Connect with us

Uncategorized

German secure email provider Tutanota forced to monitor an account, after regional court ruling

Published

on

German e2e encrypted email provider Tutanota has been ordered by a regional court to develop a function that allows it to monitor an individual account.

The encrypted email service provider has been fighting a number of such orders in its home country.

The ruling, which was reported in the German press late last month, contradicts an earlier Hanover court finding that Tutanota, a provider of web-based email, is not a telecommunications service.

The order by the Cologne court comes under a German law (known as “TKG”) which requires telecommunications service providers to disclose data to law enforcement/intelligence agencies if they receive a lawful intercept request.

The Cologne court ruling also runs counter to a 2019 decision by Europe’s top court, the CJEU, which found that another web-based email service, Gmail, is not an ‘electronic communications service’ as defined in EU law — meaning it can’t be subject to common EU rules for telcos.

Tutanota co-founder Matthias Pfau described the Cologne ruling as “absurd” — and confirmed it’s appealing.

“The argumentation is as follows: Although we are no longer a provider of telecommunications services, we would be involved in providing telecommunications services and must therefore still enable telecommunications and traffic data collection,” he told TechCrunch.

“From our point of view — and law German law experts agree with us — this is absurd. Neither does the court state what telecommunications service we are involved in nor do they name the actual provider of the telecommunications service.

“The telecommunications service cannot be email, because we provide it completely ourselves. And if we were to participate, we would have to have a business relationship with the actual provider.”

Despite the absurdity of a regional court treating an email provider as an ISP — in apparent contradiction of earlier CJEU guidance — Tutanota is nonetheless required to comply with the order, and develop a surveillance function for the specific inbox, while its appeal continues.

A spokeswoman for Tutanota confirmed it has told the court it will develop the function by the end of this year — whereas she suggested its appeals process is likely to take “months” more to run its course.

“We are going to the higher court in parallel. We are already preparing an appeal to the Bundesgerichtshof [Germany’s Federal Court of Justice],” she added.

The Cologne court order is for a surveillance function to be implemented on a single Tutanota account that had been used for an extortion attempt. The Tutanota spokeswoman said the monitoring function will only apply to future emails this account receives — it will not affect emails previously received.

She added that the account in question appears to no longer be in use.

While after-the-fact monitoring seems unlikely to make any difference to the specific case the suspicion is that court wants to create a precedence — raising the hackles of security watchers who are worried about the risk of digital service providers being compelled to bake backdoors into their services in the region.

Last month a draft resolution of the Council of the European Union triggered substantial concern that EU lawmakers are considering a ban on e2e encryption as part of an anti-terrorism security push. However the draft document discussed only “lawful and targeted access” — while expressing support for “strong encryption”.

Returning to the Tutanote surveillance order, it can only be made to apply to unencrypted emails linked to the specific account.

This is because the email service provider applies e2e encryption to its own users’ content — meaning it does not hold decryption keys so is unable to decrypt the data — though it also allows users to receive emails from email services that do not apply e2e encryption (hence it can be compelled to provide that data in plain text).

However, if the EU were to legislate to compel e2e encryption service providers to provide decrypted data in response to lawful intercept requests, it would effectively outlaw the use of e2e encryption.

That’s the scenario of most concern — though no such law has yet been proposed by any EU institutions. (And would very likely face fierce opposition in the European parliament, as well as more broadly, from academia, civil society, consumer protection, and privacy and digital rights groups, among others.)

According to the ruling of the Cologne Regional Court, we were obliged to release unencrypted incoming and outgoing emails from one mailbox. Emails that are encrypted end-to-end in Tutanota cannot be decrypted by us, not even after the court order,” noted Pfau.

“Tutanota is one of the few mail providers that encrypts the entire mailbox, also calendar and contacts. The encrypted data cannot be decrypted by us, because only the user has the key to decrypt it.”

“This decision shows again why end-to-end encryption is so important,” he added. 

Lyron Foster is a Hawaii based African American Musician, Author, Actor, Blogger, Filmmaker, Philanthropist and Multinational Serial Tech Entrepreneur.

Continue Reading
Comments

Uncategorized

How China’s synthetic media startup Surreal nabs funding in 3 months

Published

on

What if we no longer needed cameras to make videos and can instead generate them through a few lines of coding?

Advances in machine learning are turning the idea into a reality. We’ve seen how deepfakes swap faces in family photos and turn one’s selfies into famous video clips. Now entrepreneurs with AI research background are devising tools to let people generate highly realistic photos, voices, and videos using algorithms.

One of the startups building this technology is China-based Surreal. The company is merely three months old but has already secured a seed round of $2-3 million from two prominent investors, Sequoia China and ZhenFund. Surreal received nearly ten investment offers in this round, founder and CEO Xu Zhuo told TechCrunch, as investors jostled to bet on a future shaped by AI-generated content.

Prior to founding Surreal, Xu spent six years at Snap, building its ad recommendation system, machine learning platform, and AI camera technology. The experience convinced Xu that synthetic media would become mainstream because the tool could significantly “lower the cost of content production,” Xu said in an interview from Surreal’s a-dozen-person office in Shenzhen.

Surreal has no intention, however, to replace human creators or artists. In fact, Xu doesn’t think machines can surpass human creativity in the next few decades. This belief is embodied in the company’s Chinese name, Shi Yun, or The Poetry Cloud. It is taken from the title of a novel by science fiction writer Liu Cixin, who tells the story of how technology fails to outdo the ancient Chinese poet Li Bai.

“We have an internal formula: visual storytelling equals creativity plus making,” Xu said, his eyes lit up. “We focus on the making part.”

In a way, machine video generation is like a souped-up video tool, a step up from the video filters we see today and make Douyin (TikTok’s Chinese version) and Kuaishou popular. Short video apps significantly lower the barrier to making a professional-looking video, but they still require a camera.

“The heart of short videos is definitely not the short video form itself. It lies in having better camera technology, which lowers the cost of video creation,” said Xu, who founded Surreal with Wang Liang, a veteran of TikTok parent ByteDance.

Commercializing deepfakery

Some of the world’s biggest tech firms, such as Google, Facebook, Tencent and ByteDance, also have research teams working on GAN. Xu’s strategy is not to directly confront the heavyweights, which are drawn to big-sized contracts. Rather, Surreal is going after small and medium-sized customers.

Surreal’s face swapping software for e-commerce sellers

Surreal’s software is currently only for enterprise customers, who can use it to either change faces in uploaded content or generate an entirely new image or video. Xu calls Surreal a “Google Translate for videos,” for the software can not only swap people’s faces but also translate the languages they speak accordingly and match their lips with voices.

Users are charged per video or picture. In the future, Surreal aims to not just animate faces but also people’s clothes and motions. While Surreal declined to disclose its financial performance, Xu said the company has accumulated around 10 million photo and video orders.

Much of the demand now is from Chinese e-commerce exporters who use Surreal to create Western models for their marketing material. Hiring real foreign models can be costly, and employing Asian models doesn’t prove as effective. By using Surreal “models”, some customers have been able to achieve 100% return on investment (ROI), Xu said. With the multi-million seed financing in its pocket, Surreal plans to find more use cases like online education so it can collect large volumes of data to improve its algorithm.

Uncharted territory

The technology powering Surreal, called generative adversarial networks, is relatively new. Introduced by machine learning researcher Ian Goodfellow in 2014, GANs consist of a “generator” that produces images and a “discriminator” that detects whether the image is fake or real. The pair enters a period of training with adversarial roles, hence the nomenclature, until the generator delivers a satisfactory result.

In the wrong hands, GANs can be exploited for fraud, pornography and other illegal purposes. That’s in part why Surreal starts with enterprise use rather than making it available to individual users.

Companies like Surreal are also posing new legal challenges. Who owns the machine-generated images and videos? To avoid violating copyright, Surreal requires that the client has the right to the content they upload for moderation. To track and prevent misuse, Surreal adds an encrypted and invisible watermark to each piece of the content it generates, to which it claims ownership. There’s an odd chance that the “person” Surreal produces would match someone in real life, so the company runs an algorithm that crosschecks all the faces it creates with photos it finds online.

“I don’t think ethics is something that Surreal itself can address, but we are willing to explore the issue,” said Xu. “Fundamentally, I think [synthetic media] provides a disruptive infrastructure. It increases productivity, and on a macro level, it’s inexorable, because productivity is the key determinant of issues like this.”

Continue Reading

Uncategorized

Israel’s “green pass” is an early vision of how we leave lockdown

Published

on

The commercial opens with a tempting vision and soaring instrumentals. A door swings wide to reveal a sunlit patio and a relaxed, smiling couple awaiting a meal. “How much have we missed going out with friends?” a voiceover asks. “With the green pass, doors simply open in front of you … We’re returning to life.” It’s an ad to promote Israel’s version of a vaccine passport, but it’s also catnip for anyone who’s been through a year in varying degrees of lockdown. Can we go back to normal life once we’ve been vaccinated? And if we can, what kind of proof should we need?

Although there are still many unknowns about vaccines, and many practical issues surrounding implementation, those considering vaccine passport programs include airlines, music venues, Japan, the UK, and the European Union

Some proponents, including those on one side of a fierce debate in Thailand, have focused on ending quarantines for international travelers to stimulate the hard-hit tourism industry. Others imagine following Israel’s lead, creating a two-tiered system that allows vaccinated people to enjoy the benefits of a post-pandemic life while others wait for their shots. What is happening there gives us a glimpse of the promise—and of the difficulties such schemes face.

How it works

Israel’s vaccine passport was released on February 21, to help the country emerge from a month-long lockdown. Vaccinated people can download an app that displays their “green pass” when they are asked to show it. The app can also display proof that someone has recovered from covid-19. (Many proposed passport systems offer multiple ways to show you are not a danger, such as proof of a recent negative test. The Israeli government says that option will come to the app soon, which will be especially useful for children too young to receive an approved vaccine.) Officials hope the benefits of the green pass will encourage vaccination among Israelis who have been hesitant, many of whom are young. 

“People who get vaccinated need to know that something has changed for them, that they can ease up,” says Nadav Eyal, a prominent television journalist. “People want to know that they can have some normalcy back.”

Despite the flashy ads, however, it’s still too early to tell how well Israel’s program will work in practice—or what that will mean for vaccine passports in general. Some ethicists argue that such programs may further entrench existing inequalities, and this is already happening with Israel’s pass, since few Palestinians in the occupied territories of Gaza and the West Bank have access to vaccines

The green pass is also a potential privacy nightmare, says Orr Dunkelman, a computer science professor at Haifa University and a board member of Privacy Israel. He says the pass reveals information that those checking credentials don’t need to know, such as the date a user recovered from covid or got a vaccine. The app also uses an outdated encryption library that is more vulnerable to security breaches, Orr says. Crucially, because the app is not open source, no third-party experts can vet whether these concerns are founded.

“This is a catastrophe in the making,” says Ran Bar Zik, a software columnist for the newspaper Haaretz. 

Zik recommends another option currently available under the green pass program: downloading a paper vaccination certificate instead of using the app. Although that’s possible, the app is expected to become the most widespread verification method.

Unnecessarily complicated

In the US, developers are trying to address such privacy concerns ahead of any major rollout. Ramesh Raskar runs the PathCheck Foundation at MIT, which has partnered with the design consultancy Ideo on a low-tech solution. Their prototype uses a paper card, similar to the one people currently receive when they’re vaccinated. 

The paper card could offer multiple forms of verification, scannable in the form of QR codes, allowing you to show a concert gatekeeper only your vaccination status while displaying another, more information-heavy option to health-care providers. 

“Getting on a bus, or getting into a concert, you need to have a solution that is very easy to use and that provides a level of privacy protection,” he says. But other situations may require more information: an airline wants to know that you are who you say you are, for example, and hospitals need accurate medical records. 

It’s not just about making sure you don’t have to hand over personal information to get into a bar, though: privacy is also important for those who are undocumented or who mistrust the government, Raskar says. It’s important for companies not to create another “hackable repository” when they view your information, he adds. 

He suggests that right now commercial interests are getting in the way of creating something so simple—it wouldn’t make much money for software companies, which at least want to show off something that could be repurposed later in a more profitable form. Compared with Israel, he says, “we’re making things unnecessarily complicated in the US.” 

The way forward

It’s unclear what the US—which, unlike Israel, doesn’t have a universal identity record or a cohesive medical records system—would need to do to implement a vaccine passport quickly. 

But whichever options eventually do make it into widespread use, there are also aspects of this idea that don’t get laid out in the ads. For example, proposals have been floated that would require teachers and medical staff to provide proof of vaccination or a negative test to gain admittance to their workplaces. 

That could be overly intrusive on individual privacy rights, says Amir Fuchs, a researcher at the Israel Democracy Institute. Still, he says, “most people understand that there is a logic in that people who are vaccinated will have less limitations.”

Despite the progress in delivering vaccines, all these passport efforts are all still in the early stages. PathCheck’s idea hasn’t rolled out yet, although pilots are under discussion. In Denmark, vaccine passports are still more a promise than a plan. And even in Israel, the vision put forward by government advertising is still just an ambition: while pools and concert venues may be open to green pass holders, dining rooms and restaurants aren’t open yet—for anybody.

This story is part of the Pandemic Technology Project, supported by the Rockefeller Foundation.

Continue Reading

Uncategorized

Hyzon Motors’ hydrogen fuel ambitions include two US factories

Published

on

Hyzon Motors plans to produce fuel cells, including a critical component required to power hydrogen vehicles, at two U.S. factories in a move aimed at kickstarting domestic production at a commercial scale.

The hydrogen-powered truck and bus manufacturer has already leased a 28,000-square-foot facility in the Chicago suburb of Bolingbrook and plans to expand it by an additional 80,000 square feet. Production at the Chicago facility is expected to begin in the fourth quarter of 2021. The announcement comes just three weeks after Hyzon announced it would become a publicly traded company through a merger with Decarbonization Plus Acquisition Corporation in a deal valued at $2.1 billion, and a little over one week after revealing plans to renovate a 78,000-square-foot factory in Monroe County, New York.

Hyzon is a new name with a nearly two decades of experience. The company was established in March of last year after spinning off from Singapore’s Horizon Fuel Cell Technologies, which has been developing commercial applications for fuel cells since 2003. Hyzon inked a deal in February with the New Zealand company Hiringa Energy for up to 1,500 fuel cell trucks on New Zealand’s roads by 2026. Now it is setting its sights on the North American hydrogen fuel cell vehicle market. Due to the lack of an established domestic hydrogen fueling network, the company is targeting heavy-duty vehicle customers that have a “back-to-base” business model.

Hyzon’s decision to build factories in the United States is noteworthy because production of fuel cell materials in the country lags far behind Europe and Asia. The U.S. also lacks the kind of national hydrogen refueling and infrastructure network found abroad.

“Hydrogen is much more available in places like Germany or The Netherlands,” Hyzon CEO Craig Knight said in an interview with TechCrunch. “There’s already a number of commercial vehicle stations where you can just pull up and pay to fill up like you do with gasoline today in the U.S. It won’t be long before that is a reality, but for the moment we limit the dependence on networks of hydrogen stations by focusing on the customers that use back-to-base operating models, where you only need one piece of hydrogen infrastructure to fuel dozens or even sometimes hundreds of vehicles in a given area.”

Much of the hydrogen that’s produced in the U.S. is so-called “grey hydrogen,” or hydrogen that’s produced from natural gas. An increasing number of companies are pursuing “green hydrogen,” or hydrogen produced via electrolysis powered by renewable energy. Hyzon sources both types for its operations. Hydrogen production remains one of the main factors determining the rate of scale for fuel cell producers.

The Chicago facility will design, develop and produce the membrane electrode assembly, the fuel cell component that helps trigger the electrochemical reaction required to produce power. The company anticipates the new facility will be able to produce enough MEAs for up to 12,000 fuel cell-powered trucks annually.

Finished MEAs will be sent to the company’s recently announced fuel cell stack and system assembly plant in Monroe County, where the components will be assembled into complete fuel cells. From there, the fuel cells will be delivered to a partner truck manufacturer to be assembled into commercial heavy-duty vehicles. The company’s main assembly partner in the United States is Berkshire Hathaway subsidiary Fontaine Modification.

Hydrogen fuel cell technology is finding use cases in heavy-duty vehicles because trucking companies are frequently paid by how much weight they can transport, and how quickly they can do it. The time investment of battery charging and the loss of carrying capacity makes fuel cells an attractive alternative for companies looking to decarbonize their vehicle fleets.

Hyzon sees positive network effects and economies of scale associated with hydrogen fuel cell adoption — and increasing marginal costs of electric battery adoption. Although the company has not announced plans to dive into the light-duty vehicle market, it remains bullish on the value proposition of hydrogen fuel cells.

“We think at some point it becomes an increasing marginal cost of adoption for battery electric, because you run into infrastructure limitations around the electricity grid, around the size of depots and the capacity to build the charging infrastructure,” Knight said. “We believe there’s a dis-economy of scale attached to going battery electric when you’ve got really high utilization. We believe that some of the lighter vehicles will also start to move onto hydrogen. We’re not totally dependent on that for our model, but that’s our belief.”

Hyzon, which expects to be listed on the Nasdaq in late May or early June, will be listed under the ticker HYZN.

Continue Reading

Trending