Sep
22
2019
--

TechCrunch Disrupt offers plenty of options for attendees with an eye on the enterprise

We might have just completed a full-day program devoted completely to enterprise at TechCrunch Sessions: Enterprise last week, but it doesn’t mean we plan to sell that subject short at TechCrunch Disrupt next month in San Francisco. In fact, we have something for everyone from startups to established public companies and everything in between along with investors and industry luminaries to discuss all-things enterprise.

SaaS companies have played a major role in enterprise software over the last decade, and we are offering a full line-up of SaaS company executives to provide you with the benefit of their wisdom. How about Salesforce chairman, co-CEO and co-founder Marc Benioff for starters? Benioff will be offering advice on how to build a socially responsible, successful startup.

If you’re interested in how to take your startup public, we’ll have Box CEO Aaron Levie, who led his company to IPO in 2015 and Jennifer Tejada, CEO at PagerDuty, who did the same just this year. The two executives will discuss the trials and tribulations of the IPO process and what happens after you finally go public.

Meanwhile, Slack co-founder and CTO Cal Henderson, another SaaS company that recently IPOed, will be discussing how to build great products with Megan Quinn from Spark Capital, a Slack investor.

Speaking of investors, Neeraj Agrawal, a general partner at Battery Ventures joins us on a panel with Whitney Bouck, COO at HelloSign and Jyoti Bansal, CEO and founder of Harness (as well as former CEO and co-founder at AppDynamics, which was acquired by Cisco in 2017 for $3.7 billion just before it was supposed to IPO). They will be chatting about what it takes to build a billion dollar SaaS business.

Not enough SaaS for you? How about Diya Jolly, Chief Product Officer at Okta discussing how to iterate your product?

If you’re interested in security, we have Dug Song from Duo, whose company was sold to Cisco in 2018 for $2.35 billion, explaining how to develop a secure startup. We will also welcome Nadav Zafrir from Israeli security incubator Team 8 to talk about the intriguing subject of when spies meet security on our main stage.

You probably want to hear from some enterprise company executives too. That’s why we are bringing Frederic Moll, chief development officer for the digital surgery group at Johnson & Johnson to talk about robots, Marillyn A. Hewson, chairman, president and CEO at Lockheed Martin discussing the space industry and Verizon CEO Hans Vestberg going over the opportunity around 5G.

We’ll also have seasoned enterprise investors, Mamoon Hamid from Kleiner Perkins and Michelle McCarthy from Verizon Ventures, acting as judges at the TechCrunch Disrupt Battlefield competition.

If that’s not enough for you, there will also be enterprise startups involved in the Battlefield and Startup Alley. If you love the enterprise, there’s something for everyone. We hope you can make it.

Still need tickets? You can pick those up right here.


Sep
03
2019
--

Starboard Value takes 7.5% stake in Box

Starboard Value, LP revealed in an SEC Form 13D filing last week that it owns a 7.5% stake in Box, the cloud content management company.

It is probably not a coincidence that Starboard Value looks for undervalued stocks. Box stock has been on a price roller coaster ride since it went public in 2015 at a price of $14.00 per share before surging to $23.23 per share. It had high share price of $28.12 in May 2018, but the price dipped into the teens in March and was at $14.85 as we went to press. It has a 52-week low price of $12.46 per share.

Screenshot 2019 09 03 17.22.05

 

The company, which began life as a consumer storage company, made the transition to enterprise software several years after it launched in 2005. It raised more than $500 million along the way, and was a Silicon Valley SaaS darling until it filed its S-1 in 2014.

The S-1 revealed massive sales and marketing spending, and critics came down hard on the company. That led to one of the longest IPO delays in memory, taking nine months from the time the company filed until it finally had its IPO in January 2015.

In its most recent earnings report last week, Box announced  $172.5 million in revenue for the quarter, putting it on a run rate close to $700 million.

Aaron Levie href=”https://techcrunch.com/2019/07/08/box-ceo-aaron-levie-is-coming-to-tc-sessions-enterprise/”> will be appearing at TechCrunch Sessions: Enterprise on Thursday.

We emailed both Starboard Value and Box for comments, but neither has responded as we went to publish. If this changes, we will update the article.

Aug
21
2019
--

Box introduces Box Shield with increased security controls and threat protection

Box has always had to balance the idea of sharing content broadly while protecting it as it moved through the world, but the more you share, the more likely something can go wrong, such as misconfigured shared links that surfaced earlier this year. In an effort to make the system more secure, the company announced Box Shield today in Beta, a set of tools to help employees sharing Box content better understand who they are sharing with, while helping the security team see when content is being misused.

Link sharing is a natural part of what companies do with Box, and as Chief Product and Chief Strategy Officer Jeetu Patel says, you don’t want to change the way people use Box. Instead, he says it’s his job to make it easier to make it secure and that is the goal with today’s announcement.

“We’ve introduced Box Shield, which embeds these content controls and protects the content in a way that doesn’t compromise user experience, while ensuring safety for the administrator and the company, so their intellectual property is protected,” Patel explained.

He says this involves two components. The first is about raising user awareness and helping them understand what they’re sharing. In fact, sometimes companies use Box as a content management backend to distribute files like documentation on the internet on purpose. They want them to be indexed in Google. Other times, however, it’s through misuse of the file-sharing component, and Box wants to fix that with this release by making it clear who they are sharing with and what that means.

They’ve updated the experience on the web and mobile products to make it much clearer through messaging and interface design what the sharing level they have chosen means. Of course, some users will ignore all these messages, so there is a second component to give administrators more control.

2. Box Shield Smart Access

Box Shield access controls (Photo: Box)

This involves helping customers build guardrails into the product to prevent leakage of an entire category of documents that you would never want leaked, like internal business plans, salary lists or financial documents, or even to granularly protect particular files or folders. “The second thing we’re trying to do is make sure that Box itself has some built-in security guardrails and boundary conditions that can help people reduce the risk around employee negligence or inadvertent disclosures, and then make sure that you have some very precision-based, granular security controls that can be applied to classifications that you’ve set on content,” he explained.

In addition, the company wants to help customers detect when employees are abusing content, perhaps sharing sensitive data like customer lists with a personal account, and flag these for the security team. This involves flagging anomalous downloads, suspicious sessions or unusual locations inside Box.

The tool also can work with existing security products already in place, so that whatever classification has been applied in Box travels with a file, and anomalies or misuse can be captured by the company’s security apparatus before the file leaves the company’s boundaries.

While Patel acknowledges there is no way to prevent user misuse or abuse in all cases, by implementing Box Shield, the company is attempting to provide customers with a set of tools to help them reduce the possibility of it going undetected. Box Shield is in private beta today and will be released in the fall.

Jul
23
2019
--

Buy a demo table at TC Sessions: Enterprise 2019

Early-stage enterprise startup founders listen up. That sound you hear is opportunity knocking. Answer the call, open the door and join us for TC Sessions: Enterprise on September 5 in San Francisco. Our day-long conference not only explores the promises and challenges of this $500 billion market, it also provides an opportunity for unparalleled exposure.

How’s that? Buy a Startup Demo Package and showcase your genius to more than 1,000 of the most influential enterprise founders, investors, movers and shakers. This event features the enterprise software world’s heaviest hitters. People like SAP CEO Bill McDermott; Aaron Levie, Box co-founder, chairman and CEO; and George Brady, executive VP in charge of technology operations at Capital One.

Demo tables are reserved for startups with less than $3 million, cost $2,000 and include four tickets to the event. We have a limited number of demo tables available, so don’t wait to introduce your startup to this very targeted audience.

The entire day is a full-on deep dive into the big challenges, hot topics and potential promise facing enterprise companies today. Forget the hype. TechCrunch editors will interview founders and leaders — established and emerging — on topics ranging from intelligent marketing automation and the cloud to machine learning and AI. You’ll hear from VCs about where they’re directing their enterprise investments.

Speaking of investors and hot topics, Jocelyn Goldfein, a managing director at Zetta Venture Partners, will join TechCrunch editors and other panelists for a discussion about the growing role of AI in enterprise software.

Check out our growing (and amazing, if we do say so ourselves) roster of speakers.

Our early-bird pricing is still in play, which means tickets cost $249 and students pay only $75. Plus, for every TC Sessions: Enterprise ticket you buy, we’ll register you for a complimentary Expo Only pass to TechCrunch Disrupt SF on October 2-4.

TC Sessions: Enterprise takes place September 5 at San Francisco’s Yerba Buena Center for the Arts. Buy a Startup Demo Package, open the door to opportunity and place your early-stage enterprise startup directly in the path of influential enterprise software founders, investors and technologists.

Looking for sponsorship opportunities? Contact our TechCrunch team to learn about the benefits associated with sponsoring TC Sessions: Enterprise 2019.

Jul
08
2019
--

Box CEO Aaron Levie is coming to TC Sessions: Enterprise

Box co-founder, chairman and CEO Aaron Levie took his company from a consumer-oriented online storage service to a publicly traded enterprise powerhouse. Launched in 2005, Box today has more than 41 million users, and the vast majority of Fortune 500 companies use its service. Levie will join us at TC Sessions: Enterprise for a fireside chat about the past, present and future of Box, as well as the overall state of the SaaS and cloud space.

Levie, who also occasionally contributes to TechCrunch, was a bit of a serial entrepreneur before he even got to college. Once he got to the University of Southern California, the idea for Box was born. In hindsight, it was obviously the right idea at the right time, but its early iterations focused more on consumers than business users. Like so many other startups, though, the Box team quickly realized that in order to actually make money, selling to the enterprise was the most logical — and profitable — option.

Before going public, Box raised well over $500 million from some of the most world’s most prestigious venture capital firms. Box’s market cap today is just under $2.5 billion, but more than four years after going public, the company, like many Silicon Valley unicorns both private and public, still regularly loses money. 

Early-Bird Tickets are on sale today for just $249 — book here before prices go up by $100!

Mar
11
2019
--

Dozens of companies leaked sensitive data thanks to misconfigured Box accounts

Security researchers have found dozens of companies inadvertently leaking sensitive corporate and customer data because staff are sharing public links to files in their Box enterprise storage accounts that can easily be discovered.

The discoveries were made by Adversis, a cybersecurity firm, which found major tech companies and corporate giants had left data inadvertently exposed. Although data stored in Box enterprise accounts is private by default, users can share files and folders with anyone, making data publicly accessible with a single link. But Adversis said these secret links can be discovered by others. Using a script to scan for and enumerate Box accounts with lists of company names and wildcard searches, Adversis found more than 90 companies with publicly accessible folders.

Not even Box’s own staff were immune from leaking data.

The company said while much of the data is legitimately public and Box advises users how to minimize risks, many employees may not know the sensitive data they share can be found by others.

Worse, some public folders were scraped and indexed by search engines, making the data found more easily.

In a blog post, Adversis said Box administrators should reconfigure the default access for shared links to “people in your company” to reduce accidental exposure of data to the public.

Adversis said it found passport photos, bank account and Social Security numbers, passwords, employee lists, financial data like invoices and receipts and customer data among the data found. The company contacted Box to warn of the larger exposures of sensitive data, but noted that there was little overall improvement six months after its initial disclosure.

“There is simply too much out there and not enough time to resolve each individually,” he said.

Adversis provided TechCrunch with a list of known exposed Box accounts. We contacted several of the big companies named, as well as those known to have highly sensitive data, including:

  • Amadeus, the flight reservation system maker, which left a folder full of documents and application files associated with Singapore Airlines. Earlier this year, researchers found flaws that made it easy to change reservations booked with Amadeus.
  • Apple had several folders exposed, containing what appeared to be non-sensitive internal data, such as logs and regional price lists.
  • Television network Discovery had more than a dozen folders listed, including database dumps of millions of customers names and email addresses. The folders also contained some demographic information and developer project files, including casting contracts and notes and tax documents.
  • Edelman, the global public relations firm, had an entire project proposal for working with the New York City mass transit division, including detailed proposal plans and more than a dozen resumes of potential staff for the project — including their names, email addresses, and phone numbers.
  • Nutrition giant Herbalife left several folders exposed containing files and spreadsheets on about 100,000 customers, including their names, email addresses and phone numbers.
  • Opportunity International, a nonprofit aimed at ending global poverty, exposed in a massive spreadsheet a list of donor names, addresses and amount given.
  • Schneider Electric left dozens of customer orders accessible to anyone, including sludge works and pump stations for several towns and cities. Each folder had an installation “sequence of operation” document, which included both default passwords and in some cases “backdoor” access passwords in case of forgotten passwords.
  • PointCare, a medical insurance coverage management software company, had thousands of patient names and insurance information exposed. Some of the data included the last four digits of Social Security numbers.
  • United Tissue Network, a whole-body donation nonprofit, exposed body donor information and personal information of donors in a vast spreadsheet, including the prices of body parts.

Box, which initially had no comment when we reached out, had several folders exposed. The company exposed signed non-disclosure agreements on their clients, including several U.S. schools, as well as performance metrics of its own staff, the researchers said.

Box spokesperson Denis Roy said in a statement: “We take our customers’ security seriously and we provide controls that allow our customers to choose the right level of security based on the sensitivity of the content they are sharing. In some cases, users may want to share files or folders broadly and will set the permissions for a custom or shared link to public or ‘open’. We are taking steps to make these settings more clear, better help users understand how their files or folders can be shared, and reduce the potential for content to be shared unintentionally, including both improving admin policies and introducing additional controls for shared links.”

The cloud giant said it plans to reduce the unintended discovery of public files and folders.

Amadeus, Apple, Box, Discovery, Herbalife, Edelman and PointCare all reconfigured their enterprise accounts to prevent access to their leaking files after TechCrunch reached out.

Amadeus spokesperson Alba Redondo said the company decommissioned Box in October and blamed the exposure on an account that was “misconfigured in public mode,” which has now been corrected and external access to it is now closed. “We continue to investigate this issue and confirm there has been no unauthorized access of our system,” said the spokesperson, without explanation. “There is no evidence that confidential information or any information containing personal data was impacted by this issue,” the spokesperson added.

When we asked Amadeus how it concluded there was no improper access, another spokesperson, Ben Hunt, said: “We have the full audit trail for Box and access of these files — none of the files have been downloaded outside of either Amadeus or authorized customers.”

The spokesperson declined to explain its statement when told files were downloaded to verify their contents.

PointCare chief executive Everett Lebherz confirmed its leaking files had been “removed and Box settings adjusted.” Edelman’s global marketing chief Michael Bush said the company was “looking into this matter.”

Herbalife spokesperson Jennifer Butler said the company was “looking into it,” but we did not hear back after several follow-ups. (Butler declared her email “off the record,” which requires both parties agree to the terms in advance, but we are printing the reply as we were given no opportunity to reject the terms.)

When reached, an Apple spokesperson did not comment by the time of publication.

Discovery, Opportunity International, Schneider Electric and United Tissue Network did not return a request for comment.

Data “dumpster diving” is not a new hobby for the skilled, but it’s a necessary sub-industry to fix an emerging category of data breaches: leaking, public and exposed data that shouldn’t be. It’s a growing space that we predicted would grow as more security researchers look to find and report data leaks.

This year alone, we’ve reported data leaks at Dow Jones, Rubrik, NASA, AIESEC, Uber, the State Bank of India, two massive batches of Indian Aadhaar numbers, a huge leak of mortgage and loan data and several Chinese government surveillance systems.

Adversis has open-sourced and published its scanning tool.

Feb
27
2019
--

Box fourth quarter revenue up 20 percent, but stock down 22 percent after hours

By most common sense measurements, Box had a pretty good earnings report today, reporting revenue up 20 percent year over year to $163.7 million. That doesn’t sound bad, yet Wall Street was not happy with the stock getting whacked, down more than 22 percent after hours as we went to press. It appears investors were unhappy with the company’s guidance.

Part of the problem, says Alan Pelz-Sharpe, principal analyst at Deep Analysis, a firm that watches the content management space, is that the company failed to hit its projections, combined with weaker guidance; a tough combination, but he points out the future does look bright for the company.

Box did miss its estimates and got dinged pretty hard today; however, the bigger picture is still of solid growth. As Box moves more and more into the enterprise space, the deal cycle takes longer to close and I think that has played a large part in this shift. The onus is on Box to close those bigger deals over the next couple of quarters, but if it does, then that will be a real warning shot to the legacy enterprise vendors as Box starts taking a chunk out of their addressable market,” Pelz-Sharpe told TechCrunch.

This fits with what company CEO Aaron Levie was saying. “Wall Street did have higher expectations with our revenue guidance for next year, and I think that’s totally fair, but we’re very focused as a company right now on driving reacceleration in our growth rate and the way that we’re going to do that is by really bringing the full suite of Box’s capabilities to more of our customers,” Levie told TechCrunch.

Holger Mueller, an analyst with Constellation Research says failing to hit guidance is always going to hurt a company with Wall Street. “It’s all about hitting the guidance, and Box struggled with this. At the end of the day, investors don’t care for the reasons, but making the number is what matters. But a booming economy and the push to AI will help Box as enterprises need document automation solutions,” Mueller said.

On the positive side, Levie pointed out that the company achieved positive non-GAAP growth rate for the first time in its 14-year history, with projections for the first full year of non-GAAP profitability for FY20 that it just kicked off.

The company was showing losses on a cost per share of 14 cents a share for the most recent quarter, but even that was a smaller loss than the 24 cents a share from the previous fiscal year. It would seem that the revenue is heading generally in the correct direction, but Wall Street did not see it that way, flogging the cloud content management company.

Chart: Box

Wall Street tends to try to project future performance. What a company has done this quarter is not as important to investors, who are apparently not happy with the projections, but Levie pointed out the opportunity here is huge. “We’re going after 40 plus billion dollar market, so if you think about the entirety of spend on content management, collaboration, storage infrastructure — as all of that moves to the cloud, we see that as the full market opportunity that we’re going out and serving,” Levie explained.

Pelz-Sharpe also thinks Wall Street could be missing the longer-range picture here. “The move to true enterprise started a couple of years back at Box, but it has taken time to bring on the right partners and infrastructure to deal with these bigger and more complex migrations and implementations,” Pelz-Sharpe explained. Should that happen, Box could begin capturing much larger chunks of that $40 billion addressable cloud content management market, and the numbers could ultimately be much more to investor’s liking. For now though, they are clearly not happy with what they are seeing.

Jan
26
2019
--

Has the fight over privacy changed at all in 2019?

Few issues divide the tech community quite like privacy. Much of Silicon Valley’s wealth has been built on data-driven advertising platforms, and yet, there remain constant concerns about the invasiveness of those platforms.

Such concerns have intensified in just the last few weeks as France’s privacy regulator placed a record fine on Google under Europe’s General Data Protection Regulation (GDPR) rules which the company now plans to appeal. Yet with global platform usage and service sales continuing to tick up, we asked a panel of eight privacy experts: “Has anything fundamentally changed around privacy in tech in 2019? What is the state of privacy and has the outlook changed?” 

This week’s participants include:

TechCrunch is experimenting with new content forms. Consider this a recurring venue for debate, where leading experts – with a diverse range of vantage points and opinions – provide us with thoughts on some of the biggest issues currently in tech, startups and venture. If you have any feedback, please reach out: Arman.Tabatabai@techcrunch.com.


Thoughts & Responses:


Albert Gidari

Albert Gidari is the Consulting Director of Privacy at the Stanford Center for Internet and Society. He was a partner for over 20 years at Perkins Coie LLP, achieving a top-ranking in privacy law by Chambers, before retiring to consult with CIS on its privacy program. He negotiated the first-ever “privacy by design” consent decree with the Federal Trade Commission. A recognized expert on electronic surveillance law, he brought the first public lawsuit before the Foreign Intelligence Surveillance Court, seeking the right of providers to disclose the volume of national security demands received and the number of affected user accounts, ultimately resulting in greater public disclosure of such requests.

There is no doubt that the privacy environment changed in 2018 with the passage of California’s Consumer Privacy Act (CCPA), implementation of the European Union’s General Data Protection Regulation (GDPR), and new privacy laws enacted around the globe.

“While privacy regulation seeks to make tech companies betters stewards of the data they collect and their practices more transparent, in the end, it is a deception to think that users will have more “privacy.””

For one thing, large tech companies have grown huge privacy compliance organizations to meet their new regulatory obligations. For another, the major platforms now are lobbying for passage of a federal privacy law in the U.S. This is not surprising after a year of privacy miscues, breaches and negative privacy news. But does all of this mean a fundamental change is in store for privacy? I think not.

The fundamental model sustaining the Internet is based upon the exchange of user data for free service. As long as advertising dollars drive the growth of the Internet, regulation simply will tinker around the edges, setting sideboards to dictate the terms of the exchange. The tech companies may be more accountable for how they handle data and to whom they disclose it, but the fact is that data will continue to be collected from all manner of people, places and things.

Indeed, if the past year has shown anything it is that two rules are fundamental: (1) everything that can be connected to the Internet will be connected; and (2) everything that can be collected, will be collected, analyzed, used and monetized. It is inexorable.

While privacy regulation seeks to make tech companies betters stewards of the data they collect and their practices more transparent, in the end, it is a deception to think that users will have more “privacy.” No one even knows what “more privacy” means. If it means that users will have more control over the data they share, that is laudable but not achievable in a world where people have no idea how many times or with whom they have shared their information already. Can you name all the places over your lifetime where you provided your SSN and other identifying information? And given that the largest data collector (and likely least secure) is government, what does control really mean?

All this is not to say that privacy regulation is futile. But it is to recognize that nothing proposed today will result in a fundamental shift in privacy policy or provide a panacea of consumer protection. Better privacy hygiene and more accountability on the part of tech companies is a good thing, but it doesn’t solve the privacy paradox that those same users who want more privacy broadly share their information with others who are less trustworthy on social media (ask Jeff Bezos), or that the government hoovers up data at rate that makes tech companies look like pikers (visit a smart city near you).

Many years ago, I used to practice environmental law. I watched companies strive to comply with new laws intended to control pollution by creating compliance infrastructures and teams aimed at preventing, detecting and deterring violations. Today, I see the same thing at the large tech companies – hundreds of employees have been hired to do “privacy” compliance. The language is the same too: cradle to grave privacy documentation of data flows for a product or service; audits and assessments of privacy practices; data mapping; sustainable privacy practices. In short, privacy has become corporatized and industrialized.

True, we have cleaner air and cleaner water as a result of environmental law, but we also have made it lawful and built businesses around acceptable levels of pollution. Companies still lawfully dump arsenic in the water and belch volatile organic compounds in the air. And we still get environmental catastrophes. So don’t expect today’s “Clean Privacy Law” to eliminate data breaches or profiling or abuses.

The privacy world is complicated and few people truly understand the number and variety of companies involved in data collection and processing, and none of them are in Congress. The power to fundamentally change the privacy equation is in the hands of the people who use the technology (or choose not to) and in the hands of those who design it, and maybe that’s where it should be.


Gabriel Weinberg

Gabriel Weinberg is the Founder and CEO of privacy-focused search engine DuckDuckGo.

Coming into 2019, interest in privacy solutions is truly mainstream. There are signs of this everywhere (media, politics, books, etc.) and also in DuckDuckGo’s growth, which has never been faster. With solid majorities now seeking out private alternatives and other ways to be tracked less online, we expect governments to continue to step up their regulatory scrutiny and for privacy companies like DuckDuckGo to continue to help more people take back their privacy.

“Consumers don’t necessarily feel they have anything to hide – but they just don’t want corporations to profit off their personal information, or be manipulated, or unfairly treated through misuse of that information.”

We’re also seeing companies take action beyond mere regulatory compliance, reflecting this new majority will of the people and its tangible effect on the market. Just this month we’ve seen Apple’s Tim Cook call for stronger privacy regulation and the New York Times report strong ad revenue in Europe after stopping the use of ad exchanges and behavioral targeting.

At its core, this groundswell is driven by the negative effects that stem from the surveillance business model. The percentage of people who have noticed ads following them around the Internet, or who have had their data exposed in a breach, or who have had a family member or friend experience some kind of credit card fraud or identity theft issue, reached a boiling point in 2018. On top of that, people learned of the extent to which the big platforms like Google and Facebook that collect the most data are used to propagate misinformation, discrimination, and polarization. Consumers don’t necessarily feel they have anything to hide – but they just don’t want corporations to profit off their personal information, or be manipulated, or unfairly treated through misuse of that information. Fortunately, there are alternatives to the surveillance business model and more companies are setting a new standard of trust online by showcasing alternative models.


Melika Carroll

Melika Carroll is Senior Vice President, Global Government Affairs at Internet Association, which represents over 45 of the world’s leading internet companies, including Google, Facebook, Amazon, Twitter, Uber, Airbnb and others.

We support a modern, national privacy law that provides people meaningful control over the data they provide to companies so they can make the most informed choices about how that data is used, seen, and shared.

“Any national privacy framework should provide the same protections for people’s data across industries, regardless of whether it is gathered offline or online.”

Internet companies believe all Americans should have the ability to access, correct, delete, and download the data they provide to companies.

Americans will benefit most from a federal approach to privacy – as opposed to a patchwork of state laws – that protects their privacy regardless of where they live. If someone in New York is video chatting with their grandmother in Florida, they should both benefit from the same privacy protections.

It’s also important to consider that all companies – both online and offline – use and collect data. Any national privacy framework should provide the same protections for people’s data across industries, regardless of whether it is gathered offline or online.

Two other important pieces of any federal privacy law include user expectations and the context in which data is shared with third parties. Expectations may vary based on a person’s relationship with a company, the service they expect to receive, and the sensitivity of the data they’re sharing. For example, you expect a car rental company to be able to track the location of the rented vehicle that doesn’t get returned. You don’t expect the car rental company to track your real-time location and sell that data to the highest bidder. Additionally, the same piece of data can have different sensitivities depending on the context in which it’s used or shared. For example, your name on a business card may not be as sensitive as your name on the sign in sheet at an addiction support group meeting.

This is a unique time in Washington as there is bipartisan support in both chambers of Congress as well as in the administration for a federal privacy law. Our industry is committed to working with policymakers and other stakeholders to find an American approach to privacy that protects individuals’ privacy and allows companies to innovate and develop products people love.


Johnny Ryan

Dr. Johnny Ryan FRHistS is Chief Policy & Industry Relations Officer at Brave. His previous roles include Head of Ecosystem at PageFair, and Chief Innovation Officer of The Irish Times. He has a PhD from the University of Cambridge, and is a Fellow of the Royal Historical Society.

Tech companies will probably have to adapt to two privacy trends.

“As lawmakers and regulators in Europe and in the United States start to think of “purpose specification” as a tool for anti-trust enforcement, tech giants should beware.”

First, the GDPR is emerging as a de facto international standard.

In the coming years, the application of GDPR-like laws for commercial use of consumers’ personal data in the EU, Britain (post-EU), Japan, India, Brazil, South Korea, Malaysia, Argentina, and China will bring more than half of global GDP under a similar standard.

Whether this emerging standard helps or harms United States firms will be determined by whether the United States enacts and actively enforces robust federal privacy laws. Unless there is a federal GDPR-like law in the United States, there may be a degree of friction and the potential of isolation for United States companies.

However, there is an opportunity in this trend. The United States can assume the global lead by doing two things. First, enact a federal law that borrows from the GDPR, including a comprehensive definition of “personal data”, and robust “purpose specification”. Second, invest in world-leading regulation that pursues test cases, and defines practical standards. Cutting edge enforcement of common principles-based standards is de facto leadership.

Second, privacy and antitrust law are moving closer to each other, and might squeeze big tech companies very tightly indeed.

Big tech companies “cross-use” user data from one part of their business to prop up others. The result is that a company can leverage all the personal information accumulated from its users in one line of business, and for one purpose, to dominate other lines of business too.

This is likely to have anti-competitive effects. Rather than competing on the merits, the company can enjoy the unfair advantage of massive network effects even though it may be starting from scratch in a new line of business. This stifles competition and hurts innovation and consumer choice.

Antitrust authorities in other jurisdictions have addressed this. In 2015, the Belgian National Lottery was fined for re-using personal information acquired through its monopoly for a different, and incompatible, line of business.

As lawmakers and regulators in Europe and in the United States start to think of “purpose specification” as a tool for anti-trust enforcement, tech giants should beware.


John Miller

John Miller is the VP for Global Policy and Law at the Information Technology Industry Council (ITI), a D.C. based advocate group for the high tech sector.  Miller leads ITI’s work on cybersecurity, privacy, surveillance, and other technology and digital policy issues.

Data has long been the lifeblood of innovation. And protecting that data remains a priority for individuals, companies and governments alike. However, as times change and innovation progresses at a rapid rate, it’s clear the laws protecting consumers’ data and privacy must evolve as well.

“Data has long been the lifeblood of innovation. And protecting that data remains a priority for individuals, companies and governments alike.”

As the global regulatory landscape shifts, there is now widespread agreement among business, government, and consumers that we must modernize our privacy laws, and create an approach to protecting consumer privacy that works in today’s data-driven reality, while still delivering the innovations consumers and businesses demand.

More and more, lawmakers and stakeholders acknowledge that an effective privacy regime provides meaningful privacy protections for consumers regardless of where they live. Approaches, like the framework ITI released last fall, must offer an interoperable solution that can serve as a model for governments worldwide, providing an alternative to a patchwork of laws that could create confusion and uncertainty over what protections individuals have.

Companies are also increasingly aware of the critical role they play in protecting privacy. Looking ahead, the tech industry will continue to develop mechanisms to hold us accountable, including recommendations that any privacy law mandate companies identify, monitor, and document uses of known personal data, while ensuring the existence of meaningful enforcement mechanisms.


Nuala O’Connor

Nuala O’Connor is president and CEO of the Center for Democracy & Technology, a global nonprofit committed to the advancement of digital human rights and civil liberties, including privacy, freedom of expression, and human agency. O’Connor has served in a number of presidentially appointed positions, including as the first statutorily mandated chief privacy officer in U.S. federal government when she served at the U.S. Department of Homeland Security. O’Connor has held senior corporate leadership positions on privacy, data, and customer trust at Amazon, General Electric, and DoubleClick. She has practiced at several global law firms including Sidley Austin and Venable. She is an advocate for the use of data and internet-enabled technologies to improve equity and amplify marginalized voices.

For too long, Americans’ digital privacy has varied widely, depending on the technologies and services we use, the companies that provide those services, and our capacity to navigate confusing notices and settings.

“Americans deserve comprehensive protections for personal information – protections that can’t be signed, or check-boxed, away.”

We are burdened with trying to make informed choices that align with our personal privacy preferences on hundreds of devices and thousands of apps, and reading and parsing as many different policies and settings. No individual has the time nor capacity to manage their privacy in this way, nor is it a good use of time in our increasingly busy lives. These notices and choices and checkboxes have become privacy theater, but not privacy reality.

In 2019, the legal landscape for data privacy is changing, and so is the public perception of how companies handle data. As more information comes to light about the effects of companies’ data practices and myriad stewardship missteps, Americans are surprised and shocked about what they’re learning. They’re increasingly paying attention, and questioning why they are still overburdened and unprotected. And with intensifying scrutiny by the media, as well as state and local lawmakers, companies are recognizing the need for a clear and nationally consistent set of rules.

Personal privacy is the cornerstone of the digital future people want. Americans deserve comprehensive protections for personal information – protections that can’t be signed, or check-boxed, away. The Center for Democracy & Technology wants to help craft those legal principles to solidify Americans’ digital privacy rights for the first time.


Chris Baker

Chris Baker is Senior Vice President and General Manager of EMEA at Box.

Last year saw data privacy hit the headlines as businesses and consumers alike were forced to navigate the implementation of GDPR. But it’s far from over.

“…customers will have trust in a business when they are given more control over how their data is used and processed”

2019 will be the year that the rest of the world catches up to the legislative example set by Europe, as similar data regulations come to the forefront. Organizations must ensure they are compliant with regional data privacy regulations, and more GDPR-like policies will start to have an impact. This can present a headache when it comes to data management, especially if you’re operating internationally. However, customers will have trust in a business when they are given more control over how their data is used and processed, and customers can rest assured knowing that no matter where they are in the world, businesses must meet the highest bar possible when it comes to data security.

Starting with the U.S., 2019 will see larger corporations opt-in to GDPR to support global business practices. At the same time, local data regulators will lift large sections of the EU legislative framework and implement these rules in their own countries. 2018 was the year of GDPR in Europe, and 2019 be the year of GDPR globally.


Christopher Wolf

Christopher Wolf is the Founder and Chair of the Future of Privacy Forum think tank, and is senior counsel at Hogan Lovells focusing on internet law, privacy and data protection policy.

With the EU GDPR in effect since last May (setting a standard other nations are emulating),

“Regardless of the outcome of the debate over a new federal privacy law, the issue of the privacy and protection of personal data is unlikely to recede.”

with the adoption of a highly-regulatory and broadly-applicable state privacy law in California last Summer (and similar laws adopted or proposed in other states), and with intense focus on the data collection and sharing practices of large tech companies, the time may have come where Congress will adopt a comprehensive federal privacy law. Complicating the adoption of a federal law will be the issue of preemption of state laws and what to do with the highly-developed sectoral laws like HIPPA and Gramm-Leach-Bliley. Also to be determined is the expansion of FTC regulatory powers. Regardless of the outcome of the debate over a new federal privacy law, the issue of the privacy and protection of personal data is unlikely to recede.

Jan
15
2019
--

Box hires former SAP exec as chief information security officer

Box announced today that it has hired Lakshmi Hanspal to be the company’s new chief information security officer (CISO). She boasts 20 years of security experience, including holding executive security roles at SAP Ariba and Bank of America. She also spent time in a senior role at PayPal.

In a blog post announcing the hire, the company defined her role this way: “In the role of CISO, Lakshmi will be responsible for Box’s cyber security practice, security operations and data and platform protection.”

Hanspal sees similarities in Box from her time at SAP Ariba, but she recognizes that she will face a different set of challenges. “My role at Box is similar to what I focused on at SAP Ariba with the biggest difference being Box’s geographical footprint. Box is a born in the cloud company and expanding rapidly globally, so my focus will also include securing public cloud operations (future stack) and risk transparency for our customers,” she told TechCrunch.

She said that will involve improving service maturity and sustainability through automation, while continuing to ensure the highest level of security of both Box corporate and product platforms.

Box CEO Aaron Levie indicated that security is central to everything Box does, so finding the right chief information security officer was absolutely critical. “Not only does Lakshmi bring with her an impressive and diverse leadership experience from her time at SAP, PayPal and Bank of America, but she’s an incredible team builder and culture add for Box that will take our security team to the next level,” Levie said.

Hanspal is the third woman on Box’s executive team, joining Stephanie Carullo, who was hired as chief operating officer in 2017 and chief people officer, Christie Lake.

Dec
18
2018
--

Box releases Skills, which lets developers apply AI and machine learning to Box content

When you have as much data under management as Box does, you have the key ingredient for artificial intelligence and machine learning, which feeds on copious amounts of data. Box is giving developers access to this data, while letting them choose the AI and machine learning algorithms they want to use. Today, the company announced the general availability of the Box Skills SDK, originally announced at BoxWorks a year ago.

Jeetu Patel, Box’s chief product officer and chief strategy officer, says beta customers have been focusing on use cases specific to each company. They have been pulling information from different classes of content that matter most to them to bring an element of automation to their content management. “If there’s a way to bring a level of automation with machine learning, rather than doing it manually, that would meaningfully change the way that business processes can function,” Patel told TechCrunch.

Among the use cases Box has been seeing with the 300 beta testers is using artificial intelligence to recognize the contents of a photo for the purpose of auto tagging, thereby eliminating the need for humans to do that tagging. Another example is in contract management, where the terms are pulled automatically from the contract, saving the legal team from having to do this.

Where this can get really powerful though is that the Skills SDK can drive a more complex automated workflow inside of Box. If, for example, Skills is driving the creation of automated metadata, that can in turn drive a workflow, Patel said.

Box is providing the means to ingest Box data into a given AI or machine learning algorithm, but instead of trying to create those on its own, it’s been relying on partners that have more specific expertise, such as IBM Watson, Microsoft Azure, Google Cloud Platform and Amazon Web Services. In fact, Box says it is working with dozens of AI and machine learning partners.

For customers that aren’t comfortable doing any of this on their own, Box is also providing a consulting service, where it can come into a customer and help work through a set of requirements and choose the best algorithm for the job.

Powered by WordPress | Theme: Aeros 2.0 by TheBuckmaker.com