VC funding of cybersecurity companies hits record $5.3B in 2018

2018 wasn’t all bad. It turned out to be a record year for venture capital firms investing in cybersecurity companies.

According to new data out by Strategic Cyber Ventures, a cybersecurity-focused investment firm with a portfolio of four cybersecurity companies, more than $5.3 billion was funneled into companies focused on protecting networks, systems and data across the world, despite fewer deals done during the year.

That’s up from 20 percent — $4.4 billion — from 2017, and up from close to double on 2016.

Part of the reason was several “mega” funding rounds, according to the company. Last year saw some of the big eight companies getting bigger, amassing a total of $1.3 billion in funding last year. That includes Tanium’s combined $375 million investment, Anchorfree’s $295 million and CrowdStrike’s $200 million.

According to the report, North America leads the rest of the world with $4 billion in VC funding, with Europe and Asia neck-and-neck at around $550 million each, but growing year-over-year.

In fact, according to the data, California — where many of the big companies have their headquarters — accounts for nearly half of all VC funding in cybersecurity in 2018. By comparison, only about $300 million went to the “government” region — including Maryland, Virginia and Washington, DC, where many government-backed or focused companies are located.

“As DC residents, we have to think there is more the city could do to entice cybersecurity companies to establish their headquarters in the city,” the firm said. Virtru, an email encryption and data privacy firm, drove the only funding of cybersecurity investment in Washington, DC last year, they added.

“We’ve seen this trend in the broader tech ecosystem as well, with many, large international funds and investment outside of the U.S.,” the firm said. “Simply put, amazing and valuable technology companies are being created outside of the U.S.”

Looking ahead, Tanium and CrowdStrike are highly anticipated to IPO this year — so long as the markets hold stable.

“It’s still unclear what the public equity markets have in store in 2019,” the firm said. “A few weeks in and we’re already experiencing a government shutdown, trade wars with China, and expected slow down in global economic growth.”

“However, only time will tell what 2019 has in store,” the firm concluded.

Facebook finds and kills another 512 Kremlin-linked fake accounts

Two years on from the U.S. presidential election, Facebook continues to have a major problem with Russian disinformation being megaphoned via its social tools.

In a blog post today the company reveals another tranche of Kremlin-linked fake activity — saying it’s removed a total of 471 Facebook pages and accounts, as well as 41 Instagram accounts, which were being used to spread propaganda in regions where Putin’s regime has sharp geopolitical interests.

In its latest reveal of “coordinated inauthentic behavior” — aka the euphemism Facebook uses for disinformation campaigns that rely on its tools to generate a veneer of authenticity and plausibility in order to pump out masses of sharable political propaganda — the company says it identified two operations, both originating in Russia, and both using similar tactics without any apparent direct links between the two networks.

One operation was targeting Ukraine specifically, while the other was active in a number of countries in the Baltics, Central Asia, the Caucasus, and Central and Eastern Europe.

“We’re taking down these Pages and accounts based on their behavior, not the content they post,” writes Facebook’s Nathaniel Gleicher, head of cybersecurity policy. “In these cases, the people behind this activity coordinated with one another and used fake accounts to misrepresent themselves, and that was the basis for our action.”

Sputnik link

Discussing the Russian disinformation op targeting multiple countries, Gleicher says Facebook found what looked like innocuous or general interest pages to be linked to employees of Kremlin propaganda outlet Sputnik, with some of the pages encouraging protest movements and pushing other Putin lines.

“The Page administrators and account owners primarily represented themselves as independent news Pages or general interest Pages on topics like weather, travel, sports, economics, or politicians in Romania, Latvia, Estonia, Lithuania, Armenia, Azerbaijan, Georgia, Tajikistan, Uzbekistan, Kazakhstan, Moldova, Russia, and Kyrgyzstan,” he writes. “Despite their misrepresentations of their identities, we found that these Pages and accounts were linked to employees of Sputnik, a news agency based in Moscow, and that some of the Pages frequently posted about topics like anti-NATO sentiment, protest movements, and anti-corruption.”

Facebook has included some sample posts from the removed accounts in the blog which show a mixture of imagery being deployed — from a photo of a rock concert, to shots of historic buildings and a snowy scene, to obviously militaristic and political protest imagery.

In all Facebook says it removed 289 Pages and 75 Facebook accounts associated with this Russian disop; adding that around 790,000 accounts followed one or more of the removed Pages.

It also reveals that it received around $135,000 for ads run by the Russian operators (specifying this was paid for in euros, rubles, and U.S. dollars).

“The first ad ran in October 2013, and the most recent ad ran in January 2019,” it notes, adding: “We have not completed a review of the organic content coming from these accounts.”

These Kremlin-linked Pages also hosted around 190 events — with the first scheduled for August 2015, according to Facebook, and the most recent scheduled for January 2019. “Up to 1,200 people expressed interest in at least one of these events. We cannot confirm whether any of these events actually occurred,” it further notes.

Facebook adds that open source reporting and work by partners which investigate disinformation helped identify the network.

It also says it has shared information about the investigation with U.S. law enforcement, the U.S. Congress, other technology companies, and policymakers in impacted countries.

Ukraine tip-off

In the case of the Ukraine-targeted Russian disop, Facebook says it removed a total of 107 Facebook Pages, Groups, and accounts, and 41 Instagram accounts, specifying that it was acting on an initial tip off from U.S. law enforcement.

In all it says around 180,000 Facebook accounts were following one or more of the removed pages. While the fake Instagram accounts were being followed by more than 55,000 accounts.  

Again Facebook received money from the disinformation purveyors, saying it took in around $25,000 in ad spending on Facebook and Instagram in this case — all paid for in rubles this time — with the first ad running in January 2018, and the most recent in December 2018. (Again it says it has not completed a review of content the accounts were generating.)

“The individuals behind these accounts primarily represented themselves as Ukrainian, and they operated a variety of fake accounts while sharing local Ukrainian news stories on a variety of topics, such as weather, protests, NATO, and health conditions at schools,” writes Gleicher. “We identified some technical overlap with Russia-based activity we saw prior to the US midterm elections, including behavior that shared characteristics with previous Internet Research Agency (IRA) activity.”

In the Ukraine case it says it found no Events being hosted by the pages.

“Our security efforts are ongoing to help us stay a step ahead and uncover this kind of abuse, particularly in light of important political moments and elections in Europe this year,” adds Gleicher. “We are committed to making improvements and building stronger partnerships around the world to more effectively detect and stop this activity.”

A month ago Facebook also revealed it had removed another batch of politically motivated fake accounts. In that case the network behind the pages had been working to spread misinformation in Bangladesh 10 days before the country’s general elections.

This week it also emerged the company is extending some of its nascent election security measures by bringing in requirements for political advertisers to more international markets ahead of major elections in the coming months, such as checks that a political advertiser is located in the country.

However in other countries which also have big votes looming this year Facebook has yet to announced any measures to combat politically charged fakes.

Facebook urged to give users greater control over what they see

Academics at the universities of Oxford and Stanford think Facebook should give users greater transparency and control over the content they see on its platform.

They also believe the social networking giant should radically reform its governance structures and processes to throw more light on content decisions, including by looping in more external experts to steer policy.

Such changes are needed to address widespread concerns about Facebook’s impact on democracy and on free speech, they argue in a report published today, which includes a series of recommendations for reforming Facebook (entitled: Glasnost! Nine Ways Facebook Can Make Itself a Better Forum for Free Speech and Democracy.)

“There is a great deal that a platform like Facebook can do right now to address widespread public concerns, and to do more to honour its public interest responsibilities as well as international human rights norms,” writes lead author Timothy Garton Ash.

“Executive decisions made by Facebook have major political, social, and cultural consequences around the world. A single small change to the News Feed algorithm, or to content policy, can have an impact that is both faster and wider than that of any single piece of national (or even EU-wide) legislation.”

Here’s a rundown of the report’s nine recommendations:

  1. Tighten Community Standards wording on hate speech — the academics argue that Facebook’s current wording on key areas is “overbroad, leading to erratic, inconsistent and often context-insensitive takedowns;” and also generating “a high proportion of contested cases.” Clear and tighter wording could make consistent implementation easier, they believe.
  2. Hire more and contextually expert content reviewers — “the issue is quality as well as quantity,” the report points out, pressing Facebook to hire more human content reviewers plus a layer of senior reviewers with “relevant cultural and political expertise;” and also to engage more with trusted external sources such as NGOs. “It remains clear that AI will not resolve the issues with the deeply context-dependent judgements that need to be made in determining when, for example, hate speech becomes dangerous speech,” they write.
  3. Increase “decisional transparency” — Facebook still does not offer adequate transparency around content moderation policies and practices, they suggest, arguing it needs to publish more detail on its procedures, including specifically calling for the company to “post and widely publicize case studies” to provide users with more guidance and to provide potential grounds for appeals.
  4. Expand and improve the appeals process — also on appeals, the report recommends Facebook gives reviewers much more context around disputed pieces of content, and also provide appeals statistics data to analysts and users. “Under the current regime, the initial internal reviewer has very limited information about the individual who posted a piece of content, despite the importance of context for adjudicating appeals,” they write. “A Holocaust image has a very different significance when posted by a Holocaust survivor or by a Neo-Nazi.” They also suggest Facebook should work on developing “a more functional and usable for the average user” appeals due process, in dialogue with users — such as with the help of a content policy advisory group.
  5. Provide meaningful News Feed controls for users — the report suggests Facebook users should have more meaningful controls over what they see in the News Feed, with the authors dubbing current controls as “altogether inadequate,” and advocating for far more. Such as the ability to switch off the algorithmic feed entirely (without the chronological view being defaulted back to algorithm when the user reloads, as is the case now for anyone who switches away from the AI-controlled view). The report also suggests adding a News Feed analytics feature, to give users a breakdown of sources they’re seeing and how that compares with control groups of other users. Facebook could also offer a button to let users adopt a different perspective by exposing them to content they don’t usually see, they suggest.
  6. Expand context and fact-checking facilities — the report pushes for “significant” resources to be ploughed into identifying “the best, most authoritative, and trusted sources” of contextual information for each country, region and culture — to help feed Facebook’s existing (but still inadequate and not universally distributed) fact-checking efforts.
  7. Establish regular auditing mechanisms — there have been some civil rights audits of Facebook’s processes (such as this one, which suggested Facebook formalizes a human rights strategy), but the report urges the company to open itself up to more of these, suggesting the model of meaningful audits should be replicated and extended to other areas of public concern, including privacy, algorithmic fairness and bias, diversity and more.
  8. Create an external content policy advisory group — key content stakeholders from civil society, academia and journalism should be enlisted by Facebook for an expert policy advisory group to provide ongoing feedback on its content standards and implementation; as well as also to review its appeals record. “Creating a body that has credibility with the extraordinarily wide geographical, cultural, and political range of Facebook users would be a major challenge, but a carefully chosen, formalized, expert advisory group would be a first step,” they write, noting that Facebook has begun moving in this direction but adding: “These efforts should be formalized and expanded in a transparent manner.”
  9. Establish an external appeals body — the report also urges “independent, external” ultimate control of Facebook’s content policy, via an appeals body that sits outside the mothership and includes representation from civil society and digital rights advocacy groups. The authors note Facebook is already flirting with this idea, citing comments made by Mark Zuckerberg last November, but also warn this needs to be done properly if power is to be “meaningfully” devolved. “Facebook should strive to make this appeals body as transparent as possible… and allow it to influence broad areas of content policy… not just rule on specific content takedowns,” they warn.

In conclusion, the report notes that the content issues it’s focused on are not only attached to Facebook’s business but apply widely across various internet platforms — hence growing interest in some form of “industry-wide self-regulatory body.” Though it suggests that achieving that kind of overarching regulation will be “a long and complex task.”

In the meanwhile, the academics remain convinced there is “a great deal that a platform like Facebook can do right now to address widespread public concerns, and to do more to honour its public interest responsibilities, as well as international human rights norms” — with the company front and center of the frame given its massive size (2.2 billion+ active users).

“We recognize that Facebook employees are making difficult, complex, contextual judgements every day, balancing competing interests, and not all those decisions will benefit from full transparency. But all would be better for more regular, active interchange with the worlds of academic research, investigative journalism, and civil society advocacy,” they add.

We’ve reached out to Facebook for comment on their recommendations.

The report was prepared by the Free Speech Debate project of the Dahrendorf Programme for the Study of Freedom, St. Antony’s College, Oxford, in partnership with the Reuters Institute for the Study of Journalism, University of Oxford, the Project on Democracy and the Internet, Stanford University and the Hoover Institution, Stanford University.

Last year we offered a few of our own ideas for fixing Facebook — including suggesting the company hire orders of magnitude more expert content reviewers, as well as providing greater transparency into key decisions and processes.

Wrest control from a snooping smart speaker with this teachable “parasite”

What do you get when you put one Internet connected device on top of another? A little more control than you otherwise would in the case of Alias the “teachable ‘parasite'” — an IoT project smart speaker topper made by two designers, Bjørn Karmann and Tore Knudsen.

The Raspberry Pi-powered, fungus-inspired blob’s mission is to whisper sweet nonsense into Alexa’s (or Google Home’s) always-on ear so it can’t accidentally snoop on your home.

Project Alias from Bjørn Karmann on Vimeo.

Alias will only stop feeding noise into its host’s speakers when it hears its own wake command — which can be whatever you like.

The middleman IoT device has its own local neural network, allowing its owner to christen it with a name (or sound) of their choosing via a training interface in a companion app.

The open source TensorFlow library was used for building the name training component.

So instead of having to say “Alexa” or “Ok Google” to talk to a commercial smart speaker — and thus being stuck parroting a big tech brand name in your own home, not to mention being saddled with a device that’s always vulnerable to vocal pranks (and worse: accidental wiretapping) — you get to control what the wake word is, thereby taking back a modicum of control over a natively privacy-hostile technology.

This means you could rename Alexa “Bezosallseeingeye”, or refer to your Google Home as “Carelesswhispers”. Whatever floats your boat.

Once Alias hears its custom wake command it will stop feeding noise into the host speaker — enabling the underlying smart assistant to hear and respond to commands as normal.

“We looked at how cordyceps fungus and viruses can appropriate and control insects to fulfill their own agendas and were inspired to create our own parasite for smart home systems,” explain Karmann and Knudsen in a write up of the project. “Therefore we started Project Alias to demonstrate how maker-culture can be used to redefine our relationship with smart home technologies, by delegating more power from the designers to the end users of the products.”

Alias offers a glimpse of a richly creative custom future for IoT, as the means of producing custom but still powerful connected technology products becomes more affordable and accessible.

And so also perhaps a partial answer to IoT’s privacy problem, for those who don’t want to abstain entirely. (Albeit, on the security front, more custom and controllable IoT does increase the hackable surface area — so that’s another element to bear in mind; more custom controls for greater privacy does not necessarily mesh with robust device security.)

If you’re hankering after your own Alexa disrupting blob-topper, the pair have uploaded a build guide to Instructables and put the source code on GitHub. So fill yer boots.

Project Alias is of course not a solution to the underlying tracking problem of smart assistants — which harvest insights gleaned from voice commands to further flesh out interest profiles of users, including for ad targeting purposes.

That would require either proper privacy regulation or, er, a new kind of software virus that infiltrates the host system and prevents it from accessing user data. And — unlike this creative physical IoT add-on –that kind of tech would not be at all legal.

CERN’s plan for 100-km collider makes the LHC look like a hula hoop

The Large Hadron Collider has produced a great deal of incredible science, most famously the Higgs Boson — but physicists at CERN, the international organization behind the LHC, are already looking forward to the next model. And the proposed Future Circular Collider, at 100 kilometers or 62 miles around, would be quite an upgrade.

The idea isn’t new; CERN has had people looking into it for years. But the conceptual design report issued today shows that all that consulting hasn’t been idle: there’s a relatively cohesive and practical plan — as practical as a particle collider can be — and a decent case for spending the $21 billion or so that would be needed.

“These kind of largest scale efforts and projects are huge starters for networking, connecting institutes across borders, countries,” CERN’s Michael Benedikt, who led the report, told Nature. “All these things together make up a very good argument for pushing such unique science projects.”

On the other hand, while the LHC has been a great success, it hasn’t exactly given physicists an unambiguous signpost as to what they should pursue next. The lack of new cosmic mysteries — for example, a truly anomalous result or mysterious gap where a particle is expected — has convinced some that they must simply turn up the heat, but others that bigger isn’t necessarily better.

The design document provides several possible colliders, of which the 100-km ring is the largest and would produce the highest-energy collisions. Sure, you could smash protons together at 100,000 gigaelectron-volts rather than 16,000 — but what exactly will that help explain? We have left my areas of expertise, such as they are, well behind at this point so I will not speculate, but the question at least is one being raised by those in the know.

It’s worth noting that Chinese physicists are planning something similar, so there’s the aspect of international competition as well. How should that affect plans? Should we just ask China if we can use theirs? The academic world is much less affected by global strife and politics than, say, the tech world, but it’s still not ideal.

There are plenty of options to consider and time is not of the essence; it would take a decade or more to get even the simplest and cheapest of these proposals up and running.

Geoengineering could solve our climate problems if anyone allowed it

This weekend, I finished reading Oliver Morton’s The Planet Remade (thanks to reader Eliot Peper for recommending it). Morton has a multitude of goals with the book, but there were two I think are deeply valuable. First, geoengineering is a plausible approach to solving our climate problems this century, and second, engineering the climate generates tough policy challenges, but also opportunities to make the planet more equitable.

TechCrunch is experimenting with new content forms. This is a rough draft of something new — provide your feedback directly to the author (Danny at [email protected]) if you like or hate something here.

First and foremost: the book is mind-expanding in the best way possible. Morton confronts an extremely contentious issue with judicious facts and supreme insight gleaned over many years of studying geoengineering. Whether you are a dedicated acolyte of cloud seeding and veils or a committed opponent to any tampering of earth’s environment, he has developed a book that forces us to think about our actions and ultimately what the consequences of those choices are.

Frankly, those choices offer stark consequences. Morton describes the challenge of climate this century:

The world’s population is expected to grow from seven billion today to more or less ten billion by 2100. By that time the number of people enjoying rich-world energy privileges should also reach ten billion. So the challenge is to achieve for an extra eight billion people in the twenty-first century what was achieved for two billion in the twentieth century. Meeting that challenge implies a lot more energy usage.

Morton is a staunch environmentalist and deeply concerned about environmental justice and the inequities of the planet. But he is also a “climate realist” — he understands that our current solutions to climate change are not really solutions at all, since they either lack the scale required to solve the problem, or will continue to exacerbate existing inequities between different people of this planet.

For example, take emissions-free nuclear power, which is brought up as a panacea to our fossil fuel-driven economy. Morton writes:

If the world had the capacity to deliver one of the largest nuclear power plants ever built once a week, week in and week out, it would take 20 years to replace the current stock of coal-fired plants (at present, the world builds about three or four nuclear power plants a year, and retires old ones almost as quickly).

Sure, nuclear power plants are a literal solution, but most definitely not a pragmatic one since the scale required is just not there.

He also spends significant time deconstructing recent climate negotiations, finding that the focus on carbon has been something of a red herring (many other emissions are far worse than carbon and less directly connected to the modern industrial economy). Instead, they have been driven by the alignment of different environmentally-concerned parties:

Carbon dioxide suited scientists because it seemed like a straightforward measure of the problem. It suited greens because it was a pretty good proxy for the industrial society against which their movement was a reaction. The international negotiations that set up the UNFCCC showed that it suited developing countries because it was primarily a developed-country issue; at the time of Rio, the vast majority of all the industrial emissions since the the eighteenth century had come from Europe and America.

Carbon is of course a problem, but it has become a tagline, a brand, a cri de coeur of the international climate movement. Yet the challenges facing the planet are so much deeper than just carbon.

To avoid that narrow focus, Morton argues for a complete reframing of the climate debate toward solutions that can actually repair the climate, and even improve it for diverse populations around the world.

Now, the term “geoengineering” brings with it a bag of Hollywood-induced imagery of nuclear winters and globe-spanning hurricanes. Morton addresses those risks across his chapters, noting that geoengineering can indeed go wrong.

Even so, he convincingly argues that there are geoengineering techniques designed around key climate processes that can be high leverage, reversible, testable, and that have the scale required to actually solve climate challenges in a sustainable way. These processes aren’t speculation — we (mostly) understand the science today, and have pathways toward the technology required to execute a strategy.

The real challenge — as it always is — are humans and their governments. Morton notes that climate change has a huge deleterious impact on nations such as Maldives, but that it can also benefit certain regions by transitioning them from colder to more temperate climates.

That means that any geoengineering solution is going to face the prospect of creating winners and losers. Any international agreement is going to have to contend with those politics, and design mechanisms to ameliorate their effects.

Much as Morton calls for a planet remade, he sees an opportunity for geoengineering to trigger reflection among governments on their own interests:

Much better, rather than treating geoengineering as a technocratic way of avoiding politics, to use it as a way of reinventing politics. Exploring the potential of geoengineering could spur and shape the development of a new way of making planetary decisions. The aim should not be the development of a thermostat alone; it should be the development of a new hand to use it.

Environmentalists may balk at the idea of allowing humans to have their hands on any part of the earth system. But we are here, all seven billion of us, and we already have our brutal hands on the system. The question is whether we can start to use our hands in a far more productive way that can make the earth sustainable for centuries to come. As Morton notes, “The planet has been remade, is being remade, will be remade.” Geoengineering technologies offer solutions, if we can agree in how to use them.

Share your feedback on your startup’s attorney

My colleague Eric Eldon and I are reaching out to startup founders and execs about their experiences with their attorneys. Our goal is to identify the leading lights of the industry and help spark discussions around best practices. If you have an attorney you thought did a fantastic job for your startup, let us know using this short Google Forms survey and also spread the word. We will share the results and more in the coming weeks.

Stray Thoughts (aka, what I am reading)

Short summaries and analysis of important news stories

Why Gutenberg can still recognize the book

Craig Mod wrote a compelling piece in Wired on the future of the book, and why today’s books essentially look the same as when the printing press was first invented. Despite the prognosticators expecting books to have moving pictures, interactivity, and dynamic narratives, almost nothing in that direction has actually occurred as readers continue to enjoy the traditional format. Instead, where the real innovation has taken place is on the business side, where new models from crowdfunding to email subscriptions have transformed the economics of book publishing.

Automattic’s Newspack to drive revenue for smaller publishers

While content management systems have been around for decades, almost none of these systems are designed to create revenues for their users out of the box. WordPress doesn’t have any subscription features or advertising networks built-in, which means that sites that want to make money have to spend a lot of dollars just to get setup and started.

So the announcement this morning that Automattic, the owner of WordPress.com, is going to offer a new platform combining content management with revenue called Newspack is both interesting and definitely needed. It’s a proper extension of their existing platform, and a reminder for product managers that the sustainability of their customers is critical for long-term success.

Huawei sales executive arrested in Poland

We have been following Huawei’s travails in the West for some time. One major point of contention is whether the company spies on behalf of the Chinese government. Western governments have argued that it does, but as China has repeatedly noted, they have never provided any proof.

On Friday in Poland, a Huawei executive was arrested for alleged espionage, which could provide the first public evidence of collusion between Huawei and Beijing. The company subsequently fired the executive and claimed that his actions were unrelated to the company. Poland has since called on NATO countries to remove Huawei equipment from their telecommunications infrastructure. Huawei equipment is widely installed in Europe and European governments have so far evaded calls by the U.S. to boycott the company. As the largest telecom equipment manufacturer in the world, Huawei’s response could have vast repercussions for the deployment of 5G networks.

PG&E – oh boy

Silicon Valley’s (and much of California’s) gas and electric utility is going bankrupt following massive liability claims against the utility due to its equipment sparking wildfires over the past few years. California may lead the world in innovation, but it seems to always be on the precipice of disaster when it comes to infrastructure.

What’s next & obsessions

  • I am reading The Color of Law by Richard Rothstein
  • Arman and I are interested in societal resilience startups that are targeting areas like water security, housing, infrastructure, climate change, disaster response, etc. Reach out if you have ideas or companies here.

Wiliot nabs $30M from Amazon, Avery Dennison, Samsung for a chip that runs on power from ambient radio frequencies

As we continue the quest for better and more efficient sources of energy to link up our connected world, companies that are developing new power solutions are attracting attention.

Today, a startup called Wiliot, which makes semiconductors that harness ambient nanowatts of electromagnetic energy from cellular, WiFi and Bluetooth networks to work without batteries or other traditional wired power sources, announced that it has closed a $30 million round of funding.

The backers are a notable mix of strategic and financial names: they include Amazon, Avery Dennison, Samsung and previous investors Norwest Venture Partners, 83North Venture Capital, Grove Venture Partners, Qualcomm Ventures, and M Ventures. Another “retail giant” is also involved in this round but the name is not being disclosed.

Sources close to the company tell me the valuation of it is $120 million post-money. It has raised $50 million to date.

Co-headquartered in San Diego and Israel, it’s important to note that the startup has yet to manufacture or commercialise its chips, which are being publicly unveiled for the first time today.

(I’ve seen a demo of them, and they definitely appear to work: Wiliot chips pasted to small pieces of paper, and supported by clothes pins arranged on a desk but linked up no way to anything else, were hooked up to small buttons and other items. When you press a button, for example, the chip transmits that information to the cloud, where you can in turn see the activity on a dashboard.)

The plan, according to co-founder and CEO Tal Tamir, will be to use this latest Series B funding to work on that next stage of the business: figuring out how to produce its chips at scale and at a competitive price point versus other solutions like RFID tags, as well as secure its first customers.

There are potentially a number of applications where you might imagine a battery-free chip and sensor — today the Wiliot chip can measure temperature, location, air pressure, and can transmit data back to the cloud — could come in handy, such as in manufacturing, logistics, and tagging and providing data about anything that isn’t inherently an electronic device, expanding the universe of what can be covered in an internet-of-things network.

But Steve Statler, Wiliot’s SVP of marketing and business development, said that likely first customers will be in the apparel industry, where the startup’s chips could be embedded on the care labels both to help track items of clothes from manufacture to sale, and subsequently to provide services to the people who buy those items.

“That can cover anything from washing instructions to helping provide wardrobing recommendations,” he noted. That will, of course, depend on whether the customer opts in for such assistance and/or doesn’t cut the label off the clothes.

Wiliot’s chip has yet to roll out commercially, but the company is banking on its investors to help it get there.

Avery Dennison is one of the world’s biggest label makers and producers of RFID tags; Samsung (and Qualcomm) have a huge presence in the global semiconductor market; and Amazon is apparently most interested by way of its cloud services business AWS — the Wiliot chip architecture hinges on most of the computing happening in the cloud — but don’t forget that Amazon has also been making some interesting moves into apparel and AI-based fashion assistance itself.

“We think that at some point in future every item will have its own identity,” said Francisco Melo, VP & GM, Global RFID, in an interview, who points out that Wiliot’s primary way of transmitting information out — by way of Bluetooth — makes the information “readable” by the most basic of devices these days, the smartphone. “How do we take that digital identity to help consumers at the end of line to know what they should or could do with a product? There are a number of use cases that you can think of and trigger with Bluetooth that you couldn’t do with RFID.”

Another boost to the company is the track record of its founders. Tamir and co-founders Yaron Elboim and Alon Yehevkely, as well as others on the founding team of Wiliot, had previously founded and worked at another startup, Wilocity, a maker of 60 GHz wireless chipsets, which was acquired by Qualcomm for about $400 million. Before that the three co-founders were together at Intel, speaking to a strong track record of chip-making.

Ambient energy harnessing has to date focused on a variety of natural, non-human produced sources such as solar energy, geothermal energy, wind, waves, river currents and so on.

A newer iteration on that has been tapping into the vast amount of electromagnetic energy that gets produced through existing wireless services, potentially a much bigger and readily available source in areas where wireless services already exist, and that is where Wiliot plays.

Of course, this will mean that Wiliot’s chips will not work in the most remote of areas where there is no connectivity at all. That is one of the challenges that the startup has yet to tackle. Another is, of course, more energy efficiency on devices themselves to operate on nanowatts rather than watts of power.

But ultimately, Wiliot and others in the same area like France’s Sigfox are taking the first steps that could open the door to more sophisticated ambient power solutions.

“This is just the tip of the iceberg,” Tamir said. “We think many edge devices will come that will harvest radio frequency energy. But the problem is not what you harvest but how much you need. If you get nanowatts of energy and a phone consumes 3-5 watts when active, you can see where this has to go.”

Goldman Sachs leads $8M round in cyber security skills platform Immersive Labs

Immersive Labs, a cyber security skills platform founded by James Hadley, who used to be a researcher at GCHQ, has raised $8 million in Series A funding. Leading the round is Goldman Sachs, with participation from a number of unnamed private investors.

Operating in the cyber security training space, Immersive Labs helps enterprise IT and other cyber security teams acquire the latest security skills by combining up to date threat data with what is describes as “gamified” learning. This sees the startup use real-time feeds of the latest attack techniques, hacker psychology and technological vulnerabilities to quickly create “cyber wargames” for IT and security teams to learn from.

The idea is that the platform can up-skill people within hours of a threat emerging, in addition to being used more generally to help identify and remedy less immediate weaknesses in a company’s cyber security team.

“First, there is a big picture problem that the world is crying out for cyber security talent and is currently struggling to fill that gap,” Immersive Labs founder and CEO James Hadley tells me. “Secondly, the way that cyber skills are being taught is massively obsolete and puts the companies they work for at risk. On many occasions, what is taught is out of date before people leave the classroom”.

The inspiration for Immersive Labs was born out of Hadley’s experience running a summer school at GCHQ. It was while running the course that he came to the realisation that “passive classroom-based learning doesn’t suit the people, or pace, of cyber security”.

“Not only does the content date quickly, but the lack of challenge is just not enough for the curious and creative minds required to be good in cyber. You cant dictate, they have to teach themselves through exploration,” he says.

“We let technical and security teams learn cyber skills like an attacker, allowing them to keep pace by combining breaking threat data with short browser-based wargames. This takes the form of a series of stories that encourage people to research, analyse and build their own attacks and solutions. Whilst doing this, they learn in a fun and compelling way”.

To that end, Immersive Labs says its Series A funding will be used to grow its offering for enterprise IT and cyber security teams. This will include investing in headcount and infrastructure to develop the platform further, and to support the company’s go-to-market strategy. Current clients include global corporates with complex cyber security needs, such as BAE Systems, Sophos and Grant Thornton.

Testing times for second wave scooter startups

Investors are still pouring millions into scooter startups, albeit sometimes at flat valuations. At the same time a little cash is flowing the other way, in cases where cities have realized the importance of prioritizing the needs of the local environment and its citizens, over and above the ambitions of VCs for a swift and lucrative exit.

Scooter startups affected by such regulatory bumps in the road are, unsurprisingly, rather less keen to shout about this sort of policy friction and the negative cash and ride flow it generates.

In one recent incident in Spain, in the Catalan capital of Barcelona, El Pais reported that the town hall fined a local scooter startup, called Reby, for contravening urban mobility rules.

The startup is so new it doesn’t even have scooters available for public hire yet. But it’s already had some of its ‘test’ rides removed by police and been fined for breaking scooter sharing rules.

If it was hoping to copy-paste from an Uber 1.0 playbook, things aren’t looking good for Reby. (Indeed, that’s a very tatty manual in most places these days.)

Spain’s capital city Madrid also forced a temporary suspension on scooter sharing startups recently, as we reported last month, after changes to mobility laws that tighten the screw on scooter sharing — requiring already operational startups to tweak how their rides operate in order to come into compliance.

While Madrid authorities haven’t banned scooter sharing entirely, they have imposed more limits on where and how they can be used, thereby injecting fresh friction into the business model.

But compared to Barcelona that’s actually a free ride. Things aren’t so much bumpy as roadblocked entirely for scooter sharing in the latter city where regulations adopted by Barcelona town hall in 2017 essentially ban the on-demand scooter model, at least as startups prefer to operate it.

These rules require companies that wanting to offer scooters for hire must provide a guide with the ride (one guide per maximum two people), as well as a helmet. They must also verify that the person to whom the vehicle is hired has the ability to ride it properly.

Rides might scale if you’re able to litter enough cheap and easy scooters all over the urban place but a (human) guide per two rides definitely does not.

Yet, as we’ve written before, there’s no shortage of patinetes electronics weaving around Barcelona’s often narrow and crowded streets. Most of these are locally owned though. And the town hall appears to prefer it that way. After all, people who own high tech scooters aren’t usually in a rush to ditch them in stupid places.

In its 2017 by-law regulating various personal mobility vehicles (PMVs) — including, but not limited to, two-wheeled electric scooters — the city council said it wanted to foster safer and sustainable usage of scooters and other PMVs, pointing to “the growing presence of this new mobility which is taking up more and more road space”.

“Barcelona City Council is committed to a sustainable city mobility model which gives priority to journeys on foot, by bicycle or on public transport,” it added, setting out what it dubbed a “pioneering regulation” that forbids e-scooter use on pavements; imposes various speed restrictions; and gives priority to pedestrians at all times.

Scooters can also only be parked in authorized parking places, with the council emphasizing: “It is forbidden to tie them to trees, traffic lights, benches or other items of urban furniture when this could affect their use or intended purpose; in front of loading or unloading zones, or in places reserved for other users, such as persons with reduced mobility; in service areas or where parking is prohibited, such as emergency exits, hospitals, clinics or health centres, Bicing [the local city bike hire scheme] zones and on pavements where this might block the path of pedestrians.”

There’s more though: The regulation also targets scooter sharing startups seeking to exploit PMVs as a commercial opportunity — with “special conditions for economic activities”.

These include the aforementioned guide, helmet and minimum skill level rule. There’s also a registration scheme for PMVs being used for economic activity which allows city police to scan a QR code that must be displayed on the ride to check it conforms to the regulation’s technical requirements. How’s that for a smart use of tech?

“There may be specific restrictions in specific areas and districts where there is a lot of pressure from these kinds of vehicles or they pose a specific problem,” the council also warns, giving itself further leeway to control PMVs and ensure they don’t become a concentrated nuisance.

Despite what are clear, strict and freshly imposed controls on scooter sharing, that hasn’t stopped a couple of smaller European startups from trying their luck at getting rentable rubber on Catalan carrers anywayperhaps encouraged by demonstrable local appetite to scoot (that and the lack of any big Birds).

The opportunity probably looks tantalizing; a dense urban environment that’s also a tourist hotspot with clement weather, lots of two-wheel-loving locals and a small but vibrant tech scene.

In Reby’s case, the very early stage Catalan startup, whose co-founders’ LinkedIn profiles suggests the business was founded last July, has a website and not much else at this point, aside from its ambitions to follow in the wheeltracks of Bird, Lime et al.

Nonetheless it has racked up fines worth €5,300 (just over $6,000), according to town hall sources, after being deemed to have breached the city’s PMV rules.

Reby had put out up to a hundred scooters in Barcelona for ten days, according to El Pais, padlocking them to bike anchors (with a digital password for unchaining delivered via app) — presumably in the hopes of locating a grey area in the regulation and unlocking the pile em’ high, rent em’ cheap dockless on-demand scooter model that’s disrupted cities elsewhere.

But the Ayuntamiento de Barcelona was unimpressed. Its new by-law brought in a penalty system with fines of up to €100 for minor infringements, up to €200 for serious infringements and up to €500 for very serious infringements. (We understand Reby received 53 sanctions for minor infringements — costing €100 apiece).

Penalties are levied per infringement, so essentially per scooter deployed on the street. And while a few thousand euros might not sound that much of a big deal, the more scooters you scatter the higher the fine scales. And of course that’s not the kind of scaling these startups are scooting for.

We asked Reby for its version of events but it didn’t want to talk about it. A spokesman told us it’s still very early days for the business, adding: “We are a very small team and haven’t launched yet officially. We are doing some tests in Barcelona.”

A more established European scooter startup, Berlin-based Wind, has also clashed with city hall. El Pais reports it had around 100 scooters seized by police last August, also after abortively trying to put them on the streets for hire.

Town hall sources told us that, in Wind’s case, the company’s rides were removed immediately by police, not even lasting a day — so there wasn’t even the chance for a fine to be issued. (We contacted Wind for comment on the incident but it did not respond.)

The bottom line is legislative hurdles won’t simply vanish because startups wish it.

Where scooters are concerned city authorities aren’t dumb and can also move surprisingly fast. The dumping grounds some urban spaces have become after being flooded with unwanted dockless rides by overfunded startups chasing scale via max disruption (and minimum environmental sensitivity) certainly hasn’t gone unnoticed.

At the same time, keeping streets flowing, uncluttered and safe is the bread and butter business of city councils — naturally pushing PMVs up the regulatory agenda.

You also don’t have to look far for tragic stories vis-a-vis scooters. Last summer a 90-year-old pedestrian was killed in a suburb of Barcelona after she was hit by two men riding an electric scooter. In another incident in a nearby town a 40-year-old scooter rider also reportedly died after falling off her ride and being run over by a truck.

The risks of PMVs mingling with pedestrians and more powerful road vehicles are both clear and also not about to disappear. Not without radical action to expel most non-PMV vehicles from city centers to expand the safe (road) spaces where lower powered, lighter weight PMVs could operate. (And no major cities are proposing anything like that yet).

Add to that, in European cities like Barcelona, where there has already been major investment in public transport infrastructure, there’s a clear incentive to funnel residents along existing tracks, including by tightly controlling new and supplementary forms of micro-mobility.

If the Barcelona city council has one potential blind spot where urban mobility is concerned it’s air pollution. Like most dense urban centers the city often suffers terribly from this. And savvy scooter companies would do well to be pressing on that policy front.

But there’s little doubt that would-be fast-follower scooter clones have their work cut out to scale at all, let alone go the distance and get big enough to attract acquisitive attention from the category’s beefed up early movers.

Even then, for the Birds and Limes of the scooter world, multi-millions in funding may buy runway and the opportunity to scoot for international growth but policy roadblocks aren’t the kind of thing that money alone can shift.

Scooter startups need to sell cities on the potential civic benefits of their technology, by demonstrating how PMVs could replace dirtier alternatives that are already clogging roads and having a deleterious impact on urban air quality, as part of a modern and accessible mobility mix.

But that kind of lobbying, while undoubtedly benefiting from local connections, takes money and time. So there’s no shortage of challenge and complexity in the road ahead for scooter startups, even as — as we wrote last month — the investment opportunity is shrinking, with investors having now placed their big bets.

In some cities, scooter ownership also appears to be growing in popularity which will also eat into any sharing opportunities.

One regional investor from an early stage Madrid-based fund that we spoke to about scooters had no qualms at having passed over the space. “We’ve looked at various companies in the space and in Spain but we’re not very attracted by the market given our fund size, competition and regulation question marks,” KFund‘s Jamie Novoa told us.

So those entrepreneurs still dreaming of fast following the likes of Bird, Lime and Spin may find the race they were hoping to join is already over and park gates being padlocked shut.

Lisbon finally gets a substantial VC fund in the shape of Indico Capital Partners

Lisbon, characterized occasionally by some tech scene observers as ‘the warm Berlin’, has been threatening to generate more startups in the last few years, not least because it will now have the enormous Web Summit conference there for the next 10 years, and because it’s a cheap and great place to live. But the startups appearing have not quite been as numerous as many would like.

It’s therefore fantastic to see a new VC fund appearing in the city, set up by three experienced stalwarts of the scene.

Indico Capital Partners VC has now completed its first closing of €41M out of the €46M of commitments from investors from eight different countries. The fund will be aimed at Iberian early stage startups (that means Spain and Portugal), but of course those in particularly those based out of Portugal.

The fund says it will invest typically between €150,000 and €5M per portfolio company over their lifetime – pre-seed to series A, plus follow-on rounds. They say the first Indico investments have already been concluded and will be announced soon.

It’s far and away the first sizable, independent and private early-stage, tech-focused fund to be based in Lisbon and will focus on investments in B2B SaaS, Artificial Intelligence, Fintech and Cybersecurity to Marketplaces and B2C Platforms.

The fund comprises of three partners: Managing General Partner, Stephan Morais (former head of the leading corporate VC Caixa Capital), General Partner Ricardo Torgal (also former Caixa Capital senior investor) and Venture Partner Cristina Fonseca (co-founder and shareholder of Talkdesk).

Collectively the team has in the past invested in Farfetch, Unbabel, Codacy and many other success stories originating from Portugal over the past 6 years, in addition to Talkdesk itself.

The EIF (European Investment Fund), is the cornerstone investor of Indico, and has been joined by 20 other institutional and individual investors such as the IFD (Instituição Financeira de Desenvolvimento) through the Portugal Tech facility, Draper Esprit (a major global quoted VC fund based in the UK), pension funds, education and research institutions, wealth managers, high net worth individuals and many local and international tech entrepreneurs.

The fund is supported by InnovFin Equity, with the financial backing of the European Union under Horizon 2020 Financial Instruments and the European Funds for Strategic Investments (EFSI) set up under the Investment Plan for Europe.

Stephan Morais, Managing General Partner, said: “This is a milestone for the Portuguese ecosystem, we will keep on supporting the most promising Portuguese, and increasingly Iberian, early-stage tech startups, but now with an independent stable investment platform backed by a diversified global LP base.”

Ricardo Torgal, General Partner added that “VC is not hype, it’s about building a balanced portfolio and being there for the companies to help them grow to the next stage”.

Cristina Fonseca, Venture Partner, commented that “I have been backing many companies over the past few years as an angel investor and mentor, so it was an obvious decision to join the best investment team in the market with a solid track record. Early stage tech is where my heart is and this is a local nurturing activity before it becomes globally investable and scalable.”