Self-driving startups race down a narrowing road

DETROIT/SAN FRANCISCO (Reuters) – Lei Xu and Justin Song once worked at electric carmaker Tesla Inc (TSLA.O), one of the hottest companies in Silicon Valley. But with interest and investments in autonomous vehicles mounting, they left to pursue what they see as the next big thing.

Nullmax CEO Lei Xu drives a Lincoln MKZ sedan equipped with his company’s prototype self-driving hardware and software in Fremont, California, U.S. on October 9, 2017. REUTERS/Jane Lanhee Lee

Their company, Nullmax, is one of more than 240 startups worldwide, including 75 in Silicon Valley, attempting to design software, hardware components and systems for future self-driving cars, according to a Reuters analysis.

Xu and Song are bankrolled by corporate money, but unlike many of their fellow entrepreneurs, they skipped funding from Silicon Valley venture capitalists. Founded in August 2016, Nullmax got $ 10 million from a Chinese firm, Xinmao Science and Technology Co (000836.SZ).

By seeking corporate backing in China, the Nullmax founders managed to sidestep an issue facing other startups in the sector: While big automotive and technology companies are pouring billions into the autonomous vehicle space, Silicon Valley investors so far have been fairly restrained in increasing their bets.

Headlines have been dominated by old-line players such as General Motors Co (GM.N), which jolted the industry last year when it bought a tiny San Francisco software company called Cruise Automation for a reported $ 1 billion. Just this week, top-tier supplier Delphi Automotive PLC (DLPH.N) acquired Boston-based software startup nuTonomy for $ 450 million.

Now, “every startup thinks they will get a billion dollars” in valuation, said Evangelos Simoudis, a Silicon Valley venture investor and an advisor on corporate innovation.

However, investment in untested startup companies remains relatively modest despite all the buzz and lofty expectations. Total funding of self-driving startups from both corporate and private investors has barely topped $ 5 billion, the Reuters analysis of publicly available data shows.

With the notable exceptions of Andreessen Horowitz and New Enterprise Associates, few of the big Valley venture capital firms are heavily invested in the sector. Overall, only seven of the top 30 self-driving startups have received later-stage funding, the Reuters analysis shows, an indication that some venture capitalists are ambivalent about the industry’s potential.

(For a graphic of venture and corporate funding of self-driving startups, see: tmsnrt.rs/2xOX0jN)

Skeptics note that few of the startups are making money. And established auto and parts companies have not demonstrated a clear path to revenue and profitability in autonomous vehicles despite their big bets in the space.

Another sticking point: While the initial wave of self-driving vehicles is expected to begin commercial service in 2019-2020, experts expect the transition from human-driven to automated cars could take a decade or more to roll out.

Cautions Sergio Marchionne, chief executive officer of Fiat Chrysler Automobiles (FCHA.MI): “You can destroy a lot of value by chasing your tail in autonomous driving.”

CORPORATE INVESTMENTS

All told, U.S. automotive and technology firms likely have invested some $ 40 billion to $ 50 billion in self-driving technology in recent years, mainly through acquisitions and partnerships. The full extent is hard to know because big players such as Alphabet Inc (GOOGL.O), whose Waymo subsidiary is considered among the front-runners in the arena, have not revealed the full scope of their investments, although it is believed to be in the billions.

Among the top corporate investors in the sector are Samsung Group [SAGR.UL], Intel Corp (INTC.O), Qualcomm Inc (QCOM.O), Delphi and Robert Bosch GmbH [ROBG.UL]. Corporate investors also have backed five of the six self-driving startups with valuations of $ 1 billion or more.

(For a graphic on key players in the development of autonomous vehicles, see: tmsnrt.rs/2nYv7gc)

Whether the industry is poised to produce more such unicorns is now a topic of much debate. Two former investors in Cruise Automation, for example, are poles apart in their views of self-driving vehicles and technology.

Veronica Wu, managing partner in Palo Alto-based Hone Capital, said her company continues to invest in “quite a number” of self-driving startups, while acknowledging that the technology will take time to deploy.

“It’s a matter of when, not if,” she said. “We’re fairly optimistic.”

In contrast, Sunny Dhillon of Signia Venture Partners, another Cruise investor, said his firm does not see any attractive investments in the sector right now.

The hefty price paid by GM for Cruise, he said, “made the space very frothy, with every computer vision and robotics PhD student seemingly emerging with a new self-driving car startup.”

In addition, he said many established players “already have made their big investments (and) acquisitions” in the sector. That could limit investors’ potential returns and entrepreneurs’ payoffs down the road.

Quin Garcia, a partner in San Francisco-based AutoTech Ventures, concurs that the space is crowded and valuations are inflated. There may still be “a select few IPOs, but there will be many failures of autonomous vehicle startups” by 2021, he said.

NULLMAX IN CHINA

Those odds haven’t deterred Nullmax founders Xu and Song, who are looking to differentiate themselves.

With many self-driving startups looking to supply U.S. and European automakers, the Chinese-born entrepreneurs, whose specialties are camera-based vision systems and artificial intelligence, are focused on China. They expect to deliver the first partially automated systems to Chinese automakers by 2020.

The U.S.-educated entrepreneurs, both 35, now work out of a small shop in Fremont, Calif., not far from Tesla’s sprawling home factory. Xu once worked at Tesla as a senior engineer while Song specialized in supply chain and quality engineering. Tesla declined to confirm their prior employment.

Xu said the company employs about 50 people, most of them in a larger office in Shanghai. He said the company wants to keep a foot in California, which is a hub of U.S. tech talent, and where regulators have smoothed the way for testing of self-driving vehicles.

As for how Nullmax plans to cash out, Xu navigated around that question.

“We’re pretty busy,” he said. “We don’t much time to think about an IPO right now.”

Reporting by Paul Lienert in Detroit and Jane Lanhee Lee in San Francisco; Editing by Joe White and Marla Dickerson

Our Standards:The Thomson Reuters Trust Principles.

Tech

Equifax takes down web page after report of new hack

NEW YORK (Reuters) – Equifax Inc said on Thursday it has taken one of its customer help website pages offline as its security team looks into reports of another potential cyber breach at the credit reporting company, which recently disclosed a hack that compromised the sensitive information of more than 145 million people.

The move came after an independent security analyst on Wednesday found part of Equifax’s website was under the control of attackers trying to trick visitors into installing fraudulent Adobe Flash updates that could infect computers with malware, the technology news website Ars Technica reported.

“We are aware of the situation identified on the equifax.com website in the credit report assistance link,” Equifax spokesman Wyatt Jefferies said in an email. “Our IT and security teams are looking into this matter, and out of an abundance of caution have temporarily taken this page offline.”

The Atlanta-based company, which has faced seething criticism from consumers, regulators and lawmakers over its handling of the earlier breach, said it would provide more information as it becomes available.

As of 1:15 p.m. (1715 GMT), the web page in question said: “We’re sorry… The website is currently down for maintenance. We are working diligently to better serve you, and apologize for any inconvenience this may cause. We appreciate your patience during this time and ask that you check back with us soon.”

Equifax shares were down 1.2 percent at $ 109.18 in early afternoon trading.

Randy Abrams, the independent analyst who noticed the possible hack, said he was attempting to check some information in his credit report late on Wednesday when one of the bogus pop-up ads appeared on Equifax’s website.

His first reaction was disbelief, he said in an interview with Reuters on Thursday. “You’ve got to be kidding me,” he recalled thinking. Then he successfully replicated the problem at least five times, making a video that he posted to YouTube.

Equifax’s security protocols have been under scrutiny since Sept. 7 when the company disclosed its systems had been breached between mid-May and late July.

The breach has prompted investigations by multiple federal and state agencies, including a criminal probe by the U.S. Department of Justice, and it has led to the departure of the company’s chief executive officer, chief information officer and chief security officer.

As a credit reporting agency, Equifax keeps vast amounts of consumer data for banks and other creditors to use to determine the chances of their customers’ defaulting.

Reporting by John McCrank; Editing by Bill Rigby

Tech

Distrustful U.S. allies force spy agency to back down in encryption row

SAN FRANCISCO (Reuters) – An international group of cryptography experts has forced the U.S. National Security Agency to back down over two data encryption techniques it wanted set as global industry standards, reflecting deep mistrust among close U.S. allies.

In interviews and emails seen by Reuters, academic and industry experts from countries including Germany, Japan and Israel worried that the U.S. electronic spy agency was pushing the new techniques not because they were good encryption tools, but because it knew how to break them.

The NSA has now agreed to drop all but the most powerful versions of the techniques – those least likely to be vulnerable to hacks – to address the concerns.

The dispute, which has played out in a series of closed-door meetings around the world over the past three years and has not been previously reported, turns on whether the International Organization of Standards should approve two NSA data encryption techniques, known as Simon and Speck.

The U.S. delegation to the ISO on encryption issues includes a handful of NSA officials, though it is controlled by an American standards body, the American National Standards Institute (ANSI).

The presence of the NSA officials and former NSA contractor Edward Snowden’s revelations about the agency’s penetration of global electronic systems have made a number of delegates suspicious of the U.S. delegation’s motives, according to interviews with a dozen current and former delegates.

A number of them voiced their distrust in emails to one another, seen by Reuters, and in written comments that are part of the process. The suspicions stem largely from internal NSA documents disclosed by Snowden that showed the agency had previously plotted to manipulate standards and promote technology it could penetrate. Budget documents, for example, sought funding to “insert vulnerabilities into commercial encryption systems.”

More than a dozen of the experts involved in the approval process for Simon and Speck feared that if the NSA was able to crack the encryption techniques, it would gain a “back door” into coded transmissions, according to the interviews and emails and other documents seen by Reuters.

“I don’t trust the designers,” Israeli delegate Orr Dunkelman, a computer science professor at the University of Haifa, told Reuters, citing Snowden’s papers. “There are quite a lot of people in NSA who think their job is to subvert standards. My job is to secure standards.”

The NSA, which does not confirm the authenticity of any Snowden documents, told Reuters it developed the new encryption tools to protect sensitive U.S. government computer and communications equipment without requiring a lot of computer processing power.

NSA officials said via email they want commercial technology companies that sell to the government to use the techniques, and that is more likely to happen when they have been designated a global standard by the ISO.

Asked if it could beat Simon and Speck encryption, the NSA officials said: “We firmly believe they are secure.”

THE CASE OF THE DUAL ELLIPTIC CURVE

ISO, an independent organization with delegations from 162 member countries, sets standards on everything from medical packaging to road signs. Its working groups can spend years picking best practices and technologies for an ISO seal of approval.

As the fight over Simon and Speck played out, the ISO twice voted to delay the multi-stage process of approving them.

In oral and written comments, opponents cited the lack of peer-reviewed publication by the creators, the absence of industry adoption or a clear need for the new ciphers, and the partial success of academics in showing their weaknesses.

Some ISO delegates said much of their skepticism stemmed from the 2000s, when NSA experts invented a component for encryption called Dual Elliptic Curve and got it adopted as a global standard.

ISO’s approval of Dual EC was considered a success inside the agency, according to documents passed by Snowden to the founders of the online news site The Intercept, which made them available to Reuters. The documents said the agency guided the Dual EC proposal through four ISO meetings until it emerged as a standard.

In 2007, mathematicians in private industry showed that Dual EC could hide a back door, theoretically enabling the NSA to eavesdrop without detection. After the Snowden leaks, Reuters reported that the U.S. government had paid security company RSA $ 10 million to include Dual EC in a software development kit that was used by programmers around the world.

The ISO and other standards groups subsequently retracted their endorsements of Dual EC. The NSA declined to discuss it.

In the case of Simon and Speck, the NSA says the formulas are needed for defensive purposes. But the official who led the now-disbanded NSA division responsible for defense, known as the Information Assurance Directorate, said his unit did not develop Simon and Speck.

“There are probably some legitimate questions around whether these ciphers are actually needed,” said Curtis Dukes, who retired earlier this year. Similar encryption techniques already exist, and the need for new ones is theoretical, he said.

ANSI, the body that leads the U.S. delegation to the ISO, said it had simply forwarded the NSA proposals to the organization and had not endorsed them.

FROM JAIPUR TO HAMILTON

When the United States first introduced Simon and Speck as a proposed ISO standard in 2014, experts from several countries expressed reservations, said Shin’ichiro Matsuo, the head of the Japanese encryption delegation.

Some delegates had no objection. Chris Mitchell, a member of the British delegation, said he supported Simon and Speck, noting that “no one has succeeded in breaking the algorithms.” He acknowledged, though, that after the Dual EC revelations, “trust, particularly for U.S. government participants in standardization, is now non-existent.”

At a meeting in Jaipur, India, in October 2015, NSA officials in the American delegation pushed back against critics, questioning their expertise, witnesses said.

A German delegate at the Jaipur talks, Christian Wenzel-Benner, subsequently sent an email seeking support from dozens of cryptographers. He wrote that all seven German experts were “very concerned” about Simon and Speck.

“How can we expect companies and citizens to use security algorithms from ISO standards if those algorithms come from a source that has compromised security-related ISO standards just a few years ago?” Wenzel-Benner asked.

Such views helped delay Simon and Speck again, delegates said. But the Americans kept pushing, and at an October 2016 meeting in Abu Dhabi, a majority of individual delegates approved the techniques, moving them up to a country-by-country vote.

There, the proposal fell one vote short of the required two-thirds majority.

Finally, at a March 2017 meeting in Hamilton, New Zealand, the Americans distributed a 22-page explanation of its design and a summary of attempts to break them – the sort of paper that formed part of what delegates had been seeking since 2014.

Simon and Speck, aimed respectively at hardware and software, each have robust versions and more “lightweight” variants. The Americans agreed in Hamilton to compromise and dropped the most lightweight versions.

Opponents saw that as a major if partial victory, and it paved the way to compromise. In another nation-by-nation poll last month, the sturdiest versions advanced to the final stage of the approval process, again by a single vote, with Japan, Germany and Israel remaining opposed. A final vote takes place in February.

Reporting by Joseph Menn; Editing by Jonathan Weber and Ross Colvin

Our Standards:The Thomson Reuters Trust Principles.

Tech

Microsoft’s weak phone sales drag down its Surface and cloud wins

Microsoft’s acquisition of Nokia is proving to be quite the albatross around the company’s neck. The company has stepped away from focusing on phones, and its handset sales revenue fell by almost half in the first quarter.

Microsoft sold only 2.3 million Lumia phones during the quarter, 73 percent fewer units compared with the first quarter of 2015. That meant Lumia handset revenue fell 46 percent. This dragged down the company’s overall device revenue despite major gains in its Surface business. 

Sales of Surface tablets and the Surface Book touchscreen laptop brought in $ 1.1 billion for Microsoft during the last quarter, compared with $ 713 million during the same period last year. That’s good news for the company’s future, but it’s being hurt by the present state of the phone business.

To read this article in full or to leave a comment, please click here

Network World Cloud Computing

Foursquare founder @dens given Special Project by VCs. Huge haircut after down round

Dennis Crowley, Foursquare’s remaining co-founder gets kicked up to the boardroom, “of his own volition.” In news that may or may not be connected, 4sq gets yet another honking chunk of change to burn through—but the price is said to value Foursquare at way less than it was worth previously.

This will be the Series-E round, worth $ 45 million, led by Union Square. Other investors number Morgan Stanley, DFJ, Andreessen Horowitz, and Spark.

Presumably one or more of these VCs weren’t keen on Crowley’s performance at the location-based service, so asked him to tag in the old COO and CRO. Meanwhile, he’s been asked to “make something awesome.”

To read this article in full or to leave a comment, please click here

Computerworld Cloud Computing

Amazon makes it easier to lock down the cloud

Computerworld Cloud Computing

Red Hat should double down on containers

OpenStack is many things, but a runaway success it is not. Despite a community that measures in the thousands, Gartner still counts OpenStack deployments in the hundreds — on a good day.

This could change. OpenStack might, as Randy Bias urged the OpenStack faithful in his annual State of the Stack address, start streamlining development because “OpenStack is at risk of collapsing under its own weight.”

But if you’re a hyperfocused company like Red Hat, sinking even more resources in OpenStack development might not be the smart bet.

To read this article in full or to leave a comment, please click here

InfoWorld Cloud Computing