The U.S. International Trade Commission has barred imports of hoverboards covered by a patent issued to Segway creator Dean Kamen.
Segway, and Kamen's company DEKA Products, filed a complaint with the commission back in 2014, asking the commission to ban imports into the U.S. of hoverboards that the companies said infringed a number of patents covering Segway's iconic two-wheel transporters.
And on Wednesday, the ITC, which has the power to restrict imports that infringe on intellectual property rights, announced it was issuing a ban on "personal transporters" covered by a patent on "control of a personal transporter based on user position."
While Segway named 13 specific companies in the U.S. and China that it said were infringing its rights, it asked the commission to bar all infringing hoverboards, not just those from the specific manufacturers.
"The Commission has determined that a general exclusion order for entry for consumption is necessary to prevent circumvention of an exclusion order limited to products of named persons and because there is a pattern of violation of [import laws] and it is difficult to identify the source of infringing products," the ITC wrote.
Hoverboards, which are often made by fly-by-night manufacturers in China, have already been banned from several U.S. airlines, transit systems, retailers, and colleges over fears that their batteries could catch fire. In January, Amazon began offering refunds on all hoverboards sold through its site, in response to safety concerns.
The Department of Transportation recently warned that of 32 cargo containers intercepted, more than 80% didn't have proper documentation that their lithium batteries were safe to transport.
The Consumer Product Safety Commission has also warned of the danger of the devices, telling consumers that even hoverboards that claim to be UL certified may be dangerous, since the safety group doesn't actually certify hoverboards.
"Have a working fire extinguisher nearby while charging or using these boards in and around your home," CPSC Chairman Elliot F. Kaye advised in January.
Uber drivers in San Francisco can now opt to get paid instantly, having their earnings automatically deposited to a GoBank mobile checking account, the company said.
"We're excited to be able to offer this unique option with GoBank, which provides the convenience of online banking and gives drivers the ability to access their earnings instantly," said David Richter, Uber's vice president for strategic initiatives, in a statement.
The account, called Uber Checking by GoBank, carries a monthly fee of $8.95, though that's waived for the first six months where drivers receive deposits from Uber or in any month where they receive more than $500 in total direct deposits.
The account comes with a debit card from GoBank, a division of prepaid debit card giant Green Dot, and it's free to withdraw cash from in-network ATMs. Drivers can also transfer funds to another bank account, though that's limited to $1,000 per transaction or $2,500 per month. Online bill pay is capped more generously at $5,000 per day.
"The partnership marries technology, banking and payments in an innovative way to give Uber driver-partners the flexibility to receive their pay instantly, and also provides an alternative to traditional banking," said Green Dot founder and CEO Steve Streit in a statement.
Uber archrival Lyft launched its own quick pay feature called Express Pay in December. It uses Stripe's push-to-debit technology to let drivers transfer funds to their bank accounts for a 50 cent fee, as long as they have more than $50 in earnings due. Most banks will credit the funds instantly, though some won't until the subsequent day, Lyft has said.
Alphabet's Sidewalk Labs and the U.S. Department of Transportation announced Thursday they're working together on a platform called "Flow" that will deliver free Wi-Fi, as well as traffic analytics information that could help route demand-responsive transit and, one day, self-driving cars.
The platform will be developed in conjunction with the seven finalist cities in the DOT's Smart City Challenge, and the winning city will receive Flow free of charge, said Transportation Secretary Anthony Foxx.
"Sidewalk Labs will install over 100 kiosks over 4 neighborhoods—approximately 25 blocks of the winning city," Foxx said in a Thursday press conference.
The kiosks will be similar to those replacing pay phones in New York City through the LinkNYC program, built by a Sidewalk-led consortium, said Sidewalk Labs CEO Dan Doctoroff. In addition to Wi-Fi that residents can use with their own devices, the kiosks will include Android tablets to let users without smartphones or computers access the Internet and traffic data, Doctoroff said.
Anonymized traffic data collected by sensors on the devices, joined with billions of data points from Alphabet's Google and other sources, will potentially help cities build smart transit lines that reroute based on demand and traffic and help drivers locate parking spaces and dodge traffic, he said.
"As mass transit becomes more nimble and responsive to demand, we hope to be able to play a role in helping mass transit routes adjust, ultimately in real time, to ridership demand and road usage," said Doctoroff, who previously served as New York's deputy mayor for economic development and rebuilding under Mayor Michael Bloomberg. "Finally, we'd like to see Flow be a platform to test new technologies, like ultimately autonomous vehicles, to enable cities to ultimately improve transportation design."
Privacy advocates, including the New York Civil Liberties Union, have raised concerns about the security and privacy of data obtained through LinkNYC kiosks, though LinkNYC has said it takes steps to safeguard privacy and avoid storing private browsing data.
In cities where Flow is deployed, Sidewalk Labs will work with officials on privacy rules to make sure traffic data is properly anonymized and user information is kept safe, Doctoroff said.
"Our expectation is that when we work with the seven cities and then ultimately the finalist city, that will be something that we discuss with them," he said.
The seven Smart City finalists are: Austin, Texas; Columbus, Ohio; Denver, Colorado; Kansas City, Missouri; Pittsburgh, Pennsylvania; Portland, Oregon; and San Francisco, California.
This weekend, Calvin Klein will be using its Periscope channel to give fans a live, behind-the-scenes look at the making of its Fall 2016 advertising campaign.
"There's always been sort of a mystique behind the Calvin Klein advertising campaigns in general—really about, who's going to be the face, what's the talent, is there going to be a celebrity," says Melisa Goldie, Calvin Klein's chief marketing officer.
Through Periscope, the Twitter-owned live-streaming platform, Calvin Klein will show viewers a mix of live footage from the campaign shoots, interviews, and "intimate moments" with the campaign talent, all shot with a mix of GoPro cameras and iPhones, Goldie says.
"By shooting everything on the iPhone, it's going to feel very authentic and very raw and very spontaneous, and that's extremely important to our brand," she says. "Periscope just lends itself to that."
The live stream will be available from Friday through Sunday, through Periscope and Calvin Klein's Twitter account. The company tries to use a mix of social media platforms to connect directly with consumers—something Goldie says fans now expect from brands—with experts focusing on creating content tailored for platforms Instagram, Facebook, Snapchat, Twitter, and, now, Periscope.
"We're a brand that is always about image-making, so we will make sure that it has a Calvinesque aesthetic about it, but truly authentic to the platform," she says.
Goldie says Calvin Klein isn't targeting any particular age demographic, though the brand expects to reach consumers who are "youthful in mind" and "engaged in social media."
Twitter has assisted Calvin Klein in preparing for the broadcast, which will be the fashion brand's first major foray onto Periscope.
"We've never done this before, which makes it so exciting," says Goldie. "We're very excited about the spontaneous nature ourselves, and really being able to give that to our audience."
Scotts Miracle-Gro wants to bring your yard into the digital age.
The giant of lawn and garden care is set to release an Internet of Things platform called Connected Yard that will give consumers plant care guidance through a smartphone app called Gro, which will make recommendations based on data about local weather conditions and input from connected sensors and water controllers.
"The app is great without any devices, but if you add devices to it, it just gets that much smarter," says Patti Ziegler, the company's chief digital and marketing services officer.
While developing a digital platform may seem like a departure for a company that got its start in 1868, Ziegler says Scotts Miracle-Gro is merely responding to shifting consumer tastes. Research shows many younger consumers spent less time doing yard work than previous generations, and the company hopes the app's guidance will give them the confidence to get invested in their lawns and gardens, she says.
"Society is changing, and Scotts needs to change with it," she says. "Consumers appreciate digital solutions, and we want to provide the inspiration and education, the means to get them active in the category."
The company announced the app, expected to be available to consumers in April, at the South by Southwest Interactive festival in Austin, encouraging companies working in the outdoor arena to join the platform.
"We created it as an open platform hoping to create an environment where entrepreneurs and all kinds of smart device manufacturers want to partner with us," says Ziegler.
The company's already working with industry partners including smart irrigation-controller makers Blossom, Lono, and GreenIQ and smart water-sensor makers PlantLink and Parrot. In the future, Ziegler anticipates that consumers will be able to control their sprinklers directly through the Gro app. Additional devices will likely come on board as well, integrating through the Connected Yard platform's API, she says.
At launch, the app will be able to make watering and other recommendations based on data about moisture and watering schedules available through the smart devices.
Combined with the app's weather information, that will help consumers avoid overwatering—a particular concern in drought-riddled areas in California, where some utilities are even subsidizing smart lawn technology.
"We want to do away with the situations where the sprinkler's going on when it's raining, or the sprinkler's on today even though there's a big rainstorm coming tomorrow," says Ziegler.
The app will provide more than just watering information, she says. It will also make recommendations about what to plant and where to plant it, such as advising users not to make common mistakes like planting bulbs too close to a fence, she says.
The information will help consumers who want to grow their own vegetables or those who just aren't sure what plants would work best in their gardens, says Ziegler.
"It'll recommend things that are more likely to succeed in your environment," she says. "A garden planted in New Mexico is going to look very different from one in New England."
The company's also working on developing some sensors of its own and looking into pulling in information from other types of devices, such as cameras, to give consumers additional guidance. That could help give users the inspiration and early successes needed to turn them into lifelong gardeners, she says.
In the latest sign that the financial industry is getting serious about the blockchain, an industry group that tracks securities ownership says it's working on tools to shift some records for one $2 trillion market to the shared-ledger technology.
The Depository Trust and Clearing Corp., which keeps track of who owns which stocks, bonds, and other securities, is working with financial blockchain company Digital Asset to shift data from the repurchase agreement, or repo, market to a digital ledger shared between participants, similar to the one that powers bitcoin transactions.
The repo market effectively allows financial institutions to receive short-term loans from each other by selling securities and agreeing to repurchase them on a set date. While trillions of dollars pass through the market every day, the number of transactions is small compared to, say, the stock market, making it a more manageable test case, says Murray Pozmanter, managing director and general manager in charge of the DTCC's systematically important financial market utility business.
"We take in well over $2 trillion a day in [repo] transactions, but it's thousands of transactions as opposed to millions of transactions, which you see in the equity space," he says.
Repo transactions also already typically settle within the same day, unlike stock trades, which traditionally take three days to settle. Moving the repo market to the shared ledger will be less of a major shift for market participants than switching over another, slower-to-settle market, Pozmanter says.
The shared blockchain will also make it practical for banks involved in processing repo trades to net some of the transactions against each other—effectively only transferring the overall total amounts of cash and securities from webs of overlapping trades between companies.
"The benefits of doing intraday netting is that if you can take all of the new loans that are starting today and net them against all of the old loans that are maturing today, you can dramatically reduce the amount of settlements," says Pozmanter.
Intraday netting can also reduce the amount of securities, like U.S. Treasury and other bonds, needed to serve as outstanding collateral for the loans, says Darrell Duffie, a professor at Stanford's Graduate School of Business who's written about the repo trade.
"I think it's a smart move," he says. "It will allow intraday settlement and better netting efficiencies, so it's a win-win for liquidity in the repo market."
The high demand for securities to serve as collateral for repos can have an impact on bond prices and even sometimes block certain transactions when the securities just aren't available, the Wall Street Journalreported last year.
Pozmanter says the DTCC and Digital Asset will likely have a working prototype built by the summer, with an eye toward potentially rolling the system out more widely next year.
"We'll begin having market participants come in and participate in a pilot with us," he says. "At the point where we think the technology is stable enough, and we're confident of going into a limited production run, then we'll probably begin to phase it into actual production."
The DTCC is also investigating using blockchain technology for other purposes, like maintaining a shared database of financial "reference data"—essentially a dictionary of terminology, codes, and numbers used in recording financial transactions. Having a shared set of reference data, as opposed to each financial firm maintaining its own database, could cut down on errors and reduce the need for manual fixes, Pozmanter says.
"When you think about what the benefits are, it comes from having that single version of the truth that everybody is looking at," he says.
Digital Asset, which is headed by former JPMorgan Chase executive Blythe Masters, also announced earlier this year that it's working with the Australian Securities Exchange to test the use of blockchain technology in settling trades on the Australian markets.
"She fell into tech because of her love for creating and building," EstherBot told me. "That's even how I came to be. Because it's 2016 and bots are everyyywhere!"
EstherBot is a creation of San Francisco product marketer Esther Crawford, who created the automated chatting tool to, essentially, market herself. With chatbots popping up to help users do everything from ccheck movie times to book airline tickets, Crawford decided to create a bot to answer questions about her career history, educational background, and hobbies.
"I wanted to use a bot to tell the story of how I got from having a master's in international relations to being a product marketer for startups," she says. "I've been fascinated by the emerging messaging and, specifically, bot space, and I felt like with my career and what I've done, I could just kind of merge those things together through the bot."
The bot, which can communicate through Facebook Messenger or text messages, sprinkles its responses with all-caps keywords, indicating topics it's capable of speaking about. The bot doesn't understand full sentences or open-ended questions, only those keywords it provides. That makes talking to it more like navigating a dialogue menu in a video game than having a normal text message exchange. EstherBot is clearly a tool for exploring Crawford's creativity and the information she chose to store in it, not an open-ended conversational bot like SmarterChild in the early 2000s or Microsoft's ill-fated Tay.
The goal, she says, is to automatically answer the kind of questions about professional experience and cultural fit that recruiters often have—and that jobseekers can hear more than a few times during a job search—but that are too specific or idiosyncratic to put on a résumé or in a LinkedIn profile. Those could include basic qualifying questions that they'd now have to ask through email or on a phone call, like what cities a potential candidate would be willing to live in, or information about personal interests and side projects.
"One of her favorite pasttimes is dancing all night in a onesie," EstherBot said, after mentioning that Crawford enjoys traveling for festivals. "She's a lead organizer for her BURNING MAN camp and brought her first art installation last year, which was an interactive experience featuring digital motion art."
The bot has also gotten a fair bit of publicity after being promoted on Product Hunt and in a Medium post Crawford wrote about its creation. And, she says, she's already had a few potential employers reach out through EstherBot using a "connect me" option that appears during long conversations about potential job opportunities that sometimes sets up interviews with Crawford herself.
"I actually have had a couple of companies reach out, and I had a conversation with one this morning—they were really interested and excited about talking to me," she says.
She's also shared the bot with potential employers she was already in touch with, she says, partially as an example of her marketing skill and her ability to shepherd a product through its launch and engage an audience. Her current team is aware of the bot as well, she says, knowing that it may ultimately lead to her departure.
"They're supportive of me building the bot and using it in whatever way makes sense for me personally, even if it is a catalyst for launching into my next thing," she wrote in an email to Fast Company.
EstherBot is far from the only project harnessing technology to make the hiring process more efficient, says Brian Delle Donne, the president of Talent Tech Labs, a New York startup accelerator focused on technology for the job market. Other innovators in the field are building candidate-relations management tools to better organize information about potential hires, similar to customer-relations management tools used in sales, and building tools to help recruiters scour forums and bulletin boards for potential candidates, he says.
And others are working on bots like EstherBot that represent potential employers, answering job seekers' questions before they send in applications or even reaching out to potential hires based on their online activities.
"There are bots that can be built in corporations and exemplify the persona of the corporation and work on the other side," Delle Donne says. "Generally, it's a move toward efficiency in reducing a lot of wasted time that goes on—candidates aimlessly sending out résumés or responding to jobs that are not a good fit."
The challenge for both candidates and companies, though, is to create bots that are actually engaging to talk to and don't feel like the text equivalent of a tech support phone menu, he says.
"Think of the inbound voice messaging—you call up Verizon about a problem, and you go through 15 screens of prerecorded messages, and even with voice recognition that acts like it's engaging with you, you know that it's not authentic," he says.
Chatting bots can certainly be valuable if they make hiring conversations more efficient, argues Sharlyn Lauby, the president of human resources consultancy ITM Group, pointing at a survey from Glassdoor Economic Research showing the time it takes companies to hire candidates nearly doubling since 2010. But, she says, both candidates and recruiters will have to be patient when early bots aren't perfect conversationalists.
"Both recruiters and candidates are going to have to be a bit forgiving until using a chatbot tool is perfected (or at least mainstream)," she wrote in an email to Fast Company. "I could see a chatbot being valuable for more objective responses or specific details. Then save the rest of the conversation for the actual in-person interview."
Right now, EstherBot doesn't pretend to be able to say anything apart from its prerecorded conversational cues, and by using text instead of speech, it avoids the problems of bad voice recognition and long, impossible-to-skip messages that can make phone trees such a nightmare. But once the novelty wears off, it's clear that companies and job candidates alike will have to tread carefully to make their chatbots strike the right balance between being entertaining and efficiently informative—something Crawford readily acknowledges.
"Companies who gets serious about messaging will need to hire storytellers, comedians, and Hollywood types, because strong narratives will make or break these products," she wrote on Medium.
Crawford says she's already tweaked EstherBot to add responses to common questions she didn't anticipate when she first launched the bot. Users naturally play with the limits of the bot's conversational abilities, asking it questions about the weather or even sending it lewd propositions, or just try to talk to it with more sophisticated phrases than it can handle.
"Humans chat in such a particular way, and they have really high expectations when talking to a bot, even when they know it's a bot," she says. "I updated the script yesterday probably 50 times based on how I'd seen people interact with EstherBot, not the way I initially imagined they would."
She also forwards the bot's conversations to Slack, where she can jump in if a user is particularly perplexed or interested.
"If you get far enough down into the conversation, there's actually an option to disconnect from the bot and connect directly to me," she says. "That enables people who are more serious and interested in talking to me to stop talking to EstherBot and start talking directly to Esther."
In the future, she imagines, job search platforms and services like LinkedIn might offer built-in support for more sophisticated bots, using natural language processing to converse more fluently with recruiters about candidates' strengths. And in the meantime, Crawford says, EstherBot has already exchanged more than 24,000 messages since its launch last week.
"It's kind of like a funny 1.0 version of what the future of recruiting looks like," she says.
In 2016, finding a romantic partner or a casual fling through a smartphone app is more or less mainstream. A study published in 2013 found about a third of newly married couples met online, and a Pew Research Center survey released last year found most American adults agree that "online dating is a good way to meet people."
But what about meeting people for purely platonic purposes—finding a concert buddy, tennis partner, or just a new friend to grab coffee with? There are quite a few digital services designed to connect people with new friends; dating site Bumble made headlines by launching a BFF mode last month. But even some "friending" services' creators acknowledge online friendmaking isn't nearly as widely embraced as actual online dating.
"We knew that the stigma associated with making friends online was going to be our biggest hurdle," says Joel Kliksberg, the founder and CEO of Palaround. The company operates a friend-finding app with a Tinder-like swipe interface.
"The friending space is the next frontier," he claims, "but it's very much in its infancy. Telling a friend, 'Hey, check out this friending app' is not really that comfortable, yet."
There's simply a social stigma attached to announcing too loudly that you need to make friends. And, says Nermin Jasani, the founder of the now-defunct, women-only friend-finding site Lumelle, we don't even really have the right vocabulary with which to discuss meeting up with potential new pals.
"I don't think our conservations have updated to that point where you can go out on 'friendship dates' and say, 'I'm going out on a date with a girl to be friends with,'" says Jasani.
Lumelle hosted member meetups in New York and Los Angeles to try to overcome some of that awkwardness, and there were definitely people who understood the value of the service, Jasani says. Jasani herself got the idea for the company when she moved to New York City for a job after law school upstate; after a couple of years, she still hadn't made many friends in the city.
"I thought this was kind of a concentrated regional problem, specifically to the United States and New York," she says. "Then I started getting emails from women in Australia and Buenos Aires and Africa."
Her company matched women based on interests, geographical proximity, age, and other factors, and encouraged them to meet up at group outings for activities like rock climbing, golfing, and painting.
"The questions that we asked are pretty basic—are you willing to travel, what kind of a friend are looking for, are you looking for a BFF or just someone to hang out with once in a while," she says. "You might have a girl who's single and one in a relationship, and their needs are completely different in terms of what they're looking for."
The service did bring people together—she remembers two women who met at a rock-climbing event who made plans to go trapezing, something both had always wanted to do—but she ultimately found it hard to get enough participation to interest potential investors, which itself made it hard to fund new features for the app in order to attract new users.
"I faced a huge chicken-and-egg problem," she says. Part of the problem, too, was that potential investors just didn't understand why young women would see a need for the app.
"Honestly a lot of the investors are older investors, so their way of making a friend is going to a coffee shop or a bar and saying hello or being introduced through their significant other, or even work friends," she says.
But Jasani and her target customers didn't really go to bars alone; many of them are single and many prefer to keep their personal and professional lives relatively separate. And while urban coffee shops might once have been neighborhood community centers featuring cozy couches like the ones made famous in Central Perk on TV's Friends, nowadays they're closer to coworking spaces. Customers are often there to work or study, not talk to strangers.
"Walk into a coffee shop right now, and you won't see a single person who's not on a device," she exclaims. "It's just not an approachable environment."
Another now-shuttered service, called "Let's At," which let users propose activities that other people could join, faced similar issues, says founder Greg Buckner.
"We didn't end up getting as much traction as we hoped—we got a lot of interest but it was kind of hard to grow the user base," he says. "I think it's difficult to build platforms that require people to meet in person. The core value of the app doesn't really happen [until] people meet in real life, and there's a lot of friction around that."
People signed up, but member surveys indicated few of them were actually meeting up with each other. And adding new features, like letting users quickly swap phone numbers or share more information in their profiles, only boosted actual connections a few percentage points. The company launched in summer of 2014 and shut down about a year ago, Buckner says.
"We were bootstrapping, and it just got to a point where we thought we probably weren't going to raise," he says.
Still, the need persists for a way for people to connect with new contacts, believes Palaround's Kliksberg, citing research that shows about half of Americans don't have a close confidante outside their own families. His company is currently marketing a licensed version of its app to help organizations, like conference and festival organizers and alumni groups, allow participants to swipe and make new contacts within their own networks.
In the original version of the app, the site separates users by gender to reduce the risk of unwanted non-platonic advances, similar to women-only services like Lumelle and recently launched apps Monarq and Hey! VINA.
Party with a Local, which connects travelers and newly relocated people with long-term residents looking for a night out, actively discourages users from trying to use it to find one-night stands, and encourages members to report inappropriate messages and photos.
"Maybe the intent is to meet someone, but it's sometimes much more comfortable to do that in a platonic way, or a nightlife way in our case, and maybe something happens down the track," says founder and CEO Dan Hennessy.
The Amsterdam-based service has found success in Europe and in Brazil, as well as in big U.S. cities like Los Angeles, San Francisco, and New York, and it's currently launching a "Pals" feature which will send a monthly email suggesting potential connections, he says.
"We're going to be wanting to constantly improve the matching algorithm and qualitative feedback if people actually meet up," he says.
Another service, called Skout, puts less emphasis on meeting up and more on forging pen pal-style connections, according to founder and CEO Christian Wiklund. Members do use it to find dates, but many just chat and post to Skout's newsfeed-style interface, which shows updates from both local users and members across the world.
"I think one thing that sticks out with our engagement is that the average message travels over 1,000 miles," he says. "More than half of all messages are between continents, which is not very useful if you're going to find someone locally to date."
Skout helped forge 500 million new connections between users last year, Wiklund claims. And while there are some rudimentary search features, there are no matchmaking algorithms—it's deliberately random and serendipitous, providing users with a steady stream of potential new friends.
"There's always someone out there you can chat with," he says. "For each new connection we can form, we've done something good."
But while Wiklund emphasizes the potential value of smartphone pen pals—"I have plenty of online friends that I've never met and I value them as much as my friends that I have locally," he says—it's safe to say those looking for real-life activity partners don't yet have any long-established, household-name solutions the way singles have go-to sites like Match, OkCupid, Tinder, and eHarmony.
But, suggests Buckner, the creator of now-shuttered Let's At, that could all change in the future, just as online dating rapidly shifted from seeming creepy to being widely embraced (and a $2 billion industry).
"Maybe you could say that we'll be able to match people better using AI, but I have a feeling that it's more just like a cultural or societal thing—at some point people will be ready for an app like this, and the founders will package it up in a way that will be really compelling to people," he says. "I think there's just going to be some point where one of these apps will tap into the zeitgeist."
While plenty of advertising companies aggregate data about consumers behind their backs, one startup allows users to openly trade their purchase histories for rewards.
Other InfoScout apps: Top: Out Of Milk, Bottom: ReceiptBin
San Francisco-based InfoScout offers a set of smartphone apps that lets users snap pictures of shopping receipts in exchange for incentives like credit card-style reward points and sweepstakes entries. The company digitizes the receipts with a mix of optical character recognition and crowdsourced help from services such as Amazon's Mechanical Turk.
Then it bundles that purchase information into reports it offers to companies like Procter & Gamble and Unilever, letting them see how consumer preferences evolve over time and how discounts and promotions affect sales.
"Our ability to provide these insights back to the brands in near real time, literally within days, is something they've never had before," claims CEO Jared Schrieber, who cofounded InfoScout in 2011.
Schrieber says that while brands can get some data from programs like supermarket reward card programs, those usually only track customer activity at one particular retail company.
"We're not trying to change what people buy," Schrieber says. "We're just trying to observe it."
InfoScout's apps—including Shoparoo (which turns receipts into donations to schools), Receipt Hog (which lets users earn points they can trade for gift cards or cash at an effective rate of a few cents per receipt), and Receipt Lottery, which basically lets users turn their receipts into lottery tickets—encourage users to snap pictures of all of their receipts to earn more rewards.
More than 102,000 Receipt Hog users have cashed out their points, for a total of more than $2.6 million in rewards, a company spokeswoman wrote in an email. Shoparoo users are expected to have generated $2.3 million in school donations by the end of 2016, and Receipt Lottery has seen about 500 winners since its launch a few months ago, she wrote.
Schrieber says the different apps appeal to different demographic groups. Shoparoo naturally attracts more parents. Receipt Hog attracts more single people and a generally more diverse user base who enjoy its casual gaming dynamic, which lets users "feed" a virtual pig that generates more rewards as it levels up.
Receipt Lottery, designed to be played similarly to state lotteries, attracts a bigger male audience than the other apps, Schrieber says, and a higher percentage of people who shop at convenience stores as compared to supermarkets.
Top: Shoparoo, Bottom: Receipt Lottery
"We built a portfolio of apps that reach different people for different reasons," he says. "As a result, when we pull it all back together, we have a more representative picture of America."
The company says it has collected data on more than 100 million shopping trips and is processing about 300,000 receipts per day. Users can of course choose not to scan receipts that include purchases they find embarrassing, but Schrieber says many just upload every receipt, so the apps gather quite a bit of data about sensitive purchases, such as condoms and feminine hygiene products. Ultimately, what type of purchase information users feel is worth trading for a few cents or a sweepstakes entry is up to them.
Users can participate anonymously or receive additional rewards for linking the app to their Facebook profiles, answering demographic questions, or taking occasional surveys. Among the company's discoveries so far: Women purchase more Old Spice products than men, and white shoppers are more likely to buy Old El Paso products than Hispanic consumers.
The company can also observe when consumers switch to new brands for particular products—and even survey them about why they switched, offering additional rewards if they're willing to answer.
"Anything where we're asking a participant to provide more data or more information about themselves, we pay them more," says Schrieber.
If you use Nest's home automation products, you can have them automatically detect when you're home or away. If you are out, your Nest Thermostat can automatically turn down your heat to save you money while you're out, your Nest Cam can start monitoring your house for movement when you're not there, and your Nest Protect smoke detector can test its alarm when nobody's home to be disturbed by it.
But that means users need to trust the Alphabet company's cloud platform with what almost anyone would agree is some very sensitive data: There's a reason a 2010 website that collected public social media check-ins away from home was called Please Rob Me.
That's part of the reason why, Nest officials say, the company takes security and privacy into account from the instant new features begin to be designed.
"We start by defining the security requirements in that product at the same time that we're defining the value proposition for the customer in that product," says Jim Alkove, Nest's vice president for security and privacy.
At the same time the company's product teams are considering the use cases for a feature, and what customer problems it will be able to solve with that feature, they're also considering how to make that feature secure and how to make sure customers know they can trust it, affirms Greg Hu, a group product manager for the Nest Platform and Works With Nest third-party product integration program. Nest surveys and talks with customers to make sure they understand and feel they can rely on the safeguards the company is building.
"When we design the feature, we want to make sure there's a level of transparency to the customer, so they understand there's control and their data is secured in the right way," he says.
For instance, the company recently rolled out a new Family Accounts feature, which lets people who share a home with others allow different control levels of their Nest devices across each of their household's smartphones. Nest makes sure to notify family members when someone is added to or removed from the group.
And when other companies build products that connect to Nest through the Works with Nest program, they are required to explain why they're seeking access to certain types of data, Hu says. "They understand how we're sharing the data," he says of consumers. "They can make the decision, do I want to authorize that handshake between the two companies?"
Customers nowadays are used to the idea of authorizing apps to access particular data from accounts or devices but expect to have some explanation of why that level of permission is necessary, he says.
The company also sometimes limits the interfaces that can be used to control individual devices: For instance, users of an upcoming Nest-enabled Yale lock will be able to unlock their doors through a smartphone app, but not through a web interface, Hu says. Mobile phones, which are generally tied to one user, seemed like a more natural virtual key than web login credentials, which could be more easily shared, he explains.
Hu also worked on developing Nest's recent Home/Away Assist feature, which pulls in users' smartphone location data to get a more accurate sense of when users are home or away than could be gathered just from data from infrared motion sensors on Nest devices.
The platform monitors when each smartphone linked to a Nest home installation enters and leaves the residence, and uses machine learning techniques and knowledge of your past behavior—Hu declined to go into much detail about the algorithms involved—to flip the devices into "away" mode when you leave for work but not, say, when you're out for a quick walk with your dog.
"Context in this particular case is important, because the time of the day matters," he says. "If you pass the geofence in the middle of the night, it's very different than if you have a pattern where you go to work Monday to Friday, and we can understand you're driving to work and you won't be home for a few hours."
That "geofence" is a virtual border created in iOS or Android; the operating system can notify Nest's apps when users pass in and out of the immediate vicinity of their homes. Using that feature means that the apps and Nest's cloud servers don't have to keep a record of their customers' complete locations—Nest only needs to understand when they enter and leave the geofence.
"All we're going to do is establish a boundary, and track the events in which somebody crosses the geofence," Hu says.
That's the kind of detail the company generally considers early in the design process for a new feature, Hu says. Members of Alkove's security team work alongside engineers and designers from feature inception through testing.
"We have members of my team that are security experts and members that are privacy experts, and those members of my team are part of the product engineering process starting with concept," Alkove says. "From that point, there are people from the security and privacy organization that are part of the initial concept of the product, they're part of the design of the product, they're part of the implementation and the review of implementation."
Alkove says the company doesn't disclose how many employees are focused on security, but he says they're generally focused on four key areas: building low-level, security-focused tools like identity management functionality; setting security policy; handling security operations like monitoring for intrusion; and keeping up to date with server patches and participating in design and testing.
And while the security personnel all technically report to Alkove, on a day-to-day basis they're working alongside Nest's other technical employees, he says.
"Nest is a very cross-functional organization," he says. "It's a very short distance from where the person doing security operations sits to where the person operating the system is."
The company generally uses industry-standard security tools and protocols like SSL—"We don't believe in rolling your own crypto as part of these devices," says Alkove—with an emphasis on blocking unauthorized access to user information as it's in transit between Nest's devices, apps, and servers, and while it's in the cloud.
"I think the principle is that we need to design security and privacy into our products from the beginning, and our number one is priority is protecting our customers' data," he says. That means data is encrypted as it travels between Nest hardware, that personally identifiable information is kept encrypted in Nest's cloud systems, and regular security reviews and penetration tests are run against those servers to ensure they're protected from hackers' prying eyes.
Nest, which was acquired by Google in 2014 and is now technically a sister company within Alphabet, takes advantage of the larger company's resources and expertise—for instance, Google has its own dedicated cryptographers on staff, something that just wouldn't make sense at Nest's smaller scale. Nest engineering teams request reviews from Google's security experts through the same corporate channels as Google itself, Alkove says.
And once products are released, the company offers rewards to researchers or other users who report security holes through Google's bug bounty program. Alkove won't go into detail about the bounties the company has handed out. (In one case that was made public, Princeton University researchers discovered Nest thermostats were transmitting users' zip codes without encryption; Alkove claims the company was already in the process of fixing the issue when the report was made).
Of course, home automation still a young field, and there aren't that many formal industry standards about how data should be secured and what security processes should look like, says Alkove, who previously managed Windows security for Microsoft. But as Nest increasingly works with industry partners in the more-regulated insurance and utility sectors—the company recently said more than 30% of U.S. homes have access to Nest thermostat incentive programs through utility companies—it needs to assure them that customer data will be safe. That's particularly true when they might share data with Nest for initiatives like Rush Hour Rewards, which offers customers incentives for allowing their thermostats to save power during energy demand peaks. Like consumers themselves, industry partners want to know that the data they share with Nest will be kept safe, and handled in well-defined, secure ways.
"I think the industries are still working hard to figure out what the standards should be, but many of these companies are regulated and they themselves have standards they need to adhere to for customer data," he says. Part of Alkove's role, he says, is bringing the "scale and formality" of a big-company security operation to Nest, though he underscores that the company was already security-focused long before his arrival late last year.
In some cases, Nest adjusts its own security models based on shifting user expectations. For example, its devices weren't traditionally designed to be secure against physical tampering, but the next generation of Nest thermostats will have enhanced secure startup protections, making it significantly harder to load unauthorized code onto the devices even with physical access, he says.
"We are starting down that path of adding more device-side resistance," Alkove says. This is happening partially in response to customers becoming used to smartphone security measures and Nest's desire to make sure sensitive data is handled in ways customers know are secure and unsurprising.
Just as on many smartphones, the latest generation of Nest thermostats will only load firmware code that's been digitally signed by the company, so even with access to the devices it would be difficult to install malware on them.
"Security and privacy's really important to us, because the home is a really sacred place to our customers, and we've always understood that," says Hu. "That's always been one of our key principles at Nest."
For anyone who just can't get enough of Donald Trump's social media posts, a Massachusetts Institute of Technology researcher has created a bot that generates tweets in the candidate's style.
"We were kind of joking about incendiary and controversial things that Trump had been saying," says Hayes, a postdoc in MIT's Interactive Robotics Group. "We started talking, and thought, we probably could try to model that."
Hayes had previously read an article by Stanford researcher Andrej Karpathy about using computational tools called recurrent neural networks to imitate the styles of writers ranging from William Shakespeare to Y Combinator founder Paul Graham, and decided to use the same technique to build his Trump simulator.
The neural networks actually generate text character-by-character, based on what they've read before and emitted in a particular session, Hayes says. But they're statistically powerful enough to learn basic grammar rules and even to generate opening and closing quotes in pairs, he says.
"It learns all of the grammatical structure just from the data," he says. "The only thing I had to do was feed it all the raw texts from all of Trump's speeches."
Hayes says he initially planned to have the program automatically tweet a Trump-style message every few hours, but he quickly realized the bot's personality was just too volatile. During the bot's first week, he fed it text from a Hillary Clinton tweet about President Obama's employment policies. The response was so violent he worried he'd get a call from the Secret Service if the post made it to Twitter.
"The bot had proposed tweeting back to Hillary Clinton and the @POTUS account something like, 'You're only creating jobs for ISIS—I'll send terrorists after you,'" he recalls. "That was bad."
It's a similar lesson as the one recently learned by developers at Microsoft, who infamously saw their Twitter chatbot called Tay transform from a bubbly teenager to an angry racist after scooping up speech patterns from online trolls.
That's why Hayes's bot only tweets through Hayes, its human "campaign manager. He says he usually has it generate a block of about 1,000 characters, runs them through a few automated filters like a spellchecker—which fixes those words the bot hasn't quite mastered—and grabs one of the most entertaining subparts to tweet.
Just as the bot doesn't always spell correctly without help, it doesn't always string words together coherently, so not every (nonviolent) substring would be a great tweet.
Other Twitter users—from Trump voters who enjoy seeing references to their candidate to Democrats who see it as a worthy parody—generally interact positively with the bot, says Hayes. Those who don't are usually trying to test the bot's limits, or see how it reacts to direct messages and directed tweets. That's something that Hayes says is important for bot designers to keep in mind, lest they assume that people will interact with machines the same way they treat humans on the same platform.
"It's fairly naive to assume that people will just treat these like people," he says.
Hayes hasn't limited his bot-making to the Republican side of the aisle: He has also created a similar Bernie Sanders bot, called DeepLearnTheBern, though hasn't put as much effort into that one as the more-incendiary Trump bot.
"The reason I haven't been active on that one is, one, it takes time to curate all the transcripts," he says. "And, two, the things that have been coming out of it, for the most part, have kind of just been reasonable, which is not super funny."
Hayes says he's not sure the bots will directly make it into his academic work, since the actual computational techniques involved aren't that novel, though he thinks they're still interesting as a sociological study of human-computer interaction. Still, the same kinds of neural networks that predict the next character Donald Trump would emit in a tweet can be used for other purposes, like predicting how a robot arm should move, he says.
As to whether one of these politicians might want to deploy a bot of his own, Hayes says it might be too risky, since it's hard to keep the bots on message.
"If you were a candidate, you would want your candidate to propagate your own beliefs," he says. "One of the dangers, and the reason why my [Trump] bot isn't fully autonomous, is it's too unpredictable in what it can generate.
According to credit card records, patients visited Louisiana chiropractor Randall B. Lord's offices for services like "mood counseling" and "chakra realignment." But in reality, Lord hasn't been licensed to practice in nearly a decade, and was actually using his credit card merchant accounts to sell hundreds of thousands of dollars in bitcoin, some of which went toward illicit purposes, federal prosecutors say.
Lord, along with his son Michael Aaron Lord, pleaded guilty in federal court last month to conspiring to operate an unlicensed money servicing business. According to an indictment filed in the case, Michael advertised "bitcoin services" on the website LocalBitcoins.com, a peer-to-peer marketplace that connects bitcoin users looking to buy and sell the digital currency both online and in person. And, prosecutors say, the two men accepted more than $3.5 million in cash, money orders, and MoneyPak prepaid cards in exchange for bitcoin they would purchase from online exchanges.
The case, one of a handful in recent years to bring charges for operating unlicensed bitcoin operations, highlights the vagaries involved in regulating the buying and selling of virtual currencies. In the U.S. and elsewhere, these transactions are subject to federal and local anti-money laundering laws, which require sellers of bitcoin to verify the identities of their customers, just as banks do.
While U.S. federal law requires money service businesses—traditionally, enterprises like check-cashing stores and money transmitters like Western Union and PayPal—to register with the Treasury Department's Financial Crimes Enforcement Network, known as FinCEN, and obtain any required state licenses, experts say exactly when those requirements apply to bitcoin trades can still be unclear.
"It's very fuzzy," says lawyer Marco Santori, a partner at Pillsbury Winthrop Shaw Pittman and the leader of the firm's digital currency and blockchain technology team, referring to when a trading operation falls under federal rules. "It's heavily dependent on what we like to call the facts and circumstances test, which is not a test at all—it's just how good of a narrative you can construct. Unfortunately, it often comes down to how good of a lawyer you have."
State rules can also vary significantly, with some states allowing money transmitters to operate with no licenses at all, and others implementing policies specifically aimed at regulating cryptocurrency businesses. New York's so-called BitLicense, probably the most famous of these, has been the subject of some complaints from bitcoin-related startups after delays in issuing licenses, though businesses already in operation are allowed to continue under a "safe harbor" provision while their licenses are processed.
Meanwhile, Craigslist-style sites like LocalBitcoins, where the Lords apparently sold bitcoin to unknown buyers, along with other classified sites like Gliph and Craigslist itself, don't not fall under FinCEN regulations themselves because they're not technically centralized bitcoin exchanges.
In 2013, FinCEN issued a document saying mere users of virtual currencies aren't money servicing businesses, but exchangers of the currencies are.
"A user is a person that obtains virtual currency to purchase goods or services," the agency said. "An exchanger is a person engaged as a business in the exchange of virtual currency for real currency, funds, or other virtual currency."
Simply buying, selling, or even mining bitcoin for your own use or investment doesn't put make you the operator of a money services business, any more than buying and selling stock through a broker puts you legally in the securities business, says corporate finance lawyer Martin Mushkin.
"Generally speaking, if you are buying and selling for yourself on the web, our view is that you are not in the money service business because you are simply a day trader," he says.
But the question becomes more complicated when users trade bitcoin outside of the confines of licensed web exchanges. Advertisers on LocalBitcoins and other classified-style sites are often able to sell bitcoin at a higher price, or buy it at a lower price, than through formal exchanges for the same reason that government officials are concerned: Certain bitcoin users are willing to pay a premium for a one-on-one transaction, and the anonymity it can bring, rather than buy and sell through an online exchange.
In some ways, the legal situation is similar to the laws around firearm sales, where gun dealers are required to hold federal licenses and conduct background checks, but individual sales go unregulated, leaving room in the middle for gun hobbyists who sell with some regularity but without setting up a full-time business.
"Law enforcement officials are particularly concerned about face-to-face cryptocurrency exchanges because they have been used as money laundering platforms," according to a 2014 Department of Homeland Security report. "Not only do these transactions require no [personally identifiable information] to be exchanged, which makes the transactions completely anonymous, one can convert anything of value into Bitcoin simply by bartering or buying them."
In one pending case, Anthony R. Murgio, the alleged operator of a purported unlicensed online exchange called Coin.mx, is charged partially in connection with claims the exchange sold bitcoin to victims of ransomware attacks, who were hoping to use the currency to pay blackmailers to unlock their personal data. Murgio has pleaded not guilty.
"Anthony is vigorously contesting the charges," says attorney Brian Klein, a partner at Baker Marquart who represents Murgio. "And he is looking forward to getting his day in court."
In 2013, the U.S. closed Liberty Reserve, an unlicensed exchange where it alleged that the site's widely used digital currency was being used to launder proceeds from credit card trafficking, identity theft, Ponzi schemes, and hacking. This month, one of the site's founders received a 20-year prison sentence, while the other, who agreed to help prosecute his ex-partner, was sentenced to 10 years.
As part of a plea deal with the Lords, prosecutors agreed to drop additional charges against the two Shreveport men, including a money laundering charge tied to an alleged $14,000 cash-for-bitcoin trade with a drug informant, as well as wire fraud charges relating to the credit card transactions. Neither the Lords' attorney, nor federal prosecutors, replied to multiple requests for comment.
While some bitcoin trading advertisers on sites like LocalBitcoins may be effectively running exchanges—the Lords allegedly took money from buyers that they'd immediately use to buy bitcoin online—others may simply be investors taking advantage of better exchange rates available through person-to-person transactions.
That's the position Colorado engineer Burt Wagner says he was in in 2014, when he was arrested by federal agents and charged in connection with operating an unlicensed "digital currency exchange business." Wagner says he mostly bought and sold bitcoin through Mt. Gox, the leading online exchange at the time, but he also advertised on LocalBitcoins, meeting up with local trading partners at coffee shops and the like.
"It was a small part of my entire trading," he says. "The main reason I did it was just to meet bitcoiners and chat with them."
An indictment filed in the case alleged that Wagner handled funds "known to the defendant to have been derived from a criminal offense and were intended to be used to promote and support unlawful activity," but Wagner says he never knowingly did any shady deals. The charges against him were dropped in 2015—though not before, he says, he paid thousands of dollars in legal fees. Federal prosecutors declined, through a spokesman, to comment on the case, and many of the documents in his case remain under seal.
But from documents that are available, it appears he was tied by authorities, correctly or not, to alleged dark web drug transactions.
"The indictment in this case follows a 15-month investigation involving online and conventional undercover activities," prosecutors wrote in a court filing. "Specifically, the investigation involves individuals engaging in digital currency transactions and/or the purchase and sale of controlled substances over the internet using 'Deep Web' black marketplaces."
Generally, most people who have been charged in connection with unlicensed exchanges have also been linked by prosecutors to other illegal activity, such as online drug sales, says Santori. "Realistically, as a matter of enforcement, we have not seen any significant enforcement activity against people who were just trading bitcoin in an unregistered manner," he says.
One thing that's meant in practice is that many cases so far have ended in guilty pleas, with defendants cutting deals with prosecutors to avoid facing more serious drug or other charges, he says. And that means there's yet to be a serious challenge to prosecutors' interpretation of what constitutes a bitcoin-related money services business, or the FinCEN guidelines' distinctions between exchanges and individual traders, he says.
"One day, somebody with the means to do so and the risk tolerance will dispute the interpretation in the FinCEN guidance and then we'll see the extent to which [it] can actually stand up in court," he says.
Worldwide spending on cybersecurity likely topped $75 billion last year, researchers at Gartner estimated, with companies more wary than ever of the risks posed by data breaches and other digital attacks.
And along with rising costs, the sheer volume of digital security data has also increased dramatically: IBM estimated in a recent study that the average organization sees more than 200,000 pieces of security event data per day and that more than 10,000 security-related research papers are published every year.
"Security researchers are getting hit with a firehose," says Caleb Barlow, vice president of IBM Security. "Once they get done with today, they've got another deluge of data coming tomorrow."
To help companies handle that flood of data, IBM says it's training its Watson artificial intelligence platform—previously known for using its natural language processing power to beat humans on Jeopardy—to parse cybersecurity information, from automated network-level threat reports to blog posts from security professionals. According to Barlow, the company hopes to train the system to detect and understand threats to computer systems and to answer questions from human security professionals about incidents they detect on their networks.
"It's just gonna think just like a forensics investigator," says Barlow. "Before [security professionals] even dive into an incident, Watson's done some of the initial [research] and can present them with a thesis on what's going on and evidence to back that up."
Watson, which along with winning Jeopardy has been used recently to infer people's personality traits from their social media posts, will be able to help with tasks like detecting and identifying malware and figuring out how far it's penetrated into a network, Barlow says. It won't replace humans—for one, flesh and blood experts will still be needed to decide strategically how to respond to breaches and threats—but the AI platform will ideally help companies faced with a growing cybersecurity skills shortage handle the enormous volume of information generated on a daily basis.
"It's kind of like radar," Barlow says. "It's not going to steer the boat or the plane, but it's going to certainly tell you what objects you want to avoid."
First, though, Watson has to be trained to understand the language of cybersecurity. That means having human experts annotate blog posts, vulnerability reports, and scientific papers, essentially diagramming sentences to illustrate to the computer the relationships between security terminology.
Students and IBM Train Watson to Handle Security DataPhoto: Mitro Hood/Feature Photo Service for IBM
"When you bring a new domain of knowledge to Watson, you have to start with, what are the words?" says IBM researcher Charles Palmer in a YouTube video explaining the concept ."What's important? What's a virus? A virus is bad. What's malware? Well, it's like a virus."
Tasked with some of that document labeling will be students from eight universities, including the Massachusetts Institute of Technology, New York University, and the University of Maryland, Baltimore County. IBM will help process 15,000 documents per month once the program gears up, with annotation done by students, IBM experts, and others in the field, with an eye toward starting customer trials by the end of the year.
As Watson learns, it has begun to annotate some documents on its own, which are then graded by its human teachers, Barlow says. They can point out mistakes in the AI's understanding, like one incident when the system thought "ransomware" was the name of a place, not a type of digital attack.
"We had to reannotate a bunch of documents to get it to understand that it's a form of attack—it's not a city," he says.
The collaborations will hopefully not only give students an excuse to closely read security papers but also grant them some experience with how Watson-style cognitive systems work, says Stuart Madnick, a professor of engineering systems at MIT. And, if the project works, it will offer those in the security field a leg up against online criminals, he says.
"There's a shortage of anywhere from 100,000 to 1 million cybersecurity professionals, depending on which studies you look at," he says. "Think of Watson as another member of the cybersecurity workforce to join the ranks, but a worker who hopefully can equal hundreds or thousands of other workers."
The project isn't the first attempt to aggregate data for better security: Facebook launched a platform last year called ThreatExchange, which more than 100 companies used to contribute structured data about security threats and the links between them in a format similar to the one Facebook uses to track links between users, groups, and events. IBM also launched its own shared threat data system last year called IBM X-Force Exchange, and various industry groups and government agencies—like the National Institute of Standards and Technology's National Vulnerability Database—maintain their own information sharing and analysis tools to combine intelligence about digital threats.
But there's still difficulty in merging data from different systems and tools when each has its own format and structure, says Anupam Joshi, director of UMBC's Center for Cybersecurity, who is working with IBM on the Watson security project and to set up the university's Accelerated Cognitive Cybersecurity Laboratory, slated to open in the fall.
Researchers at the university have already been working on standardized semantic models of security data. Joshi says he hopes that Watson's efforts to pull knowledge from existing datasets will make it possible for the security community to gain an increasingly intricate understanding of threats and to flag potential cyberattacks in real time.
"The next step that we want to push on is moving from there to more complex reasoning over this underlying data," he says.
And although Watson may have gained fame as an adversary to humans on Jeopardy, we're fortunate to have the AI on our side this time.
Until the Paris and San Bernardino terror attacks, the presidential candidates in this election cycle largely avoided discussing cybersecurity, surveillance, and civil liberties, focusing largely on immigration, the economy, and a surplus of personal attacks.
Since then, the remaining candidates have laid out strong positions with Donald Trump condemning Apple for resisting the government's attempts to recruit its help at cracking open the iPhone used by one of the San Bernardino shooters. And Hillary Clinton has urged Silicon Valley giants such as Facebook and Twitter to do more to combat the recruiting of terrorists on social media by ISIS and other extremist groups. Bernie Sanders has strongly opposed the NSA's metadata surveillance program revealed by former contractor Edward Snowden. This is the first election since Snowden's disclosures in 2013 sparked a national debate on the proper balance between security and civil liberties.
When it comes to the controversy surrounding the private email server used by Clinton during her tenure as secretary of state, the other candidates have taken opposite stances. Trump says that it made her classified communications and the country vulnerable to hacking by foreign adversaries and governments while Sanders famously announced in a debate that he doesn't care about her "damn" emails.
Here are the candidates' positions on issues ranging from encryption and government surveillance to cyberattacks and civil liberties.
The question of law enforcement access to encrypted digital information came to national attention in February, when the FBI won a court order requiring Apple to help unlock an iPhone used by alleged San Bernardino shooter Syed Farook. Apple, backed by other tech companies, contested the order, saying any government-mandated "backdoor" around its security mechanisms could be exploited by criminals and put its customers at risk. Until the FBI ultimately found a third party able to unlock the phone, politicians—including presidential candidates—weighed in with their thoughts on how to balance the right to privacy with the needs of crime prevention and national security.
Republican frontrunner Donald Trump quickly said, in no uncertain terms, that Apple should unlock the phone. "Who do they think they are?" Trump asked of the iPhone maker, in an appearance on Fox News. Soon after, Trump called on supporters to boycott Apple until it agreed to decrypt the device.
Democratic candidates Hillary Clinton and Bernie Sanders each took a more moderate approach, calling on the technology industry and law enforcement to forge a compromise giving officials access to encrypted data while still protecting privacy.
Clinton referred to the issue as "one of the most difficult dilemmas that we're faced with," speaking at a February MSNBC town hall event. She urged "the government and our great tech companies" to find a solution.
"I see both sides," she said. "I think most citizens see both sides. This is why you need people in office who can try to bring folks together to find common ground."
Similarly, Sanders said he thinks "there is a middle ground that can be reached" between the Apple and FBI positions to protect privacy and prevent potential terrorist attacks.
"So I think there has got to be a balance," he said. "But count me in as somebody who is a very strong civil libertarian, who believes that we can fight terrorism without undermining our constitutional rights and our privacy rights."
Technology experts and civil liberties groups have generally argued any backdoor access granted to the U.S. would also be demanded by foreign governments and likely exploited by criminals if leaked or independently discovered.
Mass government surveillance of Internet, phone, and even snail mail"metadata"—that is, not conversations themselves but records of who contacted whom—has been in the news since former National Security Agency contractor Edward Snowden first leaked classified information on the subject roughly three years ago. Other leaked documents also revealed that the NSA spied on foreign leaders, including German Chancellor Angela Merkel, and obtained numerous emails and other text communications sent to and from the United States. Snowden's revelations also reignited discussion of controversial George W. Bush-era warrantless wiretapping programs, which allowed the NSA to monitor U.S. residents' emails and phone calls when it believed at least one party was overseas and at least one party was connected to terrorism.
In 2015, Congress passed, and President Barack Obama signed, the USA Freedom Act, which ended the NSA's original metadata collection program but allowed the agency to obtain specific metadata from telecom companies. The agency is required to get permission from the secretive Foreign Intelligence Surveillance Act court based on justifiable suspicions about particular targets.
Sanders opposed the metadata surveillance program and what he called "out-of-control intelligence agencies," voting against the post-September 11 Patriot Act and subsequent reauthorizations. Sanders also said in a 2015 MSNBC interview that it didn't "go far enough" to protect civil liberties.
"I'd shut down what exists right now, [which] is that virtually every telephone call in this country ends up in a file at the NSA," he said in an October debate. "That is unacceptable to me."
Clinton, while representing New York in the Senate, voted for the original Patriot Act and stood by that vote in the October debate, though she critiqued the Bush administration for undermining the law's civil liberties protections.
"I think that it was necessary to make sure that we were able after 9/11 to put in place the security that we needed," she said. "And it is true that it did require that there be a process. What happened, however, is that the Bush administration began to chip away at that process. And I began to speak out about their use of warrantless surveillance and the other behavior that they engaged in."
She also endorsed the USA Freedom Act, calling it "a good step forward in ongoing efforts to protect our security & civil liberties" in a 2015 tweet. Subsequently, she's said she would call on tech companies to conduct their own surveillance of social media posts in order to root out terrorist recruitment.
"We have to stop jihadists from radicalizing new recruits in person and through social media chat rooms, and what's called the dark web," Clinton said in a December speech reported by Time magazine.
Trump has gone much further in supporting government surveillance than either of his Democratic rivals. In a December interview with conservative radio host Hugh Hewitt, Trump said that he tends to "err on the side of security" and would restore the NSA's post-September 11 surveillance programs.
"I assume when I pick up my telephone, people are listening to my conversations anyway, if you want to know the truth," he told Hewitt. "It's pretty sad commentary, but I err on the side of security."
Protecting both government and civilian computers from cyberattacks has been of increasing concern in recent years, after numerous reports of digital espionage by Chinese state-sponsored hackers, allegations that North Korea was behind the devastating hack of Sony Pictures Studios, and reports that Iranian government-affiliated hackers have attacked U.S. banks, government computers, and even servers connected to a New York State dam.
The Obama administration's 2016 proposed budget included $14 billion in funding for cyber defense—an 11% increase over the previous year's spending—and Obama signed a controversial bill allowing for greater information sharing between government and industry about cyberattacks late last year.
Sanders opposed an earlier version of the bill, which ultimately passed as part of a massive spending package, amid concerns by privacy and civil liberties advocates that it could allow too much sharing of personal information. He's previously come out in favor of other cybersecurity measures that he says strike an appropriate balance between privacy and security.
"Our nation's national security and economy face unprecedented threats from cyberattacks, and it is important that we defend ourselves as best we can, while at the same time protecting the privacy and civil liberties of the American people," he said in a 2012 statement about a bill that ultimately failed to pass amid Republican concerns about its costs for businesses. "I worked hard with a number of colleagues to make sure that language in the bill would protect the constitutional rights of the American people."
More recently, as part of his presidential campaign, Sanders has called for a domestic spending bill that would, in part, "address critical vulnerabilities to cyberattacks" in the electric grid.
Clinton, too, has called for cooperation between the government and industry to safeguard computer networks.
"Hillary will leverage the work of the public and private sectors—overcoming the mistrust that impedes cooperation today—to strengthen security and build resiliency for economy and infrastructure," her campaign has said in a policy statement on its website. "Our country will outpace this rapidly changing threat, maintain strong protections against unwarranted government or corporate surveillance, and ensure American companies are the most competitive in the world."
"China's cyber lawlessness threatens our prosperity, privacy, and national security," according to the statement. "We will enforce stronger protections against Chinese hackers and counterfeit goods, and our responses to Chinese theft will be swift, robust, and unequivocal."
He also sounded the alarm about the country's digital preparedness in a March interview with the New York Times, the full transcript of which was posted online.
"First off, we're so obsolete in cyber," he said. "We're the ones that sort of were very much involved with the creation, but we're so obsolete, we just seem to be toyed with by so many different countries, already."
The flip side of protecting against foreign digital attacks is using the nation's own digital capabilities against enemies. In 2012, the New York Times reported that U.S. cyberattacks have primarily been focused on Iran, often in an attempt to scuttle the country's nuclear program. Obama, the paper reported, was cautious about overusing digital weapons with little historic precedent for when and how such tools should be deployed and with the U.S. so dependent—more so than many of its rivals—on computer technology.
Indeed, in 2015, Reuters reported that an attempt a few years prior to use the Stuxnet virus, believed to have been developed by U.S. and Israeli forces to target the Iranian nuclear program, in North Korea failed, partially because of the country's limited digital connectivity.
But more recently, the White House confirmed in April the use of digital attacks against ISIS. The Daily Beast reported a few days later that digital techniques have been used to gather intelligence and hamper ISIS communications.
Trump has enthusiastically expressed support for using cyber warfare in the fight against ISIS, saying he'd work with experts from the tech industry to find ways to knock the Islamic State offline and gather intelligence about it, even potentially disrupting Internet access for areas where the group holds power.
"I would certainly be open to closing areas where we are at war with somebody," he told CNN anchor Wolf Blitzer in a December debate. "I sure as hell don't want to let people that want to kill us and kill our nation use our Internet. Yes, sir, I am."
Those comments immediately drew fire from technical commentators , who said significantly disrupting ISIS's connectivity would be difficult, and civil libertarians, who opposed the idea on free speech grounds.
And in his later interview with the Times, Trump appeared to somewhat equate cyber capabilities with nuclear weapons in terms of the need for restraint, though he didn't directly answer an interviewer's questions about when he might use them.
"But certainly cyber has to be a, you know, certainly cyber has to be in our thought process, very strongly in our thought process. Inconceivable that, inconceivable the power of cyber," he said in part. "But as you say, you can take out, you can take out, you can make countries nonfunctioning with a strong use of cyber."
Trump's campaign didn't respond to multiple requests for comment on the subject.
Clinton, in her role as secretary of state, apparently supervised some American cyberattacks aimed at sabotaging Al-Qaeda recruitment efforts in Yemen.
"Within 48 hours, our team plastered the same sites with altered versions of the ads that showed the toll Al-Qaeda attacks have taken on the Yemeni people," Clinton said in a 2012 speech covered by ABC News and other outlets. "We can tell our efforts are starting to have an impact because extremists are publicly venting their frustration and asking supporters not to believe everything they read on the Internet."
More recently, she's called upon the U.S. to be "fully vigilant" against attacks from China, which she said in July is "trying to hack into everything that doesn't move" in the U.S., though it's unclear to what extent vigilance would approve digital retaliation.
Clinton's campaign also didn't respond to multiple phone and email requests for comment.
Sanders, whose campaign also didn't respond to multiple requests for comment, has spoken little on offensive cyberattacks. Indeed, a contributor to The Hill wrote in September that Sanders is vague on digital issues overall, and a March Gizmodoarticle saw his lack of a firm cyber stance as part of a "foreign policy [that] is notoriously scant on details."
Automated product recommendations are a signature feature of big-name e-commerce companies like Amazon and Netflix, but they can be hard to implement for smaller online vendors, says John Foreman, chief data scientist at MailChimp.
That's why the email marketing service is launching a feature to let its customers—many of them online merchants with fewer than 10 employees—incorporate statistically generated recommendations into the emails they send out without having to build any technology on their own.
"It's become almost synonymous with Amazon," Foreman says. "We just started wondering, can we do the same thing for small businesses?"
Over the course of about a year, MailChimp has been developing and testing the feature, which will pull purchase history data from popular online store platforms like Magento and Shopify and use that information to generate product recommendations that users can automatically drop into their marketing emails. (Of MailChimp's roughly 10 million customers, about 30% use the service to help sell goods online, the company says.)
Product recommendations are just another drag-and-drop module for MailChimp users
In tests MailChimp has run, the tool's customized recommendations have beat out handcrafted links to featured products, Foreman says.
"We sent them out side by side to thousands and thousands of people, and we just tracked clicks and purchases and sure enough, the product recommendation emails made more money," he says. "Right there, that was sort of the green light for us. We should build this: It makes people money."
The new feature, which Foreman says will be added to all paid MailChimp accounts as of next week, isn't the only way to generate product recommendations: Amazon includes a Machine Learning engine as part of its Amazon Web Services cloud software suite, and other vendors offer their own data-science-as-a-service cloud options.
The new MailChimp tool, coupled with the service's existing email automation logic, will let customers add recommendations to emails welcoming customers who've just made their first purchases or to ones who haven't visited a store in a while, says Foreman.
"I think that's what makes it unique—there are plenty of things out there that do this type of calculation," he says. "Where this one becomes unique is taking the mathematical modeling and completely marrying it with use and design."
Previewing product recommendations
Foreman says the service also automatically adjusts its recommendation techniques—though he didn't want to go into too many details about the mathematical "secret sauce"—as companies sell more products and acquire more data.
Users will be able to preview recommendations for a given email address, something that's important to MailChimp's customers. "There is kind of some nervousness around this—email is something where you send it out to a lot of people, and you hope it makes a lot of money for your business," Foreman explains. "You don't just send out anything—you want to preview it."
So far, he adds, customers and MailChimp engineers alike have been impressed with the accuracy of the recommendations.
"We would look at what people had bought in the past, and what we're recommending, and I was just sort of floored, and our customers were floored, at how much it makes sense," he says, discussing an example involving retro T-shirts. "It was just interesting to see the model pick up around, you [ordered] these particular Zelda shirts in the past, now you have these other throwback Nintendo shirts, and it's going to recommend those."
Ransomware attacks, in which online criminals block access to critical files until they're paid to release them, are on the rise, security experts warn.
Last year, the Federal Bureau of Investigation's Internet Crime Complaint Center saw 2,453 complaints about ransomware incidents that cost users a total of more than $1.6 million, according to the center's annual report. The report cautions that many online attacks go unreported to law enforcement altogether, meaning total incidents and losses could be that much higher.
"And if the first three months of this year are any indication, the number of ransomware incidents—and the ensuing damage they cause—will grow even more in 2016 if individuals and organizations don't prepare for these attacks in advance," the FBI warned in late April. "Never before in the history of humankind have people across the world been subjected to extortion on a massive scale as they are today," security firm Symantec said in an August report on the subject.
Ransomware typically installs itself after a victim is tricked into clicking an attachment or link in a phishing email, or when a victim visits a hacked website running code that can exploit vulnerabilities in a local operating system. It either prevents the victim from logging in to the computer or encrypts files with a secret key known only to the attackers. Then, it presents a message demanding a ransom to restore access, typically to be paid with bitcoin or another digital money transfer tool.
The attacks can be more disruptive than traditional cyberattacks focused on stealing information, since they can entirely prevent access to critical business data that isn't properly backed up.
"As harsh as it sounds, businesses can easily continue operations after a data breach," according to a March report from the Institute for Critical Infrastructure Technology. "Customers and end users tend to be the long-term victims. The same cannot be said for an active ransomware attack. Business operations grind to a halt until the system is restored or replaced."
And as the attacks have proven lucrative, they've also grown more sophisticated. While some early ransomware developers apparently wrote their own encryption code—considered poor programming practice in any circumstances—newer ransomware has used off-the-shelf libraries that are significantly harder to crack, says Engin Kirda, a professor at Northeastern University's College of Computer and Information Science, who's written about the subject.
"We're seeing more and more ransomware using existing libraries," he says. "There's a bit of sophistication from that point of view."
Attackers have also shifted to more sophisticated delivery mechanisms, switching from mass email blasts, which are often blocked by spam filters, to more targeted spear-phishing campaigns, according to the Symantec report. They've also developed downloadable ransomware toolkits that less-sophisticated hackers can deploy, and even "ransomware-as-a-service" offerings where developers pay commissions to hackers who can get their ransomware installed on other systems.
In some recent cases, including one that triggered a warning from Microsoft late last month, ransomware software can jump from computer to computer through flash drives and network drives like a traditional computer virus, though the Symantec report says ransomware operators are wary of accidentally holding the same organization's systems for ransom multiple times, since they're less likely to get multiple payouts.
"If the ransomware is continuously spreading through a network, infecting multiple computers and demanding payment each time, the cybercriminal's promise to repair the damage after the victim pays the ransom is broken," according to Symantec. "Nobody will be willing to pay if the same gang continues to demand ransom payment after payment."
To some extent, the best way to prevent ransomware and minimize the damage it does is just establishing general good security practices: training users not to open unknown email attachments, making frequent backups and patching systems to remove vulnerabilities that could give it a way in.
In fact, if you're prepared to restore machines from clean backups, getting attacked with ransomware can be better than other forms of malware, since it announces its presence rather than stealing data in the background, says Kirda.
"Ransomware is a problem, but at least if it hits you, they have to tell you that you've been infected to make money," he says. "If you actually do backups and you do offline backups, so you copy your data to the cloud, and you copy some good security practices, compared to some other types of malware ransomware's not actually that bad, since once you're infected you know something happened."
One problem, says Brian Nussbaum, a former intelligence analyst and an assistant professor of public administration at the State University of New York at Albany, is that many smaller organizations, including local governments, just have fewer computer security resources to prepare for that kind of attack.
"It's going to be something that will push them to improve their IT practices," he says. "But it's something that I think we're likely to see for at least a while longer until people start having good backups and doing other hygiene stuff that keeps you safe from it."
Tim Shank can guarantee he'll never leave home without his keys. Why? His house keys are located inside his body.
Shank, the president of the Minneapolis futurist group TwinCities+, has a chip installed in his hand that can communicate electronically with his front door and tell it to unlock itself. His wife has one, too.
"You have mental checklists as you're coming and going out of your home," Shank says. "One of those things is my wallet, keys, all those things I have with me. Once you start to eliminate all those things, you start to see all the mind space it actually clears not to have to worry about them."
In fact, Shank has several chips in his hand, including a near field communication (NFC) chip like the ones used in Apple Pay and similar systems, which stores a virtual business card with contact information for TwinCities+. "[For] people with Android phones, I can just tap their phone with my hand, right over the chip, and it will send that information to their phone," he says. In the past, he's also used a chip to store a bitcoin wallet.
Shank is one of a growing number of "biohackers" who implant hardware ranging from microchips to magnets inside their bodies.
Some biohackers use their implants in experimental art projects. Others who have disabilities or medical conditions use them to improve their quality of life, while still others use the chips to extend the limits of human perception. Shank, for instance, has experimented with a portable distance sensor that vibrates a magnet in his hand; it's like a sonar system that lets him sense how far away obstacles are. He also considered installing a chip that would track his body temperature. But not every use case is so ambitious—for some, the chips are merely convenient ways to store data and unlock doors.
Experts sometimes caution that the long-term health risks of the practice are still unknown. But many biohackers claim that, if done right, implants can be no more dangerous than getting a piercing or tattoo. In fact, professional body piercers are frequently the ones tasked with installing these implants, given that they possess the training and sterilization equipment necessary to break people's skin safely.
"When you talk about things like risk, things like putting it in your body, the reality is the risk of having one of these installed is extremely low—it's even lower than an ear piercing," claims Amal Graafstra, the founder of Dangerous Things, a biohacking supply company.
Amal Graafstra
Graafstra, who is also the author of the book RFID Toys, says he first had an RFID chip installed in his hand in 2005, which allowed him to unlock doors without a key. When the maker movement took off a few years later, and as more hackers began to explore what they could put inside their bodies, he founded Dangerous Things with the aim of ensuring these procedures were done safely.
"I decided maybe it's time to wrap a business model around this and make sure that the things people are trying to put in their bodies are safe," he says. The company works with a network of trained body piercers and offers online manuals and videos for piercers looking to get up to speed on the biohacking movement.
At present, these chips are capable of verifying users' identities and opening doors. And according to Graafstra, a next-generation chip will have enough on-board cryptographic power to potentially work with credit card terminals securely.
"The technology is there—we can definitely talk to payment terminals with it—but we don't have the agreements in place with banks [and companies like] MasterCard to make that happen," he says.
Paying for goods with an implantable chip might sound unusual for consumers and risky for banks, but Graafstra thinks the practice will one day become commonplace. He points to a survey released by Visa last year that found that 25% of Australians are "at least slightly interested" in paying for purchases through a chip implanted in their bodies.
"It's on the minds of people," he says. "It just needs to be brought to fruition."
Other implantable technology has more of an aesthetic focus: Pittsburgh biohacking company Grindhouse Wetware offers a below-the-skin, star-shaped array of LED lights called Northstar. While the product was inspired by the on-board lamps of a device called Circadia that Grindhouse founder Tim Cannon implanted to send his body temperature to a smartphone, the commercially available Northstar features only the lights and is designed to resemble natural bioluminescence.
Grindhouse founder Tim Cannon with his Northstar implant looking out over the skyline of Pittsburgh from Mt. WashingtonPhoto: Ryan O'Shea
"This particular device is mainly aesthetic," says Grindhouse spokesman Ryan O'Shea. "It can backlight tattoos or be used in any kind of interpretive dance, or artists can use it in various ways."
The lights activate in the presence of a magnetic field—one that is often provided by magnets already implanted in the same user's fingertips. Which brings up another increasingly common piece of bio-hardware: magnetic finger implants. Hackers say these small magnets allow users to sense the presence of electromagnetic fields, to diagnose electrical problems like faulty wiring, and even to pull small metal objects like paper clips and bottle caps toward you, making you into something of a low-rent Magneto. Despite the power of these implants, they're fortunately not strong enough to trip metal detectors, wipe hard drives, or interfere with MRI scans.
Tim Cannon's hand (right) minutes after implant with Justin Worst's healed Northstar implantPhoto: Ryan O'Shea
"Most [Northstar clients] already have the magnets," says Zack Watson, a piercer who installs implants for Grindhouse. "The magnets are kind of like a baby step into the heavy mod community. It's not so much visible as it is modifying the body to get that magnetic vision, and then the byproduct is that you're able to activate the implant."
According to O'Shea, a second-generation Northstar will include a Bluetooth transmitter and gesture-recognition sensors, which will let it communicate with a smartphone to control Internet of Things-type technology. That's not the only reason many early adopters may eventually choose to upgrade their implants. Another has to do with the limited battery life.
"[The device] will die, much like a pacemaker will die," he says. "When a pacemaker does die, it is removed in a procedure and is completely replaced with a new unit. That is similar to what will happen with Northstar."
Luckily for users, the Northstar can be inserted or replaced in about 15 minutes by a skilled piercer, says O'Shea.
"It's just a small incision, usually in the side of the hand," he adds. "The skin is separated from the hand there, and the device is just inserted, and the skin is stitched up."
As long as they're inserted properly, the implants leave minimal scarring, says Watson. He has magnets in his hand that let him do "little parlor tricks" and pick up needles while he works. "My kids are convinced I have a magic finger," he says. Meanwhile, an RFID chip in his hand lets him unlock his phone and automatically load his Instagram portfolio for potential customers to see.
"My phone has a reader in it, and you're able to use that reader to scan my hand," Watson says. "It's a cool way to show off your work."
Grindhouse is also working on an enhanced version of the Circadia device that tracks founder Cannon's body temperature. Cannon says that in the future, Circadia could potentially track other vital signs like blood oxygen, heart rate, and blood glucose. That, however, could pose tricky regulatory challenges for the company, he acknowledges, potentially bringing the device closer to medical sensors regulated by the Food and Drug Administration.
The line between medical devices and personal electronics has already begun to grow fuzzier. In recent months, the FDA has tentatively said it doesn't want to impose the same red tape on "low-risk devices" like fitness trackers that it would impose on medical equipment. Even the White House has weighed in, saying it's exploring options to bridge the gap between expensive, regulated hearing aids and cheaper amplification or tracking tools technically not certified for medical use.
Grindhouse's foray into blood sugar tracking would follow projects like the Open Artificial Pancreas System, which lets diabetes patients build their own automatic blood sugar regulation tools using a Raspberry Pi computer to talk to an insulin pump and a glucose monitor. Some in the biohacking community have already used custom-built tools to overcome other disabilities or limitations. Artist Neil Harbisson, for instance, who was born color blind, used an implanted antenna to translate colors into audible sounds.
O'Shea says Grindhouse isn't at all opposed to regulation: The company already does extensive testing to make sure its products are safe and won't break down in the body—not even after physical trauma—and would welcome regulations that ensure people don't unwittingly put something toxic or otherwise dangerous into their bodies.
"With Northstar right now, if there's something that you encounter that's going to destroy the Northstar in your body, you're probably already dead at that point," he asserts.
What the company doesn't want to see, O'Shea says, is the same full-on regulation of medical devices brought to bear on implantable products like the Circadia, which could make them impractical for startups and hackers to develop and prohibitively expensive for many potential users.
"The issue with FDA regulations is not only does it take an expensive amount of time and money that many bootstrapped companies do not have access to, but it also limits the people who can do these procedures," O'Shea says. "We want these augmentative devices to be open to as many people as possible for as cheap as possible, so there aren't people who can't have access to this technology."
In the meantime, with implants essentially flying under the regulatory radar, hackers are exploring how they can use the devices to manipulate and receive input from the world around them without a great deal of scrutiny from government bodies.
One of these hackers is artist, dancer, and self-proclaimed cyborg Moon Ribas, who has an Internet-connected implant in her arm that vibrates to alert her to earthquakes around the world—information she can incorporate into her choreographed routines.
She hopes to add additional, more precise implants that would communicate the continent where the earthquake took place, and perhaps another that reports quakes on the moon.
"This would allow me to be here and be in space in the same time," she says.
Ribas is also working on a commercial implant that would let users feel a vibration when they face due north, potentially training them to develop a directional sense similar to some animals. That's a far cry from Tim Shank's comparatively unambitious door-unlocking implant.
"I like things that are related to nature, space, or animals," she says. "Everyone has his own interests—it's just that it doesn't fulfill me as much to think about having an implant to open a door."
When bitcoin first appeared a little over eight years ago, early adopters saw the potential to disrupt the big banks of the world.
It's all there in the very first line of the abstract to the paper that introduced the cryptographically powered currency. "A purely peer-to-peer version of electronic cash would allow online payments to be sent directly from one party to another without going through a financial institution," wrote bitcoin's mysterious creator, Satoshi Nakamoto.
The new form of digital money attracted attention from fans of Occupy Wall Street and contrarian businesspeople alike, including Overstock CEO Patrick Byrne, who is perhaps known as much for his battles with Wall Street brokers as for his online retail success; in 2007, Overstock sued Morgan Stanley and Goldman Sachs over alleged stock market manipulation that Byrne claimed caused his company's shares to drop.
Blockchain transactions
But while big banks have generally avoided dealing in bitcoin and other cryptocurrencies, many have become quite taken with the underlying technology behind these alternative monetary systems: the digitally shared ledgers known as blockchains. In fact, within the past year or so, a Who's Who list of the world's largest banks—from Goldman Sachs and BNY Mellon to Deutsche Bank and Mitsubishi UFJ—have all very publicly announced plans to explore blockchain technology.
"This kind of feels like when the Internet started," says Suresh Kumar, BNY Mellon's chief information officer. "There is an expectation that, okay, this is something new and different, so there is some value to leveraging it, and the question is: Okay, what are the implications of that for the traditional services, and what kind of services can be enabled that were not practical before?"
While it can be implemented in a number of different ways, the core idea of the blockchain is that it's a transaction database, similar to an accountant's traditional ledger, but one that is digitally synced between market participants with built-in cryptographic safeguards to keep anyone from altering data that's already been recorded. These digital ledgers are designed to ensure that everyone involved in a transaction has the same record of what's taken place without the need to periodically reconcile records. In some cases, blockchains can also give trading partners who don't particularly trust each other a way to do business without a mutually reliable intermediary.
"Each transaction in the ledger is openly verified by a community of networked users rather than by a central authority, making the distributed ledger tamper-resistant; and each transaction is automatically administered in such a way as to render the transaction history difficult to reverse," states a report issued last year by Santander InnoVentures, the Spanish bank's financial tech venture capital arm, in conjunction with finance tech investment firm Oliver Wyman.
Financial institutions are exploring the possibility of using blockchain technology to record everything from stock trades to regulatory compliance data. The answer why is simple: It could save financial institutions tremendous amounts of money and time. A widely quoted estimate from that report predicts that the blockchain could save banks $15 to $20 billion per year by 2022.
Those savings, says Oliver Wyman partner Ben Shepherd, would stem from the blockchain's ability to enable banks to streamline processes around reconciliation—that is, the labor-intensive procedure banks go through with their customers, trading partners, and securities exchanges to verify everyone agrees on who's paid how much for what. "That function is typically one of the biggest headcount areas on the bank operations team," says Shepherd.
Banks hope that by automatically sharing a trusted record of each transaction, they'll reduce the need for human intervention and the potential for error, because they will know their trading partners are looking at the same records in the same format. The goal is to shift more transaction types toward so-called straight-through processing (STP), which allows transactions to be handled from beginning to end by automated processes with no need for human intervention.
"If a process has a high STP rate, then there's not that much more that blockchain can do," says Kumar.
One negative side effect is that by cutting human intervention, this will almost certainly lead to cutting jobs. "I think generally it would be mean a lot less staff, particularly in the sort of transactional control area," says Shepherd.
Employment at top financial institutions peaked in 2010, The Wall Street Journal reported last year, and employees from analysts to bank tellers are facing growing competition from increasingly smarter banking bots. A March study released by Citigroup found that bank employment could fall by another 30% by 2025, mostly thanks to automation.
Ironically, the technology that just a few years ago bitcoin enthusiasts thought might unseat Wall Street's banking titans could end up helping the "1%" cut jobs.
But if the technology is widely adopted, the blockchain may have effects on the financial system beyond simply replacing bank workers with robots.
In areas from the $2 trillion repo market, which lets banks and hedge funds extend one another short-term loans using securities as collateral, to the syndicated loan market, where institutions team up to fund big deals like corporate buyouts, banks are planning to test whether shared ledgers will enable deals to settle faster. That could potentially mean less risk that transactions will fall through and less capital that banks have to set aside while deals are waiting to clear. The exact financial savings, however, remain to be seen.
"We believe that the capital release is beneficial but not game changing," the authors of the Citigroup report write. "We do see some small benefit from reduced operational risk thanks to fewer trade fails and reduced counter party risk from shorter exposure."
A move to the blockchain also brings the promise of smart contracts—agreements written in code, rather than legalese—that can automatically execute programs to shift money and other assets from account to account when certain conditions are met. The technology's been in the news lately after a smart contract-based organization called The DAO raised $130 million through Ethereum, a recently developed cryptocurrency, with a promise to fund projects democratically selected by investors.
But traditional financial institutions and their tech firm partners are looking at smart contracts as well: just as they hope shared blockchain ledgers will help them streamline data sharing and keep information about what transactions have already taken place in sync, banks expect that mathematically encoded contracts could help them agree on the next steps in complex, multiphase transactions like derivatives deals or so-called corporate actions like share buybacks.
"Examples include removing much of the cost of corporate actions for custodian banks that manage security holdings on the part of the investors, for the automation of fund portfolio allocations following trades executed on behalf of asset managers, or in the context of international trade finance or domestic invoice financing," states a report released earlier this month by the SWIFT Institute, the research arm of the international banking network.
But even the biggest blockchain boosters acknowledge that some of these developments are still years away. Industry standards for blockchain structures have yet to be solidified, and, as the SWIFT Institute authors point out, neither have the legal standards for smart contracts. There's also a need to adapt the kind of contracts presently used by lawyers and judges to resolve disputes to this new technological framework.
In the meantime, though, banks are testing out blockchain technology with smaller-scale experiments, says Jerry Cuomo, IBM's vice president of blockchain technologies. If blockchain is a "moonshot" technology for the financial industry, he likens current projects to NASA's individual Apollo missions in the 1960s, which grew in ambition until they finally put men on the surface of the moon.
"While everyone still has their eye on the big ones, those big game-changing use cases, there are more incremental use cases that we're starting to talk to financial institutions about that are quite interesting but more incremental," Cuomo says.
In some cases, he adds, companies are setting up "shadow chains" which replicate existing business records on shared blockchains. That could let companies doing business together confirm that they agree on particular data points without having to change how their internal systems store information. One potential benefit of shadow chains would be in resolving accounting discrepancies in complicated transactions, because it makes it faster for companies to see where their understandings diverged.
"[Companies can say] the dispute happened after this point, but up until this point, everyone was in complete agreement," Cuomo says. "This is where something went awry—some piece of information was captured incorrectly, or whatever."
As smaller blockchain projects prove successful, they give companies confidence in the technology itself and, presumably, in software and cloud-computing vendors like IBM who are lining up to provide the underlying tools of the blockchain.
"It's doing these projects that give you more conviction in going after the big projects," Cuomo says. "I think there's more conviction after some successful, more humble projects that the big projects are doable, and now we know how to go after them."
So while cryptocurrencies like bitcoin arguably still search for their killer applications, their core algorithms might turn out to be pretty useful to the financial institutions they were once thought to be in line to disrupt.
"Sometimes people ask me, is blockchain a friend or foe, and to me, why would I think of that as a foe?" says BNY Mellon's Kumar. "It's another piece of technology that could help us and our clients and remove friction from the system."
We take for granted that GPS can get us where we're going pretty much anywhere on earth, but there's one important place satellite navigation systems are essentially guaranteed not to work: under the sea.
The satellite broadcasts that GPS systems rely on can't penetrate very far below the ocean's surface, and that's a problem for unmanned underwater vehicles—essentially, drone submarines—designed to autonomously navigate below the sea.
That's why the Defense Advanced Research Projects Agency has announced plans to build an underwater GPS-style system called Posydon—which stands for Positioning System for Deep Ocean Navigation—that will use underwater sound broadcasts to let submarines determine their own positions without coming to the surface.
"By measuring the absolute range to multiple source signals, an undersea platform can obtain continuous, accurate positioning without surfacing for a GPS fix,"the agency says.
So what are the maritime drones used for, anyway? In the past, the U.S. Navy has used these robot subs for clearing underwater mines and for various other underwater reconnaissance missions, but it has plans to deploy them more widely for the purpose of minesweeping, undersea patrols, and other tasks, according to a November report from Bard College's Center for the Study of the Drone.
Surfacing is naturally a particular problem for military missions that require stealth, says Geoff Edelson, director of maritime systems and technology at BAE Systems, a contractor working on the project. And while there are technologies that allow subs to determine their locations to some extent without surfacing, they're often expensive and energy-consuming, which also makes them less than ideal for drone missions.
"For unmanned vehicles, power and energy is at a premium," says Edelson. "If they're using up all their power and energy to navigate, that doesn't really help them in performing their mission."
Essentially, the Posydon system will be a network of underwater sound-emitting devices attached to buoys placed in areas designed to cover wide swaths of the sea. Underwater ships will be able to determine their distance from multiple devices and therefore triangulate their own positions.
"[The devices will be] placed somewhere in the water column at a depth that is good for that part of the ocean," Edelson says. "That's based on the propagation properties of the ocean in those local areas."
The exact signal the devices will transmit has still yet to be developed, but engineers plan to make it resistant to spoofing and jamming for security purposes. Moreover, taking a system based on the straight-line paths of GPS satellite broadcasts and adapting it to underwater sound transmissions—which move a lot more indirectly—will present its own challenges, says Edelson.
"When you put sound in the ocean, it goes over a very complicated, time-variant path," he says. "To be able to understand that and then determine what the actual range was from these very complicated path structures is what makes this problem pretty hard."
The first two phases of the project will involve a mix of real-world tests and computer simulations in order to plan and design the system. Within 30 months, Edelson says, researchers plan to test real-time distance measurements using a single-transmitter system, before moving on to developing a larger prototype with multiple transmitters.
"If these first two phases are very successful, the third phase that DARPA defined would be then a limited deployable system that can really show the positioning capability," he says.
If the system works as well as researchers hope it does, the project could ultimately have applications in the civilian world as well, just as GPS expanded from the defense sector to find itself in billions of smartphones. Existing unmanned subs are already used for underwater oil and gas exploration and other types of underwater surveys and scientific applications. Ultimately, these commercial systems could use a Posydon-type system to hold accurate positions for longer and potentially conduct their own missions more efficiently, Edelson says.
The BAE Systems team, which is working with researchers at the Massachusetts Institute of Technology, the University of Washington, and the University of Texas, plans to keep the computational requirements of receiver systems low, so they can be used without having to significantly boost the processing power of existing subs.
"You're not gonna have to bring a Cray [supercomputer] onboard, or anything like that," Edelson says.
Two visitors to the same news site see different headlines on the same article. Two potential donors see different suggested giving amounts on a charity website. A software vendor with free and premium versions keeps a list of "countries that are likely to pay."
Those are some recent findings from the Princeton University Center for Information Technology Policy's Web Transparency and Accountability Project, which conducts a monthly "web census," tracking privacy-related practices across the Internet. Essentially, the project team sends an automated web-crawling bot to visit about 1 million websites and monitor how they, in turn, monitor their visitors.
Showing different versions of a site to different people isn't inherently creepy, nor is monitoring what they do while visiting a website—without some basic monitoring and user segmentation, there would be no recommended products on Amazon or Netflix and no way for international websites to figure out which language users prefer.
And yet, some types of customization just make Internet users uncomfortable, and some may even risk crossing ethical boundaries. And so, without further ado, here's a mostly unscientific guide to web-tracking practices in the wild, on a scale of 1 (not particularly creepy) to 5 (pretty creepy).
If you've visited any European websites in the past few years, you've probably seen a little pop-up warning explaining that the sites use cookies—small text files stored by your browser with information about your activity on the site.
Under EU regulations, sites are required to let you know if they use cookies and allow you to opt out of having your browser store the files.
But despite the ubiquitous warnings, basic, first-party cookies, which are stored by a particular website you're visiting and served back with each page on the site you load, really aren't all that creepy.
First, sites are generally out in the open about their use of cookies—if there's no European-style pop up, they're often disclosed in reasonably plain English in privacy policies—and it's easy to find instructions on viewing and deleting stored cookies in any major browser or on using private browsing modes to avoid storing them from browsing session to browsing session.
More importantly, first-party cookies are by definition tied to a particular website. They're just a convenient way for programmers to keep track of information, like your user name or what's in your shopping cart, that you've already provided to the site, often with the assumption that they'd store it.
One reason different users see different editions of the same site or app is A/B testing—a practice where different users are purposely shown different versions of a site in order to measure which one is more effective.
The practice is a cornerstone of many modern, agile development practices, and of data-oriented business philosophies like Eric Ries's "Lean Startup" methodology. It's used by websites to test everything from quick color scheme tweaks to radically revamped algorithms for ordering social networking feeds. And modern Internet users are often accustomed to sites varying slightly from user to user, says Pete Koomen, cofounder and CTO of Optimizely, Optimizely, a San Francisco company that provides tools for customer segmentation and A/B testing.
"I actually think that at this point this is part and parcel of most users' expectation of how the web works," he says.
And yet, for particular sites, even sophisticated users can be unaware that there are multiple versions of the user experience, says Lisa Barnard, an assistant professor of strategic communication at Ithaca College who's studied online marketing. And they can be disturbed to learn that even seemingly static content like news headlines can vary from user to user as part of an experiment.
"I teach students who are digital natives, they understand how this stuff works, and every time I tell them about A/B testing, they're shocked," Barnard says. "They realize that something's happening [with targeted ads] because they know that they're seeing something they were looking at before, but with something like A/B testing of headlines on a news site, there's no tip off."
And once they find out it's been happening without their knowledge, they're not always happy, she says.
Among the information the Princeton researchers gather in their web census is the complete set of JavaScript code embedded in each page, explains project research engineer Dillon Reisman in a recent blog post. And on many sites, that includes code from Optimizely to implement A/B tests.
The team even built a Google Chrome extension—cheekily called Pessimizely—that can, depending on a website's configuration, make it possible to see which segments of a particular web page are being tested and tweaked with Optimizely and how the page's audience is being segmented.
Pessimizely
Reisman emphasizes that there's absolutely nothing wrong with using Optimizely, which boasts more than 6,000 corporate customers. But, he says, the findings still point to general unresolved questions about how transparent Internet companies ought to be about how they're tracking visitor data and conducting user experiments, even if the practices themselves aren't inherently negative.
To be clear, Optimizely doesn't track users from website to website, explains Koomen.
"When a customer uses Optimizely to run experiments on their site, they only see the results of those experiments for their site alone," he says.
For researchers and the public at large, Optimizely actually provides an unusually good look at how websites can vary from visitor to visitor, says Reisman. Customers can configure it to make testing variations and customer segment names visible for better integration with third-party tools, and the web census project and Pessimizely extension are able to access that data as well.
Reisman says he'd generally like to see companies more explicitly spell out all of the tracking, testing, and personalized tweaking they do, perhaps in their privacy policies.
"I'm grateful that that data's there, because it's so rare that you get to see what websites are doing when they're A/B testing, and this actually is a very unique opportunity," he says.
A little more off-putting are third-party cookies: cookies set by a website other than the site you're visiting, which can help advertising companies and others track your behavior across the Internet.
Advertisers say these and other more complex tools for tracking users from site to site allow for better targeting of ads based on your browser history, but several studies have found consumers can find this more stalkerish than helpful.
"They feel like companies know too much about them, and that they're tracking them around the Internet," Barnard says."There's something about that tracking that makes people uncomfortable, and, kind of, the uncertainty of how much these companies know about them and how they're using it."
And a Consumer Reports survey found most consumers unwilling to trade personal information for targeted ads and unconvinced such ads brought them more value. For those users, many popular browsers now contain built-in features to block third-party cookies.
Cookies are data files stored by your browser, which means that if you're aware of them and willing to do a little legwork, you can control if and when they're stored.
But they're not the only way for advertisers and website owners to track visitors from site to site. Clever—or creepy—programmers have found other ways to monitor your travels around the web that can be harder to detect and control.
The researchers behind the Princeton web census found websites using a variety of "device fingerprinting" techniques that allow them to identify visitors based on characteristics of their computers or phones, without having to store any data. For instance, websites—and advertisers—can examine the list of fonts installed on a computer or the exact output produced by a system's audio or image processing software, which can vary from system to system.
It's hard not to view these techniques, which are generally designed to circumvent users' desired tracking restrictions, as intrusive. Luckily, at least one of the techniques, using characteristics of HTML graphics canvas elements to track users, appears to be on the decline after some public backlash, the researchers report.
"First, the most prominent trackers have by and large stopped using it, suggesting that the public backlash following that study was effective," they write. "Second, the overall number of domains employing it has increased considerably, indicating that knowledge of the technique has spread and that more obscure trackers are less concerned about public perception."
Still, while more legitimate websites may shy away from these techniques, it's likely there will be a cat-and-mouse game for some time between shadier trackers and researchers who reveal their techniques.
In 2012, researchers at Facebook and Cornell University tweaked a selection of users' news feeds, showing them either a week of all positive stories or all negative stories. The immediate result? People who saw positive posts created more positive content of their own; people who saw negative stories posted more negative messages.
But the broader result was widespread condemnation of the project from across the Internet, including from the scientific community. Doing experiments with vague-at-best consent through website terms of service, with an eye toward influencing people's emotional state, was widely denounced as unsavory, unethical, and potentially even dangerous.
"Deception and emotional manipulation are common tools in psychological research, but when they're done in an academic setting they are heavily reviewed and participants have to give consent," says data ethicist Jake Metcalf, a founding partner at ethics consultancy Ethical Resolve.
The company has since adopted and published new research vetting guidelines, influenced by those used in academic studies, and says it hopes they can be informative to other companies doing similar work.
"It is clear now that there are things we should have done differently," Facebook CTO Mike Schroepfer acknowledged in a statement after the study came to light.
Last year, investigative journalism site ProPublica reported that prices of online test prep services booked through the Princeton Review's website could vary by more than $1,000 dollars based on users' zip codes. One result, according to the report, was that Asian users were more likely to be offered higher prices for tutoring services than non-Asians. The Princeton Review emphasized in a statement this was not its intent and that prices were based on "differential costs" and "competitive attributes" of different regional markets.
And in 2012, the Wall Street Journalreported that office supply chain Staples offered different prices to users in different zip codes and pointed out numerous other examples of online stores offering different prices, or discount offers, based on users' location, device type, or other information, often to users' frustration.
Also that year, the paper famously reported that travel booking site Orbitz was showing different lists of hotels on the first page of search results to Mac and Windows users, specifically showing higher-priced options for Apple users, who were found to be bigger spenders (though the company has emphasized particular hotels were priced the same for all users).
While differential pricing isn't generally illegal, as long as there's no discrimination against a protected class like a racial or religious group, it still often makes customers uncomfortable and anxious about whether they've truly gotten the best deal available.
"When that type of story comes out, people get upset," says Barnard. "It's that uncertainty that, I think, makes people really uncomfortable."
