After Equifax breach, US watchdog says agencies aren’t properly verifying identities

A federal watchdog says the government should stop relying on the credit agencies to verify the identifies of those using government services.

In a report out this week, the the Government Accountability Office said several government departments still rely on the credit agencies — Equifax, Experian and TransUnion — to check if a person is who they say they are before they can access their services online.

Agencies like the U.S. Postal Service, the Social Security Administration, Veterans Affairs, and the Centers for Medicare and Medicaid Services ask several questions of a new user and match their answers to information held in an individual’s credit file. The logic is that these credit files have information only the person signing up for services can know.

But following the Equifax breach in 2017 those answers are no longer safe, the watchdog said.

The Equifax breach resulted in the theft of 148 million consumers. Much of the consumer financial data had been collected without the explicit permission of those whose data it held. An investigation later found the breach was “entirely preventable” had the credit agency employed basic security measures.

“The risk that an attacker could obtain and use an individual’s personal information to answer knowledge-based verification questions and impersonate that individual led the National Institute of Standards and Technology (NIST) to issue guidance in 2017 that effectively prohibits agencies from using knowledge-based verification for sensitive applications,” wrote the watchdog.

In response, the named agencies said the cost of new verification systems are too high and may exclude certain demographics from the population.

Only Veterans Affairs implemented a new system but still relies on knowledge-based verification in some cases.

The other downside is that if you have no credit, you simply don’t show up in these systems. You need a credit card or some kind of loan in order to “appear” in the eyes of credit agencies. That’s a major problem for the millions who have no credit file, like foreign nationals working in the U.S. on a visa. In 2015, some 26 million people were estimated to be “credit invisible.”

“Nevertheless, until these agencies take steps to eliminate their use of knowledge-based verification, the individuals they serve will remain at increased risk of identity fraud,” wrote the watchdog.

Where is the EU going on tech and competition policy?

Huge technology policy questions are looming for whoever takes the top jobs at the European Union in the coming months. Decisions that could radically reshape tech business models, reconfigure the competitive landscape and change the relationship between Internet users and the content and services they consume.

In short, the entire future of the tech industry — and potentially not just in Europe but worldwide — is at stake.

The incoming European Commission will be faced with a lengthy list of pressing questions. How will they reboot competition law for the digital era? Should they rush in swinging a break-up hammer at monopolistic tech giants or take a scalpel to the competition-crushing problem of networked dominance by slicing up their data flows?

They will have to defend fundamental rights that call for privacy by design and data minimization against AI’s rapacious demand for data and the predictive powers of pattern-spotting algorithms.

They will have to evaluate how to make sure platforms play fair — and ensure that the initial embrace of sellers or service providers doesn’t evolve into crushing abuse. They will have to fashion rules that can wrap around digital giants, rather than getting bent out of shape by ‘winner takes all’ business models.

The power of tech giants to influence entire nations is now writ large in EU domestic politics. Europe knows it needs to hammer out an agreement on reforming digital taxation, with rising citizen anger over tax inequalities. The question is how to do it when certain states with low corporate tax rates have been colonised by tech giants which definitely don’t want tax reform to happen.

There’s also the tricky business of arbitrating between Europe’s traditional creative industries and the predominantly US sharing platforms that have gotten fat off of the back of others’ content — a battle so fraught it’s already yielded an EU copyright reform as polarising as Brexit.

How, too, to level the playing field between Internet giants and traditional telcos?

That requires winning agreement on an update to ePrivacy rules that’s been stalled for months. Because, again, new rules are urgently needed — to wrap around digital comms and address digital marketing’s weed-like sprawl, an outgrowth that’s spawned an entire shadowy industry of trackers, data brokers and people profilers which can be linked to many a data scandal and has driven EU consumers into the arms of ad blockers. How to find a way through all the competing interests to bring order to the unregulated mess that is modern adtech?

Then there’s hate speech and online disinformation. What’s to be done to shrink the democratic risks of political manipulation without trampling freedom of expression? And how can Europe best equip its citizens for the next waves of deepfaked information warfare while also getting platforms to accountably clean up their act?

Europe needs to shape a strategy to support AI too. It wants to do this in a way that reflects and bakes in European values. But how to ensure ethical guardrails to make AI development sensitive and “human-centric” don’t just end up kneecapping homegrown technologists versus whatever’s coming out of China?

Speaking of China, then of course there’s 5G. The Commission has to chart a delicate course between member states’ national security priorities and the fragmentation threat to its flagship digital single market policy if EU nations respond differently to Huawei. The whole project risks collapsing into mutual mistrust — which would reverse the intended gains to Europe’s digital economy.

On the legal front, an ongoing clash of priorities between US surveillance practices and EU fundamental rights also looks like trouble brewing.

A flagship EU-US data transfer mechanism launched by the Commission in 2016 is now facing serious legal questions. Does the next Commission have with a plan B to keep critical business data flowing for the thousands of companies signed up to its Privacy Shield framework if it gets struck down by a judge’s pen?

This is not a theoretical threat; the predecessor arrangement that had stood for fifteen years was invalidated in 2015, after a legal challenge which drew on NSA whistleblower Edward Snowden’s revelations of US mass surveillance programs. Trump’s ‘America First’ policy agenda clearly risks exacerbating this clash.

The US president is also of course continuing to rain down trade uncertainties that are rocking the stability of East-West technology supply chains. How should Europe respond to the wreaking ball potential of Trump’s trade war? What support can it offer its own tech industry to manage a level of uncertainty that makes brexit look like a picnic?

And, as the Internet splinters into increasingly localized flavors, how will Europe prepare and position itself?

The techie to-do list crossing the next Commission’s desk is packed with highly charged, pressing and politically fraught problems.

Over the past year the EU has dined out on making a name for itself on the world stage with a shiny new set of digital privacy rules — aka, the General Data Protection Regulation (GDPR) — at a time when US policymakers are just waking up to the rude incursions of homegrown data-mining tech giants. But attention now needs to be paid to ensuring it actually delivers what was promised or else the global spotlight will be pointing at policy failure.

So yet another task for the next Commission will be applying the right level of strategic pressure to make sure the regulation’s wheels are turning.

National data protection agencies are where GDPR enforcement will fly or fail. Te highest profile cases that will really test their mettle are of course attached to tech giants — including Facebook and Google. The latter’s handling of personal data for behavioral advertising is now under scrutiny in Ireland.

The Irish DPC also has more than ten open investigations into Facebook-owned businesses, covering a range of issues — from probes of specific security breaches to whether it is lawfully gaining consent to process the data of users of its platform being as it offers no opt-out from behavioural ads.

If Ireland fails to defend European values and rights against the commercial incursions of some of the world’s most powerful companies it would represent EU policy failure at the highest level.

It could also invite revolt from less conflicted parts of Europe. A dispute resolution mechanism is baked into GDPR, which allows the European Data Protection Board to step in if disagreement between DPAs om cross-border cases threatens to derail decisions. While this does look intended as a tool of last resort, the market denting power of tech giants is piling the pressure on — with record numbers of such complaints awaiting judgement.

Either way, battles are brewing. And the biggest fight looks to be for the future shape of the commercial Internet.

Ad-funded business models that have been allowed to grow like weeds are under regulatory scrutiny like never before — thanks, in large part, to European interventions. So too are the tech giants that have profited so handsomely by being able to use data how they like.

At the same time a new generation of privacy-conscious startups is thinking differently and doing what it can to gain footholds in markets where platform giants suck most of the oxygen out of the room.

Strong decisions by the next Commission to defend European rights and reboot digital markets with fairness and competition at the center have the potential to transform the digital economy so that there are far more winners, not just a few taking all.

The question is whether Europe’s leaders will rise to the challenge.

Who’s in the running to be the next EC president?

The center right’s preferred candidate — and therefore the technical favorite for the EU’s top job — is German conservative, Manfred Weber.

Manfred Weber. Photo by David Speier/NurPhoto via Getty Images

In Commission president candidate debates he has billed himself as offering “stability” for the European project, via a “pro-compromise approach” — and talked about strengthening “the innovation field” as the key to building a stronger EU economy, saying he also wants to upgrade the EU-US trade relationship to bolster Europe’s prospects.

But Weber has a lack of executive experience and suffers from something of a charisma vacuum at a time when a big personality might well be required to sit in the chair and ‘sell’ the next Commission to a more fragmented European Parliament.

The kaleidoscope twist of European parliamentary politics may also have undermined Weber’s frontrunner chances by allowing critics to argue against him on the grounds that his party, the EPP, failed to grow its share of the votes. So it may be that another European People’s Party candidate comes through in the end. One who offers a finer-grained political compromise.

The EU’s chief Brexit negotiator, Michel Barnier, looks to have potential — and is being tipped by some of the current political chatter — having played a high profile role in recent European politics, calmly handling the chaotic mess produced by the UK’s 2016 referendum vote to leave the EU.

More importantly, perhaps, Barnier is French. One of the EU’s powerful national leaders — France’s president, Emmanuel Macron — has been seeking to assert authority over the parliament by indicating he won’t be bound by a system of preferred candidates put forward by its political blocs.

That’s bad news for Weber, but it could lift Barnier out of the wider field if Macron prevails in stamping France’s mark on the Commission presidency.

Michel Barnier. Photo by Thierry Monasse/Getty Images

Although plenty of other establishment names are still being bandied around for the top job — including chair and MD of the International Monetary Fund, Christine Lagarde (also French); and Dutch PM, Mark Rutte, to name just two.

It’s certainly hard to imagine a more symbolically safe pair of hands for the EU to choose for its top job right now than Barnier: The man tasked with holding the EU together in the face of the threat posed by Brexit.

Brexit risks not just the UK’s stability but could very well scatter wider seeds of destruction if it erodes and destroys the cohesion required to keep the European project together. So Barnier’s proven ability to glue the 27 remaining Member States on a common negotiating path could be seen by EU leaders as having strategic appeal.

What his presidency might mean for wider EU policy is less clear, though, given his focus on Brexit has kept him out of the fray — and away from participating in public debates with some of the proposed candidates.

The center left’s pick for president, Dutch politician Frans Timmermans, would need to prevail against the dominant EPP bloc to succeed in getting the nomination. Which likely means persuading a strengthened liberal contingent to throw its backing behind a ‘progressive alliance’ of socialists and liberals.

While possible, it looks to be a challenge.

Frans Timmermans. Photo by Pier Marco Tacca/Getty Images

Timmermans has made a public pitch as a change candidate, saying Europe needs more social justice and sustainable social policies — including putting taxing tech giants front and center of his talking points, and dubbing it “unacceptable” that some companies have gotten so big they can “arm twist” entire Member States to vanquish taxes.

Climate policy is another stated focus. He has called for stepped up efforts to enable a European-wide viable carbon tax plus quicker transformation of the energy sector as well as suggesting new ideas in agriculture — such as switching to more sustainable food production.

He has also said he wants to see a corporate tax rate floor across the EU, and called for every state to implement a minimum wage. An articulate and at times impassioned speaker, Timmermans posses at least some of the charisma Weber lacks — even while he faces plenty of political hurdles.

An outside bet — who has betted against big tech… 

For those who like an outside bet, the more fragmented European Parliament vote may have buoyed the chances of liberal candidate for Commission president, Margrethe Vestager — who could emerge as a compromise alternative since the liberals grew their presence in parliament (and her own party in Denmark did well in national elections).

Margrethe Vestager. Photo by Thierry Monasse/Getty Images

Although she is just one of a full slate of candidates fielded by the liberals, which also includes another prominent EU politician, MEP Guy Verhofstadt — who has also made his ire over big tech’s rights incursions felt when he heckled the Facebook founder last year, when Zuckerberg addressed some MEPs and failed to answer most of their questions.

Few can compete with Vestager’s profile on that front though.

The EC’s current competition commissioner has gained fame on both sides of the Atlantic for going after big tech, including issuing three high profile antitrust decisions against Google, such as a $5 billion fine for Android as well as action on EU illegal state aid that saw the Commission order Apple to pay $15 billion in back taxes to the Irish state, covering a decade of unpaid taxes. On her order, Amazon also got hit with a large illegal tax benefits bill, and may yet face antitrust action.

As a result of holding a key office and how forcefully she has spent her time as antitrust chief, she remains one of the most high-profile European commissioners.

Asked about what she would offer as Commission president she has said “you have to be forceful to serve people well.” Naturally, she is pro-regulation — a sentiment that chimes well with rising public concern over unfettered and even feckless Internet giants. But while demonstrably forceful, she is also thoughtful and methodical, and can’t be accused of jumping on the bandwagon of populist positions.

She’s also shown her steel in office, issuing competition decisions that have angered powerful heads of EU states — which might therefore have been politically disadvantageous to her prospects of further advancement in the Commission.

Towards the end of her time as commissioner, she instigated a review of competition policy to respond to the challenges posed by digital markets, signaling a reform agenda. She has also talked publicly about regulating data flows as a more intelligent route to regulate big tech versus swinging the hammer to break companies up.

A Commission headed by Vestager would surely have a strong appetite for stamping its mark on digital regulation. At very least it would drive discussion, even if winning consensus on pan-EU digital reforms may be more difficult to achieve (especially on a highly divisive issue like tax reform).

In public debates of Commission presidency candidates, Vestager has said that increasing diversity and managing climate change would be priorities if she took the top job, emphasizing too the need for an inclusive transition to a sustainable economy.

Given her high personal profile, it seems at least reasonable that should she miss out on the top job she will end up with another major post, such as vice president. It would also, of course, signal progressive change if European institutions were to appoint a woman to one of the top jobs for the very first time.

It’s also not inconceivable that she could be reappointed as competition commissioner, given how she has owned the office.

Either way, Vestager’s influence on competition policy looks very unlikely to fade — not least because similar ideas are catching fire across the Atlantic.

At this stage, though, all is still in play where the Commission presidency is concerned.

More clarity may emerge after the next meeting of EU leaders, on June 20 and 21, when the Council will convene to discuss nominations — and adopt a first draft of their strategic agenda for the next five years.

What’s on the EU Council’s strategic agenda?

An outline of discussion topics for this agenda last month included, among myriad talking points, Europe’s migration challenge; tackling online disinformation, bolstering cybersecurity and addressing hybrid security threats; deepening and strengthening the single market and developing an industrial strategy, as well as investing in skills and education, promoting innovation and research.

Ensuring fair competition was also on the list.

A section on “building a greener, fairer and more inclusive future” suggested accelerating the energy transition and investing in “mobility of the future” among its listed points.

While a section entitled “embracing the digital transition” cited developing AI, promoting “access, sharing and use of data,” and ensuring connectivity as key talking points.

Elsewhere the document talked about defending European people’s rights and freedoms, and indeed projecting European values on the rest of the world. But with so many power games still to play out, the shape of Europe’s future tech and competition policy remains just that: A draft, with priorities hard to predict.

“It’s most unlikely that there’s going to be any reversal of major policies,” suggests Dr. Alistair Jones, an expert on EU political policy at De Montfort University. “What we are likely to see — and this is pure conjecture — is assuming Brexit goes ahead (and that’s still an if) then what we’ll probably see is a Commission being a little bit more tentative on the integration process and wanting to go forward more gradually on integration to keep everyone on board.

“So things like the digital market will proceed, slowly and carefully. I don’t see a huge lunge forward in greater integration on any aspects. I think it’s going to be very tentative, very much small steps.”

Online disinformation is an issue where the EU does have serious concerns. The Commission has been paying close attention to how platforms are responding to increased pressure, via a (for now) voluntary code of practice — setting up a monthly monitoring requirement for them to deliver progress reports, and issuing sharp rebukes that progress hasn’t been good enough.

But a pan-Europe regulatory response to online muck spreading is complicated by whether it’s an EU or national competence.

“The problem is it probably lies with the national governments and they are loath to want to give greater responsibility to the EU in this area because they have their own ways of doing things,” says Jones.

The Germans, for example, haven’t been shy about passing a law to punitively punish platforms if they fail to swiftly remove hate speech, while the UK remains focused on devising a framework to control a broader range of online harms.

Where online content rules are concerned, Europe’s cultural differences suggest that this sort of policy patchwork will remain the norm.

Image via Getty Images / AdrianHancu

Similarly, Jones believes core decisions on regulating 5G will remain at a Member State level — with the Commission likely only moving to set a future floor for trans-national EU minimum standards, rather than seeking to impose hefty security restrictions on procurement decisions.

“As it moves forward, I can see the Commission — as it’s done in the past — taking over a broad brush big picture regulatory role,” he says. “So who can be involved in the delivery of 5G, which businesses are involved, things like that. I can see as it is rolled out the Commission and the EU collectively wanting a degree of consistency, and that links to single market rules, it links to competition rules, it links to commercial policy rules. Some of that’s already in place but at the same time there may be a need for greater policing that further down the line.”

One issue that does generally cut across the political spectrum is digital taxation, though achieving agreement on that front may be hampered by a political requirement for the EU to be more sensitive to concerns about increased integration — and not be seen blindly pushing on the accelerator.

Again, says Jones, Brexit complicates matters. He suggests a more broad-brush approach may win out in the near term, such as the Commission looking at the operation of the entire single market — “and how that can be done more effectively and efficiently” — rather than trying to tackle head-on national resistance if the EU pushes to get input on Member States’ tax systems.

“It’s something that may bubble along just below the surface,” he posits of digital tax reform. “Maybe in five years times, after the next elections, [there could be a] big package to possibly change the whole taxation system of the EU. And it may be that it gives the EU some input into national taxation policies but that is going to be resisted by some countries.”

Some Member States have voiced loud concern about digital tax inequality. Including France and the UK, which are pursuing their own flavors of reform. Though without a pan-EU approach there’s no real chance of addressing the problem.

Getting political agreement on that will be difficult, with smaller states having lucratively leveraged a low tax economy to pull in the tech giants. So the Commission may remain caught in the middle. 

“We often assume that the Commission sets the policies. The Commission don’t. The Commission tries to mold the agenda but it’s up to the Council’s ministers and also the European Parliament to take that forward,” says Jones. “So if we have a Commission that’s willing to say — ‘hey, digital economy, the EU needs to have greater involvement in all of this’. The national governments have got to buy in. And if they don’t buy in it doesn’t matter how good the commissioner is, it doesn’t matter how farseeing they are, they’re not going to get anywhere. So there’s got to be this ability to get buy-in from the Member States.”

That said, individual commissioners can be key to driving a particular reform agenda. So the personalities and expertise involved can make a big difference — if it helps them win the support of member states.

“There probably is going to be more appetite for big tech regulation but the problem they’ve got at the Commission is that at times, collectively, their head is stuck in the sand and they are loath to go forward on a number of issues,” says Jones. “It may be up to individual commissioners who have got that individual get up and go, that individual vigor, that knowledge of the area they are in charge of — it may be the individual commissioners who may actually drive things forward.”

“It may be there’s a commissioner in the digital economy who’s going to grow into the role, if they’re not already there,” he adds. “But what they will need is the support of the individual member states.”

Image via Getty Images / KatarzynaBialasiewicz

After the Commission president, the competition commissioner role stands out as a critical appointment, given its high degree of autonomy and power. Whoever lands the brief will certainly be one to watch, not least for how they respond to growing political appetite over the Atlantic to crack the back of tech giants’ platform power.

A future date to look out for on that front is when the nominee for the EU antitrust brief gets questioned by the European Parliament — both to see how they respond but also what kind of questions they face. That will offer a flavor of the new parliament’s priorities for regulating competition.

A parliament signalling it wants more action to rein in big tech could act as fuel for the next commissioner, says Jones.

The EU’s next antitrust chief will also have on their desk the review Vestager instigated of digital markets — so it will be up to them to make a call on how to take that work forward. A decisive commissioner could have a major impact on digital markets and business models. So it’s a critical appointment.

But again we’re still a long way off knowing who the person will be. Not least because individual commissioner appointments can depend upon how big a personality the Commission president is.

“If you’ve got a big personality who can drive things through with the support of the European Parliament they can get the national nominees into the places that they want,” says Jones.

“This is the problem that the president has — they do not know who the individual nominees are going to be from which Member States. So until they know who the nominees are from which Member State and then what portfolios they may be appropriate for — what portfolios they want to give them — it’s all up in the air.”

How is the next Commission president decided? 

Multiple candidates remain in the running to take over from Jean-Claude Juncker as Commission president come November 1. Though even that timeline is not 100% certain. If, for example, MEPs take a dislike to a Council pick for president they can reject the whole Commission, delaying the entire process.

The process for deciding the next Commission president involves a nomination, by a qualified majority, from the European Council that’s required to factor in the result of the most recent European elections.

Members of the European Parliament (MEPs) then vote on the choice — with an absolute majority required for the Council’s nomination to prevail.

While the Commission’s top job is influential, as regards shaping pan-EU policy — with the president responsible for setting political direction and chairing their cabinet of commissioners atop the various policy areas — the office shouldn’t be thought of as the equivalent of the president of the United States. But is a key strategic role. Collectively, the Commission executes on a pan-EU legislative program. It’s responsible for drafting the budget and is the only EU institution that can propose legislation.

The European Council is the power behind this throne, feeding in whatever policy priorities can be agreed by a roomful of heads of government/state of the EU’s (currently) 28 members — in addition to playing kingmaker by nominating their choice for Commission president.

Image via Getty Images / Dado Daniela

There is also a president of the European Council, who works to seek consensus between Member States. This position is set to change shortly too, via election by Council members, albeit for an initial term that’s half as long as the Commission president.

Nominations for the various European commissioners typically involve large amounts of horse-trading and power playing for portfolios between the Member States.

The aim is for the Commission to contain representation across the bloc, factoring in regional differences in politics, nationality, north vs south, east vs west, diversity and so on. But it’s a political compromise, never a flawless mirror.

In practice, the selections of Commission nominees can be a surprising process in which little known figures can suddenly find themselves with the right combination of strategy, nationality and diplomacy to unlock the right support.

With so many balancing and compromise factors in play, the make-up of the next Commission is always complex and hard to predict, and arguably more so this time around, given wider shifts in the European political landscape — including ongoing ructions caused by the UK’s vote for Brexit — adding extra layers to the usual palimpsest.

A more fragmented European politics

Elections for the parliament were held last month and the vote returned a more fragmented hemicycle — weakening the traditional center-right and center-left blocs that have dominated for 40 years. Although they still remain the major political forces it’s the liberals, greens and nationalists that gained ground.

A more fragmented parliament suggests reaching consensus on both the shape of the next Commission and what legislation it will go on to propose could prove more difficult unless new political alliances can be forged. At this stage, it’s not clear what the new European parliament voting blocs will be.

There remains a risk that EU legislative processes could be stalled if compromise can’t be reached across a differently stripped spectrum of divergent political positions.

“We don’t really know what the groups are going to be in the European Parliament,” says Jones. “Those groupings are fluid. So if you look for example at the Brexit Party going in with the Europe of Freedom and Direct Democracy — when Britain leaves, that whole grouping disintegrates. Because they’d only have six countries represented. They’d need seven.

“If that’s the case it may be that some of those party groups may look elsewhere… We simply don’t know. So how the actual structures of the smaller parties are going to be — that is up in the air. Until that is resolved, the whole establishment of the Commission beyond the presidency is up in the air as well.”

“Everything’s up in the air at the minute,” he adds, noting just one certainty: That the two major parties still dominate, despite their vote shrinking.

“If they have organized things so that there’s an agreement that whichever party has the most seats their nominee for the presidency for the Commission would go forward,” Jones suggests. “If they stick with that, then the starting point of establishing the Commission presidency means that the EPP will keep their person in place.”

The full phalanx of Commission president and commissioner appointments has also got to be approved by the European Parliament, en masse — with MEPs getting a vote to either accept or reject.

“So what you’ve got therefore is a huge haggling process. And this is why when people say there’s a fragmented European parliament we don’t know what’s going to happen — they’re absolutely right. Until the groups are actually sorted in the European Parliament then we’ll get a better idea of the power structures, and then we’ll get a better idea in relation to with the presidency having been sorted how the rest of it will flow through.

“It could be — could be — really problematic in trying to get a Commission membership through if the smaller groups in the European Parliament work together to try to block appointees they could cause problems.”

So, again, much hangs on who will be the next Commission president, and how persuasive they prove across a more fragmented political landscape. As noted earlier, Barnier’s negotiating glue may look like a handy special power. Although, as a personality, he’s hardly overflowing in the force of character department — famed only for having an unnerving stare.

Image via Getty Images / robertiez

Jones takes the view that the policy agency of the next Commission isn’t likely to emerge until Brexit itself has happened — assuming, of course, that Brexit does actually go ahead. (And where Brexit is concerned there are still absolutely no guarantees at all.)

“When/if Britain leaves the entire power structure in the European Parliament could change. Because the Freedom and Direct Democracy Group could collapse with Brexit leaving that group [assuming the party follows the UKIP template and involves itself with the same group]. So everything is up in the air at the minute. That will get resolved, probably by if we’re lucky the middle of next month.

“Then you start on the commission appointments and it’s the summer — and some of the countries effectively shut down. So it may be that it’s September or possibly even early October that we’re going to see this entire process completed. That’s the nightmare scenario. So the EU basically flounders for the next three to four months.”

Meanwhile, if muscle-flexing Macron misses out on a French Commission presidency it’s conceivable he could push for the powerful antitrust portfolio as a consolation prize. Which perhaps lends some color to Facebook’s recent attempts to cozy up to the French government to work on ideas for Internet ‘co-regulation.’

Zuckerberg may be placing his own bets on the future shape of the Commission by seeking to make powerful French friends in the hopes of influencing pan-EU policy before the next commission has had chance to take shape.

But where EU politics is concerned, the phrase that’s been repeated ad nauseam of the Brexit negotiations applies here too in spades: ‘nothing is agreed until everything is agreed’.

This time around Europe’s political dial the risk of disagreement appears to be zooming alarmingly into view. So the real test of the European project will be whether it can weather disruption to its usual philosophy of onwards and upwards — its political push for ‘more Europe’ — when some of its people are voting for less.

If the EU can’t carry all its people along there will be little hope of driving any major policy agenda — which means key questions of technology and competition going unaddressed, generating legal uncertainty and compliance risk for business with knock-on economic effects.

Tech giants have the resources to manage political uncertainty — indeed, they’ve shown themselves adept at exploiting political vacuums and blindspots — so it will be startups and the next generation of entrepreneurs that get failed.

Consensus works until it doesn’t, as the UK’s Brexit schism illustrates. So there’s a clear cautionary tale for the EU powers that be — if they can but put their heads together and listen.

“The issue is going to be how the rest of the European countries work together. Because although [the UK is] a reluctant European, and we’re never very keen, one of the roles that we played was as a break on some of the more excessive integrationist ideas that might have arisen from the Commission that some of the other big countries such as France and Germany bought into,” says Jones when asked whether he thinks the European project can survive Brexit. “With that role going, assuming we leave, it does give the EU the opportunity for the EU to drive forward for greater integration — and it may be that we see the development of a two-speed Europe. If that happens the whole project will disintegrate. Of that I am convinced.”

“They need to be taking on the more reluctant members,” he adds. “So the Hungarys, the Polands, the Czech Republics… as well as the more integrationist countries, such as Belgium, such as Luxembourg, such as Germany and France. They’ve got to be taking everybody along together… Everybody’s been dragged along a bit reluctantly. They’re going to have to be a little bit more considerate if Brexit goes ahead because otherwise the project could disintegrate.”

Price tag to return to the Moon could be $30 billion

NASA’s ambitious plan to return to the moon may cost as much as $30 billion over the next five years, the agency’s administrator, Jim Bridenstine, indicated in an interview this week. This is only a ballpark figure, but it’s the first all-inclusive one we’ve seen and, despite being a large amount of money, is lower than some might have guessed.

Bridenstine floated the figure in an interview with CNN, suggesting that the agency would need somewhere between $20 billion and $30 billion for the purpose of returning to the surface of the Moon. Anything beyond that, such as fleshing out the Lunar Gateway or establishing a persistent presence, would incur additional costs.

To put this figure in perspective, NASA’s annual budget is about $20 billion, very little compared to many other agencies and budget items in the federal government. The speculated additional costs would average $4-6 billion per year, though spending may not be so consistent. NASA only asked for an additional $1.6 billion for the upcoming year, for instance.

The idea that this return to the Moon could cost the same in 2019 dollars as Apollo cost in 1960s dollars (about $30 billion) may be surprising to some. But of course we are not inventing crewed interplanetary travel from scratch this time around. Billions have already been invested in the technologies and infrastructure underpinning the Artemis mission, both flight-proven and recently developed.

In addition to that, Bridenstine is likely counting on the cost savings NASA will see by partnering with commercial aerospace concerns far more extensively than in previous missions of this scale. Cost-sharing, co-development and use of commercial services rather than internal ones will likely save billions.

A secondary goal, Bridenstine told CNN, was “to make sure that we’re not cannibalizing parts of NASA to fund the Artemis program.” So sucking money out of other missions, or co-opting tech or parts from other projects, isn’t an option.

Whether Congress will approve the money is an open question. More concerning is the fundamental timeline of technology development and deployment over the next five years. Even with billions at its disposal, NASA may find that a mission to the lunar surface simply isn’t feasible to complete in that duration, even if all goes according to plan. The SLS and Orion projects are over budget and have been repeatedly delayed, for instance.

Ambition and aggressive timelines are part of NASA’s DNA, however, and although they can plan for the best, you better believe their engineers and program managers are preparing for the worst as well. We’ll get there when we get there.

You won the H-1B lottery: Don’t lose your ticket when changing jobs

Getting an H-1B skilled-worker visa is like winning the lottery — literally: With the number of new visas issued each year capped at 85,000, most of this year’s over 200,000 applicants face disappointment. But if you’re already working in the United States, then you’ve already won the H-1B lottery, and that makes you a hot commodity.

With H-1Bs in short supply, successful companies frequently poach skilled workers. Everyone knows the tech sector thrives on this free exchange of people and ideas, so if another employer needs your skills, why not start working for them?

Well, not so fast. H-1B holders can work only for the company that originally sponsored their visa application. So if you want to change employers, you’ll need to “transfer” your H-1B.

That process used to be relatively straightforward but not in the Trump era. (Boundless recently underwent this process with an employee, so we understand the pain.) The denial rate for initial H-1B applications spiked over five-fold to 32 percent just in the first quarter of fiscal 2019, up from 6 percent in 2015. Crucially, the Trump administration is targeting “continuing” H-1B applications used by existing employees to either renew their H-1B or switch it to a new employer. Even tech giants like Amazon are now seeing double-digit rejection rates.

The bottom line: The days of getting an H-1B transfer quickly rubber-stamped are long gone, and that makes it vital to do whatever you can to keep the odds in your favor. The stakes are high — if things go south, you could lose your right to live and work in the United States. Here’s what H-1B holders need to know about the right — and wrong — ways to set about switching employers:

Don’t take your transfer for granted.

First, understand that an H-1B “transfer” is actually a brand new visa application, not a simple handover of your existing H-1B visa from one employer to another — there’s no such thing.

VCs are failing diverse founders; Elizabeth Warren wants to step in

Elizabeth Warren, who earlier this year confirmed her intent to run for president in 2020, has an ambitious plan to advance entrepreneurs of color.

In a series of tweets published this morning, the Massachusetts senator proposed a $7 billion Small Business Equity Fund to provide grants to Black, Latinx, Native American and other minority entrepreneurs, if she’s elected president. The initiative will be covered by her “Ultra-Millionaire Tax,” a two-cent tax on every dollar of wealth above $50 million the presidential hopeful first outlined in January.

The fund would be managed by the Department of Economic Development, a new government entity to be constructed under the Warren administration. With a goal of creating and defending American jobs, the Department of Economic Development would replace the Commerce Department and “subsume other agencies like the Small Business Administration and the Patent and Trademark Office, and include research and development programs, worker training programs, and export and trade authorities like the Office of the U.S. Trade Representative,” Warren explained.

The Small Business Equity Fund will exclusively issue grant funding to entrepreneurs eligible to apply for the Small Business Administration’s existing 8(a) program and who have less than $100,000 in household wealth, aiming to provide capital to 100,000 new minority-owned businesses, creating 1.1 million new jobs.

Founders of color receive a disproportionate amount of venture capital funding. There’s insufficient data on the topic, but research from digitalundivided published last year suggests the median amount of funding raised by black women, for example, is $0. According to the same study, black women have raised just .0006% of all tech venture funding since 2009.

Startups founded by all-female teams, despite efforts to level the playing field for female entrepreneurs, raised just 2.2% of venture capital investment in 2018.

VCs are a majority white and male. Plus, they have a proven tendency to invest their capital into entrepreneurs who look like them or who resemble founders that were previously successful. In other words, VCs are continuously on the hunt for the next Mark Zuckerberg .

“Even if we fully close the startup capital gap, deep systemic issues will continue to tilt the playing field,” Warren wrote. “86% of venture capitalists are white, and studies show that investors are more likely to partner with entrepreneurs who look like them. This tilts the field against entrepreneurs of color. So I plan to address this disparity head on too. I will require states and cities administering my new Fund to work with diverse investment managers—putting $7 billion in the hands of minority-and women-owned managers.”

Warren this morning also announced plans to “direct” federal pension and retirement funds to recruit diverse investment managers and to require states and cities administering the Small Business Equity Fund to work with diverse investment managers. Finally, Warren, again, if elected, will triple the budget of the Minority Business Development Agency, which helps entrepreneurs of color access funding networks and business advice .

Warren, throughout her campaign for the presidency, has made a number of critiques of the tech industry.

In March, the senator announced her plan to break up big tech.

“Twenty-five years ago, Facebook, Google, and Amazon didn’t exist,” Warren wrote. “Now they are among the most valuable and well-known companies in the world. It’s a great story — but also one that highlights why the government must break up monopolies and promote competitive markets.”

DEEPFAKES Accountability Act would impose unenforceable rules — but it’s a start

The new DEEPFAKES Accountability Act in the House — and yes, that’s an acronym — would take steps to criminalize the synthetic media referred to in its name, but its provisions seem too optimistic in the face of the reality of this threat. On the other hand, it also proposes some changes that will help bring the law up to date with the tech.

The bill, proposed by Representative Yvette Clarke (D-NY), it must be said, has the most ridiculous name I’ve encountered: the Defending Each and Every Person from False Appearances by Keeping Exploitation Subject to Accountability Act. Amazingly, that acronym (backronym, really) actually makes sense.

It’s intended to stem the potential damage of synthetic media purporting to be authentic, which is rare enough now but soon may be commonplace. With just a few minutes (or even a single frame) of video and voice, a fake version of a person, perhaps a public figure or celebrity, can be created that is convincing enough to fool anyone not looking too closely. And the quality is only getting better.

DEEPFAKES would require anyone creating a piece of synthetic media imitating a person to disclose that the video is altered or generated, using “irremovable digital watermarks, as well as textual descriptions.” Failing to do so will be a crime.

The act also establishes a right on the part of victims of synthetic media to sue the creators and/or otherwise “vindicate their reputations” in court.

Many of our readers will have already spotted the enormous loopholes gaping in this proposed legislation.

First, if a creator of a piece of media is willing to put their name to it and document that it is fake, those are almost certainly not the creators or the media we need to worry about. Jordan Peele is the least of our worries (and in fact the subject of many of our hopes). Requiring satirists and YouTubers to document their modified or generated media seems only to assign paperwork to people already acting legally and with no harmful intentions.

Second, watermark and metadata-based markers are usually trivial to remove. Text can be cropped, logos removed (via more smart algorithms), and even a sophisticated whole-frame watermark might be eliminated simply by being re-encoded for distribution on Instagram or YouTube. Metadata and documentation are often stripped or otherwise made inaccessible. And the inevitable reposters seem to have no responsibility to keep that data intact, either — so as soon as this piece of media leaves the home of its creator, it is out of their control and very soon will no longer be in compliance with the law.

Third, it’s far more likely that truly damaging synthetic media will be created with an eye to anonymity and distributed by secondary methods. The law here is akin to asking bootleggers to mark their barrels with their contact information. No malicious actor will even attempt to mark their work as an “official” fake.

That said, just because these rules are unlikely to prevent people from creating and distributing damaging synthetic media — what the bill calls “advanced technological false personation records” — that doesn’t mean the law serves no purpose here.

One of the problems with the pace of technology is that it frequently is some distance ahead of the law, not just in spirit but in letter. With something like revenge porn or cyberbullying, there’s often literally no legal recourse because these are unprecedented behaviors that may not fit neatly under any specific criminal code. A law like this, flawed as it is, defines the criminal behavior and puts it on the books, so it’s clear what is and isn’t against the law. So while someone faking a Senator’s face may not voluntarily identify themselves, if they are identified, they can be charged.

To that end a later portion of the law is more relevant and realistic: It seeks to place unauthorized digital recreations of people under the umbrella of unlawful impersonation statutes. Just as it’s variously illegal to pretend you’re someone you’re not, to steal someone’s ID, to pretend you’re a cop, and so on, it would be illegal to nefariously misrepresent someone digitally.

That gives police and the court system a handhold when cases concerning synthetic media begin pouring in. They can say “ah, this falls under statute so and so” rather than arguing about jurisdiction or law and wasting everyone’s time — an incredibly common (and costly) occurrence.

The bill puts someone at the U.S. Attorney’s Office in charge of things like revenge porn (“false intimate depictions”) to coordinate prosecution and so on. Again, these issues are so new that it’s often not even clear who you or your lawyer or your local police are supposed to call.

Lastly the act would create a task force at the Department of Homeland Security that would form the core of government involvement with the practice of creating deep fakes, and any countermeasures created to combat them. The task force would collaborate with private sector companies working on their own to prevent synthetic media from gumming up their gears (Facebook has just had a taste), and report regularly on the state of things.

It’s a start, anyway — rare it is that the government acknowledges something is a problem and attempts to mitigate it before that thing is truly a problem. Such attempts are usually put down as nanny state policies, alas, so we wait for a few people to have their lives ruined then get to work with hindsight. So while the DEEPFAKES Accountability Act would not, I feel, create much in the way of accountability for the malicious actors most likely to cause problems, it does begin to set a legal foundation for victims and law enforcement to fight against those actors.

You can track the progress of the bill (H.R. 3230 in the 116th Congress) here.

Every secure messaging app needs a self-destruct button

The growing presence of encrypted communications apps makes a lot of communities safer and stronger. But the possibility of physical device seizure and government coercion is growing as well, which is why every such app should have some kind of self-destruct mode to protect its user and their contacts.

End to end encryption like that you see in Signal and (if you opt into it) WhatsApp is great at preventing governments and other malicious actors from accessing your messages while they are in transit. But as with nearly all cybersecurity matters, physical access to either device or user or both changes things considerably.

For example, take this Hong Kong citizen who was forced to unlock their phone and reveal their followers and other messaging data to police. It’s one thing to do this with a court order to see if, say, a person was secretly cyberstalking someone in violation of a restraining order. It’s quite another to use as a dragnet for political dissidents.

This particular protestor ran a Telegram channel that had a number of followers. But it could just as easily be a Slack room for organizing a protest, or a Facebook group, or anything else. For groups under threat from oppressive government regimes it could be a disaster if the contents or contacts from any of these were revealed to the police.

Just as you should be able to choose exactly what you say to police, you should be able to choose how much your phone can say as well. Secure messaging apps should be the vanguard of this capability.

There are already some dedicated “panic button” type apps, and Apple has thoughtfully developed an “emergency mode” (activated by hitting the power button five times quickly) that locks the phone to biometrics and will wipe it if it is not unlocked within a certain period of time. That’s effective against “Apple pickers” trying to steal a phone or during border or police stops where you don’t want to show ownership by unlocking the phone with your face.

Those are useful and we need more like them — but secure messaging apps are a special case. So what should they do?

The best-case scenario, where you have all the time in the world and internet access, isn’t really an important one. You can always delete your account and data voluntarily. What needs work is deleting your account under pressure.

The next best-case scenario is that you have perhaps a few seconds or at most a minute to delete or otherwise protect your account. Signal is very good about this: The deletion option is front and center in the options screen, and you don’t have to input any data. WhatsApp and Telegram require you to put in your phone number, which is not ideal — fail to do this correctly and your data is retained.

Signal, left, lets you get on with it. You’ll need to enter your number in WhatsApp (right) and Telegram.

Obviously it’s also important that these apps don’t let users accidentally and irreversibly delete their account. But perhaps there’s a middle road whereby you can temporarily lock it for a preset time period, after which it deletes itself if not unlocked manually. Telegram does have self-destructing accounts, but the shortest time you can delete after is a month.

What really needs improvement is emergency deletion when your phone is no longer in your control. This could be a case of device seizure by police, or perhaps being forced to unlock the phone after you have been arrested. Whatever the case, there need to be options for a user to delete their account outside the ordinary means.

Here are a couple options that could work:

  • Trusted remote deletion: Selected contacts are given the ability via a one-time code or other method to wipe each other’s accounts or chats remotely, no questions asked and no notification created. This would let, for instance, a friend who knows you’ve been arrested remotely remove any sensitive data from your device.
  • Self-destruct timer: Like Telegram’s feature, but better. If you’re going to a protest, or have been “randomly” selected for additional screening or questioning, you can just tell the app to delete itself after a certain duration (as little as a minute perhaps) or at a certain time of the day. Deactivate any time you like, or stall for the five required minutes for it to trigger.
  • Poison PIN: In addition to a normal unlock PIN, users can set a poison PIN that when entered has a variety of user-selectable effects. Delete certain apps, clear contacts, send prewritten messages, unlock or temporarily hard-lock the device, etc.
  • Customizable panic button: Apple’s emergency mode is great, but it would be nice to be able to attach conditions like the poison PIN’s. Sometimes all someone can do is smash that button.

Obviously these open new avenues for calamity and abuse as well, which is why they will need to be explained carefully and perhaps initially hidden in “advanced options” and the like. But overall I think we’ll be safer with them available.

Eventually these roles may be filled by dedicated apps or by the developers of the operating systems on which they run, but it makes sense for the most security-forward app class out there to be the first in the field.

‘This is Your Life in Silicon Valley’: Philz Coffee CEO Jacob Jaber on tech culture and Blue Bottle

Welcome to this week’s transcribed edition of This is Your Life in Silicon Valley. We’re running an experiment for Extra Crunch members that puts This is Your Life in Silicon Valley in words – so you can read from wherever you are.

This is your Life in Silicon Valley was originally started by Sunil Rajaraman and Jascha Kaykas-Wolff in 2018. Rajaraman is a serial entrepreneur and writer (Co-Founded Scripted.com, and is currently an EIR at Foundation Capital), Kaykas-Wolff is the current CMO at Mozilla and ran marketing at BitTorrent. Rajaraman and Kaykas-Wolff started the podcast after a series of blog posts that Sunil wrote for The Bold Italic went viral. The goal of the podcast is to cover issues at the intersection of technology and culture – sharing a different perspective of life in the Bay Area. Their guests include entrepreneurs like Sam Lessin, journalists like Kara Swisher and politicians like Mayor Libby Schaaf and local business owners like David White of Flour + Water.

This week’s edition of This is Your Life in Silicon Valley features Jacob Jaber, the CEO of Philz Coffee. During this episode, we try to convince TechCrunch’s Kate Clark why Philz Coffee is a better option than Starbucks. Jacob also talks about the tech community, his business goals, and whether he’d ever consider leaving San Francisco.

You don’t want to miss this week’s edition of TIYLISV, which is extremely lively and may change your coffee-drinking habits.

For access to the full transcription, become a member of Extra Crunch. Learn more and try it for free. 

Sunil Rajaraman: Welcome to season three of “This is Your Life in Silicon Valley” a podcast about the Bay Area, technology, and culture. I’m your host, Sunil Rajaraman, and I’m joined by my cohost, Jascha Kaykas-Wolff.

Jascha Kaykas-Wolff: I always wonder if things that happen on Twitter are actually real or not. Like is it just all made up stuff, or do people actually interact with each other and then see each other in the real world.

CBP says traveler and license plate images were stolen in data breach

U.S. Customs and Border Protection has confirmed a data breach has involved the photos of passengers traveling in and out of the United States.

The photos were stolen from a subcontractor’s network through a “malicious cyberattack,” a CBP spokesperson told TechCrunch in an email. The agency first learned of the breach on May 31.

“CBP learned that a subcontractor, in violation of CBP policies and without CBP’s authorization or knowledge, had transferred copies of license plate images and traveler images collected by CBP to the subcontractor’s company network,” said a statement.

“Initial information indicates that the subcontractor violated mandatory security and privacy protocols outlined in their contract,” the statement read.

When asked, a spokesperson for CBP didn’t say how many photos were taken in the breach or if U.S. citizens were affected. The agency also didn’t name the subcontractor involved.

It remains unclear exactly what kind of photos were taken, such as if the images were collected directly from CBP officers by visitors entering the U.S. or part of the agency’s rollout of facial recognition technology at U.S. airports

The agency, which processes millions of travelers entering the U.S. every week, maintains a database of traveler images, including passport and visa photos. The database has come under fire from a federal watchdog which said the accuracy of the system was subpar.

More than a dozen U.S. airports are already rolling out the facial recognition technology, with many more to go before the U.S. government hits its target of enrolling the largest 20 airports in the country before 2021.

More soon…

Top voting machine maker reverses position on election security, promises paper ballots

Voting machine maker ES&S has said it “will no longer sell” paperless voting machines as the primary device for casting ballots in a jurisdiction.

ES&S chief executive Tom Burt confirmed the news in an op-ed.

TechCrunch understands the decision was made around the time that four senior Democratic lawmakers demanded to know why ES&S, and two other major voting machine makers, were still selling decade-old machines known to contain security flaws.

Burt’s op-ed said voting machines “must have physical paper records of votes” to prevent mistakes or tampering that could lead to improperly cast votes. Sen. Ron Wyden introduced a bill a year ago that would mandate voter-verified paper ballots for all election machines.

The chief executive also called on Congress to pass legislation mandating a stronger election machine testing program.

Burt’s remarks are a sharp turnaround from the company’s position just a year ago, in which the election systems maker drew ire from the security community for denouncing vulnerabilities found by hackers at the annual Defcon conference.

Security researchers at the conference’s Voting Village found a security flaw in an old but widely used voting machine in dozens of states. Their findings prompted a response by senior lawmakers on the Senate Intelligence Committee, who said that independent testing “is one of the most effective ways to understand and address potential cybersecurity risks.”

But ES&S disagreed. In a letter firing back, Burt said he believed “exposing technology in these kinds of environments makes hacking elections easier, not harder, and we suspect that our adversaries are paying very close attention.”

Days later, NSA cybersecurity chief Rob Joyce criticized the response. “Ignorance of insecurity does not get you security,” he tweeted. “The investigation of these devices by the hacker community is a service, not a threat.”

Although unexpected, election security experts have generally applauded ES&S’ shift in position.

Matt Blaze, a cryptography and computer science professor at the University of Pennsylvania, said in a tweet he was “genuinely glad” the company is calling for paper ballots and mandatory security testing.

“Hopefully they’ll also stop threatening to sue people like me and the Defcon Voting Village when we examine and report on their equipment and software,” he said. Blaze, who co-founded the Voting Village, faced legal pressure from ES&S at the time. The election security experts responded to the “vague and unsupportable threats” by accusing the voting machine maker of “discouraging” researchers from examining its machines “at a time when there is significant concern about the integrity of our election system.”

An ES&S spokesperson did not respond to a request for comment by TechCrunch over the weekend.

Read more: