Connect with us

Uncategorized

A guide to being an ethical online investigator

Published

on

As rioters stormed Capitol Hill on January 6, Theo—like many Americans—watched, dumbfounded and in horror.

Then he had an idea. “What if we went on social and started pulling these screenshots together and tried to go around and crowdsource [the rioters’] identities?” he remembers thinking.

So Theo bought a burner phone, set up a fake email address, and created an Instagram account over a VPN: @homegrownterrorists. Within hours, and before the FBI had issued its plea for help to identify rioters, Theo (a pseudonym for the account holder, who asked to remain anonymous because of death threats he has received) had gained hundreds of thousands of followers as he furiously posted images and video. Thousands of people were commenting on and sharing the images, with the goal of identifying the perpetrators. 

The assault on the Capitol, its aftermath, and the prospect of what federal authorities have warned could be a second wave of violence in the days leading up to Joe Biden’s inauguration have inspired a new army of everyday online investigators. People comb social media and archive posts, photos, and videos before they are deleted. Then they cross-reference those findings with open-sourced information to identify perpetrators and, they hope, bring them to justice. Like Theo, they are politically interested and invested but wouldn’t consider themselves activists under normal circumstances; rather, the January 6 assault was the last straw for many people.

“This is the first time I’ve seen this amount of tagging on Twitter,” says Giancarlo Fiorella, a senior investigator at the open-source intelligence agency Bellingcat. “I’ve had people email me out of the blue and say, ‘Put me to work.’ I don’t think you can make a trend out of a singular event, but I’ve never seen this before.” Even celebrities like Pedro Pascal and Jane Lynch are getting involved.

But this activity raises some complex ethical and practical issues. How can you, an average person, be an ethical digital activist? What counts as going too far? How can you keep yourself safe? How can you participate in a way that doesn’t put anyone in danger? Below are some guidelines that might help.

Remember, you are not a hacker: There’s a big difference between accessing publicly available information, like a photo from a Facebook profile page that documents illegal activity, and hacking into a person’s otherwise private account to find that photo. That’s crossing the line.In the US, the Computer Fraud and Abuse Act (CFAA) limits the amount of access a person has to another’s information “without authorization,” which is undefined; this lack of clarity has frustrated lawyers who represent activists. “Those who do [violate CFAA] are breaking the law, and they’re criminals,” says Max Aliapoulios, a PhD student and cybersecurity researcher at New York University. It’s worth keeping in mind regional laws as well. In the European Union, “publicly identifying an individual necessarily means processing personally identifiable information; therefore individuals performing such activities need a legal basis to do so [under Article 6 of the GDPR],” says Ulf Buermeyer, the founder and legal director of Freiheitsrechte, a German-based civil rights organization.

Ethical issues abound: It’s not just legal issues that would-be amateur online investigators need to be aware of. Much of the online activity carried out in the wake of the Capitol riots raises ethical questions, too. Should a person who didn’t storm the Capitol but attended the rallies leading up to the riots be identified and risk punishment at work? Do those who were in and around the Capitol on January 6 automatically lose the right to privacy even if they weren’t involved in riots? It’s worth thinking through how you feel about some of these questions before you continue. Few are clear cut.

So, where does the information come from? “Our bread and butter is open source,” Fiorella says. “Open-source media” refers to information that is publicly available for use. Data archivists, or those who collect and preserve information online for historical purposes, accessed such open-source data to save posts before they disappeared as social media companies pushed President Donald Trump and many of his supporters off their platforms. “If you were at the Capitol storming and recorded video and took selfies that anyone can access, and it’s openly available on the internet, it’s fair game,” says Fiorella.

It’s your First Amendment right to access open-sourced information. Hacktivists and digital activists trawling social media alike will agree on this: they say it’s the most important aspect of their work. “Utilizing open-source intelligence isn’t a crime,” says Daly Barnett, an activist and staff technologist at the Electronic Frontier Foundation, a nonprofit digital rights group. “Archiving isn’t a crime. Freedom of information is good.”

Misidentification is a real danger. “Anyone with an internet connection and free time and willingness to do these things can be part of crowdsourcing efforts to clarify what happened,” Fiorella says. But crowdsourced efforts can be problematic, because people may zero in on the wrong individual. “There’s a fundamental tension here,” says Emmi Bevensee, a researcher and founder of the Social Media Analysis Toolkit, an open-source tool that tracks trends across mainstream and fringe social media platforms. “The more people you have working on a problem, the more likely you are to find the needle in the haystack. There’s a risk doing things like this, though. Not everyone has the same research skills or methodological accountability”—and mistakes can be devastating for the person misidentified. Misidentification carries potential legal risks, too.

You can join up with more established investigators instead of going it alone. There is, obviously, the FBI, which has collected images and is seeking the public’s help in identifying domestic terrorists. Bellingcat, one of the most respected, thorough investigatory sites devoted to this purpose, has created a Google spreadsheet for images of suspects that need identifying. Organizations also often have ethical standards put in place to guide new sleuths, like this one Bellingcat created in light of the Black Lives Matters protests.

Don’t doxx. Doxxing—or digging up personal information and sharing it publicly—is illegal. “The majority of doxxing has occurred from open-source intelligence,” Barnett says, and data hygiene is still something many people online struggle with. If you come across passwords, addresses, phone numbers, or any other similar identifier, do not share it—it’s a crime to do so. r/Datahoarder, a Reddit archiving group, notes that its members “do NOT support witch hunting.” 

If you find something online that could be incriminating, ask, “Am I putting this person in danger?” Fiorella says he asks himself that question consistently, particularly in cases where a person might have few followers and is using social media just to share images with friends.

Show your methodology. Just like in middle school math class, show your work and how you got your results. Data researchers who do this work are famously diligent and exhaustive in how they record their work and triple-check their information. That sort of checking is especially important to ensure that people are properly identified and that others can learn from and retrace your steps for subsequent prosecution. (Methodology may take some technical expertise in some cases, and data researching organizations often run workshops and training sessions to help people learn how to do this.)

Do not share names online. Let’s say you see a picture of a possible suspect online and you recognize who it is. While you might be tempted to tag the person, or screenshot the image and put some commentary on your Instagram to get that addictive stream of likes, don’t. This work needs to be deliberate and slow, says Fiorella: “There’s a risk of misidentifying a person and causing harm.” Even if there’s no doubt that you have figured out who a person is, hold back and, at the most, submit your information to an organization like Bellingcat or the FBI to check your work and make sure it is correct.

You will run into situations where things are not clear. Theo shared the story of the viral video in which a Black Los Angeles woman is physically attacked by Trump supporters calling her the n-word. In the video, a man is seen with his arms around the woman amid the violent, jeering crowd. In initial reports, the man was described as part of the mob and harming the woman. Video footage seemed to show him putting her in the way of pepper spray, for example. Then police said the man was actually trying to protect the woman and that she had confirmed this version of events, though she later suggested to BuzzFeed that perhaps he ended up doing as much harm as good. Theo shared the image of the man in the immediate aftermath of the incident, and then he saw the account suggesting he was a good Samaritan. “I felt horrible,” he says. Theo points out that the man was also recorded using xenophobic and racist language, but “that got me to pause a little bit and think about what I’m doing that could impact people,” he says. “It’s a blurred line.” It doesn’t hurt to repeat it again: Do not share names online.

Your safety may be at risk. Theo says he has received death threats and has not felt safe in the past week, consistently looking over his shoulder if he steps out. Bevensee has received multiple death threats. Many digital activists have burner phones and backup computers, and work away from their families to protect them.

Keep your mental health in mind. This work can involve viewing violent images. Theo says he has been dealing with migraine headaches, sleep problems, paranoia, and the distress that comes with trying to keep up with his day job while handling his Instagram accounts and its sister Twitter account, @OutTerrorists. “I’m only one person, and I have to handle DMs and keep everything up to date,” he says, noting that he also updates posts with verified identifications from the FBI, goes through comments, and forwards information to the FBI himself. Take time to process and realize that it’s okay to feel upset. It’s one thing to use this as motivation to right the wrongs of the world, but nearly every expert and activist told me that having a way to deal with disturbing images is important.

Share your information with law enforcement—if it’s appropriate. Bevensee and Aliapoulios said the digital activism movement was a direct response to the perceived lack of official action. Many activists have a strong distrust of US law enforcement, pointing to the difference between how the Capitol rioters and Black Lives Matter protesters were treated. But in the case of the insurrection, which carries federal charges, experts and activists agree that the right thing to do is to take information to the authorities.

Lyron Foster is a Hawaii based African American Musician, Author, Actor, Blogger, Filmmaker, Philanthropist and Multinational Serial Tech Entrepreneur.

Continue Reading
Comments

Uncategorized

Gillmor Gang: Win Win

Published

on

Just finished a Twitter Spaces session. It is an engaging platform, somewhat clunky in feature set but easily a tie overall with Clubhouse. I don’t see this as a horse race, however, more as cooperating teams fleshing out a platform where both will be major players. Like notifications in iOS and Android, the feature set is a push and pull motion where Android delivers deep functionality and Apple alternately pulls ahead and consolidates gains. Though the details can vary, the combined energy of effectively 100 percent of the consumer base mandates best practices and opportunities for innovation.

Something similar is going on in Washington as the Democrats test out their majority of none on the pandemic stimulus bill. The headline in the Times says bipartisanship is dead, but the subheading is the real story. The battle for control of the Senate is closing in on the arcane gerrymandering of the filibuster, or what passes for it after Republican whittling of the original talk ’til you drop croaking of Jimmy Stewart as in Mr. Smith Goes to Washington.

The telltale giveaway is Senator Lindsay Graham, who complains bitterly that the Democrats are steamrolling the COVID Rescue Bill without Republican votes “because they can.” The actual bipartisanship is between the progressives and moderates in the Democratic Party, as the Senator from West Virginia moderates one aspect of the bill to gain the prize of something the President can sign. Not only does it establish Biden’s power to govern but it also provides a roadmap for justifying the necessity of altering the filibuster equation.

Notice how Biden changed the subject from bipartisan negotiations to the power play it turned into. He used the polls to squeeze the Republican moderates where they fear most, the primary battles for control of the House in the midterms. The wave of vaccines are making it almost impossible to put up a political firewall; the anti-mask mandates seem like clueless floundering as people begin to have hope of an exit from the gridlock of partisan obstructionism. It will be hard to run on a platform of denial and death as we reach the end of May.

Governing by success undercuts the argument that government doesn’t work. Breaking the back of the filibuster requires the framing of the issue as finding a way to let government keep working in a bipartisan way. That brings us back to changing the definition of bipartisan as evidenced in the technology arena. In the Apple/Android example, two viable entities bring different strengths to insuring the ability to survive long enough to govern. Google’s lock on the network effect in advertising and “free” services may be challenged by Apple’s focus on privacy and a hardware revenue base, but the net effect is to cancel each other’s vulnerabilities due to the market force of their positions. The bipartisan finesse is that each platform has the other as a dominant customer.

In the same vein, Twitter v. Clubhouse is really not the point. Certainly we can cherrypick the battle as startup v. incumbent: Clubhouse filled with unicorn celebrities and rockstar investors and a builtin tension with the media, Twitter protectively fast following with its natural social graph advantages and struggling with scalability and the fear they’ve sown of abandoning projects before they can thrive. The question begged: what is the nature of the bipartisan compromise that will ensure both end up winners?

The answer is how to make each player the best customer of the other. Twitter’s problem is focus, and harnessing the power of users to hack the system to both theirs and the company’s advantage. The @mention spawned the retweet, providing the analytics that drive Twitter’s indelible social graph. Instagram may be Facebook’s best attempt so far at challenging the fundamental strategic value that the former president used to dominate, but Clubhouse promises to go one big step better with its hybrid of mainstream media and a Warholesque factory engine that creates new stars and the media they generate. This in turn migrates through the entertainment disruption led by the streaming realignment. What exactly is this NFT thing really about?

So Clubhouse has to open up its ability to multitask with Twitter and other curated social graphs. Facebook as a source for Clubhouse notifications and suggested conversations is different than Twitter’s But patching into the sharing icon on iOS will offer substantial access to blunt Twitter’s native integration in Spaces. On the flip side, Twitter’s Revue newsletter tools present an opportunity to mine the burgeoning newsletter surge, using its drag and drop tools to bring not just default social network citations but the implicit social graph of curated editorial rockstars. Not only is the influencer audience rich in signal for advertisers, but these same brands will prove most attractive to Clubhouse listeners looking for value. Win win.

from the Gillmor Gang Newsletter

__________________

The Gillmor Gang — Frank Radice, Michael Markman, Keith Teare, Denis Pombriant, Brent Leary and Steve Gillmor. Recorded live Friday, March 5, 2021.

Produced and directed by Tina Chase Gillmor @tinagillmor

@fradice, @mickeleh, @denispombriant, @kteare, @brentleary, @stevegillmor, @gillmorgang

Subscribe to the new Gillmor Gang Newsletter and join the backchannel here on Telegram.

The Gillmor Gang on Facebook … and here’s our sister show G3 on Facebook.

Continue Reading

Uncategorized

The iMac Pro is being discontinued

Published

on

Chalk this up to inevitability. The iMac Pro is soon to be no more. First noted by 9to5Mac, TechCrunch has since confirmed with Apple that the company will stop selling the all-in-one once the current stock is depleted.

One configuration of the desktop is still available through Apple’s site, listed as “While Supplies Last” and priced at $5,000. Some other versions can also still be found from third-party retailers, as well, if you’re so inclined.

The space gray version of the popular system was initially introduced in 2017, ahead of the company’s long-awaited revamp of the Mac Pro. Matthew called it a “love letter to developers” at the time, though that particular letter seems to have run its course.

Since then, Apple has revamped the standard iMac, focusing the 27-inch model at those same users. The company notes that the model is currently the most popular iMac among professional users. The system has essentially made the Pro mostly redundant, prefiguring its sunsetting. Of course, there’s also the new Mac Pro at the high end of Apple’s offerings.

And let us not forget that the Apple silicon-powered iMacs should be on the way, as well. Thus far the company has revamped the MacBook, MacBook Air and Mac Mini with its proprietary chips. New versions of the 21.5-inch and 27-inch desktop are rumored for arrival later this year, sporting a long-awaited redesign to boot.

Continue Reading

Uncategorized

Investors still love software more than life

Published

on

Welcome back to The TechCrunch Exchange, a weekly startups-and-markets newsletter. It’s broadly based on the daily column that appears on Extra Crunch, but free, and made for your weekend reading. Want it in your inbox every Saturday morning? Sign up here.

Ready? Let’s talk money, startups and spicy IPO rumors.

Despite some recent market volatility, the valuations that software companies have generally been able to command in recent quarters have been impressive. On Friday, we took a look into why that was the case, and where the valuations could be a bit more bubbly than others. Per a report written by few Battery Ventures investors, it stands to reason that the middle of the SaaS market could be where valuation inflation is at its peak.

Something to keep in mind if your startup’s growth rate is ticking lower. But today, instead of being an enormous bummer and making you worry, I have come with some historically notable data to show you how good modern software startups and their larger brethren have it today.

In case you are not 100% infatuated with tables, let me save you some time. In the upper right we can see that SaaS companies today that are growing at less than 10% yearly are trading for an average of 6.9x their next 12 months’ revenue.

Back in 2011, SaaS companies that were growing at 40% or more were trading at 6.0x their next 12 month’s revenue. Climate change, but for software valuations.

One more note from my chat with Battery. Its investor Brandon Gleklen riffed with The Exchange on the definition of ARR and its nuances in the modern market. As more SaaS companies swap traditional software-as-a-service pricing for its consumption-based equivalent, he declined to quibble on definitions of ARR, instead arguing that all that matters in software revenues is whether they are being retained and growing over the long term. This brings us to our next topic.

Consumption v. SaaS pricing

I’ve taken a number of earnings calls in the last few weeks with public software companies. One theme that’s come up time and again has been consumption pricing versus more traditional SaaS pricing. There is some data showing that consumption-priced software companies are trading at higher multiples than traditionally priced software companies, thanks to better-than-average retention numbers.

But there is more to the story than just that. Chatting with Fastly CEO Joshua Bixby after his company’s earnings report, we picked up an interesting and important market distinction between where consumption may be more attractive and where it may not be. Per Bixby, Fastly is seeing larger customers prefer consumption-based pricing because they can afford variability and prefer to have their bills tied more closely to revenue. Smaller customers, however, Bixby said, prefer SaaS billing because it has rock-solid predictability.

I brought the argument to Open View Partners Kyle Poyar, a venture denizen who has been writing on this topic for TechCrunch in recent weeks. He noted that in some cases the opposite can be true, that variably priced offerings can appeal to smaller companies because their developers can often test the product without making a large commitment.

So, perhaps we’re seeing the software market favoring SaaS pricing among smaller customers when they are certain of their need, and choosing consumption pricing when they want to experiment first. And larger companies, when their spend is tied to equivalent revenue changes, bias toward consumption pricing as well.

Evolution in SaaS pricing will be slow, and never complete. But folks really are thinking about it. Appian CEO Matt Calkins has a general pricing thesis that price should “hover” under value delivered. Asked about the consumption-versus-SaaS topic, he was a bit coy, but did note that he was not “entirely happy” with how pricing is executed today. He wants pricing that is a “better proxy for customer value,” though he declined to share much more.

If you aren’t thinking about this conversation and you run a startup, what’s up with that? More to come on this topic, including notes from an interview with the CEO of BigCommerce, who is betting on SaaS over the more consumption-driven Shopify.

Next Insurance, and its changing market

Next Insurance bought another company this week. This time it was AP Intego, which will bring integration into various payroll providers for the digital-first SMB insurance provider. Next Insurance should be familiar because TechCrunch has written about its growth a few times. The company doubled its premium run rate to $200 million in 2020, for example.

The AP Intego deal brings $185.1 million of active premium to Next Insurance, which means that the neo-insurance provider has grown sharply thus far in 2021, even without counting its organic expansion. But while the Next Insurance deal and the impending Hippo SPAC are neat notes from a hot private sector, insurtech has shed some of its public-market heat.

Stocks of public neo-insurance companies like Root, Lemonade and MetroMile have lost quite a lot of value in recent weeks. So, the exit landscape for companies like Next and Hippo — yet-private insurtech startups with lots of capital backing their rapid premium growth — is changing for the worse.

Hippo decided it will debut via a SPAC. But I doubt that Next Insurance will pursue a rapid ramp to the public markets until things smooth out. Not that it needs to go public quickly; it raised a quarter billion back in September of last year.

Various and Sundry

What else? Sisense, a $100 million ARR club member, hired a new CFO. So we expect them to go public inside the next four or five quarters.

And the following chart, which is via Deena Shakir of Lux Capital, via Nasdaq, via SPAC Alpha:

Alex

 

Continue Reading

Trending