Facebook staff raised concerns about Cambridge Analytica in September 2015, per court filing

Further details have emerged about when and how much Facebook knew about data-scraping by the disgraced and now defunct Cambridge Analytica political data firm.

Last year a major privacy scandal hit Facebook after it emerged CA had paid GSR, a developer with access to Facebook’s platform, to extract personal data on as many as 87M Facebook users without proper consents.

Cambridge Analytica’s intention was to use the data to build psychographic profiles of American voters to target political messages — with the company initially working for the Ted Cruz and later the Donald Trump presidential candidate campaigns.

But employees at Facebook appear to have raised internal concerns about CA scraping user data in September 2015 — i.e. months earlier than Facebook previously told lawmakers it became aware of the GSR/CA breach (December 2015).

The latest twist in the privacy scandal has emerged via a redacted court filing in the U.S. — where the District of Columbia is suing Facebook in a consumer protection enforcement case.

Facebook is seeking to have documents pertaining to the case sealed, while the District argues there is nothing commercially sensitive to require that.

In its opposition to Facebook’s motion to seal the document, the District includes a redacted summary (screengrabbed below) of the “jurisdictional facts” it says are contained in the papers Facebook is seeking to keep secret.

According to the District’s account a Washington D.C.-based Facebook employee warned others in the company about Cambridge Analytica’s data-scraping practices as early as September 2015.

Under questioning in Congress last April, Mark Zuckerberg was asked directly by congressman Mike Doyle when Facebook had first learned about Cambridge Analytica using Facebook data — and whether specifically it had learned about it as a result of the December 2015 Guardian article (which broke the story).

Zuckerberg responded with a “yes” to Doyle’s question.

Facebook repeated the same line to the UK’s Digital, Media and Sport (DCMA) committee last year, over a series of hearings with less senior staffers

Damian Collins, the chair of the DCMS committee — which made repeat requests for Zuckerberg himself to testify in front of its enquiry into online disinformation, only to be repeatedly rebuffed — tweeted yesterday that the new detail could suggest Facebook “consistently mislead” the British parliament.

The DCMS committee has previously accused Facebook of deliberately misleading its enquiry on other aspects of the CA saga, with Collins taking the company to task for displaying a pattern of evasive behavior.

The earlier charge that it mislead the committee refers to a hearing in Washington in February 2018 — when Facebook sent its UK head of policy, Simon Milner, and its head of global policy management, Monika Bickert, to field DCMS’ questions — where the pair failed to inform the committee about a legal agreement Facebook had made with Cambridge Analytica in December 2015.

The committee’s final report was also damning of Facebook, calling for regulators to instigate antitrust and privacy probes of the tech giant.

Meanwhile, questions have continued to be raised about Facebook’s decision to hire GSR co-founder Joseph Chancellor, who reportedly joined the company around November 2015.

The question now is if Facebook knew there were concerns about CA data-scraping prior to hiring the co-founder of the company that sold scraped Facebook user data to CA, why did it go ahead and hire Chancellor?

The GSR co-founder has never been made available by Facebook to answer questions from politicians (or press) on either side of the pond.

Last fall he was reported to have quietly left Facebook, with no comment from Facebook on the reasons behind his departure — just as it had never explained why it hired him in the first place.

But the new timeline that’s emerged of what Facebook knew when makes those questions more pressing than ever.

Reached for a response to the details contained in the District of Columbia’s court filing, a Facebook spokeswomen sent us this statement:

Facebook was not aware of the transfer of data from Kogan/GSR to Cambridge Analytica until December 2015, as we have testified under oath

In September 2015 employees heard speculation that Cambridge Analytica was scraping data, something that is unfortunately common for any internet service. In December 2015, we first learned through media reports that Kogan sold data to Cambridge Analytica, and we took action. Those were two different things.

Facebook did not engage with questions about any of the details and allegations in the court filing.

A little later in the court filing, the District of Columbia writes that the documents Facebook is seeking to seal are “consistent” with its allegations that “Facebook has employees embedded within multiple presidential candidate campaigns who… knew, or should have known… [that] Cambridge Analytica [was] using the Facebook consumer data harvested by [[GSR’s]] [Aleksandr] Kogan throughout the 2016 [United States presidential] election.”

It goes on to suggest that Facebook’s concern to seal the document is “reputational”, suggesting — in another redacted segment (below) — that it might “reflect poorly” on Facebook that a DC-based employee had flagged Cambridge Analytica months prior to news reports of its improper access to user data.

“The company may also seek to avoid publishing its employees’ candid assessments of how multiple third-parties violated Facebook’s policies,” it adds, chiming with arguments made last year by GSR’s Kogan who suggested the company failed to enforce the terms of its developer policy, telling the DCMS committee it therefore didn’t have a “valid” policy.

As we’ve reported previously, the UK’s data protection watchdog — which has an ongoing investigation into CA’s use of Facebook data — was passed information by Facebook as part of that probe which showed that three “senior managers” had been involved in email exchanges, prior to December 2015, concerning the CA breach.

It’s not clear whether these exchanges are the same correspondence the District of Columbia has obtained and which Facebook is seeking to seal. Or whether there were multiple email threads raising concerns about the company.

The ICO passed the correspondence it obtained from Facebook to the DCMS committee — which last month said it had agreed at the request of the watchdog to keep the names of the managers confidential. (The ICO also declined to disclose the names or the correspondence when we made a Freedom of Information request last month — citing rules against disclosing personal data and its ongoing investigation into CA meaning the risk of release might be prejudicial to its investigation.)

In its final report the committee said this internal correspondence indicated “profound failure of governance within Facebook” — writing:

[I]t would seem that this important information was not shared with the most senior executives at Facebook, leading us to ask why this was the case. The scale and importance of the GSR/Cambridge Analytica breach was such that its occurrence should have been referred to Mark Zuckerberg as its CEO immediately. The fact that it was not is evidence that Facebook did not treat the breach with the seriousness it merited. It was a profound failure of governance within Facebook that its CEO did not know what was going on, the company now maintains, until the issue became public to us all in 2018. The incident displays the fundamental weakness of Facebook in managing its responsibilities to the people whose data is used for its own commercial interests.

We reached out to the ICO for comment on the information to emerge via the Columbia suit, and also to the Irish Data Protection Commission, the lead DPA for Facebook’s international business, which currently has 15 open investigations into Facebook or Facebook-owned businesses related to various security, privacy and data protection issues.

An ICO spokesperson told us: “We are aware of these reports and will be considering the points made as part of our ongoing investigation.”

Last year the ICO issued Facebook with the maximum possible fine under UK law for the CA data breach.

Shortly after Facebook announced it would appeal, saying the watchdog had not found evidence that any UK users’ data was misused by CA.

A date for the hearing of the appeal set for earlier this week was canceled without explanation. A spokeswoman for the tribunal court told us a new date would appear on its website in due course.

This report was updated with comment from the ICO

Let’s block ads! (Why?)

Link to original source

Keatz, a European ‘cloud kitchen’ startup, raises further €12M

Keatz, one of a growing number of so-called “cloud kitchens” — delivery only restaurant brands running on the rails of Deliveroo and UberEats — has raised €12 million in new funding.

Backing the round are existing investors Project A Ventures, Atlantic Labs, UStart, K Fund and JME Ventures, who are joined by RTP Global. It adds to €7 million raised last May and will be used by the Berlin-based company to further expand its roll-out of cloud kitchens across Europe.

Launched in Spring 2016, Keatz now operates 10 cloud kitchens across Europe, having expanded beyond Berlin to Amsterdam, Madrid, Barcelona and Munich. The startup’s network of satellite kitchens are designed to negate the high front-of-house costs found in conventional restaurants, while also selling takeout food that is better suited to delivery.

“We believe the last unsolved part in food delivery is the preparation of food itself,” Keatz co-founder Paul Gebhardt tells TechCrunch. “Delivery food today is often compromised and sold by companies focusing on hospitality and not delivery food. Classic brick and mortar restaurants simply have a different business model, namely hospitality, which is all about the experience and location and the food is meant to be eaten immediately. Nobody at Nandos or Byron Burger designed the food keeping in mind that the food might travel on a Deliveroo bike for another 15 miles, mostly upside down in a delivery bag”.

Similar to other cloud kitchen startups, such as France’s Taster, Gebhardt says Keatz is changing this by focusing exclusively on food “made for delivery,” including designing dishes that can withstand a minimum 15 journey. The startup has a portfolio of eight delivery-only food brands, which are all prepared in the same shared kitchens.

“Our kitchens are usually between 100-200 square metres big and serve a delivery radius of 1-2 kilometres and we sell exclusively on existing delivery platforms, such as Deliveroo, UberEats, Glovo, JustEat, Delivery Hero, and TakeAway. Food arrives warm in nice sustainable packaging,” he says.

Meanwhile, although Gebhardt thinks the future of takeout food will ultimately be drones delivering robot-cooked meals, he says autonomous kitchens are much more in reach than autonomous food delivery and already forms a large part of Keatz’s vision to build “highly automated kitchens”.

“It is much easier for us to iteratively automate our kitchens compared to drone-delivery, which is a fairly binary technological transition,” he explains. “Our existing cloud kitchens today are already much more automated than traditional kitchens, from WiFi-connected convection ovens to a software supported food assembly process. At the end of the day high quality food preparation is an on-demand manufacturing problem: a customer orders a Burrito on UberEats and expects a warm meal 20 minutes later. This is quite a technological challenge we are trying to solve”.

To that end, Keatz’s cloud kitchens can be thought of as akin to a “factory operator”. Rather than developing autonomous kitchen hardware of its own, Gebhardt says the company is partnering with kitchen equipment and automation companies in a similar way to BMW partnering with companies to build its car manufacturing plants.

“Despite our ambition to automate the kitchen, we are also very keen on being a great employer,” he adds, citing above market pay and comprehensive training opportunities. Today, Keatz employs around 200 people across its 10 kitchens in Europe.

Let’s block ads! (Why?)

Link to original source

Tech regulation in Europe will only get tougher

European governments have been bringing the hammer down on tech in recent months, slapping record fines and stiff regulations on the largest imports out of Silicon Valley. Despite pleas from the world’s leading companies and Europe’s eroding trust in government, European citizens’ staunch support for regulation of new technologies points to an operating environment that is only getting tougher.

According to a roughly 25-page report recently published by a research arm out of Spain’s IE University, European citizens remain skeptical of tech disruption and want to handle their operators with kid gloves, even at a cost to the economy.

The survey was led by the IE’s Center for the Governance of Change — an IE-hosted research institution focused on studying “the political, economic, and societal implications of the current technological revolution and advances solutions to overcome its unwanted effects.” The “European Tech Insights 2019” report surveyed roughly 2,600 adults from various demographics across seven countries (France, Germany, Ireland, Italy, Spain, The Netherlands, and the UK) to gauge ground-level opinions on ongoing tech disruption and how government should deal with it.

The report does its fair share of fear-mongering and some of its major conclusions come across as a bit more “clickbaity” than insightful. However, the survey’s more nuanced data and line of questioning around specific forms of regulation offer detailed insight into how the regulatory backdrop and operating environment for European tech may ultimately evolve.

Distractions

Let’s block ads! (Why?)

Link to original source

Evidence mounts that Russian hackers are trying to disrupt the EU elections


seksan Mongkhonkhamsao via Getty Images

Russian hackers are targeting government systems ahead of the EU parliament election, according to cybersecurity company FireEye. The firm says that two state-sponsored hacking groups — APT28 (aka Fancy Bear) and Sandworm — have been sending out authentic-looking phishing emails to officials in a bid to get hold of government information.

Both groups have previously been linked to Russia. APT28 was allegedly behind the 2016 Democratic National Convention hack, while Sandworm is believed to be the malicious actor involved in last year’s NotPetya ransomware attacks on mainly Ukrainian facilities. FireEye says that latest efforts of both groups appears to be co-ordinated — although each have used different methods — and that their campaign is ongoing. The company did not confirm whether any sensitive data had been leaked.

In a statement, FireEye’s senior manager of cyberespionage analysis, Benjamin Read, said that, “The groups could be trying to gain access to the targeted networks in order to gather information that will allow Russia to make more informed political decisions, or it could be gearing up to leak data that would be damaging for a particular political party or candidate ahead of the European elections.”

Up to 300 million citizens across the EU are set to vote in European parliamentary elections this May, the outcome ultimately determining the future of peace in Europe. Hacking efforts by hostile parties could seriously undermine this. While FireEye says it’s notified the affected institutions and is advising them on future action, this isn’t the first attempt by Russia to sway the voting process — Microsoft made a similar announcement last month. Given the extremely tenuous political situation across the world right now, it’s unlikely to be the last, either.

Let’s block ads! (Why?)

Link to original source

Nigerian fintech startup OneFi acquires payment company Amplify

Lagos based online lending startup OneFi is buying Nigerian payment solutions company Amplify for an undisclosed amount.

OneFi will take over Amplify’s IP, team, and client network of over 1000 merchants to which Amplify provides payment processing services, OneFi CEO Chijioke Dozie told TechCrunch.

The move comes as fintech has become one of Africa’s most active investment sectors and startup acquisitions—which have been rare—are picking up across the continent.

The purchase of Amplify caps off a busy period for OneFi. Over the last seven months the Nigerian venture secured a $5 million lending facility from Lendable, announced a payment partnership with Visa, and became one of first (known) African startups to receive a global credit rating. OneFi is also dropping the name of its signature product, Paylater, and will simply go by OneFi (for now).

Collectively, these moves represent a pivot for OneFi away from operating primarily as a digital lender, toward becoming an online consumer finance platform.

“We’re not a bank but we’re offering more banking services…Customers are now coming to us not just for loans but for cheaper funds transfer, more convenient bill payment, and to know their credit scores,” said Dozie.

OneFi will add payment options for clients on social media apps including WhatsApp this quarter—something in which Amplify already holds a specialization and client base. Through its Visa partnership, OneFi will also offer clients virtual Visa wallets on mobile phones and start providing QR code payment options at supermarkets, on public transit, and across other POS points in Nigeria.

Founded in 2016 by Segun Adeyemi and Maxwell Obi, Amplify secured its first seed investment the same year from Pan-African incubator MEST Africa. The startup went on to scale as a payments gateway company for merchants and has partnered with banks, who offer its white label mTransfers social payment product.

Amplify has differentiated itself from Nigerian competitors Paystack and Flutterwave, by committing to payments on social media platforms, according to OneFi CEO Dozie. “We liked that and thought payments on social was something we wanted to offer to our customers,” he said.

With the acquisition, Amplify co-founder Maxwell Obi and the Amplify team will stay on under OneFi. Co-founder Segun Adeyemi won’t, however, and told TechCrunch he’s taking a break and will “likely start another company.”

OneFi’s purchase of Amplify adds to the tally of exits and acquisitions in African tech, which are less common than in other regional startup scenes. TechCrunch has covered several of recent, including Nigerian data-analytics company Terragon’s buy of Asian mobile ad firm Bizsense and Kenyan connectivity startup BRCK’s recent purchase of ISP Everylayer and its Nairobi subsidiary Surf.

These acquisition events, including OneFi’s purchase, bump up performance metrics around African tech startups. Though amounts aren’t undisclosed, the Amplify buy creates exits for MEST, Amplify’s founders, and its other investors. “I believe all the stakeholders, including MEST, are comfortable with the deal. Exits aren’t that commonplace in Africa, so this one feels like a standout moment for all involved,”

With the Amplify acquisition and pivot to broad-based online banking services in Nigeria, OneFi sets itself up to maneuver competitively across Africa’s massive fintech space—which has become infinitely more complex (and crowded) since the rise of Kenya’s M-Pesa mobile money product.

By a number of estimates, the continent’s 1.2 billion people include the largest share of the world’s unbanked and underbanked population. An improving smartphone and mobile-connectivity profile for Africa (see GSMA) turns that problem into an opportunity for mobile based financial solutions. Hundreds of startups are descending on this space, looking to offer scaleable solutions for the continent’s financial needs. By stats offered by Briter Bridges and a 2018 WeeTracker survey, fintech now receives the bulk of VC capital to African startups,

OneFi is looking to expand in Africa’s fintech markets and is considering Senegal, Côte d’Ivoire, DRC, Ghana and Egypt and Europe for Diaspora markets, Dozie said.

The startup is currently fundraising and looks to close a round by the second half of 2019. OnfeFi’s transparency with performance and financials through its credit rating is supporting that, according to Dozie.

There’s been sparse official or audited financial information to review from African startups—with the exception of e-commerce unicorn Jumia, whose numbers were previewed when lead investor Rocket Internet went public and in Jumia’s recent S-1, IPO filing (covered here).

OneFi gained a BB Stable rating from Global Credit Rating Co. and showed positive operating income before taxes of $5.1 million in 2017, according to GCR’s report. Though the startup is still a private company, OneFi looks to issue a 2018 financial report in the second half of 2019, according to Dozie.

Let’s block ads! (Why?)

Link to original source