Even after Microsoft wins, JEDI saga could drag on

The DoD JEDI contract saga came to a thrilling conclusion on Friday afternoon, appropriately enough, with one final plot twist. The presumptive favorite, Amazon did not win, stunning many, including likely the company itself. In the end, Microsoft took home the $10 billion prize.

This contract was filled with drama from the beginning, given the amount of money involved, the length of the contract, the winner-take-all nature of the deal — and the politics. We can’t forget the politics. This was Washington after all and Jeff Bezos does own the Washington Post.

Then there was Oracle’s fury throughout the procurement process. The president got involved in August. The current defense secretary recused himself on Wednesday, two days before the decision came down. It was all just so much drama, even the final decision itself, handed down late Friday afternoon, but it’s unclear if this is the end or just another twist in this ongoing tale.

Some perspective on $10 billion

Before we get too crazy about Microsoft getting a $10 billion, 10 year contract, consider that Amazon earned $9 billion last quarter alone in cloud revenue. Microsoft reported $33 billion last quarter in total revenue. It reported around $11 billion in cloud revenue. Synergy Research pegs the current cloud infrastructure market at well over $100 billion annually (and growing).

What we have here is a contract that’s worth a billion a year. What’s more, it’s possible it might not even be worth that much if the government uses one of its out clauses. The deal is actually initially guaranteed for just two years. Then there are a couple of three-year options, with a final two-year option at the end if gets that far.

The DOD recognized that with the unique nature of this contract, going with a single vendor, it wanted to keep its options open should the tech world shift suddenly under its feet. It didn’t want to be inextricably tied to one company for a decade if that company was suddenly disrupted by someone else. Given the shifting sands of technology, that part of the strategy was a wise one.

Where the value lies

If value of this deal was not the contract itself, it begs the question, why did everyone want it so badly? The $10 billion JEDI deal was simply a point of entree. If you could modernize the DoD’s infrastructure, the argument goes, chances are you could do the same for other areas of the government. It could open the door for Microsoft for a much more lucrative government cloud business.

But it’s not as though Microsoft didn’t already have a lucrative cloud business. In 2016, for example, the company signed a deal worth almost a billion dollars to help move the entire department to Windows 10. Amazon too, has had its share of government contracts, famously landing the $600 million to build the CIA’s private cloud.

But given all the attention to this deal, it always felt a little different from your standard government contract. Just the fact the DoD used a Star Wars reference for the project acronym drew more attention to the project from the start. Therefore, there was some prestige for the winner of this deal, and Microsoft gets bragging rights this morning, while Amazon is left to ponder what the heck happened. As for other companies like Oracle, who knows how they’re feeling about this outcome.

Hell hath no fury like Oracle scorned

Ah yes Oracle; this tale would not be complete without discussing the rage of Oracle throughout the JEDI RFP process. Even before the RFP process started, they were complaining about the procurement process. Co-CEO Safra Catz had dinner with the president to complain that contract process wasn’t fair (not fair!). Then it tried complaining to the Government Accountability Office. They found no issue with the process.

They went to court. The judge dismissed their claims that involved both the procurement process and that a former Amazon employee, who was hired by DoD, was involved in the process of creating the RFP. They claimed that the former employee was proof that the deal was tilted toward Amazon. The judge disagreed and dismissed their complaints.

What Oracle could never admit, was that it simply didn’t have the same cloud chops that Microsoft and Amazon, the two finalists, had. It couldn’t be that they were late to the cloud or had a fraction of the market share that Amazon and Microsoft had. It had to be the process or that someone was boxing them out.

What Microsoft brings to the table

Outside of the politics of this decision (which we will get to shortly), Microsoft brought some experience and tooling the table that certainly gave it some advantage in the selection process. Until we see the reasons for the selections, it’s hard to know exactly why DoD chose Microsoft, but we know a few things.

First of all there are the existing contracts with DoD, including the aforementioned Windows 10 contract and a five year $1.76 billion contract with DoD Intelligence to provide “innovative enterprise services” to the DoD.

Then there is Azure Stack, a portable private cloud stack that the military could stand up anywhere. It could have great utility for missions in the field when communicating with a cloud server could be problematic.

Fool if you think it’s over

So that’s that right? The decision has been made and it’s time to move on. Amazon will go home and lick its wounds. Microsoft gets bragging rights and we’re good. Actually, this might not be where it ends at all.

Amazon for instance could point to Jim Mattis’ book where he wrote that the president told the then Defense Secretary to “screw Bezos out of that $10 billion contract.” Mattis says he refused saying he would go by the book, but it certainly leaves the door open to a conflict question.

It’s also worth pointing out that Jeff Bezos owns the Washington Post and the president isn’t exactly in love with that particular publication. In fact, this week, the White House canceled its subscription and encouraged other government agencies to do so as well.

Then there is the matter of current Defense Secretary Mark Espers suddenly recusing himself last Wednesday afternoon based on a minor point that one of his adult children works at IBM (in a non-cloud consulting job). He claimed he wanted to remove any hint of conflict of interest, but at this point in the process, it was down to Microsoft and Amazon. IBM wasn’t even involved.

If Amazon wanted to protest this decision, it seems it would have much more solid ground to do so than Oracle ever had.

The bottom line is a decision has been made, at least for now, but this process has been rife with controversy from the start, just by the design of the project, so it wouldn’t be surprising to see Amazon take some protest action of its own. It seems oddly appropriate.


By Ron Miller

Descartes Labs snaps up $20M more for its AI-based geospatial imagery analytics platform

Satellite imagery holds a wealth of information that could be useful for industries, science and humanitarian causes, but one big and persistent challenge with it has been a lack of effective ways to tap that disparate data for specific ends.

That’s created a demand for better analytics, and now, one of the startups that has been building solutions to do just that is announcing a round of funding as it gears up for expansion. Descartes Labs, a geospatial imagery analytics startup out of Santa Fe, New Mexico, is today announcing that it has closed a $20 million round of funding, money that CEO and founder Mark Johnson described to me as a bridge round ahead of the startup closing and announcing a larger growth round.

The funding is being led by Union Grove Venture Partners, with Ajax Strategies, Crosslink Capital, and March Capital Partners (which led its previous round) also participating. It brings the total raised by Descartes Labs to $60 million, and while Johnson said the startup would not be disclosing its valuation, PitchBook notes that it is $220 million ($200 million pre-money in this round).

As a point of comparison, another startup in the area of geospatial analytics, Orbital Insight, is reportedly now raising money at a $430 million valuation (that data is from January of this year, and we’ve contacted the company to see if it ever closed).

Santa Fe — a city popular with retirees that counts tourism as its biggest industry — is an unlikely place to find a tech startup. Descartes Labs’ presence there is a result of that fact that it is a spinoff from the Los Alamos National Laboratory near the city.

Johnson — who had lived in San Francisco before coming to Santa Fe to help create Descartes Labs (his previous experience building Zite for media, he said, led the Los Alamos scientists to first conceive of the Descartes Labs IP as the basis of a kind of search engine) — admitted that he never thought the company would stay headquartered there beyond a short initial phase of growth of six months.

However, it turned out that the trends around more distributed workforces (and cloud computing to enable that), engineers looking for employment alternatives to living in pricey San Francisco, plus the heated competition for talent you get in the Valley all came together in a perfect storm that helped Descartes Labs establish and thrive on its home turf.

Descartes Labs — named after the seminal philosopher/mathematician Rene Descartes — describes itself as a “data refinery”. By this, it means it injests a lot of imagery and unstructured data related to the earth that is picked up primarily by satellites but also other sensors (Johnson notes that its sources include data from publicly available satellites; data from NASA and the European space agency, and data from the companies themselves); applies AI-based techniques including computer vision analysis and machine learning to make sense of the sometimes-grainy imagery; and distills and orders it to create insights into what is going on down below, and how that is likely to evolve.

Screenshot 2019 10 11 at 13.26.33

This includes not just what is happening on the surface of the earth, but also in the air above it: Descartes Labs has worked on projects to detect levels of methane gas in oil fields, the spread of wildfires, and how crops might grow in a particular area, and the impact of weather patterns on it all.

It has produced work for a range of clients that have included governments (the methane detection was commissioned as part of New Mexico’s effort to reduce greenhouse gas emissions), energy giants and industrial agribusiness, and traders.

“The idea is to help them take advantage of all the new data going online,” Johnson said, noting that this can help, for example, bankers forecast how much a commodity will trade for, or the effect of a change in soil composition on a crop.

The fact that Descartes Labs’ work has connected it with the energy industry gives an interesting twist to the use of the phrase “data refinery”. But in case you were wondering, Johnson said that the company goes through a process of vetting potential customers to determine if the data Descartes Labs provides to them is for a positive end, or not.

“We have a deep belief that we can help them become more efficient,” he said. “Those looking at earth data are doing so because they care about the planet and are working to try to become more sustainable.”

Johnson also said (in answer to my question about it) that so far, there haven’t been any instances where the startup has been prohibited to work with any customers or countries, but you could imagine how — in this day of data being ‘the new oil’ and the fulcrum of power — that could potentially be an issue. (Related to this: Orbital Insight counts In-Q-Tel, the CIA’s venture arm, as one of its backers.)

Looking ahead, the company is building what it describes as a “digital twin” of the earth, the idea being that in doing so it can better model the imagery that it injests and link up data from different regions more seamlessly (since, after all, a climatic event in one part of the world inevitably impacts another). Notably, “digital twinning” is a common concept that we see applied in other AI-based enterprises to better predict activity: this is the approach that, for example, Forward Networks takes when building models of an enterprise’s network to determine how apps will behave and identify the reasons behind an outage.

In addition to the funding round, Descartes Labs named Phil Fraher its new CFO, and is announcing Veery Maxwell, Director for Energy Innovation and Patrick Cairns, who co-founded UGVP, as new board observers.


By Ingrid Lunden

Nadella warns government conference not to betray user trust

Microsoft CEO Satya Nadella, delivering the keynote at the Microsoft Government Leaders Summit in Washington, DC today, had a message for attendees to maintain user trust in their tools technologies above all else.

He said it is essential to earn user trust, regardless of your business. “Now, of course, the power law here is all around trust because one of the keys for us, as providers of platforms and tools, trust is everything,” he said today. But he says it doesn’t stop with the platform providers like Microsoft. Institutions using those tools also have to keep trust top of mind or risk alienating their users.

“That means you need to also ensure that there is trust in the technology that you adopt, and the technology that you create, and that’s what’s going to really define the power law on this equation. If you have trust, you will have exponential benefit. If you erode trust it will exponentially decay,” he said.

He says Microsoft sees trust along three dimensions: privacy, security and ethical use of artificial intelligence. All of these come together in his view to build a basis of trust with your customers.

Nadella said he sees privacy as a human right, pure and simple, and it’s up to vendors to ensure that privacy or lose the trust of their customers. “The investments around data governance is what’s going to define whether you’re serious about privacy or not,” he said. For Microsoft, they look at how transparent they are about how they use the data, their terms of service, and how they use technology to ensure that’s being carried out at runtime.

He reiterated the call he made last year for a federal privacy law. With GDPR in Europe and California’s CCPA coming on line in January, he sees a centralized federal law as a way to streamline regulations for business.

As for security, as you might expect, he defined it in terms of how Microsoft was implementing it, but the message was clear that you needed security as part of your approach to trust, regardless of how you implement that. He asked several key questions of attendees.

“Cyber is the second area where we not only have to do our work, but you have to [ask], what’s your operational security posture, how have you thought about having the best security technology deployed across the entire chain, whether it’s on the application side, the infrastructure side or on the endpoint, side, and most importantly, around identity,” Nadella said.

The final piece, one which he said was just coming into play was how you use artificial intelligence ethically, a sensitive topic for a government audience, but one he wasn’t afraid to broach. “One of the things people say is, ‘Oh, this AI thing is so unexplainable, especially deep learning.’ But guess what, you created that deep learning [model]. In fact, the data on top of which you train the model, the parameters and the number of parameters you use — a lot of things are in your control. So we should not abdicate our responsibility when creating AI,” he said.

Whether Microsoft or the US government can adhere to these lofty goals is unclear, but Nadella was careful to outline them both for his company’s benefit and this particular audience. It’s up to both of them to follow through.


By Ron Miller

Satya Nadella looks to the future with edge computing

Speaking today at the Microsoft Government Leaders Summit in Washington DC, Microsoft CEO Satya Nadella made the case for edge computing, even while pushing the Azure cloud as what he called “the world’s computer.”

While Amazon, Google and other competitors may have something to say about that, marketing hype aside, many companies are still in the midst of transitioning to the cloud. Nadella says the future of computing could actually be at the edge where computing is done locally before data is then transferred to the cloud for AI and machine learning purposes. What goes around, comes around.

But as Nadella sees it, this is not going to be about either edge or cloud. It’s going to be the two technologies working in tandem. “Now, all this is being driven by this new tech paradigm that we describe as the intelligent cloud and the intelligent edge,” he said today.

He said that to truly understand the impact the edge is going to have on computing, you have to look at research, which predicts there will be 50 billion connected devices in the world by 2030, a number even he finds astonishing. “I mean this is pretty stunning. We think about a billion Windows machines or a couple of billion smartphones. This is 50 billion [devices], and that’s the scope,” he said.

The key here is that these 50 billion devices, whether you call them edge devices or the Internet of Things, will be generating tons of data. That means you will have to develop entirely new ways of thinking about how all this flows together. “The capacity at the edge, that ubiquity is going to be transformative in how we think about computation in any business process of ours,” he said. As we generate ever-increasing amounts of data, whether we are talking about public sector kinds of use case, or any business need, it’s going to be the fuel for artificial intelligence, and he sees the sheer amount of that data driving new AI use cases.

“Of course when you have that rich computational fabric, one of the things that you can do is create this new asset, which is data and AI. There is not going to be a single application, a single experience that you are going to build, that is not going to be driven by AI, and that means you have to really have the ability to reason over large amounts of data to create that AI,” he said.

Nadella would be more than happy to have his audience take care of all that using Microsoft products, whether Azure compute, database, AI tools or edge computers like the Data Box Edge it introduced in 2018. While Nadella is probably right about the future of computing, all of this could apply to any cloud, not just Microsoft.

As computing shifts to the edge, it’s going to have a profound impact on the way we think about technology in general, but it’s probably not going to involve being tied to a single vendor, regardless of how comprehensive their offerings may be.


By Ron Miller

Vannevar Labs comes out of stealth to bring best-in-class AI tech to national security agencies

Few organizations have the complex data and analytics problems that challenge the defense and intelligence communities every single day. Whether it is managing petabytes of text, audio, or video data, finding extraordinarily small patterns in the noise, or processing multilingual analytics, the agencies at the heart of America’s national security system confront cutting-edge problems every day.

Despite the desire for better tools though, intelligence analysts are often stymied to procure up-to-date software due to the byzantine rules that drive Pentagon and intelligence procurement.

That’s why a former intelligence official and former intelligence investor are looking to build a new platform that connects the best minds in artificial intelligence, machine learning, and natural language processing and bundling it together into a service purchasable by these government agencies.

Through Palo Alto-based Vannevar, co-founders Brett Granberg and Nini Moorhead are hoping to launch their first product, which is focused on bringing NLP technologies like feature detection to international counterterrorism missions.

Vannevar Labs

Co-founders Nimi Moorhead and Brett Granberg of Vannevar Labs. Photo via Vannevar Labs.

The company is named for Vannevar Bush, who is often credited with inventing an early form of the computer, putting together the Manhattan Project which led to the atom bomb, and for writing a seminal essay that sort of predicted the internet decades before its inception.

The two chose this particular product as an entrée because of their past experiences. Before beginning Vannevar, Granberg spent two years at In-Q-Tel, the non-profit VC firm that works deeply with the intelligence community to supply agencies with the best in startup technology. He also was an advisor at Lilt, a real-time deep learning translation product that spun out of Chris Manning’s famed Stanford NLP research lab.

Meanwhile, Moorhead spent seven years working as a counterterrorism officer within the intelligence community, working to disrupt terrorist networks.

The two met while they overlapped at Stanford GSB and realized they had seen similar problems that they both wanted to solve. While in business school, “top of mind for me was some of the technological challenges that I encountered as an end user [and] analyst in the intelligence community,” Moorhead said. “We immediately connected and shared a lot of experiences in common in terms of seeing gaps between the really hard domain problems that I’d been working on in my career as an analyst and some of the technology that was available to me,” she said. The two actually met the first day of school.

Their approach is to take proven techniques and attempt to translate them into government use cases. “We’re not sort of inventing new math to solve these problems, we’re more taking cutting-edge approaches and just applying them to specific use cases,” Granberg said.

While the project is early, the team raised a $4.5 million seed venture capital funding from fellow GSB alum Katherine Boyle of General Catalyst and Costanoa Ventures. Boyle has made a big push into defense and highly-regulated industries as part of her investment practice, where she previously funded Anduril, the company started by Oculus founder Palmer Luckey that has attempted to apply ML technology to security issues such as battlefield awareness and border control (and gotten into some controversy along the way as well).

She is particularly excited about new ways for startups to secure government contracts at a speed faster than the sun burning out. Talking to me about the potential in this industry, she said:

We’ve been spending a lot of time with companies that are going after what’s known as Other Transaction Authorities, which are a new type of contracting vehicle that was developed in 2015 by former Secretary of Defense Ash Carter, to help tech companies work very quickly with the Department of Defense and with the intelligence community. So what historically might have taken 18 months to get a contract now takes 30 to 60 days for critical pieces of technology

Boyle explained that Vannevar fits directly into her thesis for the future of government procurement. “Our view is that the companies that do best in the space are people who have worked in government or understand how to sell to governments,” she said. She noted that the company is very early, and her investment was primarily focused on the team.

I asked about recent controversies that have hit companies like Google, which saw a revolt by some employees over its involvement with a defense program called Project Maven, which attempted to use machine learning technology and apply that to the battlefield, so that, for instance, drones could increase their effectiveness during strikes.

Granberg said that “we think that the people that defend our country should have access to the best tools and technologies to do their job. We know these people, we used to work with them, and we want to help them.”

He understands the concerns of critics though, and says that Vannevar intends to work with the government to ensure ethics remains core to its product. “We believe it’s our responsibility to sort of shape that technology and help the government think about putting in place policies that … prevent the misuse from happening.”

Boyle agreed. “One of the things that we’ve noticed is that if you’re very transparent and upfront about the types of products you’re going to be building in the beginning, it’s not a recruitment problem, it’s not an ethics problem.” Unlike Google, which had a six-figure large workforce with many employees who don’t want to touch defense-related code, the hope for Granberg and Moorhead is that a company like Vannevar can build a coalition of the willing, as it were, and maybe solve some serious security problems as well.


By Danny Crichton

ZenBusiness raises $15m to help founders launch and grow “worry-free”

There are two sides to starting a new business. On one side, entrepreneurs need creativity, imagination — a dream, essentially — to find, build, and market a new product to users and consumers. But on the other side, they have to deal with the regulatory state and all the minutia that comes with running any business in the 21st century.

That includes such delightful topics as choosing a particular model for incorporation, ensuring that a business has the right licenses to operate, and tracking all the legal changes happening in 50 state legislatures every year. It can be inordinately complicated (and expensive!) to ensure that your business is ready and legal.

That’s where ZenBusiness comes in. The Austin-based startup wants to empower entrepreneurs to build businesses large and small by dramatically simplifying the processes required to launch a business and then grow it.

When I last chatted with the company 18 months ago, they had just raised a $4.5 million seed round and had launched its platform. Today, it’s announcing that it has raised a new $15 million series A round led by return backer Greycroft, along with returning investors Lerer Hippeau and Revolution’s Rise of the Rest fund, alongside new investors Rosecliff Venture Partners, Interlock Partners and Recruit Strategic Partners.

The company launched with a product that was essentially an automated registered agent for new entrepreneurs. Under state incorporation laws, companies must designate a so-called “registered agent” to receive official notices from regulatory agencies, and so ZenBusiness chose this strategic point for entry into the market.

When I last chatted with CEO Russ Buhrdorf, he described rolling up this market as one of the key initial targets for the company:

ZenBusiness is the brainchild of Ross Buhrdorf, who joined vacation rental marketplace HomeAway five months after its inception as founding CTO, and stayed for a decade until its acquisition by Expedia in 2015 for $3.9 billion. Buhrdorf intended to take a year off, but “didn’t quite make it a year” he told me.

He explained to me that HomeAway in many ways followed a rollup playbook, “raising $400 million and acquired 26 companies.” Bringing that rollup lens while exploring new spaces, he ran into the corporate legal services market, which offers help to companies to keep them in compliance with the law. Buhrdorf liked what he saw. “It’s different in all 50 states, highly-regulated, which is great for technology, it is overpriced, and they underserve their customers.” He says the space is “completely ripe for disruption.”

Since that time, the company has expanded its product to help entrepreneurs get beyond merely incorporating to actually building out their business by recommending services like banking, lending, tax preparation, website building, and more. The hope is to provide a “worry-free” guarantee to entrepreneurs so that they can get those early critical logistics out of the way and back to actually operating and growing their business.

“Small businesses come through this funnel, they don’t necessarily know exactly what to do. So we curate that solution, and then we provide them with the basics for them to get up and running and to be successful,” Buhrdorf said.

He explained that the company has built out some tools itself such as a simple webpage creator, but in the long run, he hopes to partner with other providers who integrate into the ZenBusiness platform. For instance, ZenBusiness has partnered with Xero as the company’s main accounting provider, while also backstopping that offering with accountants working at ZenBusiness. The idea is that the automated tooling plus a little human touch can help most owners handle the day-to-day challenges of running a business.

TeamPhoto2018

The ZenBusiness team in 2018. Photo via ZenBusiness.

Buhrdorf is particularly focused on keeping the product very self-service and automated to allow it to focus on these smaller customers. “Many of the companies that you cover that are in the enterprise space, who provide solutions for medium-sized businesses, they have to charge, they have to have sales forces, it’s very competitive there,” Buhrdorf said. “What we’re after is the segment that’s underserved, it’s the long tail of the small business segment.”

ZenBusiness has expanded its services, and it is hoping to use the fresh infusion of capital to invest in building out community features that will allow small business owners to swap tips with each other and help one another grow their businesses (presumably with some guidance from ZenBusiness community managers and experts).

The company is now 40 employees predominantly in Austin with a small office in Peru. Since we last checked in, the company has transitioned to become a public benefit corporation, which Buhrdorf said was an attempt to better align the company’s charter with its mission orientation to help small business entrepreneurs.

Update: The funding total was changed from $10m to $15m. Sorry about that.


By Danny Crichton

Chef CEO does an about face, says company will not renew ICE contract

After stating clearly on Friday that he would honor a $95,000 contract with ICE, CEO Barry Crist must have had a change of heart over the weekend. In a blog post, this morning he wrote that the company would not be renewing the contract with ICE after all.

“After deep introspection and dialog within Chef, we will not renew our current contracts with ICE and CBP when they expire over the next year. Chef will fulfill our full obligations under the current contracts,” Crist wrote in the blog post.

He also backed off the seemingly firm position he took on Friday on the matter when he told TechCrunch, “It’s something that we spent a lot of time on, and I want to represent that there are portions of [our company] that do not agree with this, but I as a leader of the company, along with the executive team, made a decision that we would honor the contracts and those relationships that were formed and work with them over time,” he said.

Today, he acknowledged that intense feelings inside the company against the contract led to his decision. The contract began in 2015 under the Obama administration and was aimed at modernizing programming approaches at DHS, but over time as ICE family separation and deportation polices have come under fire, there were calls internally (and later externally) to end the contract. “Policies such as family separation and detention did not yet exist [when we started this contract]. While I and others privately opposed this and various other related policies, we did not take a position despite the recommendation of many of our employees. I apologize for this,” he wrote

Crist also indicated that the company would be donating the revenue from the contracts to organizations that work with people who have been affected by these policies. It’s a similar approach that Salesforce took when 618 of its employees protested a contract the company has with the Customs and Border Patrol (CBP). In response to the protests, Salesforce pledged $1 million to organizations helping affected families.

After a tweet last week exposed the contract, the protests began on social media, and culminated in programmer Seth Vargo removing pieces of open source code from the repository in protest of the contract in response. The company sounded firmly committed to fulfilling this contract in spite of the calls for action internally and externally, and the widespread backlash it was facing both inside and outside the company.

Vargo told TechCrunch in an interview that he saw this issue in moral terms, “Contrary to Chef’s CEO’s publicly posted response, I do think it is the responsibility of businesses to evaluate how and for what purposes their software is being used, and to follow their moral compass,” he said. Apparently Crist has come around to this point of view. Vargo chose not to comment on the latest development.


By Ron Miller

Programmer who took down open source pieces over Chef ICE contract responds

On Friday afternoon Chef CEO Barry Crist and CTO Corey Scobie sat down with TechCrunch to defend their contract with ICE after a firestorm on social media called for them to cut ties with the controversial agency. On Sunday, programmer Seth Vargo, the man who removed his open source components, which contributed to a partial shutdown of Chef’s commercial business for a time last week, responded.

While the Chef executives stated that the company was in fact the owner, Vargo made it clear he owned those pieces and he had every right to remove them from the repository. “Chef (the company) was including a third party software package that I owned. It was on my personal repository on GitHub and personal namespace on RubyGems,” he said. He believes that gave him the right to remove it.

Chef CTO Corey Scobie did not agree. “Part of the challenge was that [Vargo] actually didn’t have authorization to remove those assets. And the assets were not his to begin with. They were actually created under a time when that particular individual [Vargo] was an employee of Chef. And so therefore, the assets were Chef’s assets, and not his assets to remove,” he said.

Vargo says that simply isn’t true and Chef misunderstands the licensing terms. “No OSI license or employment agreement requires me to continue to maintain code of my personal account(s). They are conflating code ownership (which they can argue they have) over code stewardship,” Vargo told TechCrunch.

As further proof, Vargo added that he has even included detailed instructions in his will on how to deal with the code he owns when he dies. “I want to make it absolutely clear that I didn’t “hack” into Chef or perform any kind of privilege escalation. The code lived in my personal accounts. Had I died on Thursday, the exact same thing would have happened. My will requests all my social media and code accounts be deleted. If I had deleted my GitHub account, the same thing would have happened,” he explained.

Vargo said that Chef actually was in violation of the open source license when they restored those open source pieces without putting his name on it. “Chef actually violated the Apache license by removing my name, which they later restored in response to public pressure,” he said.

Scobie admitted that the company did forget to include Vargo’s name on the code, but added it back as soon as they heard about the problem. “In our haste to restore one of the objects, we inadvertently removed a piece of metadata that identified him as the author. We didn’t do that knowingly. It was absolutely a mistake in the process of trying to restore customers and our and our global customer base service. And as soon as we were notified of it, we reverted that change on this specific object in question,” he said.

Vargo says, as for why he took the open source components down, he was taking a moral stand against the contract, which dates back to the Obama administration. He also explained that he attempted to contact Chef via multiple channels before taking action. “First, I didn’t know about the history of the contract. I found out via a tweet from @shanley and subsequently verified via the USA spending website. I sent a letter and asked Chef publicly via Twitter to respond multiple times, and I was met with silence. I wanted to know how and why code in my personal repositories was being used with ICE. After no reply for 72 hours, I decided to take action,” he said.

Since then, Chef’s CEO Barry Crist has made it clear he was honoring the contract, which Vargo felt further justified his actions. “Contrary to Chef’s CEO’s publicly posted response, I do think it is the responsibility of businesses to evaluate how and for what purposes their software is being used, and to follow their moral compass,” he said.

Vargo has a long career helping build development tools and contributing to open source. He currently works for Google Cloud. Previous positions include HashiCorp and Chef.


By Ron Miller

Chef CEO says he’ll continue to work with ICE in spite of protests

Yesterday, software development tool maker Chef found itself in the middle of a firestorm after a Tweet called them out for doing business with DHS/ICE. Eventually it led to an influential open source developer removing a couple of key pieces of software from the project, bringing down some parts of Chef’s commercial business.

Chef intends to fulfill its contract with ICE, in spite of calls to cancel it. In a blog post published this morning, Chef CEO Barry Crist defended the decision. “I do not believe that it is appropriate, practical, or within our mission to examine specific government projects with the purpose of selecting which U.S. agencies we should or should not do business.”

He stood by the company’s decision this afternoon in an interview with TechCrunch, while acknowledging that it was a difficult and emotional decision for everyone involved. “For some portion of the community, and some portion of our company, this is a super, super-charged lightning rod, and this has been very difficult. It’s something that we spent a lot of time on, and I want to represent that there are portions of [our company] that do not agree with this, but I as a leader of the company, along with the executive team, made a decision that we would honor the contracts and those relationships that were formed and work with them over time,” he said.

He added, “I think our challenge as as leadership right now is how do we collectively navigate through through times like this, and through emotionally-charged issues like the ICE contract.”

The deal with ICE, which is a $95,000 a year contract for software development tools, dates back to the Obama administration when the then DHS CIO wanted to move the department towards more modern agile/DevOps development workflows, according Christ.

He said for people who might think it’s a purely economic decision, the money represents a fraction of the company’s more than $50 million annual revenue (according to Crunchbase data), but he says it’s about a long-term business arrangement with the government that transcends individual administration policies. “It’s not about the $100,000, it’s about decisions we’ve made to engage the government. And I appreciate that not everyone in our world feels the same way or would make that same decision, but that’s the decision that that we made as a leadership team,”Crist said.

Shortly after word of Chef’s ICE contract appeared on Twitter, according to a report in The Register, former Chef employee Seth Vargo removed a couple of key pieces of open source software from the repository, telling The Register that “software engineers have to operate by some kind of moral compass.” This move brought down part of Chef’s commercial software and it took them 24 hours to get those services fully restored, according to Chef CTO Corey Scobie.

Crist says he wants to be clear that his decision does not mean he supports current ICE policies. “I certainly don’t want to be viewed as I’m taking a strong stand in support of ICE. What we’re taking a strong stand on is our consistency with working with our customers, and again, our work with DHS  started in the previous administration on things that we feel very good about,” he said.


By Ron Miller

IEX’s Katsuyama is no flash in the pan

When you watch a commercial for one of the major stock exchanges, you are welcomed into a world of fast-moving, slick images full of glistening buildings, lush crops and happy people. They are typically interspersed with shots of intrepid executives veering out over the horizon as if to say, “I’ve got a long-term vision, and the exchange where my stock is listed is a valuable partner in achieving my goals.” It’s all very reassuring and stylish. But there’s another side to the story.

I have been educated about the realities of today’s stock exchange universe through recent visits with Brad Katsuyama, co-founder and CEO of IEX (a.k.a. The Investors Exchange). If Katsuyama’s name rings a bell, and you don’t work on Wall Street, it’s likely because you remember him as the protagonist of Michael Lewis’s 2014 best-seller, Flash Boys: A Wall Street Revolt, which explored high-frequency trading (HFT) and made the case that the stock market was rigged, really badly.

Five years later, some of the worst practices Lewis highlighted are things of the past, and there are several attributes of the American equity markets that are widely admired around the world. In many ways, though, the realities of stock trading have gotten more unseemly, thanks to sophisticated trading technologies (e.g., microwave radio transmissions that can carry information at almost the speed of light), and pitched battles among the exchanges, investors and regulators over issues including the rebates stock exchanges pay to attract investors’ orders and the price of market data charged by the exchanges.

I don’t claim to be an expert on the inner workings of the stock market, but I do know this: Likening the life cycle of a trade to sausage-making is an insult to kielbasa. More than ever, trading is an arcane, highly technical and bewildering part of our broader economic infrastructure, which is just the way many industry participants like it: Nothing to see here, folks.

Meanwhile, Katsuyama, company president Ronan Ryan and the IEX team have turned IEX into the eighth largest stock exchange company, globally, by notional value traded, and have transformed the concept of a “speed bump” into a mainstream exchange feature.

Brad Aug 12

Brad Katsuyama. Image via IEX Trading

Despite these and other accomplishments, IEX finds itself in the middle of a vicious battle with powerful incumbents that seem increasingly emboldened to use their muscle in Washington, D.C. What’s more, new entrants, such as The Long-Term Stock Exchange and Members Exchange, are gearing up to enter the fray in US equities, while global exchanges such as the Hong Kong Stock Exchange seek to bulk up by making audacious moves like attempting to acquire the venerable London Stock Exchange.

But when you sell such distinct advantages to one group that really can only benefit from that, it leads to the question of why anyone would want to trade on that market. It’s like walking into a playing field where you know that the deck is stacked against you.

As my discussion with Katsuyama reveals, IEX may have taken some punches in carving out a position for itself in this high-stakes war characterized by cutting-edge technology and size. However, the IEX team remains girded for battle and confident that it can continue to make headway in offering a fair and transparent option for market participants over the long term.

Gregg Schoenberg: Given Flash Boys and the attention it generated for you on Main Street, I’d like to establish something upfront. Does IEX exist for the asset manager, the individual, or both?

Brad Katsuyama: We exist primarily for the asset manager, and helping them helps the individual. We’re one step removed from the individual, and part of that is due to regulation. Only brokers can connect to exchanges, and the asset manager connects to the broker.

Schoenberg: To put a finer point on it, you believe in fairness and being the good guy. But you are not Robinhood. You are a capitalist.

Katsuyama: Yes, but we want to make money fairly. Actually, we thought initially about starting the business as a nonprofit, But once we laid out all the people we would need to convince to work for us, we realized it would’ve been hard for us to attract the skill sets needed as a nonprofit.

Schoenberg: Do you believe that the US equity market today primarily serves investors or traders?


By Gregg Schoenberg

Ten questions for 2020 presidential candidate John Delaney

In November 2020, America will go to the polls to vote in perhaps the most consequential election in a generation. The winner will lead the country amid great social, economic and ecological unrest. The 2020 election will be a referendum on both the current White House and the direction of the country at large.

Nearly 20 years into the young century, technology has become a pervasive element in all of our lives, and will continue to only grow more important. Whoever takes the oath of office in January 2021 will have to answer some difficult questions, raging from an impending climate disaster to concerns about job loss at the hands of robotics and automation.

Many of these questions are overlooked in day to day coverage of candidates and during debates. In order to better address the issues, TechCrunch staff has compiled a 10-part questionnaire across a wide range of tech-centric topics. The questions have been sent to national candidates, regardless of party. We will be publishing the answers as we receive them. Candidates are not required to answer all 10 in order for us to publish, but we will be noting which answers have been left blank.

First up is former Congressman John Delaney. Prior to being elected to Maryland’s 6th Congressional District, Delaney co-founded and led healthcare loan service Health Care Financial Partners (HCFP) and  commercial lender CapitalSource. He was elected to Congress in 2013, beating out a 10-term Republican incumbent. Rumored to be running against Maryland governor Larry Hogan for a 2018 bid, Delaney instead announced plans to run for president in 2020.

1. Which initiatives will you prioritize to limit humankind’s impact on climate and avoid potential climate catastrophe?

My $4 trillion Climate Plan will enable us to reach the goal of net zero emissions by 2050, which the IPCC says is the necessary target to avoid the worst effects of climate change. The centerpiece of my plan is a carbon-fee-and-dividend that will put a price on carbon emissions and return the money to the American people through a dividend. My plan also includes increased federal funding for renewable energy research, advanced nuclear technologies, direct air capture, a new Climate Corps program, and the construction of the Carbon Throughway, which would transport captured carbon from all over the country to the Permian Basin for reuse and permanent sequestration.

2. What is your plan to increase black and Latinx startup founders’ access to funding?

As a former entrepreneur who started two companies that went on to be publicly traded, I am a firm believer in the importance of entrepreneurship. To ensure people from all backgrounds have the support they need to start a new business, I will create nonprofit banks to serve economically distressed communities, launch a new SBIC program to help provide access to capital to minority entrepreneurs, and create a grant program to fund business incubators and accelerators at HBCUs. Additionally, I pledge to appoint an Entrepreneurship Czar who will be responsible for promoting entrepreneurship-friendly policies at all levels of government and encouraging entrepreneurship in rural and urban communities that have been left behind by venture capital investment.

3. Why do you think low-income students are underrepresented in STEM fields and how do you think the government can help fix that problem?

I think a major part of the problem is that schools serving low-income communities don’t have the resources they need to provide a quality STEM education to every student. To fix that, I have an education plan that will increase investment in STEM education and use Title I funding to eliminate the $23 billion annual funding gap between predominantly white and predominantly black school districts. To encourage students to continue their education after they graduate from high school and ensure every student learns the skills they need, my plan also provides two years of free in-state tuition and fees at a public university, community college, or technical school to everyone who completes one year of my mandatory national service program.

4. Do you plan on backing and rolling out paper-only ballots or paper-verified election machines? With many stakeholders in the private sector and the government, how do you aim to coordinate and achieve that?

Making sure that our elections are secure is vital, and I think using voting machines that create a voter-verified paper record could improve security and increase voters’ confidence in the integrity of our elections. To address other facets of the election security issue, I have proposed creating a Department of Cybersecurity to help protect our election systems, and while in Congress I introduced election security legislation to ensure that election vendors are solely owned and controlled by American citizens.

5. What, if any, federal regulation should be enacted for autonomous vehicles?

I was proud to be the founder of the Congressional Artificial Intelligence Caucus, a bipartisan group of lawmakers dedicated to understanding the impacts of advances in AI technology and educating other legislators so they have the knowledge they need to enact policies that ensure these innovations benefit Americans. We need to use the legislative process to have a real conversation involving experts and other stakeholders in order to develop a comprehensive set of regulations regarding autonomous vehicles, which should include standards that address data collection practices and other privacy issues as well as more fundamental questions about public safety.

6. How do you plan to achieve and maintain U.S. superiority in space, both in government programs and private industry?

Space exploration is tremendously important to me as a former Congressman from Maryland, the home of NASA’s Goddard Space Flight Center, major space research centers at the University of Maryland, and many companies that develop crucial aerospace technologies. As president, I will support the NASA budget and will continue to encourage innovation in the private sector.

7. Increased capital in startups founded by American entrepreneurs is a net positive, but should the U.S. allow its businesses to be part-owned by foreign governments, particularly the government of Saudi Arabia?

I am concerned that joint ventures between U.S. businesses and foreign governments, including state-owned enterprises, could facilitate the theft of intellectual property, potentially allowing foreign governments to benefit from taxpayer-funded research. We need to put in place greater protections that defend American innovation from theft.

8. Will U.S.-China technology decoupling harm or benefit U.S. innovation and why?

In general, I am in favor of international technology cooperation but in the case of China, it engages in predatory economic behavior and disregards international rules. Intellectual property theft has become a big problem for American businesses as China allows its companies to steal IP through joint ventures. In theory, U.S.-China collaboration could advance technology and innovation but without proper IP and economic protections, U.S.-China joint ventures and partnerships can be detrimental to the U.S.

9. How large a threat does automation represent to American jobs? Do you have a plan to help train low-skilled workers and otherwise offset job loss?

Automation could lead to the disruption of up to 54 million American jobs if we aren’t prepared and we don’t have the right policies. To help American workers transition to the high-tech, high-skill future economy, I am calling for a national AI strategy that will support public/private AI partnerships, develop a social contract with the communities that are negatively impacted by technology and globalization, and create updated education and job training programs that will help students and those currently in the workforce learn the skills they need.

To help provide jobs to displaced workers and drive economic growth in communities that suffer negative effects from automation, I have proposed a $2 trillion infrastructure plan that would create an infrastructure bank to facilitate state and local government investment, increase the Highway Trust Fund, create a Climate Infrastructure Fund, and create five new matching funds to support water infrastructure, school infrastructure, deferred maintenance projects, rural broadband, and infrastructure projects in disadvantaged communities in urban and rural areas. In addition, my proposed national service program will create new opportunities that allow young adults to learn new skills and gain valuable work experience. For example, my proposal includes a new national infrastructure apprenticeship program that will award a professional certificate proving mastery of particular skill sets for those who complete the program.

10. What steps will you take to restore net neutrality and assure internet users that their traffic and data are safe from manipulation by broadband providers?

I support the Save Net Neutrality Act to restore net neutrality, and I will appoint FCC commissioners who are committed to maintaining a fair and open internet. Additionally, I would work with Congress to update our digital privacy laws and regulations to protect consumers, especially children, from their data being collected without consent.


By Brian Heater

President throws latest wrench in $10B JEDI cloud contract selection process

The $10 billion, decade long JEDI cloud contract drama continues. It’s a process that has been dogged by complaints, regulatory oversight and court cases. Throughout the months long selection process, the Pentagon has repeatedly denied accusations that the contract was somehow written to make Amazon a favored vendor, but today the Washington Post reports President Trump has asked the newly appointed Defense Secretary, Mark T. Esper to examine the process because of concerns over that very matter.

The Defense Department called for bids last year for a $10 billion, decade long contract. From the beginning Oracle in particular complained that the process favored Amazon. Even before the RFP process began Oracle executive Safra Catz took her concerns directly to the president, but at that time he did not intervene. Later, the company filed a complaint with the Government Accountability Office, which ruled that the procurement process was fair.

Finally, the company took the case to court alleging that a person involved in defining the selection process had a conflict of interest, due to being an employee at Amazon before joining the DoD. That case was dismissed last month.

In April, the DoD named Microsoft and Amazon as the two finalists, and the winner was finally expected to be named some time this month. It appeared that the we were close to the finish line, but now that the president has intervened at the 11th hour, it’s impossible to know what the outcome will be.

What we do know is that this is a pivotal project for the DoD, which is aimed at modernizing the U.S. military for the next decade and beyond. The fact is that the two finalists made perfect sense. They are the two market leaders, and each has tools, technologies and experience working with sensitive government contracts.

Amazon is the market leader with 33% marketshare. Microsoft is number two with 16%. Number three vendor, Google dropped out before the RFP process began. It is unclear at this point whether the president’s intervention will have any influence on the final decision, but the Washington Post reports it is an unusual departure from government procurement procedures.


By Ron Miller

Grasshopper’s Judith Erwin leaps into innovation banking

In the years following the financial crisis, de novo bank activity in the US slowed to a trickle. But as memories fade, the economy expands and the potential of tech-powered financial services marches forward, entrepreneurs have once again been asking the question, “Should I start a bank?”

And by bank, I’m not referring to a neobank, which sits on top of a bank, or a fintech startup that offers an interesting banking-like service of one kind or another. I mean a bank bank.

One of those entrepreneurs is Judith Erwin, a well-known business banking executive who was part of the founding team at Square 1 Bank, which was bought in 2015. Fast forward a few years and Erwin is back, this time as CEO of the cleverly named Grasshopper Bank in New York.

With over $130 million in capital raised from investors including Patriot Financial and T. Rowe Price Associates, Grasshopper has a notable amount of heft for a banking newbie. But as Erwin and her team seek to build share in the innovation banking market, she knows that she’ll need the capital as she navigates a hotly contested niche that has benefited from a robust start-up and venture capital environment.

Gregg Schoenberg: Good to see, Judith. To jump right in, in my opinion, you were a key part of one of the most successful de novo banks in quite some time. You were responsible for VC relationships there, right?

…My background is one where people give me broken things, I fix them and give them back.

Judith Erwin: The VC relationships and the products and services managing the balance sheet around deposits. Those were my two primary roles, but my background is one where people give me broken things, I fix them and give them back.

Schoenberg: Square 1 was purchased for about 22 times earnings and 260% of tangible book, correct?

Erwin: Sounds accurate.

Schoenberg: Plus, the bank had a phenomenal earnings trajectory. Meanwhile, PacWest, which acquired you, was a “perfectly nice bank.” Would that be a fair characterization?

Erwin: Yes.

Schoenberg: Is part of the motivation to start Grasshopper to continue on a journey that maybe ended a little bit prematurely last time?

Erwin: That’s a great insight, and I did feel like we had sold too soon. It was a great deal for the investors — which included me — and so I understood it. But absolutely, a lot of what we’re working to do here are things I had hoped to do at Square 1.

Image via Getty Images / Classen Rafael / EyeEm

Schoenberg: You’re obviously aware of the 800-pound gorilla in the room in the form of Silicon Valley Bank . You’ve also got the megabanks that play in the segment, as well as Signature Bank, First Republic, Bridge Bank and others.


By Gregg Schoenberg

The startups creating the future of RegTech and financial services

Technology has been used to manage regulatory risk since the advent of the ledger book (or the Bloomberg terminal, depending on your reference point). However, the cost-consciousness internalized by banks during the 2008 financial crisis combined with more robust methods of analyzing large datasets has spurred innovation and increased efficiency by automating tasks that previously required manual reviews and other labor-intensive efforts.

So even if RegTech wasn’t born during the financial crisis, it was probably old enough to drive a car by 2008. The intervening 11 years have seen RegTech’s scope and influence grow.

RegTech startups targeting financial services, or FinServ for short, require very different growth strategies — even compared to other enterprise software companies. From a practical perspective, everything from the security requirements influencing software architecture and development to the sales process are substantially different for FinServ RegTechs.

The most successful RegTechs are those that draw on expertise from security-minded engineers, FinServ-savvy sales staff as well as legal and compliance professionals from the industry. FinServ RegTechs have emerged in a number of areas due to the increasing directives emanating from financial regulators.

This new crop of startups performs sophisticated background checks and transaction monitoring for anti-money laundering purposes pursuant to the Bank Secrecy Act, the Office of Foreign Asset Control (OFAC) and FINRA rules; tracks supervision requirements and retention for electronic communications under FINRA, SEC, and CFTC regulations; as well as monitors information security and privacy laws from the EU, SEC, and several US state regulators such as the New York Department of Financial Services (“NYDFS”).

In this article, we’ll examine RegTech startups in these three fields to determine how solutions have been structured to meet regulatory demand as well as some of the operational and regulatory challenges they face.

Know Your Customer and Anti-Money Laundering


By Danny Crichton

Liberty’s challenge to UK state surveillance powers reveals shocking failures

A legal challenge to the UK’s controversial mass surveillance regime has revealed shocking failures by the main state intelligence agency, which has broad powers to hack computers and phones and intercept digital communications, in handling people’s information.

The challenge, by rights group Liberty, led last month to an initial finding that MI5 had systematically breached safeguards in the UK’s Investigatory Powers Act (IPA) — breaches the Home Secretary, Sajid Javid, euphemistically couched as “compliance risks” in a carefully worded written statement that was quietly released to parliament.

Today Liberty has put more meat on the bones of the finding of serious legal breaches in how MI5 handles personal data, culled from newly released (but redacted) documents that it says describe the “undoubtedly unlawful” conduct of the UK’s main security service which has been retaining innocent people’s data for years.

The series of 10 documents and letters from MI5 and the Investigatory Powers Commissioner’s Office (IPCO), the body charged with overseeing the intelligence agencies’ use of surveillance powers, show that the spy agency has failed to meet its legal duties for as long as the IPA has been law, according to Liberty.

The controversial surveillance legislation passed into UK law in November 2016 — enshrining a system of mass surveillance of digital communications which includes a provision that logs of all Internet users’ browsing activity be retained for a full year, accessible to a wide range of government agencies (not just law enforcement and/or spy agencies).

The law also allows the intelligence agencies to maintain large databases of personal information on UK citizens, even if they are not under suspicion of any crime. And sanctions state hacking of devices, networks and services, including bulk hacking on foreign soil. It also gives U.K. authorities the power to require a company to remove encryption, or limit the rollout of end-to-end encryption on a future service.

The IPA has faced a series of legal challenges since making it onto the statute books, and the government has been forced to amend certain aspects of it on court order — including beefing up restrictions on access to web activity data. Other challenges to the controversial surveillance regime, including Liberty’s, remain ongoing.

The newly released court documents include damning comments on MI5’s handling of data by the IPCO — which writes that: “Without seeking to be emotive, I consider that MI5’s use of warranted data… is currently, in effect, in ‘special measures’ and the historical lack of compliance… is of such gravity that IPCO will need to be satisfied to a greater degree than usual that it is ‘fit for purpose’”.”

Liberty also says MI5 knew for three years of failures to maintain key safeguards — such as the timely destruction of material, and the protection of legally privileged material — before informing the IPCO.

Yet a key government sales pitch for passing the legislation was the claim of a ‘world class’ double-lock authorization and oversight regime to ensure the claimed safeguards on intelligence agencies powers to intercept and retain data.

So the latest revelations stemming from Liberty’s legal challenge represent a major embarrassment for the government.

“It is of course paramount that UK intelligence agencies demonstrate full compliance with the law,” the home secretary wrote in the statement last month, before adding his own political spin: “In that context, the interchange between the Commissioner and MI5 on this issue demonstrates that the world leading system of oversight established by the Act is working as it should.”

Liberty comes to the opposite conclusion on that point — emphasizing that warrants for bulk surveillance were issued by senior judges “on the understanding that MI5’s data handling obligations under the IPA were being met — when they were not”.

“The Commissioner has pointed out that warrants would not have been issued if breaches were known,” it goes on. “The Commissioner states that “it is impossible to sensibly reconcile the explanation of the handling of arrangements the Judicial Commissioners [senior judges] were given in briefings…with what MI5 knew over a protracted period of time was happening.”

So, basically, it’s saying that MI5 — having at best misled judges, whose sole job it is to oversee its legal access to data, about its systematic failures to lawfully handle data — has rather made a sham of the entire ‘world class’ oversight regime.

Liberty also flags what it calls “a remarkable admission to the Commissioner” — made by MI5’s deputy director general — who it says acknowledges that personal data collected by MI5 is being stored in “ungoverned spaces”. It adds that the MI5 legal team claims there is “a high likelihood [of material] being discovered when it should have been deleted, in a disclosure exercise leading to substantial legal or oversight failure”.

“Ungoverned spaces” is not a phrase that made it into Javid’s statement last month on MI5’s “compliance risks”.

But the home secretary did acknowledge: “A report of the Investigatory Powers Commissioner’s Office suggests that MI5 may not have had sufficient assurance of compliance with these safeguards within one of its technology environments.”

Javid also said he had set up “an independent review to consider and report back to me on what lessons can be learned for the future”. Though it’s unclear whether that report will be made public. 

We reached out to the Home Office for comment on the latest revelations from Liberty’s litigation. But a spokesman just pointed us to Javid’s prior statement. 

In a statement, Liberty’s lawyer, Megan Goulding, said: “These shocking revelations expose how MI5 has been illegally mishandling our data for years, storing it when they have no legal basis to do so. This could include our most deeply sensitive information – our calls and messages, our location data, our web browsing history.

“It is unacceptable that the public is only learning now about these serious breaches after the Government has been forced into revealing them in the course of Liberty’s legal challenge. In addition to showing a flagrant disregard for our rights, MI5 has attempted to hide its mistakes by providing misinformation to the Investigatory Powers Commissioner, who oversees the Government’s surveillance regime.

“And, despite a light being shone on this deplorable violation of our rights, the Government is still trying to keep us in the dark over further examples of MI5 seriously breaching the law.”


By Natasha Lomas