Surveillance powers in UK’s Online Safety Bill are risk to E2EE, warns legal expert

Independent legal analysis of a controversial UK government proposal to regulate online speech under a safety-focused framework — aka the Online Safety Bill — says the draft bill contains some of the broadest mass surveillance powers over citizens every proposed in a Western democracy which it also warns pose a risk to the integrity of end-to-end encryption (E2EE).

The opinion, written by the barrister Matthew Ryder KC of Matrix Chambers, was commissioned by Index on Censorship, a group that campaigns for freedom of expression.

Ryder was asked to consider whether provisions in the bill are compatible with human rights law.

His conclusion is that — as is –– the bill lacks essential safeguards on surveillance powers that mean, without further amendment, it will likely breach the European Convention on Human Rights (ECHR).

The bill’s progress through parliament was paused over the summer — and again in October — following political turbulence in the governing Conservative Party. After the arrival of a new digital minister, and two changes of prime minister, the government has indicated it intends to make amendments to the draft — however these are focused on provisions related to so-called ‘legal but harmful’ speech, rather than the gaping human rights hole identified by Ryder.

We reached out to the Home Office for a response to the issues raised by his legal opinion.

A government spokesperson replied with an emailed statement, attributed to minister for security Tom Tugendhat, which dismisses any concerns:

“The Online Safety Bill has privacy at the heart of its proposals and ensures we’re able to protect ourselves from online crimes including child sexual exploitation. It‘s not a ban on any type of technology or service design.

“Where a company fails to tackle child sexual abuse on its platforms, it is right that Ofcom as the independent regulator has the power, as a last resort, to require these companies to take action.

“Strong encryption protects our privacy and our online economy but end-to-end encryption can be implemented in a way which is consistent with public safety. The Bill ensures that tech companies do not provide a safe space for the most dangerous predators online.”

Ryder’s analysis finds key legal checks are lacking in the bill which grants the state sweeping powers to compel digital providers to surveil users’ online communications “on a generalised and widespread basis” — yet fails to include any form of independent prior authorisation (or independent ex post facto oversight) for the issuing of content scanning notices.

In Ryder’s assessment this lack of rigorous oversight would likely breach Articles 8 (right to privacy) and 10 (right to freedom of expression) of the ECHR.

Existing very broad surveillance powers granted to UK security services, under the (also highly controversial) Investigatory Powers Act 2016 (IPA), do contain legal checks and balances for authorizing the most intrusive powers — involving the judiciary in signing off intercept warrants.

But the Online Safety Bill leaves it up to the designated Internet regulator to make decisions to issue the most intrusive content scanning orders — a public body that Ryder argues is not adequately independent for this function.

“The statutory scheme does not make provision for independent authorisation for 104 Notices even though it may require private bodies – at the behest of a public authority – to carry out mass state surveillance of millions of user’s communications. Nor is there any provision for ex post facto independent oversight,” he writes. “Ofcom, the state regulator, cannot in our opinion, be regarded as an independent body in this context.”

He also points out that given existing broad surveillance powers under the IPA, the “mass surveillance” of online comms proposed in the Online Safety Bill may not meet another key human rights test — of being “necessary in a democratic society”.

While bulk surveillance powers under the IPA must be linked to a national security concern — and cannot be used solely for the prevention and detection of serious crime between UK users — yet the Online Safety Bill, which his legal analysis argues grants similar “mass surveillance” powers to Ofcom, covers a much broader range of content than pure national security issues. So it looks far less bounded.

Commenting on Ryder’s legal opinion in a statement, Index on Censorship’s chief executive, Ruth Smeeth, denounced the bill’s overreach — writing:

“This legal opinion makes clear the myriad issues surrounding the Online Safety Bill. The vague drafting of this legislation will necessitate Ofcom, a media regulator, unilaterally deciding how to deploy massive powers of surveillance across almost every aspect of digital day-to-day life in Britain. Surveillance by regulator is perhaps the most egregious instance of overreach in a Bill that is simply unfit for purpose.”

Impact on E2EE

While much of the controversy attached to the Online Safety Bill — which was published in draft last year but has continued being amended and expanded in scope by government — has focused on risks to freedom of expression, there are a range of other notable concerns. Including how content scanning provisions in the legislation could impact E2EE, with critics like the Open Rights Group warning the law will essentially strong-arm service providers into breaking strong encryption.

Concerns have stepped up since the bill was introduced after a government amendment this July — which proposed new powers for Ofcom to force messaging platforms to implement content-scanning technologies even if comms are strongly encrypted on their service. The amendment stipulated that a regulated service could be required to use “best endeavours” to develop or source technology for detecting and removing CSEA in private comms — and private comms puts it on a collision course with E2EE.

E2EE remains the ‘gold standard’ for encryption and online security — and is found on mainstream messaging platforms like WhatsApp, iMessage and Signal, to name a few — providing essential security and privacy for users’ online comms.

So any laws that threaten use of this standard — or open up new vulnerabilities for E2EE — could have a massive impact on web users’ security globally.

In the legal opinion, Ryder focuses most of his attention on the Online Safety Bill’s content scanning provisions — which are creating this existential risk for E2EE.

The bulk of his legal analysis centers on Clause 104 of the bill — which grants the designated Internet watchdog (existing media and comms regulator, Ofcom) a new power to issue notices to in-scope service providers requiring them to identify and take down terrorism content that’s communicated “publicly” by means of their services or Child Sex Exploitation and Abuse (CSEA) content being communicated “publicly or privately”. And, again, the inclusion of “private” comms is where things look really sticky for E2EE.

Ryder takes the view that the bill, rather than forcing messaging platforms to abandon E2EE altogether, will push them towards deploying a controversial technology called client side scanning (CSS) — as a way to comply with 104 Notices issued by Ofcom — predicting that’s “likely to be the primary technology whose use is mandated”.

Clause 104 does not refer to CSS (or any technology) by name. It mentions only ‘accredited technology’. However, the practical implementation of 104 Notices requiring the identification, removal and/or blocking of content leads almost inevitably to the concern that this power will be used by Ofcom to mandate CSPs [communications service providers] using some form of CSS,” he writes, adding: “The Bill notes that the accredited technology referred to c.104 is a form of ‘content moderation technology’, meaning ‘technology, such as algorithms, keyword matching, image matching or image classification, which […] analyses relevant content’ (c.187(2)(11). This description corresponds with CSS.”

He also points to an article published bytwo senior GCHQ officials this summer — which he says “endorsed CSS as a potential solution to the problem of CSEA content being transmitted on encrypted platforms” — further noting that out their comments were made “against the backdrop of the ongoing debate about the OLSB [Online Safety Bill].”

Any attempt to require CSPs to undermine their implementation of end-to-end encryption generally, would have far-reaching implications for the safety and security of all global on-line of communications. We are unable to envisage circumstances where such a destructive step in the security of global online communications for billions of users could be justified,” he goes on to warn.

Client side scanning risk

CSS refers to controversial scanning technology in which the content of encrypted communications is scanned with the goal of identifying objectionable content. The process entails a message being converted to a cryptographic digital fingerprint prior to it being encrypted and sent, with this fingerprint then compared with a database of fingerprints to check for any matches with known objectionable content (such as CSEA). The comparison of these cryptographic fingerprints can take place either on the user’s own device — or on a remote service.

Wherever the comparison takes place, privacy and security experts argue that CSS breaks the E2E trust model since it fundamentally defeats the ‘zero knowledge’ purpose of end-to-end encryption and generates new risks by opening up novel attack and/or censorship vectors.

For example they point to the prospect of embedded content-scanning infrastructure enabling ‘censorship creep’ as a state could mandate comms providers scan for an increasingly broad range of ‘objectionable’ content (from copyrighted material all the way up to expressions of political dissent that are displeasing to an autocratic regime, since tools developed within a democratic system aren’t likely to be applied in only one place in the world).

An attempt by Apple to deploy CSS last year on iOS users’ devices — when it announced it would begin scanning iCloud Photo uploads for known child abuse imagery — led to a huge backlash from privacy and security experts. Apple first paused — and then quietly dropped reference to the plan in December, so it appears to have abandoned the idea. However governments could revive such moves by mandating deployment of CSS via laws like the UK’s Online Safety Bill which relies on the same claimed child safety justification to embed and enforce content scanning on platforms.

Notably, the UK Home Office has been actively supporting development of content-scanning technologies which could be applied to E2EE services — announcing a “Tech Safety Challenge Fund” last year to splash taxpayer cash on the development of what it billed at the time as “innovative technology to keep children safe in environments such as online messaging platforms with end-to-end encryption”.

Last November, five winning projects were announced as part of that challenge. It’s not clear how ‘developed’ — and/or accurate — these prototypes are. But the government is moving ahead with Online Safety legislation that this legal expert suggests will, de facto, require E2EE platforms to carry out content scanning and drive uptake of CSS — regardless of the state of development of such tech.

Discussing the government’s proposed amendment to Clause 104 — which envisages Ofcom being able to require comms service providers to ‘use best endeavours’ to develop or source their own content-scanning technology to achieve the same purposes as accredited technology which the bill also envisages the regulator signing off — Ryder predicts: It seems likely that any such solution would be CSS or something akin to it. We think it is highly unlikely that CSPs would instead, for example, attempt to remove all end-to-end encryption on their services. Doing so would not remove the need for them analyse the content of communications to identify relevant content. More importantly, however, this would fatally compromise security for their users and on their platforms, almost certainly causing many users to switch to other services.”

“[I]f 104 Notices were issued across all eligible platforms, this would mean that the content of a almost all internet-based communications by millions of people — including the details of their personal conversations — would be constantly surveilled by service providers. Whether this happens will, of course, depend on how Ofcom exercises its power to issue 104 Notices but the inherent tension between the apparent aim, and the need for proportionate use is self-evident,” he adds.

Failure to comply with the Online Safety Bill will put service providers at risk of a range of severe penalties — so very large sticks are being assembled and put in place alongside sweeping surveillance powers to force compliance.

The draft legislation allowing for fines of up to 10% of global annual turnover (or £18M, whichever is higher). The bill would also enable Ofcom to be able to apply to court for “business disruption measures” — including blocking non-compliant services within the UK market. While senior execs at providers who fail to cooperate with the regulator could risk criminal prosecution.

For its part, the UK government has — so far — been dismissive of concerns about the impact of the legislation on E2EE.

In a section on “private messaging platforms”, a government fact-sheet claims content scanning technology would only be mandated by Ofcom “as a last resort”. The same text also suggests these scanning technologies will be “highly accurate” — without providing any evidence in support of the assertion. And it writes that “use of this power will be subject to strict safeguards to protect users’ privacy”, adding: “Highly accurate automated tools will ensure that legal content is not affected. To use this power, Ofcom must be certain that no other measures would be similarly effective and there is evidence of a widespread problem on a service.”

The notion that novel AI will be “highly accurate” for a wide-ranging content scanning purpose at scale is obviously questionable — and demands robust evidence to back it up.

You only need consider how blunt a tool AI has proven to be for content moderation on mainstream platforms, hence the thousands of human contractors still employed reviewing automated reports. So it seems highly fanciful that the Home Office has or will be able to foster development of a far more effective AI filter than tech giants like Google and Facebook have managed to devise over the past decades.

As for limits on use of content scanning notices, Ryder’s opinion touches on safeguards contained in Clause 105 of the bill — but he questions whether these are sufficient to address the full sweep of human rights concerns attached to such a potent power.

“Other safeguards exist in Clause 105 of the OLSB but whether those additional safeguards will be sufficient will depend on how they are applied in practice,” he suggests. “There is currently no indication as to how Ofcom will apply those safeguards and limit the scope of 104 Notices.

“For example, Clause 105(h) alludes to Article 10 of the ECHR, by requiring appropriate consideration to be given to interference with the right to freedom of expression. But there is no specific provision ensuring the adequate protection of journalistic sources, which will need to be provided in order to prevent a breach of Article 10.”

In further remarks responding to Ryder’s opinion, the Home Office emphasized that Section 104 Notice powers will only be used where there is no alternative, less intrusive measures capable of achieving the necessary reduction in illegal CSEA (and/or terrorism content) appearing on the service — adding that it will be up to the regulator to assess whether issuing a notice is necessary and proportionate, taking into account matters set out in the legislation including the risk of harm occurring on a service, as well as the prevalence of harm.

Surveillance powers in UK’s Online Safety Bill are risk to E2EE, warns legal expert by Natasha Lomas originally published on TechCrunch

US authorities seize iSpoof, a call spoofing site that stole millions

An international police operation has dismantled an online spoofing service that allowed cybercriminals to impersonate trusted corporations to steal more than $120 million from victims.

iSpoof, which now displays a message stating that it has been seized by the FBI and the U.S. Secret Service, offered “spoofing” services that enabled paying users to mask their phone numbers with one belonging to a trusted organization, such as banks and tax offices, to carry out social engineering attacks.

“The services of the website allowed those who sign up and pay for the service to anonymously make spoofed calls, send recorded messages, and intercept one-time passwords,” Europolsaid in a statement on Thursday. “The users were able to impersonate an infinite number of entities for financial gain and substantial losses to victims.”

London’s Metropolitan Police, which began investigating iSpoof in June 2021 along with international law enforcement agencies, in the U.S., the Netherlands, and Ukraine, said it had arrested the website’s suspected administrator, named as Teejai Fletcher, 34, charged with fraud and offenses related to organized crime. Fletcher was remanded to custody and will appear at Southwark Crown Court in London on December 6.

iSpoof had around 59,000 users, which caused £48 million of losses to 200,000 identified victims in the U.K., according to the Met Police. One victim was scammed out of £3 million, while the average amount stolen was £10,000.

Europol says the service’s operators raked in estimated profits of $3.8 million in the last 16 months alone.

The Metropolitan Police said it also used bitcoin payment records found on the site’s server to identify and arrest a further 100 U.K.-based users of the iSpoof service. The site’s infrastructure, which was hosted in the Netherlands but moved to Kyiv earlier in 2022, was seized and taken offline in a joint Ukrainian-U.S. operation earlier this month.

Police have a list of phone numbers targeted by iSpoof fraudsters and will contact potential victims via text on Thursday and Friday. The text message will ask victims to visit the Met’s website to help it build more cases.

Helen Rance of the Metropolitan Police Cyber Crime Unit said: “Instead of just taking down the website and arresting the administrator, we have gone after the users of iSpoof. Our message to criminals who have used this website is: we have your details and are working hard to locate you, regardless of where you are.”

US authorities seize iSpoof, a call spoofing site that stole millions by Carly Page originally published on TechCrunch

LinkedIn’s rolling out a new feature that lets you schedule posts for later

LinkedIn is rolling out a new feature that allows users to schedule posts to send at a later time.

The Microsoft-ownedsocial network has seemingly been testing the new feature for several months already, according to at least one online report dating back to August, but it seems that it’s now ramping up the rollout, according to a growing number of reports across social media.

Matt Navarra, a social media consultant and renowned tipster, confirmed yesterday that he was now seeing the post-scheduling feature inside the Android app and on the LinkedIn website itself. Internally at TechCrunch, it’s a bit of a mixed bag with some of us seeing the feature and others not, however it does seem to be limited to the web and Android for now.

Those that do have the feature will see a little clock icon beside the “post” button within the message compose box.

LinkedIn’s new message-scheduling featureImage Credits: Romain Dillet / TechCrunch

When the user clicks on the clock icon, they’re presented with an option to choose a specific date and half-hourly slot that they want to schedule their post for.

LinkedIn’s new message-scheduling feature: Choose your time Image Credits: Romain Dillet / TechCrunch

Marketers rejoice

While millions of marketers, influencers, and “thought leaders” the world over will no doubt rejoice at this new feature, it is worth noting that similar functionality has been available for a while already through third-party platforms such as Hootsuite and Buffer. However, not everyone is happy giving third-party platforms access to their LinkedIn accounts for data-privacy reasons — plus, native functionality is nearly always more convenient, particularly for those who only want to share a specific piece of content to their LinkedIn followers.

In truth, native post-scheduling has always been a fairly notable absence from such a widely-used social network as LinkedIn which claims some 875 million members globally. The likes of Twitter (via TweetDeck) and Facebook have offered scheduling for a while already, not to mention email clients such as Gmail which allow you to send messages while you’re fast asleep.

TechCrunch has reached out to LinkedIn for more information on the new post-scheduling feature, including when everyone can expect to have access. We’ll update here when, or if, we hear back.

LinkedIn’s rolling out a new feature that lets you schedule posts for later by Paul Sawers originally published on TechCrunch

Pivo powers up Nigerian freight carriers with a bespoke digital bank, gets $2M seed funding

Most small and medium enterprises (SMEs) in supply chains across different sectors in Africa execute orders in days but receive invoices after several weeks and sometimes months. It’s such an inefficient way of doing business that ultimately leads to cash-flow problems — and on top of that are fragmented payment collection and tracking processes.

Recently, startups have taken a top-down approach by singling out a particular sector and delivering solutions to SMEs within it. One such startup is Pivo, which helps freight carriers get paid faster by providing a bank account, a debit card and digital invoicing tools that track payments.

The startup, founded by Nkiru Amadi-Emina and Ijeoma Akwiwu in July 2021, is announcing today that it has closed a $2 million seed round. Pivo, in a statement, said it intends to use the financing to upgrade existing products, build new ones, hire talent and expand outside of Lagos, its first market and other African countries, particularly in East Africa.

Pivo provides financial services — credit, payments and expense management — to SME vendors within large manufacturing supply chains, an industry Amadi-Emina, the chief executive officer, plied her trade before starting the one-year-old startup, which has raised $2.55 million since launch.

In 2017, Amadi-Emina launched an on-demand delivery platform targeted at e-commerce brands in North and Central Africa, which subsequently got acquired by Kobo360, one of Africa’s most prominent e-logistics players. It was during her time at Kobo360 — first as an enterprise account manager and up until she left as head of port operations — that she witnessed the glaring liquidity problems that existed at both ends of the logistics supply chain. Truckers need cash advances from logistics companies such as Kobo360, Lori Systemsand MVX to move cargo; meanwhile, these companies also require manufacturers to pay on time for distributing cargo to truckers.

“In most cases, we found out that managing cash flow was the primary issue for these businesses — it was either nonexistent or just paper-based,” Amadi-Emina told TechCrunch in an interview. “A lot of the payments made were made with cash and we thought to build a digital bank that provides financial services geared towards solving these various problems for SME vendors that operate within large manufacturing supply chains, starting first and foremost with the logistics providers, and then gradually moving to the supplier pockets and at the tail end of things.”

Pivo leverages manufacturing supply chain relationships and deploys financial services to the SMEs within them, mostly truckers in this instance. The credit play of its platform, Pivo Capital, serves as an early payment alternative for truckers and allows logistics companies to deal with any upfront costs — such as diesel and driver’s allowance — typically incurred during operations. Pivo Business, its payments reconciliation arm, helps these small businesses to facilitate payments via peer-to-peer transfers and track payments with debit cards with spend controls. Amadi-Emina explained that all these features will drive Pivo to capture a sizable portion of a $4 billion addressable market opportunity.

It’s a huge market where Pivo has the first-mover advantage. And though it doesn’t seem to have any noteworthy challengers in the freight sector, startups such as Duplo, another YC alum, whose customers are SMEs in the fast-moving consumer goods (FMCG) space, pose serious competition in the long run when the platforms seek out other sectors to replicate growth. That said, within its sector, there’s also some concern that e-logistics companies can construct a similar platform in-house (case in point, Kobo360’s Payfasta).

“As a plug-and-play and embedded solution, we’ve always been more complimentary than competitive,” the chief executive told TechCrunch when questioned about Pivo’s chances if e-logistics firms launch a competing product. “If you look at e-logistics firms, the goal for them is to move towards a platform approach and if at any point in time they want to unlock financial services, we tell them to come to PIVO for that instead of going to the traditional banks.”

The Pivo team

The freight carrier–focused digital bank currently serves about 500 SMEs as direct customers and makes revenue by charging interest on capital and fees on payments processed. Amadi-Emina said Pivo Capital has disbursed over $3 million to SMEs and currently records a 98% repayment rate while transaction volume on Pivo Business grew over 400% between April and September this year. The startup has registered a total volume of $4.7 million from July to date.

What’s next for the female-led startup? More growth, according to its CEO. The company is working on Pivo+, a package of value-added services that will turn Pivo into a full-fledged financial services platform. Daniel Block, an investment principal at Mercy Corps, one of the investors in this round, thinks Pivo is designed to become such a platform because the startup’s “commitment to unattended supply chain SMEs would enable it to rapidly carve out a deep moat in the competitive fintech lending space.”

Other investors in the seed round include Precursor Ventures, Vested World, FoundersX, and Y Combinator, where Amadi-Emina and Ijeoma Akwiwu have accomplished an impressive feat of being the first all-female founded team the famed accelerator has backed in Nigeria — and the second in Africa after the defunct Ghanaian startup Tress.

“It is a great thing that we were able to break that barrier as a female-led start-up. Getting into YC gave us validation as founders and cemented the fact that women can be at the helm of affairs in the tech space,” said Amadi-Emina of the achievement. “Tech is a male-dominated space and all these man-made barriers exist that serve to keep women out. Getting into YC, with the news amplified not just locally but internationally means more people get to see strong female representation coming from Nigeria. We’re glad that a female founder somewhere looks at us and gains an awareness that it is possible that if you keep putting in the hard work, applying yourself and have the numbers to back it all up, you can achieve what you set out to.”

Pivo powers up Nigerian freight carriers with a bespoke digital bank, gets $2M seed funding by Tage Kene-Okafor originally published on TechCrunch

Tesla extends FSD access to “anyone in North America who requests it”

Tesla is extending its “full self-driving” (FSD) beta software “to anyone in North America who requests it from the car screen,” according to CEO Elon Musk who tweeted out the news late Wednesday evening. The rollout of FSD across the continent comes as Tesla is potentially facing a criminal investigation from the U.S. Department of Justice over false claims relating to the company’s advanced driver assistance system Autopilot.

Autopilot comes standard on Tesla vehicles and performs automated driving functions such as steering, accelerating and automatic braking. FSD, which costs North American drivers $15,000, is an extension of Autopilot that includes features like assisted steering on highways and city streets, smart vehicle summoning, automatic parking and recognizing and reacting to traffic lights and stop signs.

Autopilot, and by extension FSD, have come under regulator scrutiny in recent years following a series of Tesla crashes, many of which were fatal. The National Highway Traffic Safety Administration (NHTSA) has opened special investigations into 36 Tesla crashes involving Autopilot since 2016, five of which happened this year. Tesla has also come under fire from California’s Department of Motor Vehicles and drivers who claim the company falsely advertised the self-driving capabilities of Autopilot and FSD.

Some Tesla owners and enthusiasts predicted the company might allow FSD into all cars after Tesla appears to have dropped the requirement for 100 Autopilot miles and a safety score of at least 80 to receive the FSD update. This is a concerning lack of scrutiny considering fears that drivers using ADAS are less likely to watch the road and be alert in case the system malfunctions. Tesla’s website does encourage drivers to keep their hands on the wheel and eyes on the road.

Safety score doesn’t matter. I had a 68 and got beta . I’ll be safe on beta tho. pic.twitter.com/Xj274rSIKr

— Adnan Shaikh (@sh98538914) November 24, 2022

Despite concerns, any driver who has already paid the steep price for Tesla’s FSD will be able to access the software in North America. Tesla had previously extended FSD access to 160,000 owners in the U.S. and Canada in September, and today’s widespread rollout makes good on previous promises from Musk to get FSD in every Tesla by the end of 2022.

Musk has claimed that Tesla could achieve full-self driving by the end of the year, but during the company’s third quarter earnings admitted that FSD wouldn’t gain regulatory approval to be driven without someone behind the wheel in 2022. The move to expand the number of users and possibly give Tesla’s supercomputer Dojo more data to work with might be one of the reasons Tesla has chosen now to expand.

It might also be a move to ease investor worries and accrue some more revenue. Tesla’s stock is at a two-year low and its market cap slashed from $1.2 trillion last November to $574 billion today following Musk’s buyout of Twitter and the ensuing dramas of the company overhaul.

The FSD scaling also follows news from Tesla engineers Romi Phadte and Gabe Gheorghian who spoke at BazelCon this week and shared that Tesla has increased the number of FSD simulations per week from around 250,000 in 2020 to 2 million today.

Tesla extends FSD access to “anyone in North America who requests it” by Rebecca Bellan originally published on TechCrunch

Anne Hathaway backs Pact, an all-women led VC for mission-driven startups, from West to East

How many VC funds can you name where the three partners all had babies whilst raising the fund, have deep connections in Asia as well as Europe and the US, and include actress Anne Hathaway as an LP? Not many I’d hazard.

But that’s the profile of Pact, a new Seed VC fund launched with a £30 million ($36 million) pot of cash to back early-stage startups across Europe. Pact will aim at ‘mission driven’ startups in what it calls the “ABC” categories: Access (economic inclusion), Betterment (personal and professional well-being), and Climate. (That’s a much more interesting way of addressing ‘doing good’ areas, instead of that trotting out the UN SDGs, IMHO). Pact’s investment tickets will range from around £1m to 1.5m.

As well as Anne Hathaway (she’s not ‘just’ an Oscar Award Winning Actor, but also a UN Woman Goodwill Ambassador), other LPs include Jeff Dean, the Head of AI at Google, and Keith Teare, a founding (and former) shareholder of TechCrunch and former tech entrepreneur in the UK and US.

They are joined by Anchor investor Campden Hill Capital; Yeming Wang, the former head of EMEA of Alibaba; Fahd Beg, the COO of Naspers; Todd Ruppert, the retired CEO of T. Rowe Price Global and venture partner at Greenspring Associates, and Tilo Bonow, CEO of PIABO.

The three female partners — Tong Gu, Reem Mobassaleh Wyndham, and Monik Pham — were former VCs in other funds. Gu was an investor at ADV (of which Teare was formerly a part) and built a data analytics startup in Shanghai which she exited. Wyndham was also an investor for ADV and a former founder. Pham was part of the founding team of the early-stage fund Fuel Ventures and launched several social enterprises in Africa and India.

Speaking to Reem Mobassaleh Wyndham, she told me they’d been raising the fund for a little over a year (during their pregnancies and first children) but the idea had been “in the works” for about five or six years: “We both joined ADV the same week. And we met Monik around the same time. What we observed within the early stage landscape in the UK was a few key things that were missing. There are very few early-stage fund managers that have both operational experience and deep operational experience abroad in emerging markets. And that’s something that the three of us, in a very complimentary way, bring to the table.”

“We believe that capitalism should and can be inclusive while still producing huge results,” she added. “And we really want it to be able to back companies at the early stage that are really positively shaping the future. We’ve all built our careers with that Northstar as a guide for us. It’s a value that we’ve always espoused, but it’s only now at this point that the market is really coming around to it. There shouldn’t be a trade off between socially sustainable, environmentally sustainable and commercially sustainable outcomes. You have to think about both. And that’s a value that all three of us came together on,” she said.

Tong Gu told me: “I grew up in China, and I witnessed how entrepreneurship and technology have enabled a large population of people who used to be under the poverty line to become wealthier and make their lives better. I started a tech company enabling independent small brand owners to compete with the larger ones. And for me, that was the experience of really driving economic inclusion, but in sort of a tech-enabled way.”

Wyndham admitted “it’s not a huge fund”. However, she said the £30 million should get them enough companies to get the “healthy diversification” needed for fund returns: “We could do 18 to 20 companies, either leading or co-leading. We’ve been very thoughtful about how we have curated our LP base. So the LPS that have come in are strategic and they provide domain expertise, and market access, but they also provide capital continuity. The vast majority are looking for access to deal flow. So in that sense, this is actually scaling our firepower beyond the 30 million.”

On having a Hollywood moviestar among their LPs, Wyndham added: “She’s actually a friend of mine and mentor of about 12 years and since then we’ve become friends and have shared values. One of her big causes is childcare, and lack thereof, as the final frontier for gender parity. And that’s something that we’ve experienced firsthand as three female GPs who all had our first children while raising this fund. We had to figure out how to overcome the structural headwinds to be able to do both. That’s very much one of the lessons that we hope to share with the ecosystem, and that’s sort of where Anne comes in.”

Pact’s first investment has been made into Growth Kitchen, a London-based company that launches sustainable food brands based on data insights.

Past investments for the team members of Pact include Clause acquired by DocuSign. Onto, an electric vehicle subscription service; Perlego, an online learning platform; and Yoco, an African FinTech company.

Anne Hathaway backs Pact, an all-women led VC for mission-driven startups, from West to East by Mike Butcher originally published on TechCrunch

Atoa helps UK merchants cut down on card processing fees

Visa and Mastercard payments are convenient for customers, but can cost merchants high processing fees. Atoa Payments wants to provide a cheaper alternative that is still easy for customers to use. The London-based fintech announced today that it has raised $2.2 million in pre-seed funding.

The round was led by Leo Capital and Passion Capital, with participation from angel investors like GoCardless and Nested co-founder Matt Robinson, Moon Capital Ventures and MarketFinance co-founder Anil Stocker.

Atoa co-founder Sid Narayanan told TechCrunch that he and co-founder Cian O’Dowd developed the idea for Atoa after selling their previous startup, expense management platform KlearCard, to Singapore fintech Validus in 2021.

Their barber, who initially accepted card payments, started asking for cash payments or bank transfers because he wanted to reduce his card processing fees, which were around 1.6%. Narayanan and O’Dowd were used to card alternative payments after living in Singapore, and saw an opportunity to use the U.K.’s open banking payments stack to build a Visa and Mastercard alternative, Narayanan told TechCrunch.

Mastercard and Visa payment rails can cost small merchants and their customers net margins of 51%, with card machine fees of about 1.75%, Narayanan said. Atoa, on the other hand, charges a fixed percentage fee billable to merchant each months that is up to 70% lower than debit cards. It also does not have hardware rentals, service fees or PCI attestation of compliance charges.

To use Atoa, merchants download an app that connects to their bank accounts. Customers don’t need to download Atoa’s app to use the service. Instead, they can use Atoa as long as they have a U.K. mobile banking app. According to Narayanan, the majority of adults, or about 80% in the U.K., already have a mobile banking app on their phone, removing the main source of friction. Merchants send a link for payment by SMS, PayBay or offer a QR code to scan.

To incentivize more customers to use Atoa, the startup also plans to add rewards and loyalty benefits, like digital scratch cards that can let them get cash rewards into their existing U.K. bank accounts.

Once customers pay with Atoa, merchants to receive payment instantly through Instant Bank Pay. They also get funds in their bank account right away, instead of waiting for up to 1 to 2 business days.

Atoa says since it went live in June, it’s gotten more than 100% month-on-month total payment volume (TPV) growth and merchant customers. Its most direct competitors include card machine providers like SumUp, Zettle, Square and Barclaycard, Narayanan said. Atoa differentiates by offering lower fees and enabling merchants to receive funds more quickly than the three days typically required by card machine providers. It also charges lower fees than players that are intermediated by Visa and Mastercard.

In a statement about its investment, Passion Capital partner Robert Dighero said, “Atoa has come to the UK market at the right time to leverage open banking and bring to small and medium sized merchants a truly viable alternative to payment cards and card machines that can be deployed in-store within minutes. We’re delighted to work with the Atoa team after their first fintech success and look forward to partnering with them as they achieve even greater heights with Atoa.”

Atoa helps UK merchants cut down on card processing fees by Catherine Shu originally published on TechCrunch

Amazon to shut down its online learning platform in India

Amazon will be shutting down Amazon Academy, an online learning platform it launched in India for high-school students last year, the company said Thursday.

The retailer says it will wind down the edtech service in the country in a phased manner starting August 2023. Those who signed up for the current academic batch will receive a full refund, it said.

Amazon officially launched Academy, previously called JEE Ready, early last year, but had been testing the platform since mid-2019. Academy sought to help students prepare for entry into the nation’s prestigious engineering colleges.

The service offered curated learning material, live lectures, mock tests and comprehensive assessments to help students learn and practice math, physics and chemistry and prepare for the Joint Entrance Examinations (JEE), a government-backed engineering entrance assessment conducted in India for admission to various engineering colleges in the country.

The comprehensive offering from the firm had prompted some to believe that Amazon might be making a major foray into the education market and may pose threat to upstarts such as Byju’s, Unacademy and Vedantu.

The homepage of Amazon Academy website. (Image credits: Amazon)

More than 260 million children go to school in India and much of the population sees education as a key to economic progress and a better life. Facebook alsoinvested in Unacademy, a Bangalore-based startup that offers online learning classes. Google, whichinvested in Indian edtech startupCuemath,also partnered with CBSEto train more than 1 million teachers in India and offer a range of free tools such as G Suite for Education, Google Classroom and YouTube to help digitize the education experience in the nation.

“At Amazon, we think big, experiment, and invest in new ideas to delight customers. We also continually evaluate the progress and potential of our products and services to deliver customer value, and we regularly make adjustments based on those assessments,” an Amazon spokesperson told TechCrunch.

“Following an assessment we have made the decision to discontinue Amazon Academy. We are winding down this program in a phased manner to take care of current customers.”

The company did not share why it’s winding down Academy, but ET Prime (paywalled), which first reported the development, said the move was part of the its ongoing cost-cutting measures.

Amazon is planning to cut about 10,000 jobs, according to media reports, and began eliminating roles in some divisions including devices and services earlier this month. Amazon also shut down teams that make AWS tutorials and other online courses, Business Insider reported.

In a memo, which Amazon has since made public, chief executive Andy Jassy said more layoffs will come next year.

Amazon to shut down its online learning platform in India by Manish Singh originally published on TechCrunch

Pin It on Pinterest