N26 hires Adrienne Gormley as its new chief operating officer

Fintech startup N26 is announcing some changes in the leadership team with two new C-Level hires. First, Adrienne Gormley, pictured above, is joining the company as chief operating officer, replacing Martin Schilling who left the company in March 2020. Second, Diana Styles, pictured below, will become N26’s chief people officer.

Gormley has spent the last six years working for Dropbox in Dublin. She was the VP of Global Customer Experience as well as the head of EMEA for Dropbox. Previously, she’s worked at Google and Transware.

At N26, she will be in charge of a large chunk of the company, from customer service, to business operations, service experience and workplace division.

Styles has many years of human resources experience. She was the senior vice president of Human Resources, Global Sales and Brands at Adidas. Similarly, as chief people officer, she will oversee important aspects of the company, such as employee retention, leadership development, talent acquisition and more.

Both will be based in Berlin and report to the company’s co-founder and chief financial officer Maximilian Tayenthal. N26 has grown quite a lot over the past few years as there are now 1,500 employees working for the company.

Image Credits: N26

Tech giants are ignoring questions over the legality of their EU-US data transfers

A survey of responses from more than 30 companies to questions about how they’re approaching EU-US data transfers in the wake of a landmark ruling (aka Schrems II) by Europe’s top court in July, which struck down the flagship Privacy Shield over US surveillance overreach, suggests most are doing the equivalent of burying their head in the sand and hoping the legal nightmare goes away.

European privacy rights group, noyb, has done most of the groundwork here — rounding up in this 45-page report responses (some in English, others in German) from EU entities of 33 companies to a set of questions about personal data transfers.

It sums up the answers to the questions about companies’ legal basis for transferring EU citizens’ data over the pond post-Schrems II as “astonishing” or AWOL — given some failed to send a response at all.

Tech companies polled on the issue run the alphabetic gamut from Apple to Zoom. While Airbnb, Netflix and WhatsApp are among the companies that noyb says failed to respond about their EU-US data transfers.

Responses provided by companies that did respond appear to raise many more questions than they answer — with lots of question-dodging ‘boilerplate responses’ in evidence and/or pointing to existing privacy policies in the hope that will make the questioner go away (hi Facebook!) .

Facebook also made repeat claims that sought for info falls outside the scope of the EU’s data protection framework…

noyb also highlights a response by Slack which said it does not “voluntarily” provide governments with access to data — which, as the privacy rights group points out, “does not answer the question of whether they are compelled to do so under surveillance laws such as FISA702”.

A similar issue affects Microsoft. So while the tech giant did at least respond specifically to each question it was asked, saying it’s relying on Standard Contractual Clauses (SCCs) for EU-US data transfers, again it’s one of the companies subject to US surveillance law — or as noyb notes: “explicitly named by the documents disclosed by Edward Snowden and publicly numbering the FISA702 requests by the US government it received and answered”.

That, in turn, raises questions about how Microsoft can claim to (legally) use SCCs if users’ data cannot be adequately protected from US mass surveillance… 

The Court of Justice of the EU made it clear that use of SCCs to take data outside the EU is contingent on a case by case assessment of whether the data will in fact be safe. If it is not the data controller is legally required to suspend the transfer. EU regulators also have a clear duty to act to suspend transfers where data is at risk.

“Overall, we were astonished by how many companies were unable to provide little more than a boilerplate answer. It seems that most of the industry still does not have a plan as to how to move forward,” noyb adds.

In August the group filed 101 complaints against websites it had identified as still sending data to the US via Google Analytics and/or Facebook Connect integrations — with, again, both tech giants clearly subject to US surveillance laws, such as FISA 702.

noyb founder Max Schrems — whose surname has become synonymous with questions over EU-US data transfers — also continues to push the Irish Data Protection Commission (DPC) to take enforcement action over Facebook’s use of SCCs in a case that dates back some seven years.

Earlier this month it emerged the DPC had written to Facebook — issuing a preliminary order to suspend transfers. However Facebook filed an appeal for a judicial review in the Irish courts and was granted a stay.

In an affidavit filed to the court the tech giant appeared to claim it could shut down its service in Europe if the suspension order is enforced. But last week Facebook’s global VP and former UK deputy PM, Nick Clegg, denied it could shut down in Europe over the issue. Though he warned of “profound effects” on scores of digital businesses if a way is not found by lawmakers on both sides of the pond to resolve the legal uncertainty around U.S. data transfers. (A Privacy Shield 2 has been mooted but the European Commission has warned there’s no quick fix, suggesting reform of US surveillance law will be required.)

For his part Schrems has suggested the solution for Facebook at least is to federate its service — splitting its infrastructure in two. But Thierry Breton, EU commissioner for the internal market, has also called for “European data…[to] be stored and processed in Europe” — arguing earlier this month this data “belong in Europe” and “there is nothing protectionist about this”, in a discussion that flowed from US president Trump’s concerns about TikTok.

Back in Ireland, Facebook has complained to the courts that regulatory action over its EU-EU data transfers is being rushed (despite the complaint dating back to 2013); and also that it’s being unfairly singled out.

But now with data transfer complaints filed by noyb against scores of companies on the desk of every EU data supervisor, and regulators under explicit ECJ instruction they have a duty to step in a lot of pressure is being exerted to actually enforce the law and uphold Europeans’ data rights.

The European Data Protection Board’s guidance on Schrems II — which Facebook had also claimed to be waiting for — also specifies that the ability to (legally) use SCCs to transfer data to the U.S. hinges on a data controller being able to offer a legal guarantee that “U.S. law does not impinge on the adequate level of protection” for the transferred data. So Facebook et al would do well to lobby the US government on reform of FISA. 

Klaxoon launches Board, an interactive meeting product for video calls

A few weeks after teasing its new product, French startup Klaxoon is launching Board, a visual interface that lets you work together during a video call. Instead of staring at other people’s faces, you get a shared canvas that you can use for presentations and to suggest ideas.

Klaxoon is well aware that many companies have strong opinions about video conferencing services. Some companies are already using Microsoft Teams for everything, others are using Zoom or Google Meet. That’s why the company is trying to make it as easy as possible to use Board while you’re on a call using Zoom, Microsoft Teams or Google Meet.

Given that you’re already in Board when you’re generating a Zoom link, you can also use Klaxoon’s own video-conferencing service called Live.

“Video represents less than 10% of your screen real estate. Our goal isn’t to compete with other services when it comes to pixels, high definition or the number of thumbnails,” Klaxoon co-founder and CEO Matthieu Beucher told me.

Instead, when you use Live, you accept multiple constraints that could help you remain focused on your meeting. For instance, you can only have 15 people in your meeting. The person organizing the meeting can set a limit — it can be 5 minutes, 15 minutes or 30 minutes. But you can’t use Live for a meeting that lasts longer than 30 minutes.

And finally, other people on the calls are represented through tiny thumbnails on the right side of the screen. Most of the screen is filled with a sort of digital whiteboard that you can use to write text, insert images or videos. You can work on your board before starting the meeting or you can add a table from a template library.

People joining your meeting can submit ideas through digital sticky notes. You can also switch from the freeform view to a more structured column view to move ideas from one category to another.

Klaxoon has been working on interactive whiteboards and meeting tools for quite a few years now. Board combines some of the stuff that the company is already providing to its clients, but with a focus on remote meetings. The service is launching today for €9.90 per month.

Image Credits: Klaxoon

Uber wins latest London licence appeal

Uber has won its appeal against having its licence to operate withdrawn in London.

In today’s judgement the court decided it was satisfied with process improvements made by the ride-hailing company, including around its communication with the city’s transport regulator.

However it’s still not clear how long Uber will be granted a licence for — with the judge wanting to hear more evidence before taking a decision.

We’ve reached out to Uber and TfL for comment.

The ride-sharing giant has faced a multi-year battle to have its licence reinstated after TfL, the city’s transport regulator, took the shock decision not to issue a renewal in 2017 — citing safety concerns and deeming the company not “fit and proper” to hold a private hire operator licence.

It won a provisional appeal back in 2018 — when a UK court granted it a 15-month licence to give it time to continue working on meeting TfL’s requirements. However last November the regulator once again denied a full licence renewal — raising a range of new safety issues.

Despite that Uber has been able to continue operating in London throughout the legal process — but with ongoing uncertainty over the future of its licence. Now it will be hoping this is in the past.

In the appeal, Uber’s key argument was it is now “fit and proper” to hold a licence — claiming it’s listened to the regulator’s concerns and learnt from errors, making major changes to address issues related to passenger safety.

For example Uber pointed to improvements in its governance and document review systems, including a freeze on drivers who had not taken a trip for an extended period; real-time driver ID verification; and new scrutiny teams and processes; as well as the launch of ‘Programme Zero’ — which aims to prevent all breaches of licence conditions.

It also argued system flaws were not widespread — claiming only 24 of the 45,000 drivers using the app had exploited its system to its knowledge.

It also argued it now cooperates effectively and proactively with TfL and police forces, denying it conceals any failures. Furthermore, it claimed denying its licence would have a “profound effect” on groups at risk of street harassment — such as women and ethnic minorities, as well as disabled people.

It’s certainly fair to say the Uber of 2020 has travelled some distance from the company whose toxic internal culture included developing proprietary software to try to thwart regulatory oversight and eventually led to a major change of guard of its senior management.

However it’s interesting the court has taken the step of choosing to debate what length of licence Uber should receive. So while it’s a win for Uber, there are still some watchful caveats.

Offering commentary on today’s ruling, Anna McCaffrey, a senior counsel for the law firm Taylor Wessing, highlighted this element of the judgement. “The Magistrates Court agreed that Uber had made improvements and addressed TfL safety concerns. However, the fact that the length of extension is up for debate, rather than securing Uber’s preferred five year licence, demonstrates that Uber will have to work hard to continue to prove to TfL and the Court that it has really changed. If not, Uber is likely to find itself back in Court facing the same battle next year,” she noted in a statement.

She also pointed out that a decision is still pending from the Supreme Court to “finally settle” the question as to whether Uber’s drivers are workers or self-employed — another long-running legal saga for Uber in the UK.

It is also now facing fresh legal challenges related to its algorithmic management of drivers. So there’s still plenty of work for its lawyers.

The App Drivers and Couriers Union (ADCU), meanwhile, offered a cautious welcome of the court’s decision to grant Uber’s licence renewal — given how many of its members are picking up jobs via the platform.

However the union also called for the major of London to break up what it dubbed Uber’s “monopoly” by imposing limits on the numbers of drivers who can register on its platform. In a statement, ADCU president, Yaseen Aslam, argued: “The reduced scale will give both Uber and Transport for London the breathing space necessary to ensure all compliance obligations -– including worker rights — are met in future.”

HumanForest suspends London e-bike sharing service, cuts jobs after customer accident

UK-based startup HumanForest has suspended its nascent ‘free’ e-bike service in London this week, after experiencing “mechanical” issues and after a user had an accident on one of its bikes, TechCrunch has learned. The suspension has also seen the company make a number of layoffs with plans to re-launch next spring using a different e-bike.

The service suspension comes only a few months after HumanForest started the trial in North London — and just a couple of weeks after announcing a $2.3M seed round of funding backed by the founders of Cabify and others.

We were tipped to the closure by an anonymous source who said they were employed by the startup. They told us the company’s e-bike had been found to have a defect and there had been an accident involving a user, after which the service was suspended. They also told us HumanForest fired a bunch of staff this week with little warning and minimal severance.

Asked about the source’s allegations, HumanForest confirmed it had suspended its service in London following a “minor accident” on Sunday, saying also that it had identified “problems of a similar nature” prior to the accident but had put down those down to “tampering or minor mechanical issues”.

Here’s its statement in full: “We were not aware that the bike was defective. There had been problems of a similar nature which were suspected to be tampering or minor mechanical issues. We undertook extra mechanical checks which we believed had resolved the issue and informed the supplier. We immediately suspended operations following the minor accident on Sunday. The supplier is now investigating whether there is a more serious problem with the e-bike.”

In an earlier statement the startup also told us: “There was an accident last week. Fortunately, the customer was not hurt. We immediately withdrew all e-bikes from the street and we have informed the supplier who is investigating. Our customers’ safety is our priority. We have, therefore, decided to re-launch with a new e-bike in Spring 2021.”

HumanForest declined to offer any details about the nature of the defect that caused it to suspend service but a spokeswoman confirmed all its e-bikes were withdrawn from London streets the same day as the accident, raising questions as to why it did not do so sooner — having, by its own admission, already identified “similar problems”.

The spokeswoman also confirmed HumanForest made a number of job cuts in the wake of the service suspension.

“We are very sorry that we had to let people go at this difficult time but, with operations suspended, we could only continue as a business with a significantly reduced team,” she said. “We tried very hard to find a way to keep people on board and we looked at the possibility of alternative contractual arrangements or employment but unfortunately, there are no guarantees of when we can re-launch.”

“Employees who had been with the company for less than three months were on their probation period which, as outlined in their contract, had one week’s notice. We will be paying their salaries until the end of the month,” she said, reiterating that it’s a difficult time for the startup.

The e-bikes HumanForest was using for the service appear to be manufactured by the Chinese firm Hongji — but are supplied by a German startup, called Wunder Mobility, which offers both b2c and b2b mobility services.

We contacted both companies to ask about the e-bike defect reported by HumanForest.

At the time of writing only Wunder Mobility had responded — confirming it acts as “an intermediary” for HumanForest but not offering any details about the nature of the technical problem.

Instead, it sent us this statement, attributed to its CCO Lukas Loers: “HumanForest stands for reliable quality and works continuously to improve its services. In order to offer its customers the best possible range of services in the sharing business, HumanForest will use the winter break to evaluate its findings from the pilot project in order to provide the best and most sustainable solution for its customers together with Wunder Mobility in the spring.”

“Unfortunately, we cannot provide any information about specific defects on the vehicles, as we have only acted as an intermediary. Only the manufacturer or the operator HumanForest can comment on this,” it added.

In a further development this week, which points to the competitive and highly dynamic nature of the nascent micromobility market, another e-bike sharing startup, Bolt — which industry sources suggest uses the same model of e-bike as HumanForest (its e-bike is visually identical, just painted a more lurid shade of green) — closed its e-bike sharing service in Paris, a few months after launching in the French capital.

When we contacted Bolt to ask whether it had withdrawn any e-bikes because of technical issues it flat denied doing so — saying the Paris closure was a business decision, and was not related to problems with its e-bike hardware.

“We understand some other companies have had issues with their providers. Bolt hasn’t withdrawn any electric bikes from suppliers due to defects,” a spokesperson told us, going on to note it has “recently” launched in Barcelona and trailing “more announcements about future expansion soon”.

In follow up emails the spokesperson further confirmed it hasn’t identified any defects with any e-bikes it’s tested, nor withdrawn any bikes from its supplier.

Bolt’s UK country manager, Matt Barrie, had a little more to say in a response to chatter about the various micromobility market moves on Twitter — tweeting the claim that: “Hardware at Bolt is fine, all good, the issues that HumanForest have had are with their bespoke components.”

“The Paris-Prague move is a commercial decision to support our wider business in Prague. Paris a good market and we hope to be back soon,” he added.

We asked HumanForest about Barrie’s claim that the technical issues with its hardware are related to “bespoke components” — but its spokeswoman declined to comment.

HumanForest’s twist on the e-bike sharing model is the idea of offering free trips with in-app ads subsidizing the rides. Its marketing has also been geared towards pushing a ‘greener commute’ message — touting that the e-bike batteries and service vehicles are charged with certified renewable energy sources.

Calling Helsinki VCs: Be featured in The Great TechCrunch Survey of European VC

TechCrunch is embarking on a major new project to survey the venture capital investors of Europe, and their cities.

Our <a href=”https://forms.gle/k4Ji2Ch7zdrn7o2p6”>survey of VCs in Helsinki will capture how the city is faring, and what changes are being wrought amongst investors by the coronavirus pandemic. (Please note, if you have filled the survey out already, there is no need to do it again).

We’d like to know how Helsinki’s startup scene is evolving, how the tech sector is being impacted by COVID-19, and, generally, how your thinking will evolve from here.

Our survey will only be about investors, and only the contributions of VC investors will be included. More than one partner is welcome to fill out the survey.

The shortlist of questions will require only brief responses, but the more you can add, the better.

You can fill out the survey here.

Obviously, investors who contribute will be featured in the final surveys, with links to their companies and profiles.

What kinds of things do we want to know? Questions include: Which trends are you most excited by? What startup do you wish someone would create? Where are the overlooked opportunities? What are you looking for in your next investment, in general? How is your local ecosystem going? And how has COVID-19 impacted your investment strategy?

This survey is part of a broader series of surveys we’re doing to help founders find the right investors.

For example, here is the recent survey of London.

You are not in Helsinki, but would like to take part? European VC investors can STILL fill out the survey, as we will be putting a call out to your city next anyway!

The survey is covering almost every European country on the continent of Europe (not just EU members, btw), so just look for your country and city on the survey and please participate (if you’re a venture capital investor).

Thank you for participating. If you have questions you can email [email protected]

Cambridge Analytica’s former boss gets 7-year ban on being a business director

The former CEO of Cambridge Analytica, the disgraced data company that worked for the 2016 Trump campaign and shut down in 2018 over a voter manipulation scandal involving masses of Facebook data — has been banned from running limited companies for seven years.

Alexander Nix signed a disqualification undertaking earlier this month which the UK government said yesterday it had accepted. The ban commences on October 5.

“Within the undertaking, Alexander Nix did not dispute that he caused or permitted SCL Elections Ltd or associated companies to market themselves as offering potentially unethical services to prospective clients; demonstrating a lack of commercial probity,” the UK insolvency service wrote in a press release.

Nix was suspended as CEO of Cambridge Analytica at the peak of the Facebook data scandal after footage emerged of him, filmed by undercover reporters, boasting of spreading disinformation and entrapping politicians to meet clients’ needs.

Cambridge Analytica was a subsidiary of the SCL Group, which included the division SCL Elections, while Nix was one of the key people in the group — being a director for SCL Group Ltd, SCL Social Ltd, SCL Analytics Ltd, SCL Commercial Ltd, SCL Elections and Cambridge Analytica (UK) Ltd. All six companies entered into administration in May 2018, going into compulsory liquidation in April 2019.

The “potentially unethical” activities that Nix does not dispute the companies offered, per the undertaking, are:

  • bribery stings and honey trap stings designed to uncover corruption
  • voter disengagement campaigns
  • the obtaining of information to discredit political opponents
  • the anonymous spreading of information

Last year the FTC also settled with Nix over the data misuse scandal — with the former Cambridge Analytica boss agreeing to an administrative order restricting how he conducts business in the future. The order also required the deletion/destruction of any personal information collected via the business.

Back in 2018 Nix was also grilled by the UK parliament’s DCMS committee — and in a second hearing he claimed Cambridge Analytica had licensed “millions of data points on American individuals from very large reputable data aggregators and data vendors such as Acxiom, Experian, Infogroup”, arguing the Facebook data had not been its “foundational data-set”.

It’s fair to say there are still many unanswered questions attached to the data misuse scandal. Last month, for example, the UK’s data watchdog — which raided Cambridge Analytica’s UK offices in 2018, seizing evidence, before going on to fine and then settle with Facebook (which did not admit any liability) over the scandal — said it would no longer be publishing a final report on its data analytics investigation.

Asked about the fate of the final report on Cambridge Analytica, an ICO spokesperson told us: “As part of the conclusion to our data analytics investigation we will be writing to the DCMS select committee to answer the outstanding questions from April 2019. We have committed to updating the select committee on our final findings but this will not be in the form of a further report.”

It’s not clear whether the DCMS committee — which has reformed with a different chair vs the one who in 2018 led the charge to dig into the Cambridge Analytica scandal as part of an enquiry into the impact of online disinformation — will publish the ICO’s written answers. Last year its final report called for Facebook’s business to be investigated over data protection and competition concerns.

You can read a TechCrunch interview with Nix here, from 2017 before the Facebook data scandal broke, in which he discusses how his company helped the Trump campaign.

Daily Crunch: Amazon unveils its own game-streaming platform

Amazon announces a new game service and plenty of hardware upgrades, tech companies team up against app stores and United Airlines tests a program for rapid COVID-19 testing. This is your Daily Crunch for September 24, 2020.

The big story: Amazon unveils its own game-streaming platform

Amazon’s competitor to Google Stadia and Microsoft xCloud is called Luna, and it’s available starting today at an early access price of $5.99 per month. Subscribers will be able to play games across PC, Mac and iOS, with more than 50 games in the library.

The company made the announcement at a virtual press event, where it also revealed a redesigned Echo line (with spherical speakers and swiveling screens), the latest Ring security camera and a new, lower-cost Fire TV Stick Lite.

You can also check out our full roundup of Amazon’s announcements.

The tech giants

App makers band together to fight for App Store changes with new ‘Coalition for App Fairness’ — Thirteen app publishers, including Epic Games, Deezer, Basecamp, Tile, Spotify and others, launched a coalition formalizing their efforts to force app store providers to change their policies or face regulation.

LinkedIn launches Stories, plus Zoom, BlueJeans and Teams video integrations as part of wider redesignLinkedIn has built its business around recruitment, so this redesign pushes engagement in other ways as it waits for the job economy to pick up.

Facebook gives more details about its efforts against hate speech before Myanmar’s general election — This includes adding Burmese language warning screens to flag information rated false by third-party fact-checkers.

Startups, funding and venture capital

Why isn’t Robinhood a verb yet? — The latest episode of Equity discusses a giant funding round for Robinhood.

Twitter-backed Indian social network ShareChat raises $40 million — Following TikTok’s ban in India, scores of startups have launched short-video apps, but ShareChat has clearly established dominance.

Spotify CEO Daniel Ek pledges $1Bn of his wealth to back deeptech startups from Europe — Ek pointed to machine learning, biotechnology, materials sciences and energy as the sectors he’d like to invest in.

Advice and analysis from Extra Crunch

3 founders on why they pursued alternative startup ownership structures — At Disrupt, we heard about alternative approaches to ensuring that VCs and early founders aren’t the only ones who benefit from startup success.

Coinbase UX teardown: 5 fails and how to fix them — Many of these lessons, including the need to avoid the “Get Started” trap, can be applied to other digital products.

As tech stocks dip, is insurtech startup Root targeting an IPO? — Alex Wilhelm writes that Root’s debut could clarify Lemonade’s IPO and valuation.

(Reminder: Extra Crunch is our subscription membership program, which aims to democratize information about startups. You can sign up here.)

Everything else

United Airlines is making COVID-19 tests available to passengers, powered in part by Color — United is embarking on a new pilot project to see if easy access to COVID-19 testing immediately prior to a flight can help ease freedom of mobility.

Announcing the final agenda for TC Sessions: Mobility 2020 — TechCrunch reporters and editors will interview some of the top leaders in transportation.

The Daily Crunch is TechCrunch’s roundup of our biggest and most important stories. If you’d like to get this delivered to your inbox every day at around 3pm Pacific, you can subscribe here.

Snyk acquires DeepCode to boost its code review smarts

Switzerland-based machine learning code review startup DeepCode — which bills itself as ‘Grammarly for coders’ — has been acquired by Snyk, a post-unicorn valuation cybersecurity startup which is focused on helping developers secure their code.

Financial terms of the deal have not been disclosed. But the ‘big code’ parsing startup had only raised around $5.2M since being founded back in 2016, per CrunchBase — mostly recently closing a $4M seed round from investors including Earlybird, 3VC and btov Partners last year.

DeepCode CEO and co-founder Boris Paskalev confirmed the whole team is “eagerly” joining Snyk to continue what he couched as “the mission of making semantic AI-driven code analysis available for every developer on the planet”.

“DeepCode as a company will continue to exist (fully owned by Snyk), we will keep and plan to grow the Zurich office and tap into the amazing talent pool here and we will continue supporting and expanding the cutting-edge product offering for the global development community,” Paskalev told TechCrunch.

Asked whether DeepCode’s product will continue to exist as a standalone in the future or whether full assimilation into Snyk’s platform will include closing down the code-review bot it currently offers developers he said no decision has yet been taken.

“We are still to evaluate that in details but the main goal is to maintain/expand the benefits that we offer to all developers and specifically to grow the open-source adoption and engagement,” he said, adding: “Initially clearly nothing will change and the DeepCode product will remain as a standalone product.”

“Both companies have a very clear vision and passion for developer-first and helping developers and security teams to further reduce risk and become more productive,” Paskalev added.

In a statement announcing the acquisition Snyk said it will be integrating DeepCode’s technology into its Cloud Native Application Security platform — going on to tout the benefits of bolting on its AI engine which it said would enable developers to “more quickly identify vulnerabilities”.

“DeepCode’s AI engine will help Snyk both increase speed and ensure a new level of accuracy in finding and fixing vulnerabilities, while constantly learning from the Snyk vulnerability database to become smarter,” wrote CEO Peter McKay. “It will enable an even faster integration for developers, testing for issues while they develop rather than as an additional step. And it will further increase the accuracy of our results, almost eliminating the need to waste time chasing down false positives.”

Among the features that have impressed Snyk about DeepCode, McKay lauded code scanning that’s “10-50x faster than alternatives”; and what he described as an “exceptional developer UX” — which allows for “high precision semantic code analysis in real-time” because scanning is carried out at the IDE and git level.

In its own blog post about the acquisition of the ETH Zurich spin-off, the university writes that the AI startup’s “decisive advantage” is that ‘it has developed the first AI system that can learn from billions of program codes quickly, enabling AI-​based detection of security and reliability code issues”.

“DeepCode is an excellent example of a modern AI system that can learn from data, program codes in this case, yet remain transparent and interpretable for humans,” it adds.

The university research work underpinning DeepCode dates back to 2013 — when its co-founders were figuring out how to combine data-​driven machine learning methods with semantic static code analysis methods based on symbolic reasoning, per the blog post.

DeepCode’s tech currently reaches more than 4M contributing developers, with more than 100,000 repositories subscribed to its service.

UK launches COVID-19 exposure notification app for England and Wales

The last two regions of the UK now have an official coronavirus contacts tracing app, after the UK government pushed the button to launch the NHS COVID-19 app across England and Wales today.

Northern Ireland and Scotland launched their own official apps to automate coronavirus exposure notifications earlier this year. But the England and Wales app was delayed after a false start back in May. The key point is that the version that’s launched now has a completely different app architecture.

All three of the UK’s official coronavirus contacts tracing apps make use of smartphones’ Bluetooth radios to generate alerts of potential exposure to COVID-19 — based on estimating the proximity of the devices.

A very condensed version of how this works is that ephemeral IDs are exchanged by devices that come into close contact and stored locally on app users’ phones. If a person is subsequently diagnosed with COVID-19 they are able to notify the system, via their public health authority, which will broadcast the relevant (i.e. ‘risky’) IDs to all other devices.

Matching to see whether an app user has been exposed to any of the risky IDs also takes place locally — meaning exposure alerts are not centralized.

The use of this decentralized, privacy-preserving architecture for the NHS COVID-19 app is a major shift vs the original app which was being designed to centralize data with the public health authority.

However the government U-turned after a backlash over privacy and ongoing technical problems linked to trying to hack its way around iOS limits on background access to Bluetooth.

Switching the NHS COVID-19 app to a decentralized architecture has allowed it to plug into coronavirus exposure notification APIs developed by Apple and Google — resolving technical problems related to device detection which caused problems for the earlier version of the app.

In June, the government suggested there were issues with the APIs related to the reliability of estimating distance between devices. Asked about the reliability of the Bluetooth technology the app is used on BBC Radio 4’s Today program this morning, health secretary Matt Hancock said: “What we know for absolute sure is that the app will not tell you to self isolate because you’ve been in close contact with someone unless you have been in close contact. The accuracy with which it does that is increasing all of the time — and we’ve been working very closely with Apple and with Google who’ve done a great job in working to make this happen and to ensure that accuracy is constantly improved.”

The health secretary described the app as “an important tool in addition to all the other tools that we have” — adding that one of the reasons he’d delayed the launch until now was because he didn’t want to release an app that wasn’t effective.

“Everybody who downloads the app will be helping to protect themselves, helping to protect their loves one, helping to protect their community — because the more people who download it the more effective it will be. And it will help to keep us safe,” Hancock went on.

“One of the things that we’ve learnt over the course of the pandemic is where people are likely to have close contacts and in fact the app that we’re launching today will help to find more of those close contacts,” he added.

The England and Wales app does have some of unique quirks — as the government has opted to pack in multiple features, rather than limiting it to only exposure notifications.

These bells & whistles include: risk alerts based on postcode district; a system of QR code check-in at venues (which are now required by law to display a QR code for app users to scan); a COVID-19 symptom checker and test booking feature — including the ability to get results through the app; and a timer for users who have been told to self-isolate to help them keep count of the number of days left before they can come out of quarantine, with pointers offered to “relevant advice”.

“[The app] helps you to easily go to the pub or a restaurant or hospitality venue because you can then click through on the QR code which automatically does the contact tracing that is now mandatory,” said Hancock explaining the thinking behind some of the extra features. “And it helps by explaining what the rules are and the risk in your area for people easily and straightforwardly to be able to answer questions and consult on the rules so it has a whole series of features.”

It remains to be seen whether it was sensible product design to bolt on all these extras — and QR code venue check-ins could carry a risk of confusing users. However the government’s logic appears to be that more features will encourage more people to download the app and thereby increase uptake and utility.

Once widespread, the mandatory venue QR codes will also effectively double as free ads for the app so that could help drive downloads.

More saliently, the Bluetooth exposure notification system depends on an effective testing regime and will therefore be useless in limiting the spread of COVID-19 if the government can’t improve coronavirus test turnaround times — which it has been struggling with in recent weeks, as major backlogs have built up.

Internet law expert, professor Lilian Edwards — who was on an ethics advisory panel for the earlier, now defunct version of the England & Wales app — made this point to BBC Radio 4’s World at One program yesterday.

“My main concern is not the app itself but the interaction with the testing schedule,” she said. The app only sends out proximity warnings to the contacts on upload of a positive test. The whole idea is to catch contacts before they develop symptoms in that seven-day window when they won’t be isolating. If tests are taking five to seven days to get back then by that time the contacts will have developed symptoms and should hopefully be isolating or reporting their symptoms themselves. So if we don’t speed up testing then the app is functionally useless.”