Technology

It would be easy to assume that Verizonpurchase last week of video-conferencing tool BlueJeans was an opportunistic move to capitalize on the sudden shift to remote work, but the ball began rolling last June and has implications far beyond current work-from-home requirements.

The video-chat darling of the moment is Zoom, but BlueJeans is considered by many to be the enterprise tool of choice. The problem, it seems, is that it had grown as far as it could on its own and went looking for a larger partner to help it reach the next level.

BlueJeans started working with Verizon (which owns this publication) as an authorized reseller before the talks turned toward a deeper relationship that culminated in the acquisition. Assuming the deal passes regulatory scrutiny, Verizon will use its emerging 5G technology to produce much more advanced video-conferencing scenarios.

We spoke to the principals involved in this deal and several industry experts to get a sense of where this could lead. As with any large company buying a startup, outcomes are uncertain; sometimes the acquired company gets lost in the larger corporate bureaucracy, and sometimes additional resources will help grow the company much faster than it could have on its own.

What is BlueJeans?

Research institutes Inria and Fraunhofer have shared details on their contact-tracing protocol that could be used by the French and German governments in the coming weeks. It is named ROBERT for ROBust and privacy-presERving proximity Tracing protocol.

Inria and Fraunhofer are members of the Pan-European Privacy-Preserving Proximity Tracing (PEPP-PT) project. On Friday, PEPP-PT said that seven European governments were interested in developing national apps based on the standardized approach. So ROBERT could become an important inspiration for various contact-tracing apps around Europe.

The French and German research teams have chosen to share technical specifications on GitHub with various documents explaining their work so far. In addition to a full-fledged specification document, the group has written a high-level overview with frequently asked questions, an illustrated example and an interestingly-named document: &Proximity Tracing Applications: The misleading debate about centralised versus decentralised approaches.&

InriaCEO Bruno Sportisse also wrote an article on Inriawebsite describing the thinking behind Inria(and Fraunhofer&s) work. In addition to explaining the concept of contact tracing, he says thereno such thing as a decentralized contact-tracing protocol or a centralized contact-tracing protocol.

&None of the projects aim to implement a peer-to-peer network in which everything would rely on a supposedly ‘independent& community […] of devices/smartphones that exchange information between them. The main reason why thatnot the case is that security vulnerabilities could have an impact with such an approach,& Sportisse wrote.

&All systems in the works include a common component (a server) and a decentralized component (a group of smartphones that can communicate between them using Bluetooth): all systems currently in the works are therefore both centralized […] and decentralized,& he continued.

And yet, centralization and decentralization have been at the heart of a debate between privacy researchers in Europe, with backers of the DP-3T initiative sometimes calling out PEPP-PTapproach. DP-3T is another coalition of experts that claim to care more about privacy than PEPP-PT.

So letdive in to ROBERT and find out what Inria and Fraunhofer mean by a centralized-decentralized contact-tracing protocol.

Unpacking ROBERT

In the specification document, Inria and Fraunhofer define the big principles behind ROBERT.

Our scheme provides the following goals as detailed in [2]:

• Open participation. Participants are free to join or leave the system at any time.
• Simple and transparent. The system is simple to use and understand.
• Easy deployment. The scheme is easy to deploy and requires only minimal infrastructure.
• Anonymity. The smartphone App as well as the back-end server database do not collect or store any personal data.
• Federated infrastructure. The system must scale across countries, ideally worldwide. In order to preserve countries& sovereignty, a trusted federation of infrastructures is necessary.

Those are all fair points, but based on the rest of the document, anonymity is not 100% guaranteed for all actors involved (the government, other app users, malicious users). The document itself describes why there could be some loopholes in the protocol:

The authority running the system, in turn, is &honest-but-curious&. Specifically, it will not deploy spying devices or will not modify the protocols and the messages. However, it might use collected information for other purposes such as to re-identify users or to infer their contact graphs. We assume the back-end system is secure, and regularly audited and controlled by external trusted and neutral authorities (such as Data Protection Authorities and National Cybersecurity Agencies).

Thata big if.

Basically, the protocol is designed in such a way that it protects your privacy as long as you trust the government/the health ministry/whoever is in charge of running the central server. Based on that statement alone, it seems like the authority could log a ton of information about app users.

Generating a log of your proximity contacts

At its core, a contact-tracing app uses Bluetooth to build a comprehensive list of other app users who you&ve interacted with for more than a few seconds. A ROBERT-based contact-tracing app would make those matches on your device.

ROBERT uses ephemeral Bluetooth IDs that change every 15 minutes. For example, if you&re talking with someone for 10 minutes, you&re going to regularly send your ephemeral Bluetooth ID to the other person, and you&re going to receive the other personephemeral Bluetooth ID. If nobody gets infected with COVID-19, those IDs remain on your device (and might even get purged after a while).

The app also collects additional information associated with ephemeral Bluetooth IDs. For instance, it collects the strength of the Bluetooth signal to evaluate the distance between the two persons.

All of this is fairly standard.

Uploading your contact list, not your own ephemeral identifiers

Approaches differ if somebody is confirmed to be infected with COVID-19. Under the ROBERT implementation, if a user is diagnosed COVID-positive and gives their consent to help the community of other app users, the app will upload the list of ephemeral Bluetooth IDs of other users that they&ve been interacting with over the past 14 days.

Again, the app doesn&t send the userown ephemeral Bluetooth IDs — it sends information about the circle of people gravitating around the infected user.

The server then has a list of potentially exposed users. It doesn&t necessarily mean they&ll be infected with COVID-19.

Computing a risk score on the server

So what does the server do with this list of potentially exposed users?

When you download a ROBERT-based contact-tracing app (such as FranceStop Covid app that is in the works) and launch it for the first time, the server is notified. The server generates and sends a permanent ID and a list of ephemeral Bluetooth IDs. The server also keeps a list of all temporary IDs associated with permanent IDs.

In other words, the authority has a giant database of all permanent and ephemeral IDs associated with all app users. While the specifications say &the stored information are ‘anonymous& and, by no mean, associated to a particular user,& itin no way anonymous. Itpseudonymous.

When a user is diagnosed COVID-positive and accepts to share a list of the ephemeral Bluetooth IDs of people they&ve interacted with, the server logs all that information and increases the risk score of people they&ve interacted with.

Over time, multiple users who are confirmed to be infected with COVID-19 could flag different Bluetooth ephemeral IDs that belong to the same user. The server is going to increase the risk score of the permanent ID associated to that user.

Essentially, the authority will have a database of permanent IDs with each ID representing one person. There will be a risk score associated to each person. When the risk score reaches a certain threshold, the user is notified.

A weak defense of centralization

As you can see in my description of the ROBERT protocol, the project tries to minimize the attack surface by centralizing most computing on a server. It is designed to be resilient against malicious users as much as possible — it requires you to ®ister& your account by obtaining a permanent ID from a central server.

But this centralized implementation means that you&ll have to trust your government. In particular, you have to trust that:

• They&re not doing anything nefarious without telling you.
• They have developed a secure implementation of the ROBERT protocol.

For instance, what if a ROBERT-based app uploads your IP address when your app checks the risk score associated with your permanent ID? What if the government wants a little more data to examine the social graph of pseudonyms? Those could be huge privacy risks and the end user wouldn&t even be aware of the vulnerability. It is basically the opposite of &privacy by design.&

Instead, Inria and Fraunhofer throw the DP-3T implementation under the bus:

Other, qualified as ‘decentralised&, schemes broadcast to each App an aggregate information containing the pseudonyms of all the infected users. This information allow each App to decode the identifiers of infected users and verify if any of them are part of its contact list. Our scheme does not follow this principle because we believe that sending information about all infected users reveals too much information. In fact, it has been shown that this information can be easily used by malicious users to re-identify infected users at scale. We claim that infected user re-identification must absolutely be avoided since it could lead to stigmatisation. Instead, we chose to securely store this information on a central server.

Dismissing decentralized protocols in such a way is completely irresponsible. In both cases, it depends on the implementation. Thatwhy itgoing to be important to let developers audit the code that runs both on the smartphone and the server — whether the server is only a relay server or a central database. Otherwise, people are not going to trust contact-tracing apps and they will be useless.

Data on your device can be encrypted and inaccessible to other apps and malicious users. The government could even control a decryption key using a multi-signature authentication. This way, malicious users wouldn&t be able to decrypt data without interacting with the central server, and the central server wouldn&t be able to access user data.

After being forced to quickly shift plans and stage a remote demo day last month following the outbreak of COVID-19 stateside, Y Combinator announced today that they will officially be fully moving their next batch to a remote format.

In a post today on Y Combinatorsite, YC CEO Michael Seibel announced the move. &We have decided to run the S20 batch remotely, because amid the COVID-19 crises, the safety of founders and YC staff is our top priority.&

The Summer 2020 group of founders will operate fully online with interviews, office hours, evening talks and meetups taking place over video conferencing. This could assumedly extend to the groupdemo day as well, though that was not explicitly stated. Y Combinator had given startups in the most recent class the option to defer an onstage launch until a later Demo Day; it seems that those YC startups may not get that option for 2020.

As YC shifts online, questions are sure to only grow on whether founders are still getting a good deal from the accelerator in the midst of a crisis.

Founders joining the program give up a 7% slice of their company in exchange for $150K and, more importantly, access to YCnetwork and group of advisors.

Y Combinator has already been scaling rapidly with larger class sizes, and this move will force the company to add a radical format change to the mix. Accelerator batches have ballooned in size in recent years, tapping out at 240 startups in this most recent class.

To account for these larger groups, YC has had to experiment with major format changes in how startups are grouped internally and how they present to investors. Losing their Demo Day last session meant founders lost easy access to in-person introductions with the large group of VCs that typically flock to the event.

Last week, TechCrunch reported that YC was changing the terms of its pro rata investment program and would be investing in startups on a case-by-case basis, shifting their years-old policy of investing in every companyseed and Series A rounds.

The European Commission has launched a data portal for scientists studying the SARS-CoV-2 virus to speed up access to data sets and tools in order to bolster research efforts by encouraging data reuse and open science.

The COVID-19 Data Portal is intended to accelerate regional efforts to combat the virus by creating a central repository for storing and sharing available research data, such as DNA sequences, protein structures, data from pre-clinical research and clinical trials and epidemiological data.

Mariya Gabriel, the EUcommissioner for innovation, research, culture, education and youth, described it as an &important concrete measure for stronger cooperation in fighting the coronavirus.&

&Building on our dedicated support for open science and open access over the years, now is the time to step up our efforts and stand united with our researchers. Through our joint efforts, we will better understand, diagnose and eventually overpower the pandemic,& she said in a statement.

The initiative is a joint effort by the Commission, the European Bioinformatics Institute of the European Molecular Biology Laboratory (EMBL-EBI), the Elixir infrastructure and the COMPARE project, working with EU Member States and other partners.

Itone part of a package of measures agreed on by EU leaders to encourage pan-EU coordination over research and innovation to fight the virus.

&Rapid and open sharing of data greatly accelerates research and discovery, which is essential to respond to the COVID-19 pandemic,& runs the blurb on the COVID-19 Data Portal website.

&An unprecedented number of scientific efforts are taking place worldwide in order to help combat the new coronavirus epidemic (COVID-19). One of the biggest challenges in this fast-moving situation is to share data and findings in a coordinated way, in order to understand the disease and to develop treatments and vaccines.

&To address this challenge, EMBL-EBI and partners have set up the COVID-19 Data Portal, which will bring together relevant datasets submitted to EMBL-EBI and other major centres for biomedical data. The aim is to facilitate data sharing and analysis, and to accelerate coronavirus research.&

The data portal is one of two connected pieces of whatintended as a wider European COVID-19 Data Platform — illustrated in the below diagram — the other being SARS-CoV-2 Data Hubs, which will &organise the flow of SARS-CoV-2 outbreak sequence data and provide comprehensive open data sharing for the European and global research communities,& fed by inputs from national health data infrastructures and public health labs.

&To rapidly populate the COVID-19 Data Portal, EMBL-EBI will bring together COVID-19 datasets that have been submitted to its public databases, including ENA, UniProt, PDBe, EMDB, Expression Atlas and Europe PMC,& is how itexplained on the site. &The data, which have so far been collated, include genes, protein structures, electron microscopy data and scientific publications.&

Data submissions to the COVID-19 Data Portal can be made here — where the website notes that: &Non-biological data of relevance to COVID-19, such as travel, trade, meteorology and social distancing behaviour are not managed within the European COVID-19 Data Platform, but where possible are linked to data within the system.&

In addition to the data platform, other actions agreed via the action plan include coordinating funding for relevant research; extending large EU-wide clinical trials; increasing support to &innovative companies&; and supporting a pan-European Hackathon in the end of April to mobilise European innovators and the civil society.

The joint plan&priority actions& will continue to be updated with input from the Commission and national governments over the coming months, it said.

Overall, the Commission said it&s committing &hundreds of millions& of euros in research and innovation measures to develop vaccines, new treatments, diagnostic tests and medical systems to prevent the spread of the coronavirus — though not all of this is new funding, since itfactoring in long-term investment vehicles such as FP7 - Horizon 2020.

More specifically, it highlights the &rapid mobilization& of €48.2M for 18 shortlisted research projects — including work being done on rapid point-of-care diagnostic tests; new treatments; new vaccines; and on epidemiology and modelling to improve preparedness and response to outbreaks.

It also flags hybrid support efforts — saying it has mobilized public and private funding of up to €90 million through the Innovative Medicines Initiative; and offered up to €80 million of financial support to CureVacto scale up development and production of a vaccine against the coronavirus.

Additionally, a recent European Innovation Council Accelerator call of €164 million attracted what the Commission dubs &a significant& number of startups and SMEs with innovations that it hopes will help tackle the pandemic.

The Commissionpress release also notes 50 ongoing or completed European Research Council projects which it says are contributing to the response to the coronavirus pandemic by providing insights from several different scientific fields — including virology, epidemiology, immunology, public health, medical devices, social behaviour and crisis management.

The new Magic Keyboard is good, Uber launches new delivery services and Facebook releases its Gaming app ahead of schedule.

Hereyour Daily Crunch for April 20, 2020, a totally regular date with no cultural significance whatsoever. Also, just a reminder: We&re holding our first Extra Crunch Live session, with Aileen Lee and Ted Wang, at 1:30pm Eastern!

1. AppleMagic Keyboard review: Laptop-class typing comes to iPad Pro

TechCrunchEditor in Chief Matthew Panzarino says that, for the past two years, hetyped nearly every word while traveling on the iPad ProSmart Keyboard Folio. Even so, he acknowledged that, aside from its reliability and durability, the Keyboard Folio kind of stinks.

In contrast, the new Magic Keyboard is a first-class typing experience, full stop.

2. Uber adds retail and personal package delivery services as COVID-19 reshapes its business

Uber Direct is a delivery platform for retail items, while Connect is a peer-to-peer package delivery service for sending goods to family and friends. This marks the most aggressive foray yet for Uber into courier services after it already introduced grocery items to its Uber Eats platform.

3. Facebooknew Gaming app launches on Android, with iOS version coming soon

The social media giant pushed the app out two months prior to its scheduled unveiling — amid a global pandemic thatleft people all over the world isolated at home, rapidly burning through entertainment options.

4. Hundreds of academics back privacy friendly coronavirus contact tracing apps

A letter, signed by nearly 300 academics and published Monday, praised recent announcements from Apple and Google to build an opt-in and decentralized way of allowing individuals to know if they have come into contact with someone confirmed to be infected with the novel coronavirus.

5. Top investors predict whatahead for BostonVC scene in Q1

While Bostonstartup market announced a number of huge rounds that bolstered its total venture dollars raised in the first quarter, there were signs of weakness: Deal volume was still a little under the pace set in 2018. (Extra Crunch membership required.)

6. Marc Andreessencall to arms: build something meaningful

In a new essay published over the weekend, Andreessen writes that to &reboot the American dream& we need to &demand more of our political leaders, of our CEOs, our entrepreneurs, our investors. We need to demand more of our culture, of our society. And we need to demand more from one another. We&re all necessary, and we can all contribute, to building.&

7. This weekTechCrunch podcasts

The latest full-length episode of Equity discusses Robinhoodplans to raise new capital, while the Monday news roundup looks at the U.K.financial aid for startups. And on Original Content, we reviewed &Tigertail& and the full season of &Devs& (both are good, but everyone should be watching &Devs&).

The Daily Crunch is TechCrunchroundup of our biggest and most important stories. If you&d like to get this delivered to your inbox every day at around 9am Pacific, you can subscribe here.

Hi and welcome back to The Station, a weekly newsletter dedicated to the future (and present) of transportation. I&m your host Kirsten Korosec, senior transportation reporter at TechCrunch.

What you&re reading here is an abbreviated version of The Station. To get the complete newsletter, which comes out every weekend, go here and click The Station.

Herea friendly reminder to reach out and email me at This email address is being protected from spambots. You need JavaScript enabled to view it. to share thoughts, opinions or tips or send a direct message to @kirstenkorosec.

Letgo.

Micromobbin&

There wasn&t a ton of news in micromobility this week, but I came across an interesting read over at City Lab about whether or not cities should financially support micromobility services. Shared bikes and scooters provide transportation options to city-dwellers during a time when some cities are deciding to scale back public transportation operations in order to keep its employees and residents safe.

In Portland, City Lab pointed to how the city agreed to temporarily waive e-scooter fees as long as Spin passed those savings on to riders. Now, Spin rides cost about 50% less in Portland.

But, as the authors write, &While we believe that waiving e-scooter fees and offering public funding may be necessary, we harbor no illusions that it would be easy to do so in the current fiscal environment.&

— Megan Rose Dickey

A little bird

We hear things. But we&re not selfish. Letshare.

Layoffs are nothing new in this COVID-19 world. More than 260 startups have laid off 25,010 workers, according Layoffs.fyi, a website that is attempting to track cuts in the startup ecosystem amid the COVID-19 pandemic.

Not all of these layoffs are directly related to the COVID-19 pandemic. In many cases, the pandemic has merely augmented pre-existing problems. One such example is Kodiak Robotics, an autonomous trucking startup, that laid off 20% of its staff on Wednesday (about 15 of its 85-person staff). The Information was the first to report the layoffs and TechCrunch has since confirmed those numbers. The official line is that Kodiak reduced its headcount due to the dramatic impact COVID-19 has had on the economy. The move was couched as the best way to position Kodiak for the future.

We&ve learned from several people that the company was already facing considerable headwinds on the fundraising front.

Kodiak Robotics came out of stealth in August 2018 with $40 million in a Series A funding round led by Battery Ventures. CRV, Lightspeed Venture Partners and Tusk Ventures also participated in the round. The company likely attracted interest and investment because of its founders. CEO Don Burnette was part of the Google self-driving project before leaving and co-founding Otto in early 2016, along with Anthony Levandowski, Lior Ron and Claire Delaunay. Uber then acquired Otto (and its co-founders). Burnette left Uber to launch Kodiak in April 2018 with Paz Eshel, a former venture capitalist and now the startupCOO.

The pair scaled up quickly. The company, headquartered in Mountain View, Calif., went on a hiring spree in 2019 and opened a new facility in North Texas to support commercial deliveries using its fleet of eight trucks. Autonomous vehicle technology startups are already capitally intensive. But Kodiak was also trying to launch a carrier service — not just develop the self-driving truck stack.

Fundraising efforts started late last year and Kodiak was hoping to raise a $100 million round on a $300 million pre-money valuation, according to two sources. It was suggested that Kodiak already had a lead. However, the company has had trouble closing a Series B round with attractive terms, according to several sources who spoke to TechCrunch on condition of anonymity. When COVID-19 erupted it put more pressure on the startup.

Kodiak is hardly alone. Autonomous vehicle technology startups have had a more tepid reception from investors since spring 2019. Itstill possible to raise funds. But itharder now — particularly those seeking larger raises — and the terms are less desirable.

Another autonomous delivery pivot

Pony .ai is the latest autonomous vehicle startup to turn its efforts to delivery — at least temporarily. The company announced this week it will partner with e-commerce platform Yamibuy to provide autonomous last-mile delivery service to customers in Irvine, Calif.

The new delivery service was launched to provide additional capacity to address the surge of online orders triggered by the COVID-19 pandemic, Pony.ai said.

Pony.ai, which recently raised $400 million from Toyota Motor Corporation, has focused on shuttling people, not packages. The company has launched ridesharing and commuter pilots in Fremont and Irvine, Calif. and Guangzhou, China.

Pony.ai now said it will use its Irvine robotaxi fleet of 10 electric Hyundai Kona vehicles for delivery through at least mid-summer. Itnot clear how, or if, Pony.ai can generate revenue with this new delivery service. The company is in talks with the California Department of Motor Vehicles, the agency that issues AV testing permits, about this issue. The DMV doesn&t allow AV testing fleets to charge money by delivering goods or rides. However, a deployment permit, which Pony.ai is still waiting to receive, does allow for commercial use, just not a delivery fee.

Pronto.ai makes a move

Pronto.ai, a startup co-founded by controversial star engineer Anthony Levandowski, is not pursuing Level 4 autonomous vehicle technology. Instead, the company is developing an advanced driver assistance system product for trucks, called Copilot. Pronto AI was originally called Kache.ai, according to paperwork discovered at the time by TechCrunch, and was registered as a corporation with the California Secretary of State.

The startup has maintained a low profile since August 2019, when Levandowski was indicted by a federal grand jury on theft of trade secrets, forcing him to step down as CEO. Levandowski has since reached a plea deal. Now, it seems that the company is making some moves.

Pronto.ai recently applied for a five-year exemption from the federal government that would let drivers in trucks with ProntoCopilot technology stay on the road longer than current rules allow. The request to the Federal Motor Carrier Safety Administration, which was first reported by Freight Waves, would let drivers drive up to 13 hours within a 15-consecutive hour driving window after coming on duty, following 10 consecutive hours off duty.

Drivers are typically allowed to drive up to 11 hours in a 14-hour window, after being off duty for 10 or more consecutive hours.

Lime swoops up Boosted IP

Boosted, the startup behind the Boosted Boards and, more recently, the Boosted Rev electric scooter, would typically fall into micromobbin&. But it deserves itown segment this week.

Five weeks ago, Boosted laid off&a significant portion& of its team and began actively seeking a buyer. It seems that a sale never materialized and Lime swooped in and bought up Boostedcore patents,according to a report from The Verge. Lime was apparently working on acquiring Boostedintellectual property since the end of 2019. The shared scooter company snapped up the IP after a proposed acquisition from Yamaha fell through for Boosted.

Boosted co-founder and former CEO Sanjay Dastoor, who left the board 18 months ago, posted a message to the Boosted subreddit shortly after The Verge story published that suggests Limeacquisition was broader than originally thought.

Dastoor wrote that the company is closed and will likely enter into some form of bankruptcy protection. He also wrote that Lime purchased all the assets and IP of the company and appears to be in possession of everything at Boostedheadquarters in Mountain View, including access to the building. Hereone important nugget:

As far as I can tell, this includes design files, software and code, diagnostics, parts, and test equipment I&m not sure if this includes the responsibility for warranty coverage for boards and scooters sold before. I do know that a handful of former engineers at Boosted, most senior is Michael Hillman who joined as VP Engineering last year, are now at Lime and may be able to help. Regardless of how this is structured, if we want our products to continue being supported, including parts for boards or any software diagnostic tests and debugging, their cooperation and help will be needed.

He added thatsome Boosted employees have been trying unsuccessfully to service and send boards back to customers for weeks.

&I&m not a lawyer, but I suspect that those boards should rightfully get back to their owners and should be safe to ride, and I&m trying to find a way to help with this,& Dastoor wrote. &In the meantime, I&d recommend folks who are looking to get in touch more urgently should reach out to Lime directly.&