Swiss system ups security and reliability of finger-based biometrics

Biometrics may not be the perfect solution for security, but they can be useful — as long as they’re robust and well thought out. TouchID is all well and good, but you wouldn’t secure a nuclear site with it. Well, movies aside, you probably should secure a nuclear site with a fingerprint, regardless. But this new system from Swiss researchers is a step in the right direction.

Lambert Sonna Momo headed up a collaboration between his company, Global ID, and the École polytechnique fédérale de Lausanne (EPFL), which combines the former’s biometric tech with the latter’s crypto chops.

On the biometric side is a 3D vein imaging tech Sonna Momo helped put together. “Nowadays you can easily and cheaply create fake fingerprints,” he explained in an EPFL news release. “2D vein recognition technology is already used throughout the world, but the system has its flaws. With 3D analysis, the risk of counterfeits is essentially non-existent.”

Essentially, superficially similar patterns are easily differentiated when you add another dimension to the imaging. The scanner itself is relatively cheap, too — around $300 — and has been tested with a wide variety of people and skin types — it’s a major consideration in biometric optics.

EPFL, for its part, created an equally important aspect of the system: the data handling and encryption. After all, you can’t reset your fingerprint, retina or veins — once they leak, they’re compromised forever. And fundamentally, privacy is important with such things.

 So EPFL’s crypto lab put together a homomorphic encryption scheme that allows the scanner and ID system to analyze data without ever decrypting it. That also means data can live on the device and connectivity can be disrupted without disturbing security. A fringe benefit of the scheme is that if the data is stolen or leaked, patterns built into it will point at the device from which it came.

Sonna Momo is hoping the tech will prove useful in hospitals, where positive identification is critical for care, and places where quick but accurate IDs must be established, like banks.

LinkedIn’s New Trending Storylines Feature Aims to Hook More Users With News

LinkedIn on Wednesday plans to launch a section on its network dedicated to business news, seeking to draw users onto the service more frequently to read and talk about current events, company officials said.

The updates to its website and smartphone app are the latest attempt by LinkedIn, which Microsoft Corp bought last year for $26 billion, to grow beyond its roots as a job-hunting service and to add features associated with social media.

LinkedIn's New Trending Storylines Feature Aims to Hook More Users With News

LinkedIn is calling the section “Trending Storylines.” It will have a stream of links to outside news sources mixed with related posts written by LinkedIn users.

A team of editors will choose which stories to highlight, LinkedIn’s editor in chief, Daniel Roth, said in an interview. The company will not have reporters of its own.

“We think that people will start their day with this, to get the news they need,” Roth said.

On Tuesday, an early version seen by Reuters led with stories about US and British authorities banning electronic devices larger than a cellphone from airline carry-on luggage. Alongside that news was commentary about the change by LinkedIn users, including Ian Bremmer, president of consultancy Eurasia Group.

Social media networks such as Twitter Inc, Facebook Inc and Snap Inc long ago added some kind of feature spotlighting major news stories.

Unlike the others, the LinkedIn feed will be limited to topics about professions and business, trying to provide information that would be useful in work meetings, said Tomer Cohen, LinkedIn’s vice president of product.

LinkedIn has 106 million active monthly users on average and 467 million members in all, according to the company.

Leaked internal Uber documents show rocky self-driving car progress

New internal Uber documents leaked to Recode detail the company’s progress toward realizing its dream of a fleet of vehicles entirely devoid of pesky human drivers. As those files reveal, Uber’s month-over-month metrics aren’t exactly a steady line of progress, more a jerky sort of stumbling toward its goal of self-driving reliability. And as Uber’s court battle with Google over autonomous car tech begins, that visual is a particularly apt metaphor.

Uber’s self driving fleet, spread across Pennsylvania, California and Arizona, is driving more miles than ever, but its vehicles aren’t improving in a steady way on measurements of rider experience. Uber breaks this variable down into a few different data streams: how many miles a car makes it before a human takes over for any reason which it calls “miles per intervention,” how many miles a car goes before a “critical” driver takeover (to avoid harm or damage) and how many miles a car goes before a “bad experience,” a measure of overall ride smoothness that is less focused on safety.

By the miles per intervention measure, Uber’s fleet isn’t doing so hot. In January, an Uber autonomous vehicle could drive .9 miles before a driver takeover. By February, that number had inched up to one full mile before dropping down again to .71 miles. As of last week it was .8 miles.

When it comes to measures of critical interventions — the scary, accident-avoiding ones — Uber’s metrics are trending upward, albeit erratically. At the start of February, an autonomous vehicle could make it 125 miles without a critical intervention, but the following week that number dipped down to 50 miles. By the third week in February it shot back up to 160 miles before dipping to 115 again the following week. At the last measure, taken the week of March 8, it was up to 196 miles.

 By measures of “bad experiences” like hard stops and jerky driving, the fleet is getting worse. In mid-January, Uber self-driving cars averaged 4.5 miles before a bad experience, but by the next month that had dropped down to 2 miles, where the number remained into the first week of March.

Recode’s numbers paint a rough outline of Uber’s autonomous vehicle performance, but it’s worth remembering that the cars are still figuring out routes and learning as they go. Still, as the numbers illustrate, Uber’s fleet is demonstrating some fairly wild swings on measures of safety and reliability. The numbers may be improving in aggregate, but their erratic movement doesn’t exactly inspire confidence when it comes to taking your hands off the wheel.

Marketing slogan

Surprisingly, even though TechCrunch is owned by not one but two enormous corporate entities — the Voltron form of which I like to call Verizaol — we are hit by very little splash from the stream of time-wasting marketing exercises that form a corporation’s very being. Recently, however, we were asked to come up with an internal tagline to explain what TechCrunch is to — I don’t know who actually but some people. Probably the ones with the money.

The exercise on the whole felt like making really serviceable burritos for people who aren’t really hungry they just want to see you making burritos.

To my eternal regret, I solicited feedback from our editorial staff. Something I rarely do in these cases because those who grab hot pokers should expect discomfort.

Anyway, here’s some choice options from our internal Convo thread. Enjoy.

Mint-green Gradient

TechCrunch: With TNW team

Making Gabe Proud

Free two-day delivery

New Star Wars

Tech Real Fast

Not Dead Yet

Distraction, Since 2005

Delivering Food, Faster

Here’s Your Burrito

Om Nom Dotcom

TechCrunch: Serving above average croissants at Disrupt

The Green One

Please Click This

Tap That (mobile optimized)

Internet Website

Not A Cereal

It’s The Future

Wait, What?

Tomorrow’s Tech, Today

We Own This?

What Is It?

Tech, DMs Open

Poppin’ Hot Scoops

Thinkfluencers Growthhack Disruption

Gratuity Not Included

Investable Shower Thoughts

Slide Into Tech

Love That Joker

The Associated Press’ plan to put hyperlocal data in the hands of reporters

Since 2013, The Associated Press has been making an intentional effort to put data in the hands of local reporters. In the last few years, this meant assisting with Freedom of Information Act requests and putting a team of four engineers to work building visualizations and extracting insights from massive spreadsheets. Today the AP is entering into a joint pilot program with Data.world to equip reporters with granular, local, data for more telling stories.

Data.world is a platform for hosting and collaboratively analyzing data. As a registered B corp, the startup is on a mission to maximize its social impact — today’s partnership with the AP being no exception. The beauty of the Data.world platform is that users can set their own permission settings for individual data sets. This means that the AP can import its data and hash out conclusions in private before expressing confidence and opening up the work to readers.

“We wanted a platform focused on the data,” explains Troy Thibodeaux, data journalism team editor at the AP. “Other things were more visualization platforms but we wanted our users to get to the data and understand it better.”

Thibodeaux and his team thought about building their own platform, but ultimately decided to give Data.world a chance. In the past, the AP had done individual websites for each of their data distributions. But the new platform does more than just improve the accessibility of data, it makes it possible to pull together public and private data for better context — enabling ideas to mix that otherwise wouldn’t.

 As a cooperative of contributing news agencies, the AP is a prime hub for distributing data. Local newspapers receiving distributions can reframe the insights to suit their audience.

“Recently we did a data distribution about refugees and where they ended up in the U.S.,” added Thibodeaux. “We looked at seven countries and ten years of immigration data. We did a small story that was just a summary of the data, but our membership did a lot with that data.”

The AP will have some work ahead of it to teach newsrooms how to make the most of the new resources. But when the entire system is working effectively, the resulting data-driven local journalism will improve trust, transparency and relevance in news.

Tech groups gear up for FISA surveillance fight

A controversial provision in U.S. law that gives the National Security Agency broad authority to spy on people overseas expires at the end of the year, and six major tech trade groups are gearing up for a fight over an extension.NSA headquarters

Section 702 of the Foreign Intelligence Surveillance Act expires on Dec. 31, and Congress almost certain to extend it in some form.

The tech trade groups, including BSA, the Consumer Technology Association, and the Computer and Communications Industry Association, are asking lawmakers to build in new privacy protections for internet users.

“It is critical that Congress takes a balanced yet focused approach with respect to Section 702,” the groups said in a letter sent to top lawmakers Wednesday. “We urge your committees to ensure that any reauthorization includes meaningful safeguards for internet users’ privacy and civil liberties.”

Section 702 of FISA allows the NSA to spy on the communications, including internet traffic, of people living outside the U.S. and, in some cases, their communications to people living inside the country. FISA served as the authority for the NSA’s Prism internet surveillance and other programs revealed by NSA leaker Edward Snowden.

The trade groups didn’t offer specific recommendations for privacy and civil liberties protections, although they called on Congress to hold a public debate on an extension of the provision.

The position of the tech trade groups differs from many digital rights groups, who want Congress to either make major changes to the provision or scrap it.

“Section 702 of FISA has allowed for mass surveillance programs … that have been used by the U.S. government to warrantlessly collect and search the Internet communications of people all over the world,” the End 207 coalition said. “Absent a full reform,” Section 702 should be allowed to expire.

The NSA and other U.S. intelligence agencies have defended FISA as essential to protect the U.S. from terrorism and other security threats. NSA surveillance has helped to thwart dozens of terrorism plots, Matthew Olsen, an executive with IronNet Cybersecurity and former director of the National Counterterrorism Center, said during a hearing last May.

The surveillance programs are “vital to our security,” Olsen said then. The programs allow the U.S. government to “obtain critical intelligence about terrorists and other targets that it simply could not obtain by other means.”

Google is killing its bold Hands Free payment experiment

When Google launched Android Pay at its I/O conference back in 2015, it also teased a program that let you keep your phone in your pocket and still go through the normal checkout process. Called Hands Free, the limited pilot used the phrase, “I’ll pay with Google,” to alert the cashier that you wouldn’t actually be using a physical form of payment.google hands free

Google has announced that it is shutting down the service on Feb. 8, which launched last spring on iOS and Android. Available only at select locations like McDonalds and Papa Johns in the Bay Area, the program required users to upload a photo in the Hands Free app and utilized Bluetooth, Wi-Fi, and location services in your phone to identify when you were at one of the participating locations.

According to Google’s description of the service, “Then, if you purchase from a store that uses a Hands Free camera, Google will confirm your identity automatically by detecting specific patterns from the template created during signup. The cashier will initiate the charge and you’ll get a notification on your phone after the charge is complete.” During the transaction, the cashier would only see the user’s initials, first name, and photo, keeping payment information and credit card numbers hidden.

Contactless payments have been rapidly spreading across country, and Google’s idea with Hands Free was to “explore what the future of mobile payments could look like.” While it’s not entirely clear why Google is stopping the program, it writes on the Hands Free website that “we’re now working to bring the best of the Hands Free technology to even more people and stores.”

Unfortunately, Hands Free never made it out of pilot mode and was extremely limited, so there’s a good change you’ve never used or even heard of the program. However, the concept of being able to pay quickly and securely without pulling out your phone or reaching for your wallet is certainly intriguing, and it’s likely that Google will take what it learned and apply it to Android Pay down the road, perhaps tapping Google Assistant as it works to bring the service nationwide.

This story, “Google is killing its bold Hands Free payment experiment ” was originally published by Greenbot.

Outlook for iOS speeds up work with third-party add ins

Users of Microsoft’s Outlook app for iPhone and iPad can now get work done quicker using third-party integrations.outlook ios add ins

As of Thursday, Outlook for iOS supports add-ins, which let software companies build extensions to their own products that interact with emails in Outlook on a user’s smartphone and tablet. At launch, the app supports add-ins from Evernote, GIPHY, Nimble, Trello and Smartsheet, in addition to those that Microsoft has created.

For example, users will be able to translate emails using a Microsoft Translator add-in, add cards to a Trello board straight from their email and quickly reply to an email thread with a funny animated GIF.

The add-in system is aimed at solving one of the key problems with handling email on a smartphone. Messages often require users to take action in one way or another, which can often require information from a different application or service. These add-ins are supposed to help users be more productive by letting them stay inside Outlook.

Here’s how it works: users go into the Outlook for iOS settings panel and tap the Add-Ins menu. After that, they’ll see a list of potential add-ins for the app, and can tap the plus symbol to add them. After that, users will be able to invoke the add-ins when reading email by tapping the symbol that appears in the upper-right-hand corner of the messages they read, underneath the reply button.

Each add-in has its own behavior, specific to the service that built it. For example, Nimble’s add-in will show users information about the sender and recipients of an email. At this point, however, add-ins can only be invoked when users are reading email. Javier Soltero, the corporate vice president of Outlook at Microsoft, said that the company is working on making it possible to use add-ins in other contexts, such as writing emails.

When asked about his company’s process of developing an Outlook add-in for iOS, Smartsheet CEO Mark Mader said that Microsoft’s developer tools were “best in class.” But beyond that, the tech titan provided additional help and input with add-in development.

Apple already introduced an Extensions feature in iOS 8, but Soltero said it’s not right for Microsoft’s purposes. In his view, Apple’s design is based on a series of events that users don’t typically follow. To email a picture, users find the photo in their Photos app, then open the share sheet and send the photo to Outlook for inclusion in an email.

Microsoft’s add-ins work differently.

“You know what you’re going to do, you’re going to send a message, and what you include in that message is the other consideration,” he said. “Similarly, you receive the email, and then [can] act on it with these add-ins.”

There’s also a question of user demand. While Smartsheet has existing apps for the iPhone and iPad, the company hasn’t seen much interest in iOS extensions from enterprises.

Another advantage for Microsoft to using these add-ins instead of Apple’s built-in functionality is that they interoperate with Outlook on other platforms, including Outlook 2013 and 2016 for Windows. Soltero said that add-in support is coming soon to Outlook 2016 for MacOS, too.

Mader said that Smartsheet has found good add-in design works well across both desktop and mobile, but that user experience should be tailored for each platform.

Right now, the add-ins are available for Office 365 commercial customers using Outlook for iOS. The functionality is also slowly rolling out to Outlook.com users. Microsoft said that similar functionality for Outlook on Android will be available “soon.”

Cisco patches critical flaw in Prime Home device management server

Cisco Systems has fixed a critical vulnerability that could allow hackers to take over servers used by telecommunications providers to remotely manage customer equipment such as routers.20151005 cisco hq sign 100620823 orig

The vulnerability affects Cisco Prime Home, an automated configuration server (ACS) that communicates with subscriber devices using the TR-069 protocol. In addition to remotely managing customer equipment, it can also “automatically activate and configure subscribers and deliver advanced services via service packages” over mobile, fiber, cable, and other ISP networks.

“A vulnerability in the web-based GUI of Cisco Prime Home could allow an unauthenticated, remote attacker to bypass authentication and execute actions with administrator privileges,” Cisco said in its advisory.

Attackers could exploit the vulnerability by sending API commands over HTTP to a particular URL without requiring authentication. The flaw is caused by a processing error in the role-based access control of URLs, Cisco explained.

In the past, security researchers found vulnerabilities in the TR-069 implementation of many routers that could have allowed hackers to remotely take over those devices. However, a vulnerability in an ACS like Cisco Prime Home is much worse, because it can be used to take control of entire groups of subscriber devices at once.

According to Cisco’s documentation, the admin role on the Cisco Prime Home has access to the server’s customer support, administration, and audit functions, as well as the ability to perform bulk operations and access utilities and reports.

The vulnerability affects Cisco Prime Home versions 6.3.0.0 and above. Customers are advised to migrate to the latest, fixed version: 6.5.0.1.

The company has also warned customers of a medium-risk URL redirect vulnerability in the Cisco Prime Service Catalog, a product that allows companies to set up self-service portals, provide IT service catalogs for data center and application services, and manage service requests.

An attacker could exploit the vulnerability to redirect a user logged into the Cisco Prime Service Catalog to a phishing site in order to steal their credentials.

Ford to pump $1B into AI for driverless cars

Ford plans to spend US$1 billion over the next five years on the development of an artificial intelligence system for driverless cars.ric pa autonomous fusion

Ford will investment the money in Argo AI, a start-up founded by former leaders from Google and Uber’s self-driving car research units, and they will work toward the goal of a system that’s ready for deployment in 2021.

The research will be focused on a virtual driver system capable of operating at what’s called “SAE level 4.” It’s one of five levels defined for self-driving cars and specifically describes an autonomous car that’s capable of completely controlling the vehicle in almost any condition. After it has been engaged, drivers do not need to pay attention to the driving.

It’s a step more advanced that many of today’s demonstration systems, which still require driver control in many situations, and one step down from full automation.

Ford has already said that it’s hoping to have a level-4 commercial vehicle ready for sale in 2021.

Argo AI is based in Pittsburgh and was recently founded by Bryan Salesky, who headed hardware development at Waymo, Google’s self-driving car unit, and Peter Rander, who was an engineer at Uber’s autonomous car research project.

Like other auto makers, Ford has already begun researching autonomous driving technology, but Friday’s announcement, which also makes Ford majority shareholder in Argo AI, goes beyond the company’s own cars.

Ford said the technology could be licensed to other companies looking at autonomous technology. That’s a departure from much of the driverless car research to date, which has been focused on the company’s own vehicles.

Argo AI will have about 200 employees working on the project once it gets up and going.