Tech News

Welcome back to Chain Reaction.

Last week on the podcast, we talked about the FTX collapse, which is still ongoing. This week, we’re taking a break from our Thursday news episode for Thanksgiving, but we had plenty of stories for you on the TechCrunch website, including some from our crypto event in Miami last week.

Before we get into the nitty gritty, Anita wanted to share a personal note:

Hi everyone! It feels bittersweet to share that my time at TechCrunch has come to a close, and with it, my involvement with the Chain Reaction newsletter and podcast. I have learned so much about the wild world of crypto alongside you all each week. I’m sad to say goodbye, but I know you’ll be in great hands with Jacquelyn and the rest of the TechCrunch team. As for me, please feel free to connect on Twitter, where I’m sharing more about my professional next steps. Thanks for reading and listening every week. I appreciate you all so much!

If someone forwarded you this message, you can subscribe on TechCrunch’s newsletter page.

this week in web3

Here are some of the biggest crypto stories TechCrunch has covered this week.

FTX’s bankruptcy hearing details prior control by ‘inexperienced and unsophisticated individuals’ (TC+)

Hearings that will determine the fate of FTX, once one of the largest crypto exchanges globally, began Tuesday in the U.S. Bankruptcy Court for the District of Delaware. “We are here on an unprecedented matter and I don’t say those words lightly,” James Bromley, a partner at Sullivan & Cromwell and co-head of the firm’s global restructuring practice, said during the hearing. “This is a first-day hearing well over a week after they were filed; that in itself is uncommon. But what we have here [ … ] is a different sort of animal.”

NFT marketplace Magic Eden integrates with Polygon to grow blockchain gaming

NFT marketplace Magic Eden is integrating with the Ethereum scaling layer-2 blockchain Polygon to dive deeper into the blockchain gaming and NFT ecosystems, the companies announced on Tuesday. The expansion aims to provide Magic Eden the ability to support Polygon’s ecosystem of game developers and creators. The Polygon network hosts some of the biggest web3 gaming projects and publishers like Ubisoft, Atari, Animoca Brands, Decentraland, Sandbox, among others.

FTX processed billions monthly in Africa before going bust

On November 14, Nestcoin, one of the startups leading crypto and web3 efforts in Africa, announced that it was laying off several employees. At least 30 employees across various departments were let go, while those who were left at the company had their salaries slashed by as much as 40%, according to people familiar with the matter. The news is, in part, connected to the downfall of crypto exchange FTX, according to chief executive officer Yele Bademosi.

Crypto firm Genesis says it has ‘no plans to file bankruptcy imminently’

Genesis, a digital assets financial services firm, may be in hot water as it looks to raise fresh capital for its lending unit or potentially face bankruptcy if it can’t, according to a report by Bloomberg. “We have no plans to file bankruptcy imminently,” a Genesis spokesperson said in an emailed statement to TechCrunch on Monday. “Our goal is to resolve the current situation consensually without the need for any bankruptcy filing. Genesis continues to have constructive conversations with creditors.”

Binance’s CZ on FTX: ‘We were the last straw that broke the camel’s back’

Binance co-founder and CEO Changpeng Zhao, also known as CZ, commented on the collapse of FTX at TechCrunch Sessions: Crypto 2022. He played down his personal role in the series of events that ultimately led to FTX filing for bankruptcy. “I still don’t think I have that much influence. I think we were the last straw that broke the camel’s back. It’s not a straw that is really strong,” he told TechCrunch’s Anita Ramaswamy. “There’s a whole bunch of stuff that built up to it. I just may have happened to be the last thing that pushed it.”

the latest pod

This week, we skipped the news episode thanks to good ol’ Thanksgiving as we mentioned above. But, in Chain Reaction’s Tuesday episode we’re playing a super timely recording from Anita’s panel on stage last week with Binance founder and CEO Changpeng “CZ” Zhao. CZ sent a number of shocks through the crypto ecosystem in recent weeks so Anita dived into:

His tweets about rival exchange FTX that set off a firestorm and whether he anticipated their impact
What Binance is doing to gain user trust and demonstrate transparency despite its regulatory troubles across the globe
Binance’s revenue streams and strategy to weather a crypto downturn that just got much, much worse

Subscribe to Chain Reaction on Apple Podcasts, Spotify or your favorite pod platform to keep up with the latest episodes, and please leave us a review if you like what you hear!

follow the money

Carv valued at $40M as investors race to back web3 identity builders
Zulu banks $5M for its LatAm digital wallet amid shaky ground for crypto
Gaming developer Thirdverse raises $15 million to build web3 and VR gaming studio
Privacy and Ethereum-focused infrastructure startup Nucleo, raises $4 million seed round led by Bain Capital Crypto and 6th Man Ventures
NFT utility platform Tropee closed a €5 million in a seed round led by Tioga Capital

This list was compiled with information from Messari as well as TechCrunch’s own reporting.

Can FTX’s bankruptcy bring order to its chaos? by Jacquelyn Melinek originally published on TechCrunch

This is going to be another one of those “let’s ask ourselves some difficult questions” newsletter introductions, so if you’re in the U.S., I certainly won’t blame you for not giving Actuator your full attention until after the holiday.

I generally approach these conversations through the same basic lens: a majority of technologies are neither inherently good nor bad. At the end of the day, it’s up to us as the arbiters of such trends to influence the resulting impact they have on this planet and its inhabitants.

Nor do I believe that most of the people who develop such technologies hope or expect them to have a net negative impact on the lives around them. I do, however, accept that — more often than not — the implementation of such technologies are beholden to broader macro trends and long-standing power structures.

Given the number of years I’ve been doing this, I suspect that many technologists are sick to death of that old talking point: the robots are coming for our jobs. And certainly, the economic trends of the last few years have afforded them a simple counterargument: There’s no one to fill the jobs they’re replacing.

As we barrel headlong into a holiday shopping season full of long hours and busy days, something to consider is what manner of impact automation has thus far had on the workforce. Some food for thought arrives in the form of this study coauthored by MIT’s Daron Acemoglu and Boston University’s Pascual Restrepo.

Acemoglu says, “These are controversial findings in the sense that they imply a much bigger effect for automation than anyone else has thought.”

We’re starting with a very clear premise here: in 21st-century America, the wealth gap is big and only getting bigger. The paper, “Tasks, Automation, and the Rise in U.S. Wage Inequality,” attempts to explore the correlation between the growing income gap and automation. The results are stark. MIT notes:

Ultimately, Acemoglu and Restrepo conclude that the effects have been profound. Since 1980, for instance, they estimate that automation has reduced the wages of men without a high school degree by 8.8 percent and women without a high school degree by 2.3 percent, adjusted for inflation.

I tend to agree with the premise that in the short-term, automation will displace jobs, and in the long-term it has the potential to create more, better jobs. As I’ve expressed on these pages numerous times, I feel strongly that it’s the role of government and corporations alike to accelerate the latter and make sure the existing workforce is able to make that transition. For those people who can’t make the jump to more technical roles for any number of reasons, these institutions need to ensure that human beings don’t simply fall through the cracks in the name of progress.

But I also have a fairly cynical view when it comes to the ultimate ends for these conversations. Ask yourself: What is the end game here? The simple answer is: Profit. If the best thing for a corporation’s bottom line is the automation of all blue-collar roles, do we have faith that companies won’t automate all workers out of a job out of the goodness of their heart?

Precedent is important to an extent. As someone pointed out to me once, the only job that has been fully automated out of existence since 1950 is the elevator operator. Can we continue to project that trend going forward, as technology grows exponentially more advanced? In my experience, such precedent can only take us so far, and if I’m being pragmatic to a fault about this future vision, it’s not entirely impossible to imagine a future where all manual labor is automated away.

Is that a good fate or a bad one? Your results will vary, depending on factors like your existing station in life and skill set. It also may come down to whether you’re capable of envisioning the transition from late-capitalism to post-scarcity. If automation leads to an abundance of product, is there a future in which such abundance doesn’t result in further wealth disparity? I’d certainly like to think so.

A little food for thought as you wait to come down from the tryptophan highs for long enough to take advantage of some early Black Friday deals.

Another reason so much of this is top of mind for me is the unavoidable reality of mass layoffs. Sorry to be such a downer during a holiday week (don’t say I didn’t warn you), but it seems doubtful we’ve seen the last of this. There’s no easy time to lose a job, but there’s something extra devastating about losing it in the lead-up to the holiday season — already a profoundly difficult time for many.

Thousands of people are facing that exact reality right now. I recently reported on widespread layoffs at Amazon that followed cuts at Meta, Salesforce and more. The Amazon reports of up to 10,000 job cuts followed our own reporting of “consolidation” within the company’s robotics wing.

An interesting side note in all of that is an internal letter from Ken Washington, the head of Amazon’s consumer robotics division (entirely separate from the industrial wing, mind) surfaced by Business Insider. The former Ford executive notes:

We are committed to the future of consumer robots and, as Dave said, we will further prioritize what matters most to our customers and the business. Our vision remains intact that customers will want at least one robot in their home or business because they are invaluable home assistants, endearing companions, and trusted helpers that make every day better.

The “Dave” here is Dave Limp, who heads the consumer devices category, which includes products like Echo, Fire tablets and Kindle. That division is said to make up a considerable portion of the 10,000 or so jobs Amazon is reportedly cutting. The division also now houses the consumer robotics effort that includes Astro and (theoretically) iRobot, assuming newly emboldened federal regulators don’t end up shooting that deal down.

The initial report categorizes Washington’s letter as uncharacteristically straightforward with regards to job security (the company has yet to comment on the note). It’s understandable, though. After all, the company has trimmed some efforts requiring long runways in its Robotics division, so if I were on the Astro team under the broader devices umbrella, I’d likely be a bit wary myself. Amazon has, of course, been extremely bullish about both home robots generally and its position as a leader in that category.

Meanwhile, earlier this week, autonomous delivery company Nuro confirmed that it’s laying off 300 people — or roughly 20% of its workforce. This follows job cuts for robotics companies Iron Ox and Berkshire Grey. In all of these cases, we’re talking about very well-funded startups. That makes these sorts of things extremely hard to square from the outside. In Nuro’s case, the company’s leadership takes responsibility for its own overhiring when things were looking brighter.

The company noted in a letter to its staff:

Each and every one of you have made important contributions to this company, and saying goodbye to talented Nurons is not a decision we have taken lightly. For those of you leaving Nuro, we are very sorry for this outcome — this is not the experience we wanted to create for you. We made this call and take full responsibility for today’s circumstances.

Here’s something I can tell you having been through the layoff wringer a couple of times myself (don’t go into publishing, kids): Everyone can tell you it’s not your fault. You can know deep in your bones that it’s not your fault. But it’s still extremely difficult not to blame yourself — not to second-guess and think about the one or two things you could have done to keep your job.

But here’s the fact: The economy sucks. If the macroenvironment is having this kind of impact on well-established corporations, newer and less established firms are far from safe. As I noted in my Boston writeup last week, even well-funded firms are being extremely cautious about hiring right now. Those who are nearing the end of their existing runway, meanwhile, are going to have to ask some extremely difficult questions. It’s just not a good time to be raising money, full stop.

For those reasons, it’s probably safe to say that we will see even more promising startups fall apart at the seams before this is all over. If you were counting on a raise to survive and no funding is forthcoming, your options are suddenly extremely limited. And as we’re all well aware here, hardware iteration in particular generally requires long runways. All of those VCs who promised to stick it out with their deep tech investments through thick and thin, this is when you put your money where your mouth is.

That’s not to say the well has completely dried up, of course. I’m hearing about some big rounds over the horizon. Meanwhile, established companies are continuing to raise. Things seem to be slightly easier for those firms that have already proven themselves in the world. Soft Robotics, who we’ve covered quite a bit over the years, just announced a $26 million Series C, fittingly led by Tyson Foods’ investment wing, Tyson Ventures.

“At Tyson, we are continually exploring new areas in automation that can enhance safety and increase the productivity of our team members,” Tyson Ventures’ Rahul Ray said in a release. “Soft Robotics’ revolutionary robotic technology, computer vision and AI platform have the potential to transform the food industry and will play a key role in any company’s automation journey.”

Why massage robots? Maybe the better question is why not massage robots? Wikipedia tells me that the electric massage chair has been kicking around Japan since before World War II (a site called Massage Chair Planet appears to back up this claim) — one could certainly make the argument that this life blood of Sharper Image and Brookstone are massage robots in their own right. And certainly the push to make massages more readily available without the potential for human exploitation is a solid enough goal.

I will hold off on any evaluation of Aescape’s efficacy (I’m not entirely convinced this isn’t a gimmick, if I’m being honest) until I have the opportunity to use one (I think I may have just volunteered myself), but Valor Siren Ventures and Valor Equity Partners appear convinced. The firms co-led a $30 million Series A for the New York–based firm. A number of others participated, including 5x NBA All-Star and Beach Boy nephew, Kevin Love.

Here’s founder and CEO Eric Litman:

Our team at Aescape is working to bring beautifully-designed, fully-automated, therapeutic massage and wellness experiences to market with a solution that combines innovative research, revolutionary technology, and a holistic approach to physical wellness and recovery. This funding means that our partners are not only investing in our shared vision and world-class team, but also in the future of the wellness industry overall. We’re grateful to our investors for believing in our dream, and we look forward to launching The Aescape Experience in 2023.”

A couple of cool research projects that deserve some attention this week. The first one comes from MIT’s Center for Bits and Atoms. The team is developing self-assembling robots that utilize small units called “voxels.” These modular pieces carry power and data and are capable of moving across a grid and connecting with themselves to form larger structures.

The team notes, in a paper published in “Nature”:

Our approach challenges the convention that larger constructions need larger machines to build them, and could be applied in areas that today either require substantial capital investments for fixed infrastructure or are altogether unfeasible.

A lot of folks — including the Defense Advanced Research Projects Agency (DARPA) — can’t wait to get their hands on this sort of technology. A fully autonomous version is currently still “years away,” per the team.

As to the issue of slow swimming soft robots, a team at North Carolina State University has developed a clever manta ray–inspired design capable of moving up to 3.74 body lengths per second. That marks a sizable increase over other systems that have difficulty moving one body length in that time.

“To date, swimming soft robots have not been able to swim faster than one body length per second, but marine animals — such as manta rays — are able to swim much faster, and much more efficiently,” the paper’s co-author, Jie Yin, says in a release. “We wanted to draw on the biomechanics of these animals to see if we could develop faster, more energy-efficient soft robots. The prototypes we’ve developed work exceptionally well.”

And this week, a small update to the war between Boston Dynamics and Ghost Robotics. The latter has more than enough salt for an entire Thanksgiving dinner in its response to a patent lawsuit. A Ghost Robotics rep told TechCrunch:

Ghost Robotics’ success has not gone unnoticed by Boston Dynamics. Rather than compete on a level playing field, the company chose to file an obstructive and baseless lawsuit on November 11th in an attempt to halt the newcomer’s progress. Boston Dynamics is drawing on their considerably larger resources to litigate instead of innovate.

To get Actuator in your inbox, sign up here.

Automating the income gap by Brian Heater originally published on TechCrunch

India’s leading public medical institute, All India Institute of Medical Services, or AIIMS, is experiencing outages following a cyberattack.

The outages are affecting hundreds of patients and doctors accessing primary healthcare services, including patient admission, discharge and billing systems.

Established in 1956, AIIMS holds thousands of medical undergraduate and postgraduate students. It is also one of the biggest state-owned hospitals, with a capacity of over 2,200 beds.

The cyberattack, reported on Wednesday evening in New Delhi, appears to be consistent with a ransomware attack as the attackers modified the extensions of infected files, hospital authorities said.

AIIMS officials told TechCrunch that patient care services have been badly impacted since early Wednesday.

The medical institute moved to manual operations, including writing patient notes by hand, as the server recording patient data stopped working. The outages have resulted in long queues and errors in handling emergency cases.

After the initial few hours of disruption, the hospital authorities confirmed the cyberattack in a statement. Outages continued through Thursday.

“We are not able to send many blood investigations, request imaging studies and are not able to view previous reports or images. Many such operations are being done manually, which takes more time and is prone to errors,” a resident doctor, who asked not to be named as they were not authorized to speak to the press, told TechCrunch.

The hospital authorities later on Thursday directed doctors to continue to use hand-written notes, including signing birth and death certificates by hand while the systems remain inactive.

A team with the National Informatics Centre is working closely with the Indian Computer Emergency Response Team to help with the organization’s recovery. An effort to restore the data from backups is under way, according to a person with direct knowledge of the incident.

Meanwhile, several law enforcement agencies, including the Central Bureau of Investigation and the Intelligence Fusion & Strategic Operations of Delhi Police, are investigating the incident and the people behind the attack. The police department has also lodged a formal complaint on the matter.

Details of whether the attackers could access any patient data have yet to be publicly announced.

India’s AIIMS hit by outages after cyberattack by Jagmeet Singh originally published on TechCrunch

What a decade this year has been. While prediction pieces always come with a large asterisk because no one knows literally anything about what may play out in the future — such as massive shocks to large startup sectors — our perspectives about 2022 have aged … interestingly.

Last year, Natasha Mascarenhas, Alex Wilhelm, and Anna Heim spotlighted three different startup theses that may define the coming 12 months. Now, we’re fact-checking how accurate those predictions were, plus what we’d change about our perspectives. We know. Humble.

For an light holiday riff, we’re talking about what happened with the M&A space, open source, and usage-based pricing. Let’s have some fun!

Natasha: Let’s talk about acquisitions

Last year, I predicted that M&A would evolve to include a riskier type of ambition. I cited Twitter’s hunger for a Slack competitor and Nike’s infatuation with NFT collectibles. I even reminded founders that startups need to “stay disciplined even amid a cash-rich environment” instead of “spinning up lukewarm climate and web3 strategies because that’s what they think their cap table wants to hear.” (And that culture and technology are hard to integrate at the same time).

3 views: How wrong were our 2022 startup predictions? by Natasha Mascarenhas originally published on TechCrunch

Netflix has put up more than a dozen job listings on its website for Netflix Games Studio’s Los Angeles office, as spotted by Mobilegamer.biz. These listings give us a few hints about the company’s plans for the new studio. In particular, Netflix is hiring a game director to work on “a brand-new AAA PC game”.

Last month at TechCrunch Disrupt, Netflix VP of Gaming Mike Verdu originally announced that his company was opening a new studio in Southern California. Verdu also said that Chacko Sonny would be leading the studio. Sonny is the former executive producer on Overwatch.

Sonny left Blizzard Entertainment, the company behind Overwatch, while the company was dealing with a California lawsuit for sexual harassment and discrimination as well as an investigation by the Securities and Exchange Commission. He was also in charge of the development of Overwatch 2.

And now it seems like Netflix wants to put together the core team for the initial project of Netflix Games Studio in Los Angeles. The game director will be in charge of a AAA PC game. That would be the company’s first PC game as Netflix currently only offers games for smartphones and tablets.

In the video game industry, AAA projects are major games with very large budgets and development teams. The game director will be in charge of developing the “world/characters/narrative that are worthy of a Netflix film/TV series.” The job listing also mentions experience with Unreal Engine as well as first-person and/or third-person shooter games.

It seems like there aren’t that many people working for the studio just yet as Netflix is also looking for an art director and a technical director. There are also job listings for lead artists and lead engineers.

Netflix considers gaming as a long-term project. At TechCrunch Disrupt, Mike Verdu said that Netflix was still in the very early stages of its gaming initiative.

The company currently offers 40 different games. There are spin-off games based on popular Netflix shows like Stranger Things, classic mobile games like runner and racing games, card games and original titles.

Netflix acquired three existing game studios — Boss Fight Entertainment, Night School Studio (Oxenfree) and Finland’s Next Games. It has also started a new studio in Helsinki, Finland with a former Zynga GM at the head.

Right now, Netflix’s business model for games is quite simple. If you are a Netflix subscriber, you can download and play all games in the Netflix game library. If you stop your Netflix subscription, you can’t access those games anymore.

There are no in-app purchases, season passes or add-on subscriptions in those games. Of course, Netflix could change its gaming revenue strategy with its new AAA game. But it’s clear that Netflix is in investment mode for now.

Netflix is working on ‘brand-new AAA PC game’ based on job listings by Romain Dillet originally published on TechCrunch

Independent legal analysis of a controversial UK government proposal to regulate online speech under a safety-focused framework — aka the Online Safety Bill — says the draft bill contains some of the broadest mass surveillance powers over citizens every proposed in a Western democracy which it also warns pose a risk to the integrity of end-to-end encryption (E2EE).

The opinion, written by the barrister Matthew Ryder KC of Matrix Chambers, was commissioned by Index on Censorship, a group that campaigns for freedom of expression.

Ryder was asked to consider whether provisions in the bill are compatible with human rights law.

His conclusion is that — as is –– the bill lacks essential safeguards on surveillance powers that mean, without further amendment, it will likely breach the European Convention on Human Rights (ECHR).

The bill’s progress through parliament was paused over the summer — and again in October — following political turbulence in the governing Conservative Party. After the arrival of a new digital minister, and two changes of prime minister, the government has indicated it intends to make amendments to the draft — however these are focused on provisions related to so-called ‘legal but harmful’ speech, rather than the gaping human rights hole identified by Ryder.

We reached out to the Home Office for a response to the issues raised by his legal opinion.

A government spokesperson replied with an emailed statement, attributed to minister for security Tom Tugendhat, which dismisses any concerns:

“The Online Safety Bill has privacy at the heart of its proposals and ensures we’re able to protect ourselves from online crimes including child sexual exploitation. It‘s not a ban on any type of technology or service design.

“Where a company fails to tackle child sexual abuse on its platforms, it is right that Ofcom as the independent regulator has the power, as a last resort, to require these companies to take action.

“Strong encryption protects our privacy and our online economy but end-to-end encryption can be implemented in a way which is consistent with public safety. The Bill ensures that tech companies do not provide a safe space for the most dangerous predators online.”

Ryder’s analysis finds key legal checks are lacking in the bill which grants the state sweeping powers to compel digital providers to surveil users’ online communications “on a generalised and widespread basis” — yet fails to include any form of independent prior authorisation (or independent ex post facto oversight) for the issuing of content scanning notices.

In Ryder’s assessment this lack of rigorous oversight would likely breach Articles 8 (right to privacy) and 10 (right to freedom of expression) of the ECHR.

Existing very broad surveillance powers granted to UK security services, under the (also highly controversial) Investigatory Powers Act 2016 (IPA), do contain legal checks and balances for authorizing the most intrusive powers — involving the judiciary in signing off intercept warrants.

But the Online Safety Bill leaves it up to the designated Internet regulator to make decisions to issue the most intrusive content scanning orders — a public body that Ryder argues is not adequately independent for this function.

He also points out that given existing broad surveillance powers under the IPA, the “mass surveillance” of online comms proposed in the Online Safety Bill may not meet another key human rights test — of being “necessary in a democratic society”.

While bulk surveillance powers under the IPA must be linked to a national security concern — and cannot be used solely for the prevention and detection of serious crime between UK users — yet the Online Safety Bill, which his legal analysis argues grants similar “mass surveillance” powers to Ofcom, covers a much broader range of content than pure national security issues. So it looks far less bounded. 

Commenting on Ryder’s legal opinion in a statement, Index on Censorship’s chief executive, Ruth Smeeth, denounced the bill’s overreach — writing:

“This legal opinion makes clear the myriad issues surrounding the Online Safety Bill. The vague drafting of this legislation will necessitate Ofcom, a media regulator, unilaterally deciding how to deploy massive powers of surveillance across almost every aspect of digital day-to-day life in Britain. Surveillance by regulator is perhaps the most egregious instance of overreach in a Bill that is simply unfit for purpose.”

Impact on E2EE

While much of the controversy attached to the Online Safety Bill — which was published in draft last year but has continued being amended and expanded in scope by government — has focused on risks to freedom of expression, there are a range of other notable concerns. Including how content scanning provisions in the legislation could impact E2EE, with critics like the Open Rights Group warning the law will essentially strong-arm service providers into breaking strong encryption.

Concerns have stepped up since the bill was introduced after a government amendment this July — which proposed new powers for Ofcom to force messaging platforms to implement content-scanning technologies even if comms are strongly encrypted on their service. The amendment stipulated that a regulated service could be required to use “best endeavours” to develop or source technology for detecting and removing CSEA in private comms — and private comms puts it on a collision course with E2EE.

E2EE remains the ‘gold standard’ for encryption and online security — and is found on mainstream messaging platforms like WhatsApp, iMessage and Signal, to name a few — providing essential security and privacy for users’ online comms.

So any laws that threaten use of this standard — or open up new vulnerabilities for E2EE — could have a massive impact on web users’ security globally.

In the legal opinion, Ryder focuses most of his attention on the Online Safety Bill’s content scanning provisions — which are creating this existential risk for E2EE.

The bulk of his legal analysis centers on Clause 104 of the bill — which grants the designated Internet watchdog (existing media and comms regulator, Ofcom) a new power to issue notices to in-scope service providers requiring them to identify and take down terrorism content that’s communicated “publicly” by means of their services or Child Sex Exploitation and Abuse (CSEA) content being communicated “publicly or privately”. And, again, the inclusion of “private” comms is where things look really sticky for E2EE.

Ryder takes the view that the bill, rather than forcing messaging platforms to abandon E2EE altogether, will push them towards deploying a controversial technology called client side scanning (CSS) — as a way to comply with 104 Notices issued by Ofcom — predicting that’s “likely to be the primary technology whose use is mandated”.

“Clause 104 does not refer to CSS (or any technology) by name. It mentions only ‘accredited technology’. However, the practical implementation of 104 Notices requiring the identification, removal and/or blocking of content leads almost inevitably to the concern that this power will be used by Ofcom to mandate CSPs [communications service providers] using some form of CSS,” he writes, adding: “The Bill notes that the accredited technology referred to c.104 is a form of ‘content moderation technology’, meaning ‘technology, such as algorithms, keyword matching, image matching or image classification, which […] analyses relevant content’ (c.187(2)(11). This description corresponds with CSS.”

He also points to an article published by two senior GCHQ officials this summer — which he says “endorsed CSS as a potential solution to the problem of CSEA content being transmitted on encrypted platforms” — further noting that out their comments were made “against the backdrop of the ongoing debate about the OLSB [Online Safety Bill].”

“Any attempt to require CSPs to undermine their implementation of end-to-end encryption generally, would have far-reaching implications for the safety and security of all global on-line of communications. We are unable to envisage circumstances where such a destructive step in the security of global online communications for billions of users could be justified,” he goes on to warn.

Client side scanning risk

CSS refers to controversial scanning technology in which the content of encrypted communications is scanned with the goal of identifying objectionable content. The process entails a message being converted to a cryptographic digital fingerprint prior to it being encrypted and sent, with this fingerprint then compared with a database of fingerprints to check for any matches with known objectionable content (such as CSEA). The comparison of these cryptographic fingerprints can take place either on the user’s own device — or on a remote service.

Wherever the comparison takes place, privacy and security experts argue that CSS breaks the E2E trust model since it fundamentally defeats the ‘zero knowledge’ purpose of end-to-end encryption and generates new risks by opening up novel attack and/or censorship vectors.

For example they point to the prospect of embedded content-scanning infrastructure enabling ‘censorship creep’ as a state could mandate comms providers scan for an increasingly broad range of ‘objectionable’ content (from copyrighted material all the way up to expressions of political dissent that are displeasing to an autocratic regime, since tools developed within a democratic system aren’t likely to be applied in only one place in the world).

An attempt by Apple to deploy CSS last year on iOS users’ devices — when it announced it would begin scanning iCloud Photo uploads for known child abuse imagery — led to a huge backlash from privacy and security experts. Apple first paused — and then quietly dropped reference to the plan in December, so it appears to have abandoned the idea. However governments could revive such moves by mandating deployment of CSS via laws like the UK’s Online Safety Bill which relies on the same claimed child safety justification to embed and enforce content scanning on platforms.

Notably, the UK Home Office has been actively supporting development of content-scanning technologies which could be applied to E2EE services — announcing a “Tech Safety Challenge Fund” last year to splash taxpayer cash on the development of what it billed at the time as “innovative technology to keep children safe in environments such as online messaging platforms with end-to-end encryption”.

Last November, five winning projects were announced as part of that challenge. It’s not clear how ‘developed’ — and/or accurate — these prototypes are. But the government is moving ahead with Online Safety legislation that this legal expert suggests will, de facto, require E2EE platforms to carry out content scanning and drive uptake of CSS — regardless of the state of development of such tech.

Failure to comply with the Online Safety Bill will put service providers at risk of a range of severe penalties — so very large sticks are being assembled and put in place alongside sweeping surveillance powers to force compliance.

The draft legislation allowing for fines of up to 10% of global annual turnover (or £18M, whichever is higher). The bill would also enable Ofcom to be able to apply to court for “business disruption measures” — including blocking non-compliant services within the UK market. While senior execs at providers who fail to cooperate with the regulator could risk criminal prosecution.

For its part, the UK government has — so far — been dismissive of concerns about the impact of the legislation on E2EE.

In a section on “private messaging platforms”, a government fact-sheet claims content scanning technology would only be mandated by Ofcom “as a last resort”. The same text also suggests these scanning technologies will be “highly accurate” — without providing any evidence in support of the assertion. And it writes that “use of this power will be subject to strict safeguards to protect users’ privacy”, adding: “Highly accurate automated tools will ensure that legal content is not affected. To use this power, Ofcom must be certain that no other measures would be similarly effective and there is evidence of a widespread problem on a service.”

The notion that novel AI will be “highly accurate” for a wide-ranging content scanning purpose at scale is obviously questionable — and demands robust evidence to back it up.

You only need consider how blunt a tool AI has proven to be for content moderation on mainstream platforms, hence the thousands of human contractors still employed reviewing automated reports. So it seems highly fanciful that the Home Office has or will be able to foster development of a far more effective AI filter than tech giants like Google and Facebook have managed to devise over the past decades.

As for limits on use of content scanning notices, Ryder’s opinion touches on safeguards contained in Clause 105 of the bill — but he questions whether these are sufficient to address the full sweep of human rights concerns attached to such a potent power.

“Other safeguards exist in Clause 105 of the OLSB but whether those additional safeguards will be sufficient will depend on how they are applied in practice,” he suggests. “There is currently no indication as to how Ofcom will apply those safeguards and limit the scope of 104 Notices.

“For example, Clause 105(h) alludes to Article 10 of the ECHR, by requiring appropriate consideration to be given to interference with the right to freedom of expression. But there is no specific provision ensuring the adequate protection of journalistic sources, which will need to be provided in order to prevent a breach of Article 10.”

In further remarks responding to Ryder’s opinion, the Home Office emphasized that Section 104 Notice powers will only be used where there is no alternative, less intrusive measures capable of achieving the necessary reduction in illegal CSEA (and/or terrorism content) appearing on the service — adding that it will be up to the regulator to assess whether issuing a notice is necessary and proportionate, taking into account matters set out in the legislation including the risk of harm occurring on a service, as well as the prevalence of harm.

Surveillance powers in UK’s Online Safety Bill are risk to E2EE, warns legal expert by Natasha Lomas originally published on TechCrunch

An international police operation has dismantled an online spoofing service that allowed cybercriminals to impersonate trusted corporations to steal more than $120 million from victims.

iSpoof, which now displays a message stating that it has been seized by the FBI and the U.S. Secret Service, offered “spoofing” services that enabled paying users to mask their phone numbers with one belonging to a trusted organization, such as banks and tax offices, to carry out social engineering attacks.

“The services of the website allowed those who sign up and pay for the service to anonymously make spoofed calls, send recorded messages, and intercept one-time passwords,” Europol said in a statement on Thursday. “The users were able to impersonate an infinite number of entities for financial gain and substantial losses to victims.”

London’s Metropolitan Police, which began investigating iSpoof in June 2021 along with international law enforcement agencies, in the U.S., the Netherlands, and Ukraine, said it had arrested the website’s suspected administrator, named as Teejai Fletcher, 34, charged with fraud and offenses related to organized crime. Fletcher was remanded to custody and will appear at Southwark Crown Court in London on December 6.

iSpoof had around 59,000 users, which caused £48 million of losses to 200,000 identified victims in the U.K., according to the Met Police. One victim was scammed out of £3 million, while the average amount stolen was £10,000.

Europol says the service’s operators raked in estimated profits of $3.8 million in the last 16 months alone.

The Metropolitan Police said it also used bitcoin payment records found on the site’s server to identify and arrest a further 100 U.K.-based users of the iSpoof service. The site’s infrastructure, which was hosted in the Netherlands but moved to Kyiv earlier in 2022, was seized and taken offline in a joint Ukrainian-U.S. operation earlier this month.

Police have a list of phone numbers targeted by iSpoof fraudsters and will contact potential victims via text on Thursday and Friday. The text message will ask victims to visit the Met’s website to help it build more cases.

Helen Rance of the Metropolitan Police Cyber Crime Unit said: “Instead of just taking down the website and arresting the administrator, we have gone after the users of iSpoof. Our message to criminals who have used this website is: we have your details and are working hard to locate you, regardless of where you are.”

US authorities seize iSpoof, a call spoofing site that stole millions by Carly Page originally published on TechCrunch

LinkedIn is rolling out a new feature that allows users to schedule posts to send at a later time.

The Microsoft-owned social network has seemingly been testing the new feature for several months already, according to at least one online report dating back to August, but it seems that it’s now ramping up the rollout, according to a growing number of reports across social media.

Matt Navarra, a social media consultant and renowned tipster, confirmed yesterday that he was now seeing the post-scheduling feature inside the Android app and on the LinkedIn website itself. Internally at TechCrunch, it’s a bit of a mixed bag with some of us seeing the feature and others not, however it does seem to be limited to the web and Android for now.

Those that do have the feature will see a little clock icon beside the “post” button within the message compose box.

When the user clicks on the clock icon, they’re presented with an option to choose a specific date and half-hourly slot that they want to schedule their post for.

Marketers rejoice

While millions of marketers, influencers, and “thought leaders” the world over will no doubt rejoice at this new feature, it is worth noting that similar functionality has been available for a while already through third-party platforms such as Hootsuite and Buffer. However, not everyone is happy giving third-party platforms access to their LinkedIn accounts for data-privacy reasons — plus, native functionality is nearly always more convenient, particularly for those who only want to share a specific piece of content to their LinkedIn followers.

In truth, native post-scheduling has always been a fairly notable absence from such a widely-used social network as LinkedIn which claims some 875 million members globally. The likes of Twitter (via TweetDeck) and Facebook have offered scheduling for a while already, not to mention email clients such as Gmail which allow you to send messages while you’re fast asleep.

TechCrunch has reached out to LinkedIn for more information on the new post-scheduling feature, including when everyone can expect to have access. We’ll update here when, or if, we hear back.

LinkedIn’s rolling out a new feature that lets you schedule posts for later by Paul Sawers originally published on TechCrunch

Most small and medium enterprises (SMEs) in supply chains across different sectors in Africa execute orders in days but receive invoices after several weeks and sometimes months. It’s such an inefficient way of doing business that ultimately leads to cash-flow problems — and on top of that are fragmented payment collection and tracking processes.

Recently, startups have taken a top-down approach by singling out a particular sector and delivering solutions to SMEs within it. One such startup is Pivo, which helps freight carriers get paid faster by providing a bank account, a debit card and digital invoicing tools that track payments.

The startup, founded by Nkiru Amadi-Emina and Ijeoma Akwiwu in July 2021, is announcing today that it has closed a $2 million seed round. Pivo, in a statement, said it intends to use the financing to upgrade existing products, build new ones, hire talent and expand outside of Lagos, its first market and other African countries, particularly in East Africa.

Pivo provides financial services — credit, payments and expense management — to SME vendors within large manufacturing supply chains, an industry Amadi-Emina, the chief executive officer, plied her trade before starting the one-year-old startup, which has raised $2.55 million since launch.

In 2017, Amadi-Emina launched an on-demand delivery platform targeted at e-commerce brands in North and Central Africa, which subsequently got acquired by Kobo360, one of Africa’s most prominent e-logistics players. It was during her time at Kobo360 — first as an enterprise account manager and up until she left as head of port operations — that she witnessed the glaring liquidity problems that existed at both ends of the logistics supply chain. Truckers need cash advances from logistics companies such as Kobo360, Lori Systems and MVX to move cargo; meanwhile, these companies also require manufacturers to pay on time for distributing cargo to truckers.

“In most cases, we found out that managing cash flow was the primary issue for these businesses — it was either nonexistent or just paper-based,” Amadi-Emina told TechCrunch in an interview. “A lot of the payments made were made with cash and we thought to build a digital bank that provides financial services geared towards solving these various problems for SME vendors that operate within large manufacturing supply chains, starting first and foremost with the logistics providers, and then gradually moving to the supplier pockets and at the tail end of things.”

Pivo leverages manufacturing supply chain relationships and deploys financial services to the SMEs within them, mostly truckers in this instance. The credit play of its platform, Pivo Capital, serves as an early payment alternative for truckers and allows logistics companies to deal with any upfront costs — such as diesel and driver’s allowance — typically incurred during operations. Pivo Business, its payments reconciliation arm, helps these small businesses to facilitate payments via peer-to-peer transfers and track payments with debit cards with spend controls. Amadi-Emina explained that all these features will drive Pivo to capture a sizable portion of a $4 billion addressable market opportunity.

It’s a huge market where Pivo has the first-mover advantage. And though it doesn’t seem to have any noteworthy challengers in the freight sector, startups such as Duplo, another YC alum, whose customers are SMEs in the fast-moving consumer goods (FMCG) space, pose serious competition in the long run when the platforms seek out other sectors to replicate growth. That said, within its sector, there’s also some concern that e-logistics companies can construct a similar platform in-house (case in point, Kobo360’s Payfasta).

“As a plug-and-play and embedded solution, we’ve always been more complimentary than competitive,” the chief executive told TechCrunch when questioned about Pivo’s chances if e-logistics firms launch a competing product. “If you look at e-logistics firms, the goal for them is to move towards a platform approach and if at any point in time they want to unlock financial services, we tell them to come to PIVO for that instead of going to the traditional banks.”

The freight carrier–focused digital bank currently serves about 500 SMEs as direct customers and makes revenue by charging interest on capital and fees on payments processed. Amadi-Emina said Pivo Capital has disbursed over $3 million to SMEs and currently records a 98% repayment rate while transaction volume on Pivo Business grew over 400% between April and September this year. The startup has registered a total volume of $4.7 million from July to date.

What’s next for the female-led startup? More growth, according to its CEO. The company is working on Pivo+, a package of value-added services that will turn Pivo into a full-fledged financial services platform. Daniel Block, an investment principal at Mercy Corps, one of the investors in this round, thinks Pivo is designed to become such a platform because the startup’s “commitment to unattended supply chain SMEs would enable it to rapidly carve out a deep moat in the competitive fintech lending space.”

Other investors in the seed round include Precursor Ventures, Vested World, FoundersX, and Y Combinator, where Amadi-Emina and Ijeoma Akwiwu have accomplished an impressive feat of being the first all-female founded team the famed accelerator has backed in Nigeria — and the second in Africa after the defunct Ghanaian startup Tress.

“It is a great thing that we were able to break that barrier as a female-led start-up. Getting into YC gave us validation as founders and cemented the fact that women can be at the helm of affairs in the tech space,” said Amadi-Emina of the achievement. “Tech is a male-dominated space and all these man-made barriers exist that serve to keep women out. Getting into YC, with the news amplified not just locally but internationally means more people get to see strong female representation coming from Nigeria. We’re glad that a female founder somewhere looks at us and gains an awareness that it is possible that if you keep putting in the hard work, applying yourself and have the numbers to back it all up, you can achieve what you set out to.”

Pivo powers up Nigerian freight carriers with a bespoke digital bank, gets $2M seed funding by Tage Kene-Okafor originally published on TechCrunch