Expense Manager Services

Getting a handle on Unmanaged Spend through Expense Manager Services

apple

telecommunications

Hundreds of French academics sign letter asking for safeguards on contact tracing

A group of 471 French cryptography and security researchers has signed a letter to raise awareness about the potential risks of a contact-tracing app. A debate in the French parliament will take place tomorrow to talk about all things related to post-lockdown — including contact-tracing app StopCovid.

Among the group of researchers, 77 of them are affiliated with Inria, the French research institute that has been working on the contact-tracing protocol that will power the government-backed contact-tracing app, ROBERT. With this letter, it appears that Inria is conflicted about ROBERT.

“All those applications induce very important risks when it comes to protecting privacy and individual rights,” the letter says. “This mass surveillance could be done by collecting the interaction graph of individuals — the social graph. It could happen at the operating system level on the phones. Not only operating system makers could reconstruct the social graph, but the state could as well, more or less easily depending on the approaches.”

The letter also mentions a thorough analysis of centralized and decentralized implementations of contact-tracing protocols. It includes multiple attack scenarios and undermines both the DP-3T protocol as well as ROBERT.

Ahead of the debate in the French parliament tomorrow, researchers say that “it is essential to thoroughly analyze the health benefits of a digital solution with specialists — there should be important evidence in order to justify the risks incurred.”

Researchers also ask for more transparency at all levels — every technical choice should be documented and justified. Data collection should be minimized and people should understand the risks and remain free not to use the contact-tracing app.

Over the past few weeks, multiple groups of researchers in Europe have been working on different protocols. In particular, DP-3T has been working a decentralized protocol that leverages smartphones to compute social interactions. Ephemeral IDs are stored on your device and you can accept to share ephemeral IDs with a relay server to send them to the community of app users.

PEPP-PT has been backing a centralized protocol that uses pseudonymization to match contacts on a central server. A national authority manages the central server, which could lead to state surveillance if the protocol isn’t implemented properly. ROBERT is a variant of PEPP-PT designed by French and German researchers.

While the French government has always been cautious about the upsides of a contact-tracing app, there’s been little debate about the implementation. Inria, with official backing from the French government, and Fraunhofer released specifications for the ROBERT protocol last week.

Many (including me) have called out various design choices, as you have to trust your government that they’re not doing anything nefarious without telling you — a centralized approach requires a lot of faith from the end users as the government holds a lot of data about your social interactions and your health. Sure, it’s pseudonymized, but it’s not anonymized, despite what the ROBERT specification document says.

Moreover, ROBERT doesn’t leverage Apple and Google’s contact-tracing API that is in the works. France’s digital minister, Cédric O, has been trying to put some pressure on Apple over Bluetooth restrictions with a Bloomberg interview. Given that Apple and Google provide an API for decentralized implementations, they have little incentive to bow to French pressure.

On Sunday, Germany announced that it would abandon its original plans for a centralized architecture in favor of a decentralized approach, leaving France and the U.K. as the two remaining backers of a centralized approach.

France’s data protection watchdog CNIL released a cautious analysis of ROBERT, saying that the protocol could be compliant with GDPR. But it says it will need further details on the implementation of the protocol to give a definitive take on StopCovid.

The European Data Protection Supervisor (EDPS) also said on Twitter that the debate in front of the French parliament is particularly important. “Decisions will have an impact not only on the immediate future but as well on years to come,” they say.

France’s Inria and Germany’s Fraunhofer detail their ROBERT contact-tracing protocol

Read more: https://techcrunch.com/2020/04/27/hundreds-of-french-academics-sign-letter-asking-for-safeguards-on-contact-tracing/

telecommunications

EU privacy body urges anonymization of location data for COVID-19 tracking

The European Data Protection Board (EDPB) has published guidance for the use of location data and contacts tracing tools intended to mitigate the impact of the COVID-19 pandemic.

Europe’s data protection framework wraps around all such digital interventions, meaning there are legal requirements for EU countries and authorities developing tracing tools or soliciting data for a coronavirus related purpose.

“These guidelines clarify the conditions and principles for the proportionate use of location data and contact tracing tools, for two specific purposes: using location data to support the response to the pandemic by modelling the spread of the virus so as to assess the overall effectiveness of confinement measures; [and] contact tracing, which aims to notify individuals of the fact that they have been in close proximity of someone who is eventually confirmed to be a carrier of the virus, in order to break the contamination chains as early as possible,” the EDPB writes in the document.

The European Commission and the EU parliament have already weighed in with their own recommendations in this area, including a toolbox to help guide contacts tracing app developers. The Commission has also urged Member States to take a common approach to building such apps, and has been leaning on local telcos to provide “anonymized and aggregated” metadata for modelling the spread of the virus across the EU.

The guideline document from the EDPB — a body made up of representatives from the EU’s national data protection agencies which helps coordinate the application of pan-EU data protection law — brings additional expert steerage for those developing digital interventions as part of a public health response to the coronavirus pandemic.

“The EDPB generally considers that data and technology used to help fight COVID-19 should be used to empower, rather than to control, stigmatise, or repress individuals,” it writes. “Furthermore, while data and technology can be important tools, they have intrinsic limitations and can merely leverage the effectiveness of other public health measures. The general principles of effectiveness, necessity, and proportionality must guide any measure adopted by Member States or EU institutions that involve processing of personal data to fight COVID-19.”

Among the body’s specific recommendations are that where location data is being considered for modelling the spread of the coronavirus or assessing the effectiveness of national lockdown measures then anonymizing the data is preferable — with the EDPB emphasizing that proper anonymization is not easy.

Given the inherent complexity it also recommends transparency around the anonymization methodology used. (tl;dr: there’s no security in obscurity, nor indeed accountability.)

“Many options for effective anonymisation exist, but with a caveat. Data cannot be anonymised on their own, meaning that only datasets as a whole may or may not be made anonymous,” it notes.

“A single data pattern tracing the location of an individual over a significant period of time cannot be fully anonymised. This assessment may still hold true if the precision of the recorded geographical coordinates is not sufficiently lowered, or if details of the track are removed and even if only the location of places where the data subject stays for substantial amounts of time are retained. This also holds for location data that is poorly aggregated.

“To achieve anonymisation, location data must be carefully processed in order to meet the reasonability test. In this sense, such a processing includes considering location datasets as a whole, as well as processing data from a reasonably large set of individuals using available robust anonymisation techniques, provided that they are adequately and effectively implemented.”

On contact tracing apps — aka digital tools that are designed to map proximity between individuals, as a proxy for infection risk — the EDPB urges that use of such apps be voluntary.

“The systematic and large scale monitoring of location and/or contacts between natural persons is a grave intrusion into their privacy,” it warns. “It can only be legitimised by relying on a voluntary adoption by the users for each of the respective purposes. This would imply, in particular, that individuals who decide not to or cannot use such applications should not suffer from any disadvantage at all.”

The importance of accountability is also front and center, with the EDPB saying the controller of such apps must be clearly defined.

“The EDPB considers that the national health authorities could be the controllers for such application; other controllers may also be envisaged. In any cases, if the deployment of contact tracing apps involves different actors their roles and responsibilities must be clearly established from the outset and be explained to the users.”

Purpose limitation is another highlighted component. Apps need to have purposes that are “specific enough to exclude further processing for purposes unrelated to the management of the COVID- 19 health crisis (e.g., commercial or law enforcement purposes)”, it says.

So, in other words, no function creep — and no EU citizen mass surveillance via a pandemic backdoor.

The EDPB also writes that “careful consideration should be given to the principle of data minimisation and data protection by design and by default” — noting specifically that contact tracing apps “do not require tracking the location of individual users”.

Instead “proximity data should be used” for the contacts tracing purpose.

“Contact tracing applications can function without direct identification of individuals,” it further emphasizes, adding that “appropriate measures should be put in place to prevent re-identification”.

The guidance aligns with the coronavirus contacts tracing model devised jointly by Apple and Google — which have said they will be offering a cross-platform API for COVID-19 contacts tracing based on ephemeral proximity IDs shared via Bluetooth.

At one point the EDPB guidance appears to be leaning towards favoring such decentralized approaches to contacts tracing apps, with the body writing that “the collected information should reside on the terminal equipment of the user and only the relevant information should be collected when absolutely necessary”.

Although later on the in guidance it discussed centralized models that involve proximity data being uploaded to a server in the cloud, writing that: “Implementations for contact tracing can follow a centralized or a decentralized approach. Both should be considered viable options, provided that adequate security measures are in place, each being accompanied by a set of advantages and disadvantages.”

In Europe there is currently a big fight between different camps over whether contacts tracing apps should use a centralized or decentralized model for storing and processing proximity data — with a contacts tracing app standardization effort known as PEPP-PT that’s backed by Germany’s Fraunhofer Institute for Telecommunications and some EU governments wanting to support centralized protocols for COVID-19 contacts tracking, while a separate coalition of European academics wants only decentralized approaches on privacy grounds, and has developed a protocol called DP-3T.

Europe’s PEPP-PT COVID-19 contacts tracing standard push could be squaring up for a fight with Apple and Google

“The current health crisis should not be used as an opportunity to establish disproportionate data retention mandates,” the EDPB warns. “Storage limitation should consider the true needs and the medical relevance (this may include epidemiology-motivated considerations like the incubation period, etc.) and personal data should be kept only for the duration of the COVID-19 crisis. Afterwards, as a general rule, all personal data should be erased or anonymised.”

The body also recommends algorithms used in contacts tracing apps be audited and regularly reviewed by outside experts.

Again, a key criticism of the PEPP-PT initiative has been around lack of transparency — including its failure to publish code for external review. (Though it has said it will be publishing code.)

“In order to ensure their fairness, accountability and, more broadly, their compliance with the law, algorithms must be auditable and should be regularly reviewed by independent experts. The application’s source code should be made publicly available for the widest possible scrutiny,” the EDPB writes.

Another notable piece of the guidance is for a data protection impact assessment not only to be carried out but that it be published — which marks a further push for accountability via transparency in such an unprecedented moment.

“The EDPB considers that a data protection impact assessment (DPIA) must be carried out before implementing such tool as the processing is considered likely high risk (health data anticipated large-scale adoption, systematic monitoring, use of new technological solution). The EDPB strongly recommends the publication of DPIAs,” it writes.

Typically DPAs leave it up to data controllers to decide whether to publish a DPIA or not — in this case the strong push from the central authority is that these documents are made public where COVID-19 contacts tracing apps are concerned.

Having highlighted the pros and cons of centralized vs decentralized approaches to contacts tracing, the EDPB goes on to recommend that the conceptual phase of app development “should always include thorough consideration of both concepts carefully weighing up the respective effects on data protection/privacy and the possible impacts on individuals rights”.

“Any server involved in the contact tracing system must only collect the contact history or the pseudonymous identifiers of a user diagnosed as infected as the result of a proper assessment made by health authorities and of a voluntary action of the user. Alternately, the server must keep a list of pseudonymous identifiers of infected users or their contact history only for the time to inform potentially infected users of their exposure, and should not try to identify potentially infected users.”

“Putting in place a global contact tracing methodology including both applications and manual tracing may require additional information to be processed in some cases. In this context, this additional information should remain on the user terminal and only be processed when strictly necessary and with his prior and specific consent,” it adds.

You can read the full document here.

Read more: https://techcrunch.com/2020/04/22/eu-privacy-body-urges-anonymization-of-location-data-for-covid-19-tracking/

Credit Cards

The Gap in State Gun Laws, Apple Card Is Sorta Here, and More News

A report outlines the link between gun laws and mass shootings, Apple's new credit card has arrived for a select group of users, and WIRED has some pocket camera suggestions for you. Here's the news you need to know, in two minutes or less.

Want to receive this two-minute roundup as an email every weekday? Sign up here!

Today's Headlines

The looser a state's gun laws, the more mass shootings it has

A report in BMJ compared the strictness of state-level gun laws to the annual rate of mass shootings, and the results are sobering: States were scored from 0 (very restrictive) to 100 (very permissive) based on 13 factors surrounding their gun laws. And for every 10-point relaxation in a state’s gun laws, the rate of mass shootings in that state increased by 11.5 percent.

The Apple Card is now available, just probably not for you

Apple's famed credit card will finally arrive today—but only for a select group of iPhone users. (The card will become available to everyone later this month.) Apple's card is a lot like other credit cards you might have, except that it mostly lives inside of your iPhone. You can request a titanium physical card, but Apple rewards those who use their phones for transactions by giving them twice the cash back.

Fast Fact: 183%

That's how much textbook prices have increased over the past 20 years. Digital textbooks are cheaper—plus they take up less space and are more easily updated—but when it comes to retention and comprehension, good ol' paper still produces better results.

WIRED Recommends: Pocket Cameras

What if you could have the portrait mode of a real camera with the mobility of a cell phone? Say hello to the best 5 pocket cameras you can buy right now.

News You Can Use

Don't know what TikTok is or how to use it? Here's a beginner's guide.

This daily roundup is available as a newsletter. You can sign up right here to make sure you get the news delivered fresh to your inbox every weekday!

Related Video

Culture

I Made an Untraceable AR-15 'Ghost Gun' In My Office

WIRED senior writer Andy Greenberg puts new homemade gunsmithing tools to the test as he tries three ways of building an untraceable AR-15 semi-automatic rifle—a so-called "ghost gun"—while skirting all gun control laws.

Read more: https://www.wired.com/story/state-gun-laws-mass-shootings-apple-card/

Credit Cards

The Apple Card Is Now Available, Just Probably Not for You

Ever since Apple slipped a digital wallet onto your iPhone in 2012, the company has been vying for control of your financial life. Today it takes that vision one step further with the Apple Card, which will become available to a select group of iPhone owners.

Apple introduced the card at an event in March, where it also debuted Apple TV+, its bid for the future of television, and Apple News+, a news subscription service. The card turned out to be the sleeper hit of the show, earning almost as much applause as the surprise appearance of Oprah Winfrey. Millions of people signed up to be alerted when the card was ready for prime time. Today, some of those people who expressed interest will get early access to the Apple Card, before it becomes available to everyone later this month.

On its face, the Apple Card looks a lot like Apple Pay, the mobile payment system the company introduced four years ago. It lives inside the Apple Wallet and functions as contactless payment system: Open the app, tap your iPhone to the payment terminal, and you’re done. You can also request a physical card—one that's made of titanium, of course—but Apple would prefer that you just use your iPhone. For the trouble, it offers twice as much cash back for transactions completed with just your phone than ones made by swiping the physical card.

Apple

But don't let the shiny titanium fool you. This isn’t just a bid to replace the credit card you already have. It's also a part of Apple’s master plan to replace your physical wallet with technological solutions that live inside its hardware and software ecosystem. Apple has already rolled out digital transit cards to replace metro tickets in Beijing and Shanghai. Last fall, the company introduced the first wave of digital student ID cards at six college campuses across the United States. It’s working on creating digital tickets to performances, sports events, and movie theaters. Apple even wants to one day replace your driver’s license and passport with a digital ID that lives inside your iPhone.

The Apple Card is a crucial part of this pursuit. As the company lures more customers into using its iPhones when they pay for coffee, step onto the metro, or tap into a venue, it gets ever closer to conquering the digital wallet.

Cash Cow

In many ways, the Apple Card is not so different from whatever else is already in your wallet. To apply, you’ll open the Wallet app on your iPhone and enter some basic information; Goldman Sachs, the bank backing the card, will either approve or deny the application within minutes. Apple says the interest rates will fall between 12.99 and 23.99 percent, on par with many other credit cards.

Once approved, the Apple Card will materialize within the Wallet app, and you can begin using it right away. It’s designed to reward Apple fans with 3 percent cash back on all purchases of Apple products. For other purchases completed using Apple Pay—by physically tapping your iPhone, or buying something online—it offers 2 percent cash back. The times you swipe the titanium card, you get a measly 1 percent cash back—an incentive to shop at places that support Apple and its financial aspirations. Those cash-back rewards can be redeemed daily as either a way to pay down your Apple Card balance or as cash within Apple Pay.

If all of this sounds a little boring, remember that this is just a credit card. Apple hasn’t reinvented money just yet. The card comes with a few tricks to make spending more convenient: There are no late fees, and your cash-back rewards appear every day inside an app called Apple Cash. You can talk to customer service through Apple’s Messages app, and it’s easy to “replace” the card in the event of fraud. The Apple Card itself has no numbers on it—instead, you can find a string of digits and expiration date within the app—but the card isn’t necessarily any more secure than just using Apple Pay.

Why, then, would you want to apply for the Apple Card? For one thing, it puts the normal hassles of a credit card into a beautifully designed interface within an app that's already on your phone. It won't reinvent your financial life, but it does make it easier to look at. Every transaction is categorized by color, and the Apple Card creates a detailed map showing where you've made every purchase. When it's time to pay down your balance, you can choose how much to pay by spinning a wheel that shows exactly how much interest you'll be charged for paying less than the full amount. That's color-coded, too, in gradations of green to yellow to red depending on how much interest you'll accrue.

Mostly, though, those who apply for the Apple Card will do so for another reason. Carrying around a physical wallet may soon be a thing of the past. If you're already carrying an iPhone, you may as well let Apple replace the other stuff in your pockets too.

Correction on 8/6/2019: An earlier version of this article misstated the Apple Card's interest rates. As of August 2019, those interest rates fall between 12.99 and 23.99 percent.

Read more: https://www.wired.com/story/apple-card-now-available/

telecommunications

Apple acquiring most of Intels smartphone modem business in $1B deal

Apple has entered into a deal to acquire a majority of Intel’s modem business, TechCrunch has learned. The deal, valued at around $1 billion, includes Intel IP, equipment, leases and employees, with Apple bringing over 2,200 new roles and bringing its portfolio up 17,000 wireless technology patents.

“We’ve worked with Intel for many years and know this team shares Apple’s passion for designing technologies that deliver the world’s best experiences for our users,” Apple SVP Johny Srouji said in a release tied to the news. “Apple is excited to have so many excellent engineers join our growing cellular technologies group, and know they’ll thrive in Apple’s creative and dynamic environment. They, together with our significant acquisition of innovative IP, will help expedite our development on future products and allow Apple to further differentiate moving forward.”

The deal confirms earlier rumors that Apple would acquire the business in order to permanently uncouple itself from Qualcomm, the source of much contention for both parties over the last several years. Apple and Qualcomm settled their differences back in April, with both parties agreeing to drop litigation.

Apple and Qualcomm are ending their legal battles

The move was believed to be an attempt for Apple to ready the iPhone for a 5G push, expected at some point in 2020. Intel’s 5G solution has generally been regarded as the inferior of the two, with the company having missed out on the last decade’s smartphone boom.

The move is also in line with Apple’s recent push to build all of its device components in-house. CEO Tim Cook signaled the way forward for the company a decade ago, when he told the press, “We believe that we need to own and control the primary technologies behind the products that we make, and participate only in markets where we can make a significant contribution.”

Under the deal, Intel retains ability to develop modem technology for non-smartphone devices, including PCs, IoT hardware and self-driving vehicles.

“This agreement enables us to focus on developing technology for the 5G network while retaining critical intellectual property and modem technology that our team has created,” Intel CEO Bob Swan said in the statement. “We have long respected Apple and we’re confident they provide the right environment for this talented team and these important assets moving forward. We’re looking forward to putting our full effort into 5G where it most closely aligns with the needs of our global customer base, including network operators, telecommunications equipment manufacturers and cloud service providers.”

Apple expects the deal to close in Q4, after being subjected to the standard regulatory scrutiny.

Read more: https://techcrunch.com/2019/07/25/apple-acquiring-most-of-intels-smartphone-modem-business-1b-deal/

telecommunications

Tile finds another $45M to expand its item-tracking devices and platform

Tile — the company that makes popular square-shaped tags and other technology to help people keep track of physical belongings like keys and bags — has made more recent moves to link up with chipmakers, helping it expand to wireless headsets and other electronic and other connected items as part of a wider smart home strategy. Now, Tile is announcing a round of funding of $45 million to double down on those strategies and fulfill a plan to have its technology in millions of devices by the end of this year.

The growth equity is being led by Francisco Partners, with participation from previous investors GGV Capital and Bessemer Venture Partners and new backers Bryant Stibel and SVB Financial Group.

CJ Prober — who joined as CEO last year in part to develop Tile’s newer areas of business — said in an interview that the funding will help the startup be more aggressive in doubling down on these new opportunities.

“We’re seeing great business momentum, with the first embedded partner products from our strategic initiatives coming out this year,” he said. It now has partnerships with five semiconductor companies, including Qualcomm and most recently Nordic, which they integrate Tile functionality on to their hardware, he added. “All this is now paying off with great momentum.”

Prober would not comment on the company’s valuation with this round, except to say that it was definitely an up round. A spokesperson described the Series C as having “opened” with this $45 million commitment, which implies that there may be more funding coming, but Tile has declined to specify any more detail on this front. The startup had previously raised rounds in stages — as you can see by this timeline in PitchBook. For some more context, Tile’s last noted valuation (also in PitchBook) was around $166 million, but that was now more than two years ago, before the various initiatives and other changes at the company.

Tile is not disclosing any metrics on its market share or how many of its devices are now in use, but it typically is rated as the largest of a crowded market for item-tracking devices (with others in the space including TrackR (Adero), Chipolo, and more).

But it notes that its European business (a relatively new area of focus for Tile) has grown by 160% in the last quarter. That’s coming from a small base, though: Prober confirmed that the U.S. is still by far its biggest market in terms of sales and users.

And it also had a strong Prime Day on Amazon this year, doubling its unit sales (but didn’t provide hard numbers for comparison). It said it has exceeded projections for sign-ups for its Premium tier, which provides free battery replacements, 30-day location history, smart alerts (prompting you, for example, when you’ve left your keys somewhere), customer support and more for $30 for the year, or $3 per month.

The company has been planting a lot of seeds, and some of them have yet to sprout. Last year, Tile announced that it would take an investment from Comcast to help it develop new products for its wider connected consumer strategy.

Prober, however, described this as still in the “roadmapping phase” and would not get into specifics except to say that there are a number of different initiatives in the works. There also was a partnership with Google unveiled at the most recent I/O that will see its home devices also being able to be tracked by the Tile platform.

I asked Prober if he worries ultimately about whether large tech companies like Apple, Amazon, Google and the rest — which all want to “own” connected home customers and the ecosystem of hardware and services that they may use — are seen as opportunities or threats for Tile, given that it’s piggy backing on their platforms and devices. His and the company’s fundamental feeling — one that should be supported in the spirit of competition and consumer choice — is that having a cross-platform option is the way to go.

“Our customers have different devices, products from different companies and it’s our job to ensure that Tile works well across all of those,” he said. “We see ourselves a little bit like Switzerland, which is also something that our customers and partners appreciate.”

While we’re seeing a surge of new communications technologies and protocols — 5G being perhaps the one we are hearing about most at the moment — Tile is sticking to Bluetooth for now.

“We love what Bluetooth enables for our customers in terms of the form factor, the cost and profile of the device and the power consumption,” said Prober. “We’re constantly evaluating different alternatives, and if there is an alternative we would consider that, but in our view that doesn’t exist right now.”

It’s a choice that its investors are also supporting.

“Tile pioneered the smart location category,” said Andrew Kowal, partner with Francisco Partners, in a statement. “With Bluetooth technology projected to be included in nearly 30 billion devices shipping in the next five years, Tile is poised to deliver an embedded finding solution for a rapidly expanding market. We are extremely excited to be partnering with Tile as the company enters the next chapter of its growth story.”

Read more: https://techcrunch.com/2019/07/24/tile-finds-another-45m-for-its-item-tracking-platform/

telecommunications

Foxconn halts some production lines for Huawei phones, according to reports

Huawei, the Chinese technology giant whose devices are at the center of a far-reaching trade dispute between the U.S. and Chinese governments, is reducing orders for new phones, according to a report in The South China Morning Post.

According to unnamed sources, the Taiwanese technology manufacturer Foxconn has halted production lines for several Huawei phones after the Shenzhen-based company reduced orders. Foxconn also makes devices for most of the major smart phone vendors including Apple and Xiaomi (in addition to Huawei).

In the aftermath of President Donald Trump’s declaration of a “national emergency” to protect U.S. networks from foreign technologies, Huawei and several of its affiliates were barred from acquiring technologies from U.S. companies.

Tech stocks slide on US decision to blacklist Huawei and 70 affiliates

The blacklist has impacted multiple lines of Huawei’s business including it handset manufacturing capabilities given the company’s reliance on Google’s Android operating system for its smartphones.

In May, Google reportedly suspended business with Huawei, according to a Reuters report. Last year, Huawei shipped over 200 million handsets and the company had a stated goal to become the world’s largest vendor of smartphones by 2020.

These reports from The South China Morning Post are the clearest indication that the ramifications of the U.S. blacklisting are beginning to be felt across Huawei’s phone business outside of China.

Huawei was already under fire for security concerns, and will be forced to contend with more if it can no longer provide Android updates to global customers.

Contingency planning is already underway at Huawei. The company has built its own Android -based operating system, and can use the stripped down, open source version of Android that ships without Google Mobile Services. For now, its customers also still have access to Google’s app store. But if the company is forced to make developers sell their apps on a siloed Huawei-only store, it could face problems from users outside of China.

Huawei and the Chinese government are also retaliating against the U.S. efforts. The company has filed a legal motion to challenge the U.S. ban on its equipment, calling it “unconstitutional.”  And Huawei has sent home its American employees deployed at R&D functions at its Shenzhen headquarters.

It has also asked its Chinese employees to limit conversations with overseas visitors, and cease any technical meetings with their U.S. contacts.

Still, any reduction in orders would seem to indicate that the U.S. efforts to stymie Huawei’s expansion (at least in its smartphone business) are having an impact.

A spokesperson for Huawei U.S. did not respond to a request for comment.

Read more: https://techcrunch.com/2019/06/01/foxconn-halts-production-lines-for-huawei-phones-according-to-reports/

telecommunications

Why carriers keep your data longer

Your wireless carrier knows where you are as you read this on your phone — otherwise, it couldn’t connect your phone in the first place.

But your wireless carrier also has a memory. It knows where you took your phone in the last hour, the last week, the last month, the last year — and maybe even the last five years.

That gives it an enormous warehouse of data on your whereabouts that can help your wireless carrier fix coverage gaps while revealing much more. Depending on the density of cell sites around you at any one point, the location data triangulated from them can not only highlight your home and office, but also point to the bars you frequented, the houses at which you spent the night and the offices of therapists you visited.

Read more: https://techcrunch.com/2019/05/03/why-carriers-keep-your-data-longer/

Credit Cards

JCPenney explains why it dropped Apple Pay

JCPenney quietly ditched Apple Pay this month. The decision was announced in response to a customer complaint on Twitter, but without any context or further explanation at the time. JCPenney had first rolled out Apple Pay into testing in 2015, then expanded to all its U.S. stores the following year, and later to its mobile app.

The retailer now claims the move was necessitated by the April 13, 2019 deadline in the U.S. for supporting EMV contactless chip functionality.

As of this date, all terminals at U.S. merchants locations that accept contactless payments must actively support EMV contactless chip functionality, and the legacy MSD (magnetic stripe data) contactless technology must be retired.

JCPenney was not ready to comply, it seems, so it switched off all contactless payment options as a result. However, it hasn’t ruled out re-enabling them later on, it seems.

In a statement provided to TechCrunch, JCPenney explained its decision:

A third-party credit card brand made the requirement for all merchants to actively support EMV contactless functionality effective April 13, retiring the legacy MSD contactless technology in place. Given the resources and lead time associated with meeting the new mandate, JCPenney chose to suspend all contactless payment options until a later date. Customers still have the ability to complete their transactions manually by inserting or swiping their physical credit cards at our point-of-sale terminals in stores, an option employed by the vast majority of JCPenney shoppers.

It’s worth noting, too, that JCPenney is hinting here at low Apple Pay adoption among its customer base — as the “vast majority” of shoppers pay using a physical card.

That means the retailer’s decision to re-enable Apple Pay at a later date may still be in question — especially as this change allows JCPenney to fully take back ownership of customer purchase data.

Customer data is an important part of JCPenney’s plan to get the business back on its feet. Under new CEO Jill Soltau, who took the job last October, the retailer has been closing underperforming stores, hiring new execs to focus on merchandise selection and eliminating its low-margin items, noted Bloomberg following the company’s most recent earnings. It’s also reducing inventory and adjusting its buying process to ensure it doesn’t end up with excess inventory going forward.

And, as Soltau explained to investors in February, the retailer is rethinking its pricing and promotions strategies, too.

“I think that’s one of the key initiatives that we’ll be working on here in the coming months because we’re not being as strategic in how we speak to the customer and engage with the customer through our pricing and promotion,” she said. “And I would frankly say it might be a little bit confusing, and you might not know exactly when you can get the best value at JCPenney,” the CEO added.

Customer purchase data allows a retailer to better target its customers with relevant promotions, as stores are able to collect the customer’s name and card number at point of sale, which they can then combine with other demographic data like the customer’s address, phone and email.

Apple Pay, meanwhile, prevents this level of access — something that customers like, but retailers traditionally have not. In fact, the lack of access to customer data was one reason retailers were hesitant to warm up to Apple Pay in the first place, and spent years developing their rival solution, CurrentC, which ultimately failed.

Today, many major retailers incentivize customers to use their own payments solution instead of Apple Pay — as with Walmart Pay, Sam’s Club’s Scan-and-Go, or like Target does with its store card, which can be combined with Cartwheel discounts in a single barcode scanned at point-of-sale.

Apple Pay is also a more secure method of payment, which today’s consumers prefer — particularly in the case of retailers who have suffered major data breaches, like JCPenney has in the past. Plus, Apple Pay allows shoppers to carry only their phone — not a wallet stuffed with physical cards.

The removal of Apple Pay from JCPenney stores was reported earlier by MacRumors which credited Appleosophy. 9to5Mac also noted Apple Pay was pulled from the JCPenney app.

JCPenney has more than 800 stores in 49 states.

Despite being dropped by JCPenney, Apple Pay remains a top mobile payment solution. In January, it was accepted by 74 of the top 100 U.S. merchants, and 65 percent of all retail locations across the country.

JCPenney tells us it will “seek to implement EMV contactless at a later date.”

Read more: https://techcrunch.com/2019/04/22/jcpenney-explains-why-it-dropped-apple-pay/

Credit Cards

Apple Card will make credit card fraud a lot more difficult

Apple’s new credit card has a curious security feature that will make it much more difficult to carry out credit card fraud.

The aptly named Apple Card is a new credit card, built into your iPhone Wallet app, which the company says will help customers live a “healthier” financial lifestyle. The card is designed to replace your traditional credit card and give you perks, such as daily cash. Chief among the benefits is a range of security and privacy features, which Apple says — unlike traditional credit card providers — the company doesn’t know where a customer shopped, what they bought or how much they paid.

But its one feature — a one-time unique dynamic security code — will make it nearly impossible for anyone to use the credit card to make fraudulent purchases.

That three-digit card verification value — or a CVV — on the back of your credit card is usually your last line of defense if someone steals your credit card number, such as if your card is cloned or skimmed by a dodgy ATM or stolen from a website through a phishing attack.

But rotating the security code will increase the difficulty for an attacker to use your card without your permission.

The idea of a dynamic credit card number first came about a few years ago with the Motion Code credit card concept, built by Oberthur Technologies, which included a randomly generating number built into a tiny display on the back of the card. The only downside is if someone steals your physical card.

Since then, other credit card makers — including Mastercard, the issuing payment provider for Apple Card — have worked to integrate biometric solutions instead. By enabling a fingerprint sensor on the card, powered by the card machine it was entered into, it was hoped that fraudulent purchases would be impossible. Other credit cards have worked to roll out biometric-powered credit cards. Again — a big letdown was online fraud, which still accounts for a huge proportion of fraud.

Apple Card seems to meld the two things: a virtual credit card with a rotating security code, protected by a biometric, like Touch ID or Face ID in newer devices. Better yet, the company’s debut physical titanium credit card won’t even have a credit card number.

Now if someone wants to commit fraud, they need to steal your phone and your face or fingerprint.

Like other sensitive data — such as health, financial and biometric data — any banking and credit card data is stored on the device’s security chip, known as the secure enclave.

Apple Card will be available in the U.S. later this summer.

Apple introduces its own credit card, the Apple Card

Read more: https://techcrunch.com/2019/03/25/apple-credit-card-fraud/