest he is not for clarity here but for muddying the waters ahead of a partisan knife fight over free speech.

In his best “I’m not saying, I’m just saying” tone, Thomas presents his reasoning why, if the problem is that these platforms have too much power over free speech, then historically there just happens to be some legal options to limit that power.

Thomas argues first, and worst, that platforms like Facebook and Google may amount to “common carriers,” a term that goes back centuries to actual carriers of cargo, but which is now a common legal concept that refers to services that act as simple distribution — “bound to serve all customers alike, without discrimination.” A telephone company is the most common example, in that it cannot and does not choose what connections it makes, nor what conversations happen over those connections — it moves electric signals from one phone to another.

But as he notes at the outset of his commentary, “applying old doctrines to new digital platforms is rarely straightforward.” And Thomas’ method of doing so is spurious.

“Though digital instead of physical, they are at bottom communications networks, and they ‘carry’ information from one user to another,” he says, and equates telephone companies laying cable with companies like Google laying “information infrastructure that can be controlled in much the same way.”

Now, this is certainly wrong. So wrong in so many ways that it’s hard to know where to start and when to stop.

The idea that companies like Facebook and Google are equivalent to telephone lines is such a reach that it seems almost like a joke. These are companies that have built entire business empires by adding enormous amounts of storage, processing, analysis and other services on top of the element of pure communication. One might as easily suggest that because computers are just a simple piece of hardware that moves data around, that Apple is a common carrier as well. It’s really not so far a logical leap!

There’s no real need to get into the technical and legal reasons why this opinion is wrong, however, because these grounds have been covered so extensively over the years, particularly by the FCC — which the Supreme Court has deferred to as an expert agency on this matter. If Facebook were a common carrier (or telecommunications service), it would fall under the FCC’s jurisdiction — but it doesn’t, because it isn’t, and really, no one thinks it is. This has been supported over and over, by multiple FCCs and administrations, and the deferral is itself a Supreme Court precedent that has become doctrine.

In fact, and this is really the cherry on top, Associate Justice Kavanaugh in a truly stupefying legal opinion a few years ago argued so far in the other direction that it became wrong in a totally different way! It was Kavanaugh’s considered opinion that the bar for qualifying as a common carrier was actually so high that even broadband providers don’t qualify for it. (This was all in service of taking down net neutrality, a saga we are in danger of resuming soon). As his erudite colleague Judge Srinivasan explained to him at the time, this approach too is embarrassingly wrong.

Looking at these two opinions, of two sitting conservative Supreme Court justices, you may find the arguments strangely at odds, yet they are wrong after a common fashion.

Kavanaugh claims that broadband providers, the plainest form of digital common carrier conceivable, are in fact providing all kinds sophisticated services over and above their functionality as a pipe (they aren’t). Thomas claims that companies actually providing all kinds of sophisticated services are nothing more than pipes.

Simply stated, these men have no regard for the facts but have chosen the definition that best suits their political purposes: For Kavanaugh, thwarting a Democrat-led push for strong net neutrality rules; for Thomas, asserting control over social media companies perceived as having an anti-conservative bias.

The case Thomas uses for his sounding board on these topics was rightly rendered moot — Trump is no longer president and the account no longer exists — but he makes it clear that he regrets this extremely.

“As Twitter made clear, the right to cut off speech lies most powerfully in the hands of private digital platforms,” he concludes. “The extent to which that power matters for purposes of the First Amendment and the extent to which that power could lawfully be modified raise interesting and important questions. This petition, unfortunately, affords us no opportunity to confront them.”

Between the common carrier argument and questioning the form of Section 230, Thomas’s hypotheticals break the seals on several legal avenues to restrict First Amendment rights of digital platforms, as well as legitimizing those (largely on one side of the political spectrum) who claim a grievance along these lines. (Slate legal commentator Mark Joseph Stern, who spotted the opinion early, goes further, calling Thomas’s argument a “paranoid Marxist delusion” and providing some other interesting context.)

This is not to say that social media and tech do not deserve scrutiny on any number of fronts — they exist in an alarming global vacuum of regulatory powers, and hardly anyone would suggest they have been entirely responsible with this freedom. But the arguments of Thomas and Kavanaugh stink of cynical partisan sophistry. This endorsement by Thomas accomplishes nothing legally, but will provide valuable fuel for the bitter fires of contention — though they hardly needed it.

Dear Sophie: What should I know about prenups and getting a green card through marriage?

By Walter Thompson
Sophie Alcorn Contributor
Sophie Alcorn is the founder of Alcorn Immigration Law in Silicon Valley and 2019 Global Law Experts Awards’ “Law Firm of the Year in California for Entrepreneur Immigration Services.” She connects people with the businesses and opportunities that expand their lives.

Here’s another edition of “Dear Sophie,” the advice column that answers immigration-related questions about working at technology companies.

“Your questions are vital to the spread of knowledge that allows people all over the world to rise above borders and pursue their dreams,” says Sophie Alcorn, a Silicon Valley immigration attorney. “Whether you’re in people ops, a founder or seeking a job in Silicon Valley, I would love to answer your questions in my next column.”

Extra Crunch members receive access to weekly “Dear Sophie” columns; use promo code ALCORN to purchase a one- or two-year subscription for 50% off.


Dear Sophie:

I’m a founder of a startup on an E-2 investor visa and just got engaged! My soon-to-be spouse will sponsor me for a green card.

Are there any minimum salary requirements for her to sponsor me? Is there anything I should keep in mind before starting the green card process?

— Betrothed in Belmont

Dear Betrothed,

Congratulations on your engagement and thanks for reaching out!

There are several things to keep in mind before you tie the knot. These important considerations are particularly relevant since you’re a startup founder, currently on an E-2 visa, and if you’ll continue to live in California.

My law partner, Anita Koumriqian, who is an expert in family immigration law, recently interviewed Lydia Hsu and Kara Foster, the co-founders of Foster Hsu, LLP, a California family law firm, on our podcast. They cover the ins and outs of family law and prenups, and what to know before you tie the knot and pursue the green card process.

California is a community property state, which means if your marriage doesn’t work out, all of the assets acquired by you and your spouse during the marriage will be divided up equally unless you have a prenuptial agreement (prenup) in place before you get married. Since you are an E-2 investor and I imagine you have significant assets, it’s beneficial to consider entering into a prenup before you become legally married.

This is especially important for you in pursuing a marriage-based green card because U.S. Citizenship and Immigration Services (USCIS) often looks to see whether couples are commingling funds in a joint bank account when assessing if your marriage is good-faith to approve your green card.

A composite image of immigration law attorney Sophie Alcorn in front of a background with a TechCrunch logo.

Image Credits: Joanna Buniak / Sophie Alcorn (opens in a new window)

“A prenup may not be right for you,” says Kara, “but at least you should be educated going into a marriage and know what you’re going to be responsible for, what your obligations are going to be, and how California is going to treat your property, assets and income during the marriage. We have a lot of people coming in later for a divorce saying, ‘If I had known this, I would have done everything differently.’”

In addition to California, there are several other community property states in the U.S., including Arizona, Idaho, Louisiana, Nevada, New Mexico, Texas, Washington and Wisconsin.

From the immigration side of things, keep in mind that the Affidavit of Support (Form I-864), which is required for a marriage-based green card, will remain in effect even in the event of a divorce—and takes precedence over any spousal support designated in a prenup.

Atlanta’s early stage investment renaissance continues with Overline’s $27 million fund close

By Jonathan Shieber

Michael Cohn became a celebrity in the Atlanta startup ecosystem when the company he co-founded was sold to Accenture in a deal valued somewhere between $350 million and $400 million nearly six years ago.

That same year, Sean O’Brien also made waves in the community when he helped shepherd the sale of the  collaboration software vendor, PGi, to a private equity firm for $1.5 billion.

The two men are now looking to become fixtures in the city’s burgeoning new tech community with the close of their seed-stage venture capital firm’s first fund, a $27.4 million investment vehicle.

Overline’s first fund has already made commitments to companies that are expanding the parameters of what’s investible in the Southeast broadly and Atlanta’s startup scene locally.

These are companies like Grubbly Farms, which sells insect-based chicken feed for backyard farmers, or Kayhan Space, which is aiming to be the air traffic control service for the space industry. Others, like Padsplit, an Atlanta-based flexible housing marketplace, are tackling America’s low income housing crisis. 

“Our business model is very different from that of a traditional software startup, and the Overline team’s unique strengths and operator mindset have been invaluable in helping us grow the company,” said Sean Warner, CEO and co-founder of Grubbly Farms. 

That’s on top of investments into companies building on Atlanta’s natural strengths as a financial services, payments and business software powerhouse.

For all of the activity in Atlanta these days, the city and the broader southeastern region is still massively underfunded, according to O’brien and Cohn. The region only received less than 10 percent of all the institutional venture investments that were committed in 2020. Indeed, only seven percent of Atlanta founders raise money locally when they’re first starting out, an Overline survey suggested.

“The data reflects what we have seen throughout our careers building, growing, and investing in startups. There is no shortage of phenomenal founders and businesses coming out of Atlanta and the Southeast, but they often struggle to find institutional capital at their earliest stages,” said O’Brien, in a statement. “Overline will lead as the first institutional check for these companies and be a true partner to the Founders throughout their lifecycle—supporting them on the strategic and operational business initiatives and decisions that are critical to a company’s success.” 

The limited partners in Overline’s first fund also reflects the firm’s emphasis on regional roots. The privately held email marketing behemoth Mailchimp anchored the fund, which also included partners like Cox Enterprises, Social Leverage,

Overline is supported by a bench of impressive partners that reflects the firm’s roots in the Southeast. Anchored by marketing platform, Mailchimp, additional partners include Cox Enterprises, Scottsdale, Ariz.-based Social Leverage, Wilmington, Del.-based Hallett Capital, and Atlanta Tech Village founder David Cummings, along with Techstars co-founder David Cohen. 

“At Mailchimp, we love our hometown of Atlanta, and are proud of the robust startup ecosystem that’s growing in our city. The Overline founding team’s vision of deploying smart, local capital into startups in Atlanta and the Southeast aligns with our goals of promoting and advancing local innovation,” said Rick Lynch, CFO, Mailchimp, in a statement.

The firm expects to make investments of between $250,000 to $1.5 million into seed stage companies and has already backed 11 companies including, Relay Payments, a logistics fintech company that has raised over $40 million from top-tier investors. 

“When we set out to build Atlanta Tech Village almost a decade ago, one of our primary goals was to help Atlanta develop into a top 10 startup city, where all entrepreneurs would thrive. We’re making tremendous strides as a community, as evidenced by the number of newly minted unicorns,” said serial entrepreneur and Atlanta Tech Village founder David Cummings. “I believe in Overline’s thesis that value-add institutional early-stage capital is critical to the ecosystem’s continued development. Since the early days, Michael and Sean have been an active presence in our community in a way that goes far beyond being a source of capital—as mentors, advisors, and champions of Atlanta founders. I am proud to be one of their first investors.”

Notarize raises $130M, tripling valuation on the back of 600% YoY revenue growth

By Mary Ann Azevedo

When the world shifted toward virtual one year ago, one service in particular saw heated demand: remote online notarization.

The ability to get a document notarized without leaving one’s home suddenly became more of a necessity than a luxury. Pat Kinsel, founder and CEO of Boston-based Notarize, worked to get appropriate legislation passed across the country to make it possible for more people in more states to get documents notarized digitally.

That hard work has paid off. Today, Notarize has announced $130 million in Series D funding led by fintech-focused VC firm Canapi Ventures after experiencing 600% year over year revenue growth. The round values Notarize at $760 million, which is triple its valuation at the time of its $35 million Series C in March of 2020. This latest round is larger than the sum of all of the company’s previous rounds to date, and brings Notarize’s total raised to $213 million since its 2015 inception.

A slew of other investors participated in the round, including Alphabet’s independent growth fund CapitalG, Citi Ventures, Wells Fargo, True Bridge Capital Partners and existing backers Camber Creek, Ludlow Ventures, NAR’s Second Century Ventures, and Fifth Wall Ventures.

Notarize insists that it “isn’t just a notary company.” Rather, Canapi Ventures Partner Neil Underwood described it as the ‘last mile’ of businesses (such as iBuyers, for example). 

The company has also evolved to “also bring trust and identity verification” into those businesses’ processes.

Over the past year, Notarize has seen a massive increase in transactions and inked new partnerships with companies such as Adobe, Dropbox, Stripe and Zillow Group, among others. It’s seen big spikes in demand from the real estate, financial services, retail and automotive sectors.

“In 2020, the world rushed to digitize. Online commerce ballooned, and businesses in almost every industry needed to transition to digital basically overnight so they could continue uninterrupted,” Kinsel said. “Notarize was there to help them safely close these deals with trust and convenience.”  

The company plans to use its new capital to expand its platform and product and scale “to serve enterprises of all sizes.” It also plans to double down on hiring in the next year.

“Notarize is disrupting outdated business models and technologies, and there’s massive potential, particularly in the financial services space, as more companies will need to offer secure digital alternatives to in-person transactions,” Canapi’s Underwood said.

Notarize’s success comes after a difficult 2019, when the company saw “critical financing” fall through and had to lay off staff, according to Kinsel. Talk about a turnaround story.

Competition challenge to Facebook’s ‘superprofiling’ of users sparks referral to Europe’s top court

By Natasha Lomas

A German court that’s considering Facebook’s appeal against a pioneering pro-privacy order by the country’s competition authority to stop combining user data without consent has said it will refer questions to Europe’s top court.

In a press release today the Düsseldorf court writes [translated by Google]: “…the Senate has come to the conclusion that a decision on the Facebook complaints can only be made after referring to the Court of Justice of the European Union (ECJ).

“The question of whether Facebook is abusing its dominant position as a provider on the German market for social networks because it collects and uses the data of its users in violation of the GDPR can not be decided without referring to the ECJ. Because the ECJ is responsible for the interpretation of European law.”

The Bundeskartellamt (Federal Cartel Office, FCO)’s ‘exploitative abuse’ case links Facebook’s ability to gather data on users of its products from across the web, via third party sites (where it deploys plug-ins and tracking pixels), and across its own suite of products (Facebook, Instagram, WhatsApp, Oculus), to its market power — asserting this data-gathering is not legal under EU privacy law as users are not offered a choice.

The associated competition contention, therefore, is that inappropriate contractual terms allow Facebook to build a unique database for each individual user and unfairly gain market power over rivals who don’t have such broad and deep reach into user’s personal data.

The FOC’s case against Facebook is seen as highly innovative as it combines the (usually) separate (and even conflicting) tracks of competition and privacy law — offering the tantalizing prospect, were the order to actually get enforced, of a structural separation of Facebook’s business empire without having to order a break up of its various business units up.

However enforcement at this point — some five years after the FCO started investigating Facebook’s data practices in March 2016 — is still a big if.

Soon after the FCO’s February 2019 order to stop combining user data, Facebook succeeded in blocking the order via a court appeal in August 2019.

But then last summer Germany’s federal court unblocked the ‘superprofiling’ case — reviving the FCO’s challenge to the tech giant’s data-harvesting-by-default.

The latest development means another long wait to see whether competition law innovation can achieve what the EU’s privacy regulators have so far failed to do — with multiple GDPR challenges against Facebook still sitting undecided on the desk of the Irish Data Protection Commission.

Albeit, it’s fair to say that neither route looks capable of ‘moving fast and breaking’ platform power at this point.

In its opinion the Düsseldorf court does appear to raise questions over the level of Facebook’s data collection, suggesting the company could avoid antitrust concerns by offering users a choice to base profiling on only the data they upload themselves rather than on a wider range of data sources, and querying its use of Instagram and Oculus data.

But it also found fault with the FCO’s approach — saying Facebook’s US and Irish business entities were not granted a fair hearing before the order against its German sister company was issued, among other procedural quibbles.

Referrals to the EU’s Court of Justice can take years to return a final interpretation.

In this case the ECJ will likely be asked to consider whether the FCO has exceeded its remit, although the exact questions being referred by the court have not been confirmed — with a written reference set to be issued in the next few weeks, per its press release.

In a statement responding to the court’s announcement today, a Facebook spokesperson said:

“Today, the Düsseldorf Court has expressed doubts as to the legality of the Bundeskartellamt’s order and decided to refer questions to the Court of Justice of the European Union. We believe that the Bundeskartellamt’s order also violates European law.”

❌