Russian hacked ‘at least one’ Florida county prior to 2016 election

Russian operatives successfully targeted and hacked “at least one” Florida county government in the run up to the 2016 U.S. presidential election, according to new findings by the Special Counsel Robert Mueller.

The report, published Thursday by the Justice Department, said the county was targeted by the Russian intelligence service, known as the GRU. The hackers sent spearphishing emails to more than 120 email accounts used by county officials responsible for administering the election, the report said.

According to the findings:

In August 2016, GRU officers targeted employees of [REDACTED], a voting technology company that developed software used by numerous U.S. counties to manage voter rolls, and installed malware on the company network… the spearphishing emails contained an attached Word document coded with malicious software (commonly referred to as a Trojan) that permitted the GRU to access the infected computer.

The findings are a significant development from previous reporting that said Florida’s election systems were merely targets of the Russian operatives.

Sen. Bill Nelson (D-FL) was derided after he claimed just days before his eventual re-election that hackers had gained access to the state’s election systems. According to NBC News, some of Nelson’s assertions were based off classified information that was not yet public.

Nelson’s remarks came almost a year after The Intercept published a classified document — later discovered to have been sent by since-jailed NSA whistleblower and Reality Winner — showing that intelligence pointed to a concerted effort by the GRU to target election infrastructure. The NSA said the hackers sent emails impersonating voting technology company VR Systems to state government officials.

The Orlando Sentinel confirmed Thursday following the release of Mueller’s report’s that Volusia County was sent infected emails containing malware, suggesting Volusia County — north of Orlando — may have been the target.

Mueller’s report confirmed that the FBI investigated the incident.

The office of Florida’s secretary of state said that Florida’s voter registration system “was and remains secure,” and “official results or vote tallies were not changed.”

Two years later following the 2018 midterm elections, the Justice Department and Homeland Security said there was “no evidence” of vote hacking or tampering.

Samsung responds to reviewer complaints about its Galaxy Fold phone

Samsung has issued a statement about its new, folding phone as early photos of tech reviewers with their shiny new toys were replaced on social media (and in numerous columns) with complaints from those same tech reviewers about problems with the phone’s screen.

Apparently a number of reviewers either mistakenly destroyed their phone screens or had the screens bork on them after a few days of use. It’s not a good look for Samsung.

However, our own Brian Heater had his hands on the Samsung phone, and has had nary a dent in his two days of use.

He wrote:

This sort of thing can happen with pre-production models. I’ve certainly had issues with review units in the past, but these reports are worth mentioning as a note of caution with a product, which we were concerned might not be ready for prime time only a couple of weeks ago.

At the very least, it’s as good a reason as any to wait a couple of weeks before more of these are out in the world before dropping $2,000 to determine how widespread these issues are.

All of that said, I’ve not had any technical issues with my Samsung Galaxy Fold. So far, so good. A day or so in does, however, tend to be the time when the harsh light of day starts to seep in on these things, after that initial novelty of the company’s admittedly impressive feat begins wane.

In its response, the company is bravely forging ahead and (sort of) blaming the messenger for not using the thing correctly. The phones will go on sale in the U.S. on April 26 as planned.

No less esteemed a tech reviewer than Recode’s Walt Mossberg called the response from Samsung “Really weak“.

Here’s the statement in full:

“A limited number of early Galaxy Fold samples were provided to media for review. We have received a few reports regarding the main display on the samples provided. We will thoroughly inspect these units in person to determine the cause of the matter.

Separately, a few reviewers reported having removed the top layer of the display causing damage to the screen. The main display on the Galaxy Fold features a top protective layer, which is part of the display structure designed to protect the screen from unintended scratches. Removing the protective layer or adding adhesives to the main display may cause damage. We will ensure this information is clearly delivered to our customers.”

Acting as the data integrator between hospitals and digital health apps brings Redox $33 million

Investors have forked over $33 million in a new round of funding for Redox, hoping that the company can execute on its bid to serve as the link between healthcare providers and the technology companies bringing new digital services to market.

The financing comes just two months after Redox sealed a deal with Microsoft to act as the integration partner connecting Microsoft’s Teams product to electronic health records through the Fast Healthcare Interoperability Resources standard.

Redox sits at a critically important crossroads in the modern healthcare industry. It’s founder, a former employee at the electronic health record software provider Epic, knows more than most about the central position that data occupies in U.S. healthcare at the moment.

What we’re doing we’re building the platform and connector to help health systems integrate with technologies in the cloud,” says chief executive, Luke Bonney. 

Bonney served as a team lead in various divisions at Epic before launching Redox and the Madison, Wis.-based company was crafted with the challenges other vendors faced when trying to integrate with legacy systems like the health record provider.

“The fundamental problem is helping a large health system use a third party tool that they want to use,” says Bonney. And the biggest obstacle is finding a way to organize the data coming from healthcare providers into a format that application developers can work with, he said. 

Investors including RRE Ventures, Intermountain Ventures, .406 Ventures joined new investor Battery Ventures in financing the $33 million round. As part of the deal, Battery Ventures general partner Chelsea Stoner will take a seat on the company’s board.

Application developers pay for the number of integrations they have with a health system, and Redox enables them to connect through a standard application programming interface, according to the company. 

Its approach allows secure messaging across any format associated with an organization’s electronic health record (EHR), the company said. 

Redox works with over 450 healthcare providers and hundreds of application developers, the company said.

High profile healthcare networks that work with the company include AdventHealth, Atrium Health, Brigham & Women’s, Clarify Health, Cleveland Clinic, Geisinger, HCA, Healthgrades, Intermountain Healthcare, Invitae, Fitbit, Memorial Sloan Kettering, Microsoft, Ochsner, OSF HealthCare, PointClickCare, R1, ResMed, Stryker, UCSF, University of Pennsylvania, and WellStar.

 

Talk all things robotics and AI with TechCrunch writers

This Thursday, we’ll be hosting our third annual Robotics + AI TechCrunch Sessions event at UC Berkeley’s Zellerbach Hall. The day is packed start-to-finish with intimate discussions on the state of robotics and deep learning with key founders, investors, researchers and technologists.

The event will dig into recent developments in robotics and AI, which startups and companies are driving the market’s growth, and how the evolution of these technologies may ultimately play out. In preparation for our event, TechCrunch’s Brian Heater spent time over the last several months visiting some of the top robotics companies in the country. Brian will be on the ground at the event, alongside Lucas Matney who will also be on the scene. Friday at 11:00 am PT, Brian and Lucas will be sharing what they saw and what excited them most with Extra Crunch members on a conference call.

Tune in to find out about what you might have missed and to ask Brian and Lucas anything else robotics, AI or hardware. And want to attend the event in Berkeley this week? It’s not too late to get tickets.

To listen to this and all future conference calls, become a member of Extra Crunch. Learn more and try it for free.

Another day, another U.S. company forced to divest of Chinese investors

Foreign investment scrutiny continues to creep into the startup world via a once obscure U.S. government agency that has new tools and a shift in focus that stands to impact young, high-growth companies in huge ways. The Committee on Foreign Investment in the U.S., or CFIUS, recently made waves when it forced Chinese investors into two American companies to divest because of national security concerns.

There is much to learn from these developments about how government concerns over foreign investment will affect startups and investors going forward.

It is important to understand how we got here. CFIUS has long had the authority to review investments for national security concerns when the investment delivers “control” of a U.S. entity to a foreign entity — and control is defined broadly to mean the ability to determine important matters of the business. CFIUS is the body that rejected Broadcom’s acquisition of Qualcomm to name one well-known example.

The Treasury Department-led body can tap a few powers if it has concerns about an investment, such as blocking it outright, requiring mitigation measures, or—as we saw recently—forcing a fire sale of assets long after a deal is complete.

In the last few weeks, CFIUS has forced Chinese investors to divest from PatientsLikeMe, a healthcare startup that claims to have millions of data points about diseases, and Grindr, the LGBTQ dating app that collects personal data.

Historically, CFIUS’s focus has been on things like ports, computer systems, and real estate adjacent to military bases, but in recent years its emphasis has included data as a national security threat. The Grindr and PatientsLikeMe actions underscore that CFIUS is more focused than ever on how data can pose a security threat.

For example, the U.S. government’s move against Grindr was reportedly motivated by concerns the Chinese government could blackmail individuals with security clearances or its location data could help unmask intelligence agents.  These developments make CFIUS highly relevant to tech and healthcare startups, which frequently hold valuable data about customers and users.

Last year, Congress expanded CFIUS’s jurisdiction and gave it new tools to scrutinize even minority, non-controlling investments into critical technology companies or those with sensitive personal data of U.S. citizens if the investor receives certain rights, like a board seat.  These might be direct investments into startups by a foreign corporation or individual, or indirect investments into a venture fund by institutional investors like foreign pensions, endowments, or family offices.

Many aspects of the new law have been partially implemented through a pilot program that is impacting foreign investors into venture funds and direct investments into startups. One piece of the law that has not been implemented through the pilot program is the authority of CFIUS to scrutinize certain non-controlling investments into companies that maintain or collect “sensitive personal data of United States citizens that may be exploited in a manner that threatens national security.”

This piece is likely to go into effect in early 2020.

Keep in mind that in the cases of Grindr and PatientsLikeMe, the government relied on its preexisting authority to police investments that delivered control to a foreign person. Due to CFIUS reform, we are likely to see it similarly scrutinize minority, non-controlling investments into companies with sensitive personal data once the authorities are fully in force. Now is the time for investors and startups to go to school on recent cases to understand what is at stake.

Three lessons stand out from the Grindr and PatientsLikeMe actions.

First, CFIUS’s focus has evolved over the years to include control over data-rich companies. That is a trend that is likely to pick up considerably now that Congress has directed the agency to examine some of these deals, even when the investment does not give control to a foreign person.

Second, in both the Grindr and PatientsLikeMe cases, reporting indicates that neither company filed with CFIUS in advance of the transaction, thereby opening both companies up to the deals being unwound. Once CFIUS’s focus on sensitive data expands to non-controlling investments, we can assume CFIUS will not be shy about forcing divestiture for venture-style investments if the parties did not file and get approval for the transaction in advance.

Finally, it is important to understand that while recent newsworthy cases involved China, CFIUS’s jurisdiction applies on a global basis, so its data concerns may port over to investments from other countries as well.  The National Venture Capital Association, where I work, is urging Treasury to use authority it has in the CFIUS reform bill to not apply the expansion to non-controlling investments from friendly countries. This makes perfect sense, since the impetus for CFIUS expansion was largely China, and narrowing the scope of foreign actors will help CFIUS focus on true threats.  However, as long as the pilot rules are in effect—and perhaps longer—the full suite of CFIUS’s authorities apply whether you are from China, Canada, or Chile.

The one constant of the enhanced foreign investment scrutiny we have seen of late is that it is always shifting.  Investors, entrepreneurs, and companies must be on their toes going forward to understand how to raise and deploy capital in innovative American companies.

For true transparency around political advertising, U.S. tech companies must collaborate

In October 2017 online giants Twitter, Facebook, and Google announced plans to voluntarily increase transparency for political advertising on their platforms. The three plans to tackle disinformation had roughly the same structure: funder disclaimers on political ads, stricter verification measures to prevent foreign entities from posting such ads, and varying formats of ad archives.

All three announcements came just before representatives from the companies were due to testify before Congress about Russian interference in the 2016 election and reflected fears of forthcoming regulation, as well as concessions to consumer pressure.

Since then, the companies have continued to attempt to address the issue of digital deception occurring on their platforms.

Google recently released a white paper detailing how it would deal with online disinformation campaigns across many of its products. In the run-up to the 2018 midterm elections, Facebook announced it would ban false information about voting. These efforts reflect an awareness that the public is concerned about the use of social media to manipulate their votes and is pushing for tech companies to actively address the issue.

These efforts at self-regulation are a step in the right direction — but they fall far short of providing the true transparency necessary to inform voters about who is trying to influence them. The lack of consistency in disclosure across platforms, indecision over issue ads, and inaction on wider digital deception issues including fake and automated accounts, harmful micro-targeting, and the exposure of user data are major defects of this self-governing model.

For example, individuals looking at Facebook’s ad transparency platform are currently able to see information about who viewed an ad that is not currently available on Google’s platform. However, on Google the same user can see top keywords for advertisements, or search political ads by district, which cannot be done on Facebook.

With this inconsistency in disclosure across platforms, users are not able to get a full picture of who is trying to influence them, which prevents them from being able to cast an informed vote.

One hundred cardboard cutouts of Facebook founder and CEO Mark Zuckerberg stand outside the US Capitol in Washington, DC, April 10, 2018. Advocacy group Avaaz is calling attention to what the groups says are hundreds of millions of fake accounts still spreading disinformation on Facebook. (Photo: SAUL LOEB/AFP/Getty Images)

Issue ads pose an additional problem. These are public communications that do not reference particular candidates, focusing instead on hot-button political issues such as gun control or immigration. Issue ads cannot currently be regulated in the same way that political communications that refer to a candidate can due to the Supreme Court’s interpretation of the First Amendment.

Moreover, as Bruce Flack, Twitter’s General Manager for Revenue Product, pointed out in a blog post addressing the platform’s impending transparency efforts, “there is currently no clear industry definition for issue-based ads.”

In the same post, Flack indicated a potential solution, writing, “We will work with our peer companies, other industry leaders, policy makers and ad partners to clearly define [issue ads] quickly and integrate them into the new approach mentioned above.” This post was written 18 months ago, but no definition has been established—possibly because tech companies are not collaborating to systemically confront digital deception.

This lack of collaboration damages the public’s right to be politically informed. If representatives from the platforms where digital deception occurs most often — Facebook, Twitter, and Google — were to form an independent advisory group that met regularly and worked with regulators and civil society to discuss solutions to digital deception, transparency and disclosure across the platforms would be more complete.

The platforms could look to the example set by the nuclear power industry, where national and international nonprofit advisory bodies facilitate cooperation among utilities to ensure nuclear safety. The World Association of Nuclear Operators (WANO) connects all 115 nuclear power plant operators in 34 countries in order to facilitate the exchange of experience and expertise. The Institute of Nuclear Power Operations (INPO) in the U.S. functions in a similar fashion but is able to institute tighter sanctions since it operates at the national level.

Similar to WANO and INPO, an independent advisory group for the technology sector could develop a consistent set of disclosure guidelines — based on policy regulations put in place by government — that would apply evenly across all social media platforms and search engines.

These guidelines would hopefully include a unified database of ads purchased by political groups as well as clear and uniform disclaimers of the source of each ad, how much it cost, and who it targeted. Beyond paid ads, the industry group could develop guidelines to increase transparency for all communications by organized political entities, address computational propaganda, and determine how best to safeguard users’ data.

Additionally, if the companies were working together, they could set up a consistent definition of what an issue ad is and determine what transparency guidelines should apply. This is particularly relevant given policymakers’ limited authority to regulate issue ads.

Importantly, working together regularly would allow platforms to identify technological advances that might catch policymakers by surprise. Deepfakes — fabricated images, audio, or video that purport to be authentic — represent one area where technology companies will almost certainly be ahead of lawmakers’ expertise. If digital corporations were working together as well as cooperating with government agencies, they could flag new technologies like these in advance and help regulators determine the best way to maintain transparency in the face of a rapidly changing technological landscape.

Would such collaboration ever happen? The extensive aversion to regulation shown by these companies indicates a worrying preference towards appeasing advertisers at the expense of the American public.

However, in August 2018, in advance of the midterm elections, representatives from large tech firms did meet to discuss countering manipulation on their platforms. This followed a meeting in May with U.S. intelligence officials, also to discuss the midterm elections. Additionally, Facebook, Microsoft, Twitter, and YouTube formed the Global Internet Forum to Counter Terrorism to disrupt terrorists’ ability to promote extremist viewpoints on those platforms. This shows that when they are motivated, technology companies can work together.

It’s time for Facebook, Twitter, and Google to put their obligation to the public interest first and work together to systematically address the threat to democracy posed by digital deception.

DroneBase raises capital and partners with FLIR Systems to train pilots on thermal imaging tech

Publicly traded sensor technology developer, FLIR Systems, is investing in a strategic round of funding for the outsourced drone imaging company, DroneBase.

The two companies are also partnering to provide FLIR’s thermal imaging technology and training services to DroneBase’s stable of pilots.

Terms of the investment were not disclosed.

“Our investment in DroneBase helps expand the adoption of FLIR thermal imaging technology by putting it in the hands of more pilots who fly drones every day,” said Jim Cannon, the president and chief executive of FLIR, in a statement. “DroneBase’s enterprise pilot network will receive training by professional thermographers, enabling DroneBase to offer specialized thermal inspection services for customers on a wider scale, and creating an opportunity for FLIR to incorporate additional service offerings through DroneBase in the future.”

Los Angeles-based DroneBase has contracted pilots to complete over 100,000 commercial missions in over 70 countries for residential and commercial real estate, insurance, telecommunications, construction and media companies, according to a statement.

Through FLIR’s Infrared Training Center, FLIR and DroneBase will develop a specialized training program that will be certified exclusively by DroneBase

“Through FLIR’s strategic investment in DroneBase, we are now able to offer scalable thermal solutions to enterprises of any size,” said Dan Burton, founder and chief executive of DroneBase, in a statement. “This access to valuable data will allow stakeholders to make better decisions about their most critical assets. Like myself, many DroneBase pilots relied on FLIR products when they served in the military. This integration will offer military veterans a chance to work with FLIR again and leverage their training in their civilian lives.”

Cathay Capital and AfricInvest to raise $168M Africa VC fund

Tunisia based private equity firm Africinvest has teamed up with Cathay Capital — a global private equity firm based in Paris — to launch a new Africa tech fund with a target raise of $168 million.

Details are still forthcoming, but the Cathay Africinvest Innovation Fund will focus primarily on series A to C stage investments in African technology companies, says fund co-founder Denis Barrier.

“We’ll look at investments across several countries in Africa. We’ll focus on areas such as fintech, logistics, AI, agtech, and edutech,” Barrier says.

Barrier could not say when the fund would be closed, but did confirm investments could come as early as summer 2019.  He expects to see strong local showing for startups from across Africinvest’s 10 country offices in Abidjan, Algiers, Cairo, Casablanca, Dubai, Lagos, Nairobi, Paris and Port Louis, and Tunis. The firm will open an office in Johannesburg in the near future, according to a company release.

In the private equity space, both founding companies of the new Cathay Africinvest Innovation Fund  carry considerable capital and scope. Co-founded by Denis Barrier and Mingpo Cai, Cathay Capital has $2.5 billion in assets under management and offices in the U.S., Europe, Asia, and the Middle-East.

Per Crunchbase, Africinvest’s 46 venture and debt investments span the brick and mortar side of many of the sectors the new tech fund looks to target, including education and banking.

With the line between banks and fintech also starting to blur in Africa, that could lead to an advantage for the Cathay Africinvest Innovation Fund in sourcing deal flow.

The new investment group enters during a period when investment rounds and the number of funds focused on African startups continues to grow rapidly. By Shenzen or Silicon Valley standards, the value of VC to African startups—which surpassed $1 billion for the first time in 2018 according to Partech—is minuscule. But by one estimate, that represents more than a one-hundred percent increase in VC to Africa over a four-year period.

The number of Africa focused VC firms globally has also grown, topping 51 in 2018 per TechCrunch and Crunchbase research.

The Cathay Africinvest Innovation Fund takes the number of to 52.

Uber, Lyft, and the challenge of transportation startup profits

How much does transportation cost you?

In most cities, bus or subway fare might set you back $3 or so. A tank of gas, maybe $30 or $40 depending on your car. An hour of street parking? Sometimes it’s free, sometimes it’s a few bucks. And you can usually snag an economy seat on a round-trip U.S. domestic flight for under $300.

These numbers probably ring true for most people. There’s just one problem: Everything you know about the cost of transportation is wrong.

Despite a massive infusion of venture capital into the transportation sector over the past few years, mobility startups are starting to learn what every transportation business has known for generations: transportation profits are elusive, and the system is mainly held together by subsidies. Will this be the first generation of transportation businesses to escape history?

Voyage CEO Oliver Cameron at TC Sessions: Mobility on July 10

Some of the first users of autonomous taxis are senior citizens living in a massive retirement community in Florida.

It’s there, in a 40-square-mile area known as The Villages, that autonomous driving startup Voyage has planted its flag. Once the door-to-door self-driving taxi service is fully operational, all 125,000 residents will have the ability to summon a self-driving car to their doorstep using the Voyage mobile app.

Voyage’s strategy to target retirement communities makes the startup, and its founders, stand out in a sea of emerging competitors. And now, TechCrunch is excited to announce an opportunity to gain insight into Voyage, its mission and plans for the future.

Co-founder and CEO of Voyage Oliver Cameron will participate in TechCrunch’s inaugural TC Sessions: Mobility, a one-day event on July 10, 2019 in San Jose, Calif., that is centered around the future of mobility and transportation.

Cameron previously led the autonomous vehicle, artificial intelligence and deep learning curriculum at Udacity . Voyage spun out of Udacity in 2017. Since then, Voyage has piloted its autonomous taxi services in two retirement communities, one in San Jose and another in Florida. And more will likely follow.

TC Sessions: Mobility will present a day of programming with the best and brightest founders, investors and technologists who are determined to invent a future Henry Ford might never have imagined. In case you missed it, Nuro co-founder and CEO Dave Ferguson was our first announced guest for TC Sessions: Mobility.

TC Sessions: Mobility aims to do more than highlight the next new thing. We’ll dig into the how and why, the cost and impact to cities, people and companies, as well as the numerous challenges that lie along the way, from technological and regulatory to capital and consumer pressures.

Early-Bird tickets are now on sale — save $100 on tickets before prices go up.

Students, you can grab your tickets for just $45.