Monday May 16, 2022
 

Backed by Benchmark, Blue Hexagon just raised $31 million for its deep learning cybersecurity software

Nayeem Islam spent nearly 11 years with chipmaker Qualcomm, where he founded its Silicon Valley-based R&D facility, recruited its entire team and oversaw research on all aspects of security, including applying machine learning on mobile devices and in the network to detect threats early.

Islam was nothing if not prolific, developing a system for on-device machine learning for malware detection, libraries for optimizing deep learning algorithms on mobile devices and systems for parallel compute on mobile devices, among other things.

In fact, because of his work, he also saw a big opportunity in better protecting enterprises from cyberthreats through deep neural networks that are capable of processing every raw byte within a file and that can uncover complex relations within data sets. So two years ago, Islam and Saumitra Das, a former Qualcomm engineer with 330 patents to his name and another 450 pending, struck out on their own to create Blue Hexagon, a now 30-person Sunnyvale, Calif.-based company that is today disclosing it has raised $31 million in funding from Benchmark and Altimeter.

The funding comes roughly one year after Benchmark quietly led a $6 million Series A round for the firm.

So what has investors so bullish on the company’s prospects, aside from its credentialed founders? In a word, speed, seemingly. According to Islam, Blue Hexagon has created a real-time, cybersecurity platform that he says can detect known and unknown threats at first encounter, then block them in “sub seconds” so the malware doesn’t have time to spread.

The industry has to move to real-time detection, he says, explaining that four new and unique malware samples are released every second, and arguing that traditional security methods can’t keep pace. He says that sandboxes, for example, meaning restricted environments that quarantine cyberthreats and keep them from breaching sensitive files, are no longer state of the art. The same is true of signatures, which are mathematical techniques used to validate the authenticity and integrity of a message, software or digital document but are being bypassed by rapidly evolving new malware.

Only time will tell if Blue Hexagon is far more capable of identifying and stopping attackers, as Islam insists is the case. It is not the only startup to apply deep learning to cybersecurity, though it’s certainly one of the first. Critics, some who are protecting their own corporate interests, also worry that hackers can foil security algorithms by targeting the warning flags they look for.

Still, with its technology, its team and its pitch, Blue Hexagon is starting to persuade not only top investors of its merits, but a growing — and broad — base of customers, says Islam. “Everyone has this issue, from large banks, insurance companies, state and local governments. Nowhere do you find someone who doesn’t need to be protected.”

Blue Hexagon can even help customers that are already under attack, Islam says, even if it isn’t ideal. “Our goal is to catch an attack as early in the kill chain as possible. But if someone is already being attacked, we’ll see that activity and pinpoint it and be able to turn it off.”

Some damage may already be done, of course. It’s another reason to plan ahead, he says. “With automated attacks, you need automated techniques.” Deep learning, he insists, “is one way of leveling the playing field against attackers.”

Post to Twitter Tweet This Post

Databricks raises $250M at a $2.75B valuation for its analytics platform

Databricks, the company behind the Apache Spark big data analytics engine, today announced that it has raised a $250 million Series E round led by Andreessen Horowitz. Coatue Management, Microsoft and NEA, also participated in this round, which brings the company’s total funding to $498.5 million. Microsoft’s involvement here is probably a bit of a surprise, but it’s worth noting that it also worked with Databricks on the launch of Azure Databricks as a first-party service on the platform, something that’s still a rarity in the Azure cloud.

As Databricks also today announced, its annual recurring revenue now exceeds $100 million. The company didn’t share whether it’s cash flow-positive at this point, but Databricks CEO and co-founder Ali Ghodsi shared that the company’s valuation is now $2.75 billion.

Current customers, which the company says number around 2,000, include the likes of Nielsen, Hotels.com, Overstock, Bechtel, Shell and HP.

While Databricks is obviously known for its contributions to Apache Spark, the company itself monetizes that work by offering its Unified Analytics platform on top of it. This platform allows enterprises to build their data pipelines across data storage systems and prepare data sets for data scientists and engineers. To do this, Databricks offers shared notebooks and tools for building, managing and monitoring data pipelines, and then uses that data to build machine learning models, for example. Indeed, training and deploying these models is one of the company’s focus areas these days, which makes sense, given that this is one of the main use cases for big data, after all.

On top of that, Databricks also offers a fully managed service for hosting all of these tools.

“Databricks is the clear winner in the big data platform race,” said Ben Horowitz, co-founder and general partner at Andreessen Horowitz, in today’s announcement. “In addition, they have created a new category atop their world-beating Apache Spark platform called Unified Analytics that is growing even faster. As a result, we are thrilled to invest in this round.”

Ghodsi told me that Horowitz was also instrumental in getting the company to re-focus on growth. The company was already growing fast, of course, but Horowitz asked him why Databricks wasn’t growing faster. Unsurprisingly, given that it’s an enterprise company, that means aggressively hiring a larger sales force — and that’s costly. Hence the company’s need to raise at this point.

As Ghodsi told me, one of the areas the company wants to focus on is the Asia Pacific region, where overall cloud usage is growing fast. The other area the company is focusing on is support for more verticals like mass media and entertainment, federal agencies and fintech firms, which also comes with its own cost, given that the experts there don’t come cheap.

Ghodsi likes to call this “boring AI,” since it’s not as exciting as self-driving cars. In his view, though, the enterprise companies that don’t start using machine learning now will inevitably be left behind in the long run. “If you don’t get there, there’ll be no place for you in the next 20 years,” he said.

Engineering, of course, will also get a chunk of this new funding, with an emphasis on relatively new products like MLFlow and Delta, two tools Databricks recently developed and that make it easier to manage the life cycle of machine learning models and build the necessary data pipelines to feed them.

Post to Twitter Tweet This Post

After 5 years, Microsoft CEO Satya Nadella has transformed more than the stock price

Five years ago today, Satya Nadella took over as CEO at Microsoft, and by most any measure has been wildly successful. It’s common to look at the stock price as the defining metric of Nadella’s tenure, but the stock price triumph has followed something more fundamental and harder to measure: how he changed the culture of the entire organization.

Nadella’s term at Microsoft has paralleled my own here at TechCrunch. I started in April of 2014, and in one of my first posts, I wrote about the difficulty of substantive change inside an organization the size of Microsoft. In those early moments of both our tenures, I recognized a subtle shift was taking place, one toward service, something Microsoft hadn’t been known for under his predecessors Steve Ballmer and Bill Gates.

Microsoft’s five-year stock price journey under Satya Nadella. Stock chart: Yahoo Finance

But Nadella’s inauguration came at a time when technology itself was shifting, moving from a monolithic model — where IT shopped mostly at one vendor, and they were a Microsoft shop or an Oracle shop or an IBM shop, buying a full stack of products — to one where they subscribe to cloud services and choose the best of breed.

This was also happening against the backdrop of the Consumerization of IT, where power was shifting from large administrative departments to users and teams. Nadella seemed to understand all of this.

Turning The Ship: Microsoft Might Have Begun A Subtle Shift From Windows To Services

The shift in strategy, as I wrote, probably began long before Nadella was handed the keys to the CEO office, but perhaps it took a different kind of leader, like Nadella, to turn the battleship that was Microsoft Corporation. Every company has its own politics and biases, and I’m sure Microsoft did as well, but Nadella seemed to manage those, reorganizing the company over time, and shifting priorities. It didn’t come without the pain of layoffs, including one in 2017 when thousands of people were let go. Long-time executives like COO Kevin Turner and head of Windows and devices, Terry Myerson, also left the company.

Microsoft experiences the triumph and tragedy of transformation

But Microsoft went from a company trying to compel customers to buy an all-Microsoft, all-the-time kind of approach to one that recognized it was important to work across platforms and to partner widely. To show how serious he was, a year after he started, Nadella set aside his differences with Marc Benioff and Salesforce, and appeared at Dreamforce, Salesforce’s massive customer conference. That was hugely symbolic, given the two companies had engaged in dueling lawsuits over the years, but this was a new day at Microsoft, and Nadella was out to prove it.

In a quote I’ve come back to a number of times over the years, Nadella laid out his new vision of cooperation. While he was going to compete fiercely, of course, he also was going to cooperate where it made sense, because customers demanded it — and under Nadella, it’s all about the customer.

“It is incumbent upon us, especially those of us who are platform vendors to partner broadly to solve real pain points our customers have,” Nadella said at the time. He wasn’t ceding markets, or failing to compete when it mattered, but he also recognized to make customers happy, he had to partner when it made sense.

Cooperation Is The New Normal At Microsoft

Back in the days before Satya, partners and developers talked about a much more hostile environment, where it was difficult to get things done, to get the resources they needed, and the attitude was not one of cooperation, but almost hostility. That changed under Nadella, and he should get credit for that.

That all matters, of course, because in the age of the cloud, Nadella’s Dreamforce quote is spot on. Customers expect vendors to cooperate. They expect open APIs. They expect the platform to be friendly to developers — and under Nadella’s leadership, all of this has happened.

The company has also paid closer attention to issues like accessibility, with features such as real-time captions and the new Xbox adaptive controller. Microsoft has instituted programs under Nadella to use AI to improve accessibility, and he has also spoken frequently about responsible AI development.

Nadella has also led an aggressive acquisition strategy using his company’s cash to buy companies big and small. The splashiest acquisitions were LinkedIn for a whopping $26.2 billion in 2016 and GitHub for $7.5 billion last year, but there have been a host of much smaller purchases, most for much less than a billion dollars, that have filled in holes around security, developer productivity, gaming and a wide variety of cloud services.

It is exceedingly difficult to successfully navigate these kinds of broad cultural changes inside a large organization, and while it is probably still a work in progress, Nadella has been mostly effective to this point. The stock price has followed that broader change, but it is not the story here. The story is one of leadership and change management inside a large organization.

Microsoft has acquired GitHub for $7.5B in stock

Post to Twitter Tweet This Post

Timescale announces $15M investment and new enterprise version of TimescaleDB

It’s a big day for Timescale, makers of the open-source time-series database, TimescaleDB. The company announced a $15 million investment and a new enterprise version of the product.

The investment is an extension of the $12.4 million Series A it raised last January with a higher valuation, which it’s referring to as A1. Today’s round is led by Icon Ventures, with existing investors Benchmark, NEA and Two Sigma Ventures also participating. With today’s funding, the startup has raised $31 million.

Timescale makes a time-series database. That means it can ingest large amounts of data and measure how it changes over time. This comes in handy for a variety of use cases, from financial services to smart homes to self-driving cars — or any data-intensive activity you want to measure over time.

While there are a number of time-scale database offerings on the market, Timescale co-founder and CEO Ajay Kulkarni says that what makes his company’s approach unique is that it uses SQL, one of the most popular languages in the world. Timescale wanted to take advantage of that penetration and build its product on top of Postgres, the popular open-source SQL database. This gave it an offering that is based on SQL and is highly scalable.

Timescale admittedly came late to the market in 2017, but by offering a unique approach and making it open source, it has been able to gain traction quickly. “Despite entering into what is a very crowded database market, we’ve seen quite a bit of community growth because of this message of SQL and scale for time series,” Kulkarni told TechCrunch.

In just over 22 months, the company has more than a million downloads and a range of users from older guard companies like Charter, Comcast and Hexagon Mining to more modern companies like Nutanix and and TransferWise.

With a strong base community in place, the company believes that it’s now time to commercialize its offering, and in addition to an open-source license, it’s introducing a commercial license. “Up until today, our main business model has been through support and deployment assistance. With this new release, we also will have enterprise features that are available with a commercial license,” Kulkarni explained.

The commercial version will offer a more sophisticated automation layer for larger companies with greater scale requirements. It will also provide better lifecycle management, so companies can get rid of older data or move it to cheaper long-term storage to reduce costs. It’s also offering the ability to reorder data in an automated fashion when that’s required, and, finally, it’s making it easier to turn the time series data into a series of data points for analytics purposes. The company also hinted that a managed cloud version is on the road map for later this year.

The new money should help Timescale continue fueling the growth and development of the product, especially as it builds out the commercial offering. Timescale, which was founded in 2015 in NYC, currently has 30 employees. With the new influx of cash, it expects to double that over the next year.

Timescale is leading the next wave of NYC database tech

Post to Twitter Tweet This Post

SAP job cuts prove harsh realities of enterprise transformation

As traditional enterprise companies like IBM, Oracle and SAP try to transform into more modern cloud companies, they are finding that making that transition, while absolutely necessary, could require difficult adjustments along the way. Just this morning, SAP announced that it was restructuring in order to save between €750 million and €800 million (between approximately $856 million and $914 million).

While the company tried to put as positive a spin on the announcement as possible, it could involve up to 4,000 job cuts as SAP shifts into more modern technologies. “We are going to move our people and our focus to the areas where the new economy needs SAP the most: artificial intelligence, deep machine learning, IoT, blockchain and quantum computing,” CEO Bill McDermott told a post-earnings press conference.

If that sounds familiar, it should. It is precisely the areas on which IBM has been trying to concentrate its transformation over the last several years. IBM has struggled to make this change and has also framed workforce reduction as moving to modern skill sets. It’s worth pointing out that SAP’s financial picture has been more positive than IBM’s.

CFO Luka Mucic tried to stress this was not about cost-cutting, so much as ensuring the long-term health of the company, but did admit it did involve job cuts. These could include early retirement and other incentives to leave the company voluntarily. “We still expect that there will be a number probably slightly higher than what we saw in the 2015 program, where we had around 3,000 employees leave the company, where at the end of this process will leave SAP,” he said.

The company believes that in spite of these cuts, it will actually have more employees by this time next year than it has now, but they will be shifted to these new technology areas. “This is a growth company move, not a cost-cutting move; every dollar that we gain from a restructuring initiative will be invested back into headcount and more jobs,” McDermott said. SAP kept stressing that cloud revenue will reach $35 billion in revenue by 2023.

Holger Mueller, an analyst who watches enterprise companies like SAP for Constellation Research, says the company is doing what it has to do in terms of transformation. “SAP is in the midst of upgrading its product portfolio to the 21st century demands of its customer base,” Mueller told TechCrunch. He added that this is not easy to pull off, and it requires new skill sets to build, operate and sell the new technologies.

McDermott stressed that the company would be offering a generous severance package to any employee leaving the company as a result of today’s announcement.

Today’s announcement comes after the company made two multi-billion-dollar acquisitions to help in this transition in 2018, paying $8 billion for Qualtrics and $2.4 billion for CallidusCloud.

SAP agrees to buy Qualtrics for $8B in cash, just before the survey software company’s IPO

Post to Twitter Tweet This Post

Figma’s design and prototyping tool gets new enterprise collaboration features

Figma, the design and prototyping tool that aims to offer a web-based alternative to similar tools from the likes of Adobe, is launching a few new features today that will make the service easier to use to collaborate across teams in large organizations. Figma Organization, as the company calls this new feature set, is the company’s first enterprise-grade service that features the kind of controls and security tools that large companies expect. To develop and test these tools, the company partnered with companies like Rakuten, Square, Volvo and Uber, and introduced features like unified billing and audit reports for the admins and shared fonts, browsable teams and organization-wide design systems for the designers.

For designers, one of the most important new features here is probably organization-wide design systems. Figma already had tools to create design systems, of course, but this enterprise version now makes it easier for teams to share libraries and fonts with each other to ensure that the same styles are applied to products and services across a company.

Businesses can now also create as many teams as they would like and admins will get more controls over how files are shared and with whom they can be shared. That doesn’t seem like an especially interesting feature, but because many larger organizations work with customers outside of the company, it’s something that will make Figma more interesting to these large companies.

After working with Figma on these new tools, Uber, for example, moved all of its company over to the service and 90 percent of its product design work now happens on the platform. “We needed a way to get people in the right place at the right time — in the right team with the right assets,” said Jeff Jura, staff product designer who focuses on Uber’s design systems. “Figma does that.”

Other new enterprise features that matter in this context are single sign-on support, activity logs for tracking activities across users, teams, projects and files, and draft ownership to ensure that all the files that have been created in an organization can be recovered after an employee leaves the company.

Figma still offers free and professional tiers (at $12/editor/month). Unsurprisingly, the new Organization tier is a bit more expensive and will cost $45/editor/month.

Post to Twitter Tweet This Post

Google’s Cloud Firestore NoSQL database hits general availability

Google today announced that Cloud Firestore, its serverless NoSQL document database for mobile, web and IoT apps, is now generally available. In addition, Google is also introducing a few new features and bringing the service to 10 new regions.

With this launch, Google is giving developers the option to run their databases in a single region. During the beta, developers had to use multi-region instances, and, while that obviously has some advantages with regard to resilience, it’s also more expensive and not every app needs to run in multiple regions.

“Some people don’t need the added reliability and durability of a multi-region application,” Google product manager Dan McGrath told me. “So for them, having a more cost-effective regional instance is very attractive, as well as data locality and being able to place a Cloud Firestore database as close as possible to their user base.”

The new regional instance pricing is up to 50 percent cheaper than the current multi-cloud instance prices. Which solution you pick does influence the SLA guarantee Google gives you, though. While the regional instances are still replicated within multiple zones inside the region, all of the data is still within a limited geographic area. Hence, Google promises 99.999 percent availability for multi-region instances and 99.99 percent availability for regional instances.

And talking about regions, Cloud Firestore is now available in 10 new regions around the world. Firestore launched with a single location when it launched and added two more during the beta. With this, Firestore is now available in 13 locations (including the North America and Europe multi-region offerings). McGrath tells me Google is still in the planning stage for deciding the next phase of locations, but he stressed that the current set provides pretty good coverage across the globe.

Also new in this release is deeper integration with Stackdriver, the Google Cloud monitoring service, which can now monitor read, write and delete operations in near-real time. McGrath also noted that Google plans to add the ability to query documents across collections and increment database values without needing a transaction.

It’s worth noting that while Cloud Firestore falls under the Google Firebase brand, which typically focuses on mobile developers, Firestore offers all of the usual client-side libraries for Compute Engine or Kubernetes Engine applications, too.

“If you’re looking for a more traditional NoSQL document database, then Cloud Firestore gives you a great solution that has all the benefits of not needing to manage the database at all,” McGrath said. “And then, through the Firebase SDK, you can use it as a more comprehensive back-end as a service that takes care of things like authentication for you.”

One of the advantages of Firestore is that it has extensive offline support, which makes it ideal for mobile developers but also IoT solutions. Maybe it’s no surprise, then, that Google is positioning it as a tool for both Google Cloud and Firebase users.

Post to Twitter Tweet This Post

Blue Prism to issue $130M in stock to raise new funds

Just this morning, robotic process automation (RPA) firm Blue Prism announced enhancements to its platform. A little later, the company, which went public on the London Stock Exchange in 2016, announced it was raising £100 million (approximately $130 million) by issuing new stock. The announcement comes after reporting significant losses in its most recent fiscal year, which ended in October.

The company indicated it plans to sell the new shares on the public market, and that they will be made available to new and existing shareholders, including company managers and directors.

CEO Alastair Bathgate attempted to put the announcement in the best possible light. “The outcome of this placing, which builds on another year of significant progress for the company, highlights the meteoric growth opportunity with RPA and intelligent automation,” he said in a statement.

While the company’s revenue more than doubled last fiscal year, from £24.5 million (approximately $32 million) in 2017 to £55.2 million (approximately $72 million) in 2018, losses also increased dramatically, from £10.1 million (approximately $13 million) in 2017 to £26.0 million (approximately $34 million), according to reports.

The move, which requires shareholder approval, will be used to push the company’s plans, outlined in a TechCrunch article earlier this morning, to begin enhancing the platform with help from partners, a move the company hopes will propel it into the future.

Today’s announcement included a new AI engine, an updated marketplace where companies can share Blue Prism extensions and a new lab, where the company plans to work on AI innovation in-house.

Bathgate isn’t wrong about the market opportunity. Investors have been pouring big bucks into this market for the last couple of years. As we noted, in this morning’s article, “UIPath, a NYC RPA company has raised almost $450 million. Its most recent round in September was for $225 million on a $3 billion valuation. Automation Anywhere, a San Jose RPA startup, has raised $550 million including an enormous $300 million investment from SoftBank in November on a valuation of $2.6 billion.”

Blue Prism looks to partners to expand robotic process automation with AI

Post to Twitter Tweet This Post

Vodafone pauses Huawei network supply purchases in Europe

Huawei had a very good 2018, and it’s likely to have a very good 2019, as well. But there’s one little thing that keeps putting a damper on the hardware maker’s global expansion plans. The U.S. and Canada have already taken action over the company’s perceived link to the Chinese government, and now Vodafone is following suit over concerns that other countries may join. 

The U.K.-based telecom giant announced this week that it’s enacting a temporary halt on purchases from the Chinese hardware maker. The move arrives out of concern that additional countries may ban Huawei products, putting the world’s second largest carrier in a tricky spot as it works to roll out 5G networks across the globe.

For now, the move is focused on European markets. As The Wall Street Journal notes, there remains some possibility that Vodafone could go forward with Huawei networking gear in other markets, including India, Turkey and parts of Africa. In Europe, however, these delays could ultimately work to raise the price and/or delay its planned 5G push.

“We have decided to pause further Huawei in our core whilst we engage with the various agencies and governments and Huawei just to finalize the situation, of which I feel Huawei is really open and working hard,” Vodafone CEO Nick Read said in a statement.

Huawei has continued to deny all allegations related to Chinese government spying.

Post to Twitter Tweet This Post

Has the fight over privacy changed at all in 2019?

Few issues divide the tech community quite like privacy. Much of Silicon Valley’s wealth has been built on data-driven advertising platforms, and yet, there remain constant concerns about the invasiveness of those platforms.

Such concerns have intensified in just the last few weeks as France’s privacy regulator placed a record fine on Google under Europe’s General Data Protection Regulation (GDPR) rules which the company now plans to appeal. Yet with global platform usage and service sales continuing to tick up, we asked a panel of eight privacy experts: “Has anything fundamentally changed around privacy in tech in 2019? What is the state of privacy and has the outlook changed?” 

This week’s participants include:

  • Albert Gidari – Consulting Director of Privacy at Stanford’s Center for Internet and Society; Professor at Stanford Law School
  • Gabriel Weinberg – CEO and Founder of DuckDuckGo
  • Melika Carroll -Senior VP of Global Government Affairs at The Internet Association
  • Johnny Ryan – Chief Policy and Industry Relations Officer at Brave
  • John Miller –  VP of Global Policy and Law at the Information Technology Industry Council
  • Nuala O’Connor – President and CEO of the Center for Democracy & Technology
  • Chris Baker – Senior VP and General Manager of EMEA at Box
  • Christopher Wolf – Founder and Chair of the Future Privacy Forum; Senior counsel at Hogan Lovells focusing on internet law, privacy and data protection policy

TechCrunch is experimenting with new content forms. Consider this a recurring venue for debate, where leading experts – with a diverse range of vantage points and opinions – provide us with thoughts on some of the biggest issues currently in tech, startups and venture. If you have any feedback, please reach out: Arman.Tabatabai@techcrunch.com.


Thoughts & Responses:


Albert Gidari

Albert Gidari is the Consulting Director of Privacy at the Stanford Center for Internet and Society. He was a partner for over 20 years at Perkins Coie LLP, achieving a top-ranking in privacy law by Chambers, before retiring to consult with CIS on its privacy program. He negotiated the first-ever “privacy by design” consent decree with the Federal Trade Commission. A recognized expert on electronic surveillance law, he brought the first public lawsuit before the Foreign Intelligence Surveillance Court, seeking the right of providers to disclose the volume of national security demands received and the number of affected user accounts, ultimately resulting in greater public disclosure of such requests.

There is no doubt that the privacy environment changed in 2018 with the passage of California’s Consumer Privacy Act (CCPA), implementation of the European Union’s General Data Protection Regulation (GDPR), and new privacy laws enacted around the globe.

“While privacy regulation seeks to make tech companies betters stewards of the data they collect and their practices more transparent, in the end, it is a deception to think that users will have more “privacy.””

For one thing, large tech companies have grown huge privacy compliance organizations to meet their new regulatory obligations. For another, the major platforms now are lobbying for passage of a federal privacy law in the U.S. This is not surprising after a year of privacy miscues, breaches and negative privacy news. But does all of this mean a fundamental change is in store for privacy? I think not.

The fundamental model sustaining the Internet is based upon the exchange of user data for free service. As long as advertising dollars drive the growth of the Internet, regulation simply will tinker around the edges, setting sideboards to dictate the terms of the exchange. The tech companies may be more accountable for how they handle data and to whom they disclose it, but the fact is that data will continue to be collected from all manner of people, places and things.

Indeed, if the past year has shown anything it is that two rules are fundamental: (1) everything that can be connected to the Internet will be connected; and (2) everything that can be collected, will be collected, analyzed, used and monetized. It is inexorable.

While privacy regulation seeks to make tech companies betters stewards of the data they collect and their practices more transparent, in the end, it is a deception to think that users will have more “privacy.” No one even knows what “more privacy” means. If it means that users will have more control over the data they share, that is laudable but not achievable in a world where people have no idea how many times or with whom they have shared their information already. Can you name all the places over your lifetime where you provided your SSN and other identifying information? And given that the largest data collector (and likely least secure) is government, what does control really mean?

All this is not to say that privacy regulation is futile. But it is to recognize that nothing proposed today will result in a fundamental shift in privacy policy or provide a panacea of consumer protection. Better privacy hygiene and more accountability on the part of tech companies is a good thing, but it doesn’t solve the privacy paradox that those same users who want more privacy broadly share their information with others who are less trustworthy on social media (ask Jeff Bezos), or that the government hoovers up data at rate that makes tech companies look like pikers (visit a smart city near you).

Many years ago, I used to practice environmental law. I watched companies strive to comply with new laws intended to control pollution by creating compliance infrastructures and teams aimed at preventing, detecting and deterring violations. Today, I see the same thing at the large tech companies – hundreds of employees have been hired to do “privacy” compliance. The language is the same too: cradle to grave privacy documentation of data flows for a product or service; audits and assessments of privacy practices; data mapping; sustainable privacy practices. In short, privacy has become corporatized and industrialized.

True, we have cleaner air and cleaner water as a result of environmental law, but we also have made it lawful and built businesses around acceptable levels of pollution. Companies still lawfully dump arsenic in the water and belch volatile organic compounds in the air. And we still get environmental catastrophes. So don’t expect today’s “Clean Privacy Law” to eliminate data breaches or profiling or abuses.

The privacy world is complicated and few people truly understand the number and variety of companies involved in data collection and processing, and none of them are in Congress. The power to fundamentally change the privacy equation is in the hands of the people who use the technology (or choose not to) and in the hands of those who design it, and maybe that’s where it should be.


Gabriel Weinberg

Gabriel Weinberg is the Founder and CEO of privacy-focused search engine DuckDuckGo.

Coming into 2019, interest in privacy solutions is truly mainstream. There are signs of this everywhere (media, politics, books, etc.) and also in DuckDuckGo’s growth, which has never been faster. With solid majorities now seeking out private alternatives and other ways to be tracked less online, we expect governments to continue to step up their regulatory scrutiny and for privacy companies like DuckDuckGo to continue to help more people take back their privacy.

“Consumers don’t necessarily feel they have anything to hide – but they just don’t want corporations to profit off their personal information, or be manipulated, or unfairly treated through misuse of that information.”

We’re also seeing companies take action beyond mere regulatory compliance, reflecting this new majority will of the people and its tangible effect on the market. Just this month we’ve seen Apple’s Tim Cook call for stronger privacy regulation and the New York Times report strong ad revenue in Europe after stopping the use of ad exchanges and behavioral targeting.

At its core, this groundswell is driven by the negative effects that stem from the surveillance business model. The percentage of people who have noticed ads following them around the Internet, or who have had their data exposed in a breach, or who have had a family member or friend experience some kind of credit card fraud or identity theft issue, reached a boiling point in 2018. On top of that, people learned of the extent to which the big platforms like Google and Facebook that collect the most data are used to propagate misinformation, discrimination, and polarization. Consumers don’t necessarily feel they have anything to hide – but they just don’t want corporations to profit off their personal information, or be manipulated, or unfairly treated through misuse of that information. Fortunately, there are alternatives to the surveillance business model and more companies are setting a new standard of trust online by showcasing alternative models.


Melika Carroll

Melika Carroll is Senior Vice President, Global Government Affairs at Internet Association, which represents over 45 of the world’s leading internet companies, including Google, Facebook, Amazon, Twitter, Uber, Airbnb and others.

We support a modern, national privacy law that provides people meaningful control over the data they provide to companies so they can make the most informed choices about how that data is used, seen, and shared.

“Any national privacy framework should provide the same protections for people’s data across industries, regardless of whether it is gathered offline or online.”

Internet companies believe all Americans should have the ability to access, correct, delete, and download the data they provide to companies.

Americans will benefit most from a federal approach to privacy – as opposed to a patchwork of state laws – that protects their privacy regardless of where they live. If someone in New York is video chatting with their grandmother in Florida, they should both benefit from the same privacy protections.

It’s also important to consider that all companies – both online and offline – use and collect data. Any national privacy framework should provide the same protections for people’s data across industries, regardless of whether it is gathered offline or online.

Two other important pieces of any federal privacy law include user expectations and the context in which data is shared with third parties. Expectations may vary based on a person’s relationship with a company, the service they expect to receive, and the sensitivity of the data they’re sharing. For example, you expect a car rental company to be able to track the location of the rented vehicle that doesn’t get returned. You don’t expect the car rental company to track your real-time location and sell that data to the highest bidder. Additionally, the same piece of data can have different sensitivities depending on the context in which it’s used or shared. For example, your name on a business card may not be as sensitive as your name on the sign in sheet at an addiction support group meeting.

This is a unique time in Washington as there is bipartisan support in both chambers of Congress as well as in the administration for a federal privacy law. Our industry is committed to working with policymakers and other stakeholders to find an American approach to privacy that protects individuals’ privacy and allows companies to innovate and develop products people love.


Johnny Ryan

Dr. Johnny Ryan FRHistS is Chief Policy & Industry Relations Officer at Brave. His previous roles include Head of Ecosystem at PageFair, and Chief Innovation Officer of The Irish Times. He has a PhD from the University of Cambridge, and is a Fellow of the Royal Historical Society.

Tech companies will probably have to adapt to two privacy trends.

“As lawmakers and regulators in Europe and in the United States start to think of “purpose specification” as a tool for anti-trust enforcement, tech giants should beware.”

First, the GDPR is emerging as a de facto international standard.

In the coming years, the application of GDPR-like laws for commercial use of consumers’ personal data in the EU, Britain (post-EU), Japan, India, Brazil, South Korea, Malaysia, Argentina, and China will bring more than half of global GDP under a similar standard.

Whether this emerging standard helps or harms United States firms will be determined by whether the United States enacts and actively enforces robust federal privacy laws. Unless there is a federal GDPR-like law in the United States, there may be a degree of friction and the potential of isolation for United States companies.

However, there is an opportunity in this trend. The United States can assume the global lead by doing two things. First, enact a federal law that borrows from the GDPR, including a comprehensive definition of “personal data”, and robust “purpose specification”. Second, invest in world-leading regulation that pursues test cases, and defines practical standards. Cutting edge enforcement of common principles-based standards is de facto leadership.

Second, privacy and antitrust law are moving closer to each other, and might squeeze big tech companies very tightly indeed.

Big tech companies “cross-use” user data from one part of their business to prop up others. The result is that a company can leverage all the personal information accumulated from its users in one line of business, and for one purpose, to dominate other lines of business too.

This is likely to have anti-competitive effects. Rather than competing on the merits, the company can enjoy the unfair advantage of massive network effects even though it may be starting from scratch in a new line of business. This stifles competition and hurts innovation and consumer choice.

Antitrust authorities in other jurisdictions have addressed this. In 2015, the Belgian National Lottery was fined for re-using personal information acquired through its monopoly for a different, and incompatible, line of business.

As lawmakers and regulators in Europe and in the United States start to think of “purpose specification” as a tool for anti-trust enforcement, tech giants should beware.


John Miller

John Miller is the VP for Global Policy and Law at the Information Technology Industry Council (ITI), a D.C. based advocate group for the high tech sector.  Miller leads ITI’s work on cybersecurity, privacy, surveillance, and other technology and digital policy issues.

Data has long been the lifeblood of innovation. And protecting that data remains a priority for individuals, companies and governments alike. However, as times change and innovation progresses at a rapid rate, it’s clear the laws protecting consumers’ data and privacy must evolve as well.

“Data has long been the lifeblood of innovation. And protecting that data remains a priority for individuals, companies and governments alike.”

As the global regulatory landscape shifts, there is now widespread agreement among business, government, and consumers that we must modernize our privacy laws, and create an approach to protecting consumer privacy that works in today’s data-driven reality, while still delivering the innovations consumers and businesses demand.

More and more, lawmakers and stakeholders acknowledge that an effective privacy regime provides meaningful privacy protections for consumers regardless of where they live. Approaches, like the framework ITI released last fall, must offer an interoperable solution that can serve as a model for governments worldwide, providing an alternative to a patchwork of laws that could create confusion and uncertainty over what protections individuals have.

Companies are also increasingly aware of the critical role they play in protecting privacy. Looking ahead, the tech industry will continue to develop mechanisms to hold us accountable, including recommendations that any privacy law mandate companies identify, monitor, and document uses of known personal data, while ensuring the existence of meaningful enforcement mechanisms.


Nuala O’Connor

Nuala O’Connor is president and CEO of the Center for Democracy & Technology, a global nonprofit committed to the advancement of digital human rights and civil liberties, including privacy, freedom of expression, and human agency. O’Connor has served in a number of presidentially appointed positions, including as the first statutorily mandated chief privacy officer in U.S. federal government when she served at the U.S. Department of Homeland Security. O’Connor has held senior corporate leadership positions on privacy, data, and customer trust at Amazon, General Electric, and DoubleClick. She has practiced at several global law firms including Sidley Austin and Venable. She is an advocate for the use of data and internet-enabled technologies to improve equity and amplify marginalized voices.

For too long, Americans’ digital privacy has varied widely, depending on the technologies and services we use, the companies that provide those services, and our capacity to navigate confusing notices and settings.

“Americans deserve comprehensive protections for personal information – protections that can’t be signed, or check-boxed, away.”

We are burdened with trying to make informed choices that align with our personal privacy preferences on hundreds of devices and thousands of apps, and reading and parsing as many different policies and settings. No individual has the time nor capacity to manage their privacy in this way, nor is it a good use of time in our increasingly busy lives. These notices and choices and checkboxes have become privacy theater, but not privacy reality.

In 2019, the legal landscape for data privacy is changing, and so is the public perception of how companies handle data. As more information comes to light about the effects of companies’ data practices and myriad stewardship missteps, Americans are surprised and shocked about what they’re learning. They’re increasingly paying attention, and questioning why they are still overburdened and unprotected. And with intensifying scrutiny by the media, as well as state and local lawmakers, companies are recognizing the need for a clear and nationally consistent set of rules.

Personal privacy is the cornerstone of the digital future people want. Americans deserve comprehensive protections for personal information – protections that can’t be signed, or check-boxed, away. The Center for Democracy & Technology wants to help craft those legal principles to solidify Americans’ digital privacy rights for the first time.


Chris Baker

Chris Baker is Senior Vice President and General Manager of EMEA at Box.

Last year saw data privacy hit the headlines as businesses and consumers alike were forced to navigate the implementation of GDPR. But it’s far from over.

“…customers will have trust in a business when they are given more control over how their data is used and processed”

2019 will be the year that the rest of the world catches up to the legislative example set by Europe, as similar data regulations come to the forefront. Organizations must ensure they are compliant with regional data privacy regulations, and more GDPR-like policies will start to have an impact. This can present a headache when it comes to data management, especially if you’re operating internationally. However, customers will have trust in a business when they are given more control over how their data is used and processed, and customers can rest assured knowing that no matter where they are in the world, businesses must meet the highest bar possible when it comes to data security.

Starting with the U.S., 2019 will see larger corporations opt-in to GDPR to support global business practices. At the same time, local data regulators will lift large sections of the EU legislative framework and implement these rules in their own countries. 2018 was the year of GDPR in Europe, and 2019 be the year of GDPR globally.


Christopher Wolf

Christopher Wolf is the Founder and Chair of the Future of Privacy Forum think tank, and is senior counsel at Hogan Lovells focusing on internet law, privacy and data protection policy.

With the EU GDPR in effect since last May (setting a standard other nations are emulating),

“Regardless of the outcome of the debate over a new federal privacy law, the issue of the privacy and protection of personal data is unlikely to recede.”

with the adoption of a highly-regulatory and broadly-applicable state privacy law in California last Summer (and similar laws adopted or proposed in other states), and with intense focus on the data collection and sharing practices of large tech companies, the time may have come where Congress will adopt a comprehensive federal privacy law. Complicating the adoption of a federal law will be the issue of preemption of state laws and what to do with the highly-developed sectoral laws like HIPPA and Gramm-Leach-Bliley. Also to be determined is the expansion of FTC regulatory powers. Regardless of the outcome of the debate over a new federal privacy law, the issue of the privacy and protection of personal data is unlikely to recede.

Post to Twitter Tweet This Post