Technology

Ita year since the European Commission got a bunch of adtech giants together to spill ink on a voluntary Code of Practice to do something — albeit, nothing very quantifiable — as a first step to stop the spread of disinformation online.

Its latest report card on this voluntary effort sums to the platforms could do better.

The Commission said the same in January. And will doubtless say it again. Unless or until regulators grasp the nettle of online business models that profit by maximizing engagement. As the saying goes, lies fly while the truth comes stumbling after. So attempts to shrink disinformation without fixing the economic incentives to spread BS in the first place are mostly dealing in cosmetic tweaks and optics.

Signatories to the CommissionEU Code of Practice on Disinformation are: Facebook, Google, Twitter, Mozilla, Microsoft and several trade associations representing online platforms, the advertising industry, and advertisers — including the Internet Advertising Bureau (IAB) and World Federation of Advertisers (WFA).

In a press release assessing todayannual reports, compiled by signatories, the Commission expresses disappointment that no other Internet platforms or advertising companies have signed up since Microsoft joined as a late addition to the Code this year.

&We commend the commitment of the online platforms to become more transparent about their policies and to establish closer cooperation with researchers, fact-checkers and Member States. However, progress varies a lot between signatories and the reports provide little insight on the actual impact of the self-regulatory measures taken over the past year as well as mechanisms for independent scrutiny,& write commissioners Věra Jourová, Julian King, and Mariya Gabriel said in a joint statement. [emphasis ours]

&While the 2019 European Parliament elections in May were clearly not free from disinformation, the actions and the monthly reporting ahead of the elections contributed to limiting the space for interference and improving the integrity of services, to disrupting economic incentives for disinformation, and to ensuring greater transparency of political and issue-based advertising. Still, large-scale automated propaganda and disinformation persist and there is more work to be done under all areas of the Code. We cannot accept this as a new normal,& they add.

The risk, of course, is that the Commissionlimp-wristed code risks rapidly cementing a milky jelly of self-regulation in the fuzzy zone of disinformation as the new normal, as we warned when the Code launched last year.

The Commission continues to leave the door open (a crack) to doing something platforms can&t (mostly) ignore — i.e. actual regulation — saying itassessment of the effectiveness of the Code remains ongoing.

But thatjust a dangled stick. At this transitionary point between outgoing and incoming Commissions, it seems content to stay in a ‘must do better& holding pattern. (Or: &Itwhat the Commission says when it has other priorities,& as one source inside the institution put it.)

A comprehensive assessment of how the Code is working is slated as coming in early 2020 — i.e. after the new Commission has taken up its mandate. So, yes, thatthe sound of the can being kicked a few more months on.

Summing up its main findings from signatories& self-marked ‘progress& reports, the outgoing Commission says they have reported improved transparency between themselves vs a year ago on discussing their respective policies against disinformation.

But it flags poor progress on implementing commitments to empower consumers and the research community.

&The provision of data and search tools is still episodic and arbitrary and does not respond to the needs of researchers for independent scrutiny,& it warns.

This is ironically an issue that one of the signatories, Mozilla, has been an active critic of others over — including Facebook, whose political ad API it reviewed damningly this year, finding it not fit for purpose and &designed in ways that hinders the important work of researchers, who inform the public and policymakers about the nature and consequences of misinformation&. So, er, ouch.

The Commission is also critical of what it says are &significant& variations in the scope of actions undertaken by platforms to implement &commitments& under the Code, noting also differences in implementation of platform policy; cooperation with stakeholders; and sensitivity to electoral contexts persist across Member States; as well as differences in EU-specific metrics provided.

But given the Code only ever asked for fairly vague action in some pretty broad areas, without prescribing exactly what platforms were committing themselves to doing, nor setting benchmarks for action to be measured against, inconsistency and variety is really what you&d expect. That and the can being kicked down the road.

The Code did extract one quasi-firm commitment from signatories — on the issue of bot detection and identification — by getting platforms to promise to &establish clear marking systems and rules for bots to ensure their activities cannot be confused with human interactions&.

A year later ithard to see clear sign of progress on that goal. Although platforms might argue that what they claim is increased effort toward catching and killing malicious bot accounts before they have a chance to spread any fakes is where most of their sweat is going on that front.

Twitter annual report, for instance, talks about what itdoing to fight &spam and malicious automation strategically and at scale& on its platform — saying its focus is &increasingly on proactively identifying problematic accounts and behaviour rather than waiting until we receive a report&; after which it says it aims to &challenge… accounts engaging in spammy or manipulative behavior before users are ​exposed to ​misleading, inauthentic, or distracting content&.

So, in other words, if Twitter does this perfectly — and catches every malicious bot before it has a chance to tweet — it might plausibly argue that bot labels are redundant. Though itclearly not in a position to claim itwon the spam/malicious bot war yet. Ergo, its users remain at risk of consuming inauthentic tweets that aren&t clearly labeled as such (or even as ‘potentially suspect& by Twitter). Presumably because these are the accounts that continue slipping under its bot-detection radar.

Therealso nothing in Twitterreport about it labelling even (non-malicious) bot accounts as bots — for the purpose of preventing accidental confusion (after all satire misinterpreted as truth can also result in disinformation). And this despite the company suggesting a year ago that it was toying with adding contextual labels to bot accounts, at least where it could detect them.

In the event itresisted adding any more badges to accounts. While an internal reform of its verification policy for verified account badges was put on pause last year.

Facebookreport also only makes a passing mention of bots, under a section sub-headed &spam& — where it writes circularly: &Content actioned for spam has increased considerably, since we found and took action on more content that goes against our standards.&

It includes some data-points to back up this claim of more spam squashed — citing a May 2019 Community Standards Enforcement report — where it states that in Q4 2018 and Q1 2019 it acted on 1.8 billion pieces of spam in each of the quarters vs 737 million in Q4 2017; 836 million in Q1 2018; 957 million in Q2 2018; and 1.2 billion in Q3 2018.

Though itlagging on publishing more up-to-date spam data now, noting in the report submitted to the EC that: &Updated spam metrics are expected to be available in November 2019 for Q2 and Q3 2019″ — i.e. conveniently late for inclusion in this report.

Facebookreport notes ongoing efforts to put contextual labels on certain types of suspect/partisan content, such as labelling photos and videos which have been independently fact-checked as misleading; labelling state-controlled media; and labelling political ads.

Labelling bots is not discussed in the report — presumably because Facebook prefers to focus attention on self-defined spam-removal metrics vs muddying the water with discussion of how much suspect activity it continues to host on its platform, either through incompetence, lack of resources or because itpolitically expedient for its business to do so.

Labelling all these bots would mean Facebook signposting inconsistencies in how it applies its own policies &in a way that might foreground its own political bias. And thereno self-regulatory mechanism under the sun that will make Facebook fess up to such double-standards.

For now, the Coderequirement for signatories to publish an annual report on what they&re doing to tackle disinformation looks to be the biggest win so far. Albeit, itvery loosely bound self-reporting. While some of these ‘reports& don&t even run to a full page of A4-text — so set your expectations accordingly.

The Commission has published all the reports here. It has also produced its own summary and assessment of them (here).

&Overall, the reporting would benefit from more detailed and qualitative insights in some areas and from further big-picture context, such as trends,& it writes. &In addition, the metrics provided so far are mainly output indicators rather than impact indicators.&

Of the Code generally — as a &self-regulatory standard& — the Commission argues it has &provided an opportunity for greater transparency into the platforms& policies on disinformation as well as a framework for structured dialogue to monitor, improve and effectively implement those policies&, adding: &This represents progress over the situation prevailing before the Codeentry into force, while further serious steps by individual signatories and the community as a whole are still necessary.&

Self-driving vehicle technology company Waymo has expanded its business relationship with automotive retail company AutoNation, the companies announced today. The new extension builds on the existing partnership between Waymo and AutoNation, which began as a way for Waymo to service its Phoenix, Ariz.-based vehicles, and which grew last year into an arrangement wherein Waymo would provide autonomous transportation to AutoNation customerson their way to the dealerships.

Now, the partnership enters a new, third phase: business-to-business goods transportation. Waymo vehicles in the Phoenix, Ariz. area will now be used to move car parts between AutoNationToyota Tempe locations and other repair shops in the area, including those run by independent third parties.

Waymo has been focused primarily on passenger transportation, launching and operating a pilot ride-hailing service using its autonomous cars in the Phoenix testing area where its vehicles are cleared to operate. The Alphabet-owned companyCEO John Krafcik told a group of reporters on Sunday in Detroit that driverless delivery likely has a better chance of catching on early versus passenger transportation, which could explain why this latest pilot sees Waymo look toward repeatable delivery routes for commonly transported goods.

There are two types of enterprise startups: those that create value and those that protect value. Cybersecurity is most definitely part of the latter group, and as a vertical, it has sprawled the past few years as the scale of attacks on companies, organizations, and governments has continuously expanded.

That may be a constant threat for the executives of major companies, but for cybersecurity VCs who pick the right startup targets for investment, ita potential gold mine. Here at Extra Crunch, we compiled a list of top VCs who have invested in cybersecurity and enterprise more broadly and asked them whatinteresting in the space these days. We compiled ten of their responses as part of our investor survey and you should definitely take a look for their interesting takes on the space.

But we wanted to go a bit deeper on the topic to learn more about whathappening right now in cybersecurity. So today, we talk with Arif Janmohamed of Lightspeed Venture Partners, one of the leading investors at one of the top enterprise VC firms in the world. Heinvested in companies ranging from cloud-access security broker Netskope and search analytics platform ThoughtSpot to Qubole (big data analytics), Nutanix (hyper-converged infrastructure), and Arceo.ai (cyber risk management).

Arif Janmohamed. Image via Lightspeed Venture Partners

TechCrunchsecurity guru Zack Whittaker, managing editor Danny Crichton and operations editor Arman Tabatabai sat down with him to discuss what heseeing at the earliest stages in cybersecurity, which trends are being ignored by the industry and what he sees as the future of security in an always-changing present.

Introduction and Background

The following interview has been condensed and edited for clarity.

Danny Crichton: Letstart with a bit of your background.

Arif Janmohamed: Sure. I&m on the early-stage side, so I have the most fun when I&m working with founders at the very earliest stages of company formation, where I can focus on company design, product and go-to-market and then find the right balance of teams to fill that out.

I&m on the board of Netskope, which is a cloud-security company. That one I did the Series B back in 2013. I&m on the board of TripActions, which is a corporate travel company, I did that one and then led the Series A and the Series B. I&m on the board of Moveworks, which is an AI engine for IT that was seeded by me and then I&ve supported them through their subsequent financing. I&m also on the board of a number of other companies.

Am I purely security-focused? The answer is no, I&m very much enterprise-focused. Security in my mind really fits within that rubric of the enterprise stack thatgetting rebuilt for a cloud-first world.

Whatsnake oil and what has real value?

Zack Whittaker: So I&ve got a question that I just want to jump right in with. I&m always curious about this, especially when it comes to the very early stage, how do you go about distinguishing between potential snake oil and the things that seem really viable in the security world?