Vizion.ai launches its managed Elasticsearch service
Setting up Elasticsearch, the open-source system that many companies large and small use to power their distributed search and analytics engines, isn’t the hardest thing. What is very hard, though, is to provision the right amount of resources to run the service, especially when your users’ demand comes in spikes, without overpaying for unused capacity. Vizion.ai’s new Elasticsearch Service does away with all of this by essentially offering Elasticsearch as a service and only charging its customers for the infrastructure they use.
Vizion.ai’s service automatically scales up and down as needed. It’s a managed service and delivered as a SaaS platform that can support deployments on both private and public clouds, with full API compatibility with the standard Elastic stack that typically includes tools like Kibana for visualizing data, Beats for sending data to the service and Logstash for transforming the incoming data and setting up data pipelines. Users can easily create several stacks for testing and development, too, for example.
Vizion.ai GM and VP Geoff Tudor
“When you go into the AWS Elasticsearch service, you’re going to be looking at dozens or hundreds of permutations for trying to build your own cluster,” Vision.ai’s VP and GM Geoff Tudor told me. “Which instance size? How many instances? Do I want geographical redundancy? What’s my networking? What’s my security? And if you choose wrong, then that’s going to impact the overall performance. […] We do balancing dynamically behind that infrastructure layer.” To do this, the service looks at the utilization patterns of a given user and then allocates resources to optimize for the specific use case.
What VVizion.ai hasdone here is take some of the work from its parent company Panzura, a multi-cloud storage service for enterprises that has plenty of patents around data caching, and applied it to this new Elasticsearch service.
There are obviously other companies that offer commercial Elasticsearch platforms already. Tudor acknowledges this, but argues that his company’s platform is different. With other products, he argues, you have to decide on the size of your block storage for your metadata upfront, for example, and you typically want SSDs for better performance, which can quickly get expensive. Thanks to Panzura’s IP, Vizion.ai is able to bring down the cost by caching recent data on SSDs and keeping the rest in cheaper object storage pools.
He also noted that the company is positioning the overall Vizion.ai service, with the Elasticsearch service as one of the earliest components, as a platform for running AI and ML workloads. Support for TensorFlow, PredictionIO (which plays nicely with Elasticsearch) and other tools is also in the works. “We want to make this an easy serverless ML/AI consumption in a multi-cloud fashion, where not only can you leverage the compute, but you can also have your storage of record at a very cost-effective price point.”
Powered by WPeMatico
Amazon Prime members get a free year of Nintendo Switch Online through Twitch Prime
You may have forgotten about Twitch Prime, but the company is adding an interesting new perk for Nintendo Switch owners. The company is giving out up to one year of Nintendo Switch Online, the subscription service that lets you play online multiplayer games and access NES games.
If you’re an Amazon Prime or Prime Video subscriber, you automatically become a Twitch Prime member once you link your accounts together — Amazon owns Twitch. Twitch Prime gives you access to free loot, such as in-game skins for Apex Legends or Call of Duty Black Ops 4, as well as free (mostly indie) games.
As part of Twitch Prime, you can also subscribe to a Twitch channel for free — the streamer still gets compensated. Twitch Prime also gives your more options to customize your chat experience.
Nintendo and Twitch are partnering to offer a complimentary Nintendo Switch Online subscription — it usually costs $20. But you won’t get 12 months at once. You can go to this website to redeem three months right now.
In two months, you’ll be able to redeem another nine months. Twitch and Nintendo probably hope that you’ll forget about the second part of the perk, so don’t forget to set up a reminder.
The offer expires on September 24, 2019 for the initial three months, and on January 22, 2020 for the additional nine months. The good news is that it also works if you’re already a Nintendo Switch Online subscriber. You’ll just get additional subscription time.
Powered by WPeMatico
Boundless gets $7.8M to help immigrants navigate the convoluted green card process
Two years ago, former Amazon product manager Xiao Wang stood on the stage at TechCrunch Disrupt San Francisco and made the case for a platform meant to help couples apply for marriage green cards, a complex process made worse by bureaucracy and red tape.
Called Boundless, the startup had spun out of Seattle startup studio Pioneer Square Labs and raised a $3.5 million seed round. Now, Foundry Group’s Brad Feld has led a $7.8 million Series A in the startup, with participation from existing investors Trilogy Equity Partners, PSL, Two Sigma Ventures and Founders’ Co-Op.
“Families have really only had two choices, they could spend weeks or months trying to figure this out on their own, or they can spend thousands and thousands of dollars on an immigration attorney,” Wang, Boundless co-founder and chief executive officer, told TechCrunch. “What we are trying to do is basically give everyone access to the information, the tools and the support that was previously only available to those that could afford high-priced attorneys.”
Boundless charges $750 for its online green card application support services, which includes ensuring families correctly complete applications and have access to an immigration lawyer to review those applications. The fee comes at a major discount to the costs of an immigration lawyer and streamlines a process that can be delayed months when errors are made. The startup also offers a recently launched $395 naturalization product meant to assist eligible green card holders with their U.S. citizenship applications.
Wang founded Boundless in 2017 after helping build Amazon Go, the e-commerce giant’s line of cashierless convenience stores. Wang is an immigrant, having relocated to the U.S. from China when he was a child.
“We spent almost five months of rent money on an immigration attorney because the stakes were so high and we only had one shot,” Wang said. “We wanted to make sure we were doing it right. This is a story that is echoed by millions of families every year; this is such an important part of them starting a new life in a new country.”
Wang, after three years at Amazon, realized he could use his technology background and data prowess to build an information platform supportive of these millions of families.
“This is exactly what tech and data is meant to do,” he said. “I believe there is a moral obligation for tech to be used in meaningfully improving people’s lives.”
Boundless plans to use this investment to expand its team and product offerings, as well as build out its content library, which Wang said is rapidly becoming the go-to place for immigrants navigating the legal labyrinth that is the U.S. green card and citizenship process. Its resources page, which includes straightforward guides, a number of forms and more, counts 300,000 unique visitors per month.
“We hold their hand through the entire process,” Wang said. “We want to be the single source of information and tools for all family-based immigration.”
Wang and his team also hope to shine a brighter light on immigration policy. In late 2018, as part of its effort to be louder advocates for immigrants, Boundless, alongside Warby Parker, Foursquare, Foundation Capital and more, published an open letter to the U.S. Department of Homeland Security opposing its proposed “public charge” immigration regulation, which would allow for non-citizens who are in the country legally to be denied a visa or a green card if they have a medical condition, financial liabilities and other disqualifiers.
“The stakes for making sure your application is correct have never been higher; the government has far more leeway to be able to deny applications,” Wang said. “While we can’t speed up the government processing times, we can make meaningful improvements to helping families gather all the materials they need to send in the right information.”
Powered by WPeMatico
Turns out The Correspondent isn’t opening a US newsroom after all
Dutch news organization The Correspondent surprised some of its supporters earlier this week when co-founder and CEO Ernst Pfauth posted an update on Medium saying that the company would not be opening a newsroom in New York City.
Which was odd, because the organization raised $2.6 million in a crowdfunding campaign last fall with the express purpose of launching in the United States.
At least, that’s what I thought. After all, I wrote an article titled, “The Correspondent launches campaign to bring its ad-free journalism to the US.”
But here’s how Pfauth explained the decision in his post (emphasis in the original):
We’ve closed our campaign office in NYC, and we have decided that we won’t open a newsroom in the US for now. We don’t aim to be a national US news organization (we have founding members from more than 130 countries around the world!) but instead want to cover the greatest challenges of our time from a global perspective — in English. For that vision, Amsterdam is as a great place to start.
So was this the plan all along? In an interview with NiemanLab, Editor-in-Chief Rob Wijnberg argued that this is consistent with what The Correspondent team promised in the campaign: “We’re setting up in English language, and we’re going to hire U.S.-based journalists as well.”
I’ll say it coz no one else will: everything about TheCorrespondent’s so-called U.S. expansion plans for last two years felt like a huckster’s dream, everyone shilling for them have some explanation to do. Or not, coz really, no one should’ve given a shit in the first place.
— Rafat Ali, Media Operator (@rafat) March 26, 2019
He went on to say that the team “never really talked about setting up an office” in the United States. Still, he acknowledged that it was a U.S.-centric campaign, with Wijnberg and Pfauth spending most of their time in New York, reaching out to U.S. journalists to write about the campaign and recruiting other journalists and pundits to serve as “ambassadors.”
“So it got interpreted by a lot of media who wrote about us as, ‘They’re launching in the U.S.,’ ” Wijnberg said. “Which is pretty much 80 percent true, in the sense that we are going to have English-language correspondents in the U.S. — just not only in the U.S. And we never promised — or never said, because that’s not our model — to have, to cover the United States or anything.”
So I thought: Okay, that makes sense. I must have misunderstood what Pfauth was telling me.
Still, I wanted to figure out how I got this wrong, so I went back to the initial email I received from Pfauth. Here’s how it began: “Dear Anthony, I’m CEO and cofounder of The Correspondent, an online journalism platform from Amsterdam that will soon be launching in the U.S.”
Then he gave a quick description of The Correspondent’s ad-free, reader-funded model, adding, “We aim to bring the same journalistic integrity and unconventional editorial approach when we launch in the U.S.”
It’s so weird that I ended up thinking they were planning to launch in the U.S.!
So @robwijnberg says everyone thought The Correspondent was going to launch in the U.S. because that’s how it was “interpreted by a lot of media.” But ummmmmm https://t.co/3EXj7ShxVO pic.twitter.com/bZZQ6YMdLc
— Anthony Ha (@anthonyha) March 28, 2019
Wijnberg acknowledged the confusion in his interview, telling NiemanLab, “Tons of people talk about what we’re trying to do. So the idea that you can keep all these people on message all the time would be kind of totalitarian, right?”
Maybe … except this isn’t an overly enthusiastic ambassador; it’s the company’s CEO. (And it seems he made a similar pitch to other publications.) One might argue that keeping him on message — a.k.a., making sure he accurately describes the company’s plans as he asks people for money — is not only not “totalitarian,” but actually the responsible thing to do.
The truth is, I don’t know what happened here. If The Correspondent never planned to open a U.S. office, thinks it can do a good job covering the U.S. without one and simply did a bad job communicating? Fine. If the original plan was to open a U.S. office, then it reconsidered? That would be disappointing, but if the model still produces worthwhile journalism about the U.S., then I suppose it’s a net positive.
But these confusing, convoluted, “I’m sorry that you didn’t understand us” explanations don’t just make the company look disingenuous — they also seem antithetical to running a newsroom that depends on readers’ knowledge, goodwill and money.
Lordy is this interview mealy-mouthed… you can’t blame people for believing your marketing, PR, and the people you hire as “ambassadors” https://t.co/xnT0hGja2E pic.twitter.com/kHv5Rj7c26
— Gabriel Snyder (@gabrielsnyder) March 28, 2019
Update: Jay Rosen, who is advising The Correspondent, has written a post in which he acknowledged that the company “screwed up its communications with members.”
Apparently, the original plan was to have its English-language headquarters in New York, but the thinking evolved as the team considered issues like cost and the benefits of having a distributed newsroom, eventually settling on the idea of “a one newsroom strategy … with headquarters in Amsterdam and the new correspondents working remotely.”
“I was initially taken back,” Rosen wrote. “I would not have come up with that idea. But the more I thought about it, the more sense it made, especially when it came to the talent search, and to the aspiration to one day be a global brand.”
Fair enough! It’s just a little mystifying that Wijnberg and Pfaust didn’t say that in the first place.
Powered by WPeMatico
How to delay your Form Ds (or not file them at all)
Building a startup is incredibly tough. There are the constant ups and downs, the moments of sheer ambiguity and terror. And so, few moments in a startup’s life are as triumphant — and crystal clear — as closing a round of funding. Yes, yes, raising venture capital shouldn’t be celebrated as a milestone, and the focus should always be on product and users … but it just feels so damn good sometimes just to feel that sense of euphoria: I built something, and now others are giving me potentially millions of dollars to shoot for the stars.
Unfortunately, that clarity is increasingly vanishing. First, “closing a round” is rarely as sharp a distinction as it used to be. Seed rounds (and even later-stage rounds) are often raised over extended periods of time, with many partial closings conducted as new angels and seed funds come to the (cap) table.
Then there is also the growing disconnect between raising capital and the actual announcement of that fundraise. Founders are trying to remain under stealth for longer periods of time to hide from competitors, and they want to message their news in a careful manner.
All of which means that the Form D filed with the Securities and Exchange Commission when closing an exempt fundraise (aka venture rounds) is no longer as simple a process as it once was.
Lawyers will state publicly that startups should always file their legally mandatory paperwork (that’s probably also a good rule for life). The reality, though, is pretty much the opposite when you talk to startup attorneys in private.
Here’s the secret about Form D filings today: the norms in Silicon Valley have changed, and Form D filings are often filed late, not at all, and many startups are advised to lie low in the hopes of avoiding stricter SEC scrutiny. What was once a fait accompli is now a deliberative process, with important decision points for founders.
Extra Crunch contacted about two dozen startup attorneys, from the biggest firms in the industry to the one-person shops with a shingle out front. Getting straight answers here has been tough, if only because no lawyer really wants to say out loud that they actively recommend their clients violate government regulations (there is that whole law license thing, which apparently lawyers care about).
Practically all of these conversations were done off-the-record and not for attribution, since as one lawyer said, “the last thing I need is the damn SEC sending our firm a nastygram.” Other firms wholly swore us off from even discussing their Form D cultures.
Full disclosure: I am not an attorney, and while I had attorneys read over this draft, this does not constitute legal advice, particularly specific legal advice for your specific startup and situation. Get inspiration from this analysis, but always (really, truly, always) consult qualified legal counsel to answer legal questions about your startup.
With that said, here is our guide to the new world of venture capital securities filings.
Powered by WPeMatico
Drake invests in esports betting startup Players’ Lounge
Drake’s latest collaboration isn’t with Kanye or Kendrick, it’s with Marissa Mayer.
The rap superstar has joined a bevy of Silicon Valley investors, including Strauss Zelnick, Comcast, Macro Ventures, Canaan, RRE, Courtside and Marissa Mayer, to fund Players’ Lounge, an esports startup looking to pit gamers against each other in their favorite titles with some friendly wagers on the line.
The startup has just announced that it closed $3 million in funding.
The company, which has been around for five years, got its start as an esports startup looking to organize real-life matches at bars in New York City to play FIFA. That’s obviously not the most scalable business of all time, but last year after joining Y Combinator, the company really dove into a new model that looked to create an online hub for gamers to battle each other in titles of their choosing, with money on the line.
The company has a heavy emphasis on sports titles, like FIFA 19, NBA 2K19 and Madden 19, but there are also some heavy hitters like Fortnite, Apex Legends and Super Smash Bros. Ultimate.
Gamers can set a match or join one in head-to-head challenges or in massive 500-person tournaments. The wagers are often a buck or two but can swell much higher. Players’ Lounge takes 10 percent of the bets as a fee. Because it’s a game of skill, not chance, there aren’t many issues with gambling regulations, though a few states still don’t allow the service, the company says.
The startup plans to use their new cash to beef up their library of playable games and add to their development team.
Powered by WPeMatico
Startup branding: how much does it really cost?
Editor’s note: This article is a part of our latest initiative to demystify design and find the best brand designers and agencies in the world who work with early-stage companies — nominate a talented brand designer you’ve worked with.
A brand is far more than logos and colors. A consistent brand identity not only communicates your company’s purpose and values to customers, but it also shapes your product development cycle and corporate culture. A branding project can help you figure out what and how to communicate your company’s story, but how much does it cost?
I’ve been a designer for over a decade (and a marketer before that), working with organizations ranging from tiny startups to the Fortune 500; this piece will give you a general idea of branding costs, with the knowledge that these broad numbers may not be applicable in every single case (in fact, you’re likely to find exceptions).
Bootstrappers and pre-seed startups
For most startups at this stage, your goal is to establish a proof of concept that can show product/market fit and bring investor dollars. You may only need a logo, website, and basic brand positioning. Isla Murray, Creative Director and Cofounder at Lama Six, also recommends investing your money in designing a beautiful deck: “It will set you apart and allow your message to shine through.”
Brand strategy and positioning
Positioning involves understanding who you are as a company, how your product fits the marketplace, and how you communicate your company’s values. This is the most important piece of the branding puzzle and one that’s worthwhile to begin on your own – when you have more funding, your original strategy work will give you a base for conveying your identity to professionals who can take it further. Two suggestions that designers commonly recommend are Positioning: The Battle for Your Mind by Al Ries and Jack Trout and Designing Brand Identity by Alina Wheeler, a primer on brand design.
Approximate cost: Your time.
Logo and visual identity
A brand is a relationship with your audience, and you’ll want to make sure that every interaction with them communicates your message. You’ll almost certainly need to hire a designer for this work. Sites like Fiverr and 99designs offer cheap logos, but independent consultants like Pablo Defendini advise that if you can find a small budget, you’ll get far better results by hiring an experienced professional to create a more polished logo and simple usage guide.
Approximate cost: $100-$3000.
Website
As a UX designer and front-end developer, I often recommend that young companies not spend their limited dollars on building a website from scratch – pre-built, templated websites like Squarespace can get you up and running for minimal cost, and you can buy domain names from a registrar like Namecheap. Customizations will be minimal, but you can’t beat the price.
Approximate cost: $10-30/month, plus $20/year per domain.
Early-stage, funded startups
Once you’re paying for experienced help, finding a good fit with a designer is crucial: Trust is the most important factor in a designer-client relationship, and design is ultimately a collaborative process. So take the time to find a contractor or firm that you respect and feel comfortable with.
Another option: If you already have a strong designer in-house, you might consider setting aside time for them to focus on your brand identity — they’ll cost less, and they already have intimate knowledge of your company values and audience.
Pricing comes in a wide range depending on your needs: Defindini says he’s worked on identity projects ranging from $5000 for a standalone logo to $200,000 for a complex identity system with multiple brands. Costs are also driven by scope and time. When you receive proposals from firms, be clear about your needs and transparent about what you can afford. Murray says that if clients don’t have a full budget, she’ll look for ways to scope down projects, which might involve reducing deliverables or going through fewer rounds of feedback and iteration.
Many designers will charge project rates, but if you’re paying by the hour, expect to spend $100-$150/hour for an experienced consultant and $150-$600/hour for a firm depending on their size and location.
Brand strategy and positioning
Brand strategy and positioning should drive most of your business decisions, so it’s worth taking the time to do this right. With a smaller budget, a consultant might spend a few days with your company leadership figuring out your core values and how to articulate them. For a larger budget, expect design teams to do more research and a competitive analysis, resulting in deliverables like a communication strategy and voice/tone guidelines for your marketing team.
More expensive projects may also include things like trainings to make sure your staff correctly and consistently implements your brand. In general, pricing is determined by how many people are working on your branding project and the complexity of your deliverables.
Approximate cost: $5000-$20,000 (freelancers and small firms), $30,000-$80,000 (large firms).
Logo and visual identity
Visual identity is the result of independent research, visual moodboarding, and rounds of feedback and iteration, says Murray. At the end of the process, you’ll typically receive a logo, typeface, color and design elements, and visual brand attributes. Larger-budget projects will typically involve detailed guidance on specific illustration and photography styles, iconography, and more – Murray suggests also including social media visual strategy and Instagram post templates.
Pricing here increases the more logo variations you need, the more brands you have, and the level of detail required in your visual guidance. Rounds of feedback and iteration add cost, as does the size of the team you hire.
Approximate cost: $5000-$15,000 (freelancers and small firms), $15,000-$75,000 (large firms).
Website
This is the branding piece with the greatest variability in cost, with projects getting more expensive as they require more user research, prototyping, content creation, and engineering work. Pricing is largely dependent on the complexity of engineering requirements and the number of iterations you want to go through.
Generally, you have static marketing sites on the lower end, websites built on lightweight content management systems (i.e. a custom visual design built to run on WordPress) in the middle, and web applications managing heavy databases or a more robust CMS like Sitecore or Drupal on the higher end.
Approximate cost: $2000-$20,000 (freelancers and small firms), $30,000-$200,000 (large firms).
Company name development – for more mature startups
Many startups find themselves at a stage where they’re well-funded but have a name that no longer fits – what feels right when your company is a month old and bootstrapped with your savings account may not feel the same two years later. A naming agency will develop names that work with your brand positioning, do a competitive analysis to research the tone, strength, and messaging of these names, and pre-screen them for trademark availability. (Note that you’ll typically need to hire a legal team to register the trademark once this is done.)
Approximate cost: $15,000-$75,000 (naming firm).
There’s no one-size-fits-all solution
You may hire one of the top branding agencies in the world or you may have a family member who’s an experienced designer and willing to give you an incredible deal. But no matter who you choose to work with, branding is a vital part of your business that will help you both understand and communicate who you are.
Powered by WPeMatico
Atom Tickets to challenge MoviePass with a subscription ticket platform for theaters
MoviePass may still be trying to figure out how to make a movie ticket subscription service financially viable, but it can be credited for at least correctly identifying consumer demand for such a thing. There’s now a market for movie tickets by subscription from it as well as rivals like Sinemia, AMC Stubs A-List, Cinemark Movie Club, and — as of yesterday — newcomer Infinity. Now you can add one more: Atom Tickets, which is today announcing a platform that will allow theaters to build their own movie ticket subscription services.
The idea here is that the exhibitors themselves — not startups — should be involved in establishing the business model that’s right for them. Atom Tickets will instead provide the underlying technology and support that makes such a thing possible.
The new platform, called Atom Movie Access, will be offered to exhibitors across North America. It provides a fully digitally booking platform for subscribers through the Atom Tickets app. That means subscribers can also take advantage of Atom Tickets’ other benefits — like reserving seats in advance, inviting friends through their contacts, pre-ordering concessions for quick pickup where available and checking in using a phone instead of paper tickets.
On the back end, Atom Tickets will also handle the payment processing, customer service, fraud detection and anti-abuse measures. The latter is particularly important for movie ticket subscriptions, as MoviePass noted that as much as 20 percent of its customers were abusing the service, which significantly contributed to its financial issues.
In addition, the platform will allow subscribers to be able to make complex transactions in-app, like redeeming a free movie while also buying full-priced tickets for a guest in one sale. It also supports things like being able to choose between an included free screening or saving it for later, the company says, and allows for the creation of differently tiered plans. For example, there can be plans for both individuals or groups and tiers for standard and premium movie formats.
“Atom Tickets is an innovative ticketing platform that enables exhibitors to reach and engage new and incremental audiences,” said Matthew Bakal, chairman and co-founder of Atom Tickets, in a statement about the launch. “We’ve always believed in being a valuable partner to exhibitors, starting with the core functionality of our app, which allows for marketing promotions at specific locations, integrating exhibitor loyalty plans and giving customers the ability to pre-order concessions. Now with Atom Movie Access, we’re thrilled to provide the technology that will enhance the direct-to-consumer relationship of moviegoers with their favorite theaters.”
There are still several unknowns about the new platform — most notably the pricing for exhibitors. In an interview with Variety, Bakal suggested it would not be prohibitive as Atom Tickets would instead take a cut of subscriptions. The report also noted that no theaters have signed up yet, but the pitching will begin in earnest at a trade show next week in Las Vegas.
Powered by WPeMatico
Moolah Mobile partners with Surge to offer free mobile service with ads
Moolah Mobile is teaming up with SurgePhone Wireless to offer people a new way to pay their cell phone bills — by putting ads on their homescreens.
Moolah CEO Vernell Woods (pictured above) said the startup has already been offering gift cards and other rewards to users who view its homescreen ads. So this is a similar model, except instead of earning gift cards, the ads are subsidizing cell phone service from Surge.
The ads show up on users’ homescreens during interstitial moments between using apps, so the goal is to offer free service without consumers having to change their behavior. Woods said all that ad time adds up, with “the average person who’s using their phone on a consistent basis” viewing “easily between two to three hours” of homescreen ads each day. And that’s enough to pay for the “equivalent” of Surge’s $10 monthly plan.
On the other hand, if for some reason a subscriber isn’t hitting the necessary total, Woods said they can also earn more points by accepting offers or taking surveys.
Moolah isn’t the only company using advertising to make previously paid products free. Just last week, I wrote about PreShow, a startup promising a free movie ticket for watching 15 to 20 minutes of ads. (Not everyone was crazy about the idea.)
Moolah Mobile screenshot
But Woods said he’s doing this because he wants to make wireless service more affordable to people in low-income communities. In the announcement, Moolah investor Tip “T.I.” Harris said it’s “one of the few tech companies I’ve seen who truly want to help everyday people have access to technology.”
But could this also be seen as a way to harvest personal data from a vulnerable population? Woods said he wants to protect against that with a blockchain initiative set to launch this fall, allowing users to see exactly what data is being shared with advertisers.
“No personal information should be going to advertisers without users knowing about it,” he said, adding that companies “definitely should not be making money off” personal data without giving users a cut of the profits.
The subsidized wireless service should be available on Surge Volt Android devices with Moolah install kits, as well as through SIM Starter Kits distributed by Surge. Moolah and Surge said they will roll this out in Florida, Virginia, Georgia and Texas initially, with an aim of reaching 40,000 locations by the end of the year.
Powered by WPeMatico
UK report blasts Huawei for network security incompetence
The latest report by a UK oversight body set up to evaluation Chinese networking giant Huawei’s approach to security has dialled up pressure on the company, giving a damning assessment of what it describes as “serious and systematic defects” in its software engineering and cyber security competence.
Although the report falls short of calling for an outright ban on Huawei equipment in domestic networks — an option U.S. president Trump continues dangling across the pond.
The report, prepared for the National Security Advisor of the UK by the Huawei Cyber Security Evaluation Centre (HCSEC) Oversight Board, also identifies new “significant technical issues” which it says lead to new risks for UK telecommunications networks using Huawei kit.
The HCSEC was set up by Huawei in 2010, under what the oversight board couches as “a set of arrangements with the UK government”, to provide information to state agencies on its products and strategies in order that security risks could be evaluated.
And last year, under pressure from UK security agencies concerned about technical deficiencies in its products, Huawei pledged to spend $2BN to try to address long-running concerns about its products in the country.
But the report throws doubt on its ability to address UK concerns — with the board writing that it has “not yet seen anything to give it confidence in Huawei’s capacity to successfully complete the elements of its transformation programme that it has proposed as a means of addressing these underlying defects”.
So it sounds like $2BN isn’t going to be nearly enough to fix Huawei’s security problem in just one European country.
The board also writes that it will require “sustained evidence” of better software engineering and cyber security “quality”, verified by HCSEC and the UK’s National Cyber Security Centre (NCSC), if there’s to be any possibility of it reaching a different assessment of the company’s ability to reboot its security credentials.
While another damning assessment contained in the report is that Huawei has made “no material progress” on issues raised by last year’s report.
All the issues identified by the security evaluation process relate to “basic engineering competence and cyber security hygiene”, which the board notes gives rise to vulnerabilities capable of being exploited by “a range of actors”.
It adds that the NCSC does not believe the defects found are a result of Chinese state interference.
This year’s report is the fifth the oversight board has produced since it was established in 2014, and it comes at a time of acute scrutiny for Huawei, as 5G network rollouts are ramping up globally — pushing governments to address head on suspicions attached to the Chinese giant and consider whether to trust it with critical next-gen infrastructure.
“The Oversight Board advises that it will be difficult to appropriately risk-manage future products in the context of UK deployments, until the underlying defects in Huawei’s software engineering and cyber security processes are remediated,” the report warns in one of several key conclusions that make very uncomfortable reading for Huawei.
“Overall, the Oversight Board can only provide limited assurance that all risks to UK national security from Huawei’s involvement in the UK’s critical networks can be sufficiently mitigated long-term,” it adds in summary.
Reached for its response to the report, a Huawei UK spokesperson sent us a statement in which it describes the $2BN earmarked for security improvements related to UK products as an “initial budget”.
It writes:
The 2019 OB [oversight board] report details some concerns about Huawei’s software engineering capabilities. We understand these concerns and take them very seriously. The issues identified in the OB report provide vital input for the ongoing transformation of our software engineering capabilities. In November last year Huawei’s Board of Directors issued a resolution to carry out a companywide transformation programme aimed at enhancing our software engineering capabilities, with an initial budget of US$2BN.
A high-level plan for the programme has been developed and we will continue to work with UK operators and the NCSC during its implementation to meet the requirements created as cloud, digitization, and software-defined everything become more prevalent. To ensure the ongoing security of global telecom networks, the industry, regulators, and governments need to work together on higher common standards for cyber security assurance and evaluation.
Seeking to find something positive to salvage from the report’s savaging, Huawei suggests it demonstrates the continued effectiveness of the HCSEC as a structure to evaluate and mitigate security risk — flagging a description where the board writes that it’s “arguably the toughest and most rigorous in the world”, and which Huawei claims shows at least there hasn’t been any increase in vulnerability of UK networks since the last report.
Though the report does identify new issues that open up fresh problems — albeit the underlying issues were presumably there last year too, just laying undiscovered.
The board’s withering assessment certainly amps up the pressure on Huawei which has been aggressively battling U.S.-led suspicion of its kit — claiming in a telecoms conference speech last month that “the U.S. security accusation of our 5G has no evidence”, for instance.
At the same time it has been appealing for the industry to work together to come up with collective processes for evaluating the security and trustworthiness of network kit.
And earlier this month it opened another cyber security transparency center — this time at the heart of Europe in Brussels, where the company has been lobbying policymakers to help establish security standards to foster collective trust. Though there’s little doubt that’s a long game.
Meanwhile, critics of Huawei can now point to impatience rising in the U.K., despite comments by the head of the NCSC, Ciaran Martin, last month — who said then that security agencies believe the risk of using Huawei kit can be managed, suggesting the government won’t push for an outright ban.
The report does not literally overturn that view but it does blast out a very loud and alarming warning about the difficulty for UK operators to “appropriately” risk-manage what’s branded defective and vulnerable Huawei kit. Including flagging the risk of future products — which the board suggests will be increasingly complex to manage. All of which could well just push operators to seek alternatives.
On the mitigation front, the board writes that — “in extremis” — the NCSC could order Huawei to carry out specific fixes for equipment currently installed in the UK. Though it also warns that such a step would be difficult, and could for example require hardware replacement which may not mesh with operators “natural” asset management and upgrades cycles, emphasizing it does not offer a sustainable solution to the underlying technical issues.
“Given both the shortfalls in good software engineering and cyber security practice and the currently unknown trajectory of Huawei’s R&D processes through their announced transformation plan, it is highly likely that security risk management of products that are new to the UK or new major releases of software for products currently in the UK will be more difficult,” the board writes in a concluding section discussing the UK national security risk.
“On the basis of the work already carried out by HCSEC, the NCSC considers it highly likely that there would be new software engineering and cyber security issues in products HCSEC has not yet examined.”
It also describes the number and severity of vulnerabilities plus architectural and build issues discovered by a relatively small team in the HCSEC as “a particular concern”.
“If an attacker has knowledge of these vulnerabilities and sufficient access to exploit them, they may be able to affect the operation of the network, in some cases causing it to cease operating correctly,” it warns. “Other impacts could include being able to access user traffic or reconfiguration of the network elements.”
In another section on mitigating risks of using Huawei kit, the board notes that “architectural controls” in place in most UK operators can limit the ability of attackers to exploit any vulnerable network elements not explicitly exposed to the public Internet — adding that such controls, combined with good opsec generally, will “remain critically important in the coming years to manage the residual risks caused by the engineering defects identified”.
In other highlights from the report the board does have some positive things to say, writing that an NCSC technical review of its capabilities showed improvements in 2018, while another independent audit of HCSEC’s ability to operate independently of Huawei HQ once again found “no high or medium priority findings”.
“The audit report identified one low-rated finding, relating to delivery of information and equipment within agreed Service Level Agreements. Ernst & Young concluded that there were no major concerns and the Oversight Board is satisfied that HCSEC is operating in line with the 2010 arrangements between HMG and the company,” it further notes.
Last month the European Commissioner said it was preparing to step in to ensure a “common approach” across the European Union where 5G network security is concerned — warning of the risk of fragmentation across the single market. Though it has so far steered clear of any bans.
Earlier this week it issued a set of recommendations for Member States, combining legislative and policy measures to assess 5G network security risks and help strengthen preventive measures.
Among the operational measures it suggests Member States take is to complete a national risk assessment of 5G network infrastructures by the end of June 2019, and follow that by updating existing security requirements for network providers — including conditions for ensuring the security of public networks.
“These measures should include reinforced obligations on suppliers and operators to ensure the security of the networks,” it recommends. “The national risk assessments and measures should consider various risk factors, such as technical risks and risks linked to the behaviour of suppliers or operators, including those from third countries. National risk assessments will be a central element towards building a coordinated EU risk assessment.”
At an EU level the Commission said Member States should share information on network security, saying this “coordinated work should support Member States’ actions at national level and provide guidance to the Commission for possible further steps at EU level” — leaving the door open for further action.
While the EU’s executive body has not pushed for a pan-EU ban on any 5G vendors it did restate Member States’ right to exclude companies from their markets for national security reasons if they fail to comply with their own standards and legal framework.
Powered by WPeMatico