This Egyptian Entrepreneur Is Creating Wealth From Garbage With The Help Of Local Farmers – WeeTracker Media

There’s no intention to make it look like so much of a biggie, but the truth has to be said. 2018 is fast-ending, and once the New Year begins, umpteen entrepreneurs will be looking to break into markets, expanding and all sorts of 2019-is-the-year kind of business moves. There’s no doubt that the African economic ecosystem will have to make room for more entrepreneurs because this year could have been for some a water-testing period, as they would want to call on all forces necessary just to get to the top of the startup chain.

But before you take that quantum leap in 2019, perhaps taking a look at which sectors made the most millionaires this year could ultimately make even the tiniest step you take make your to-be company’s revenue looking like a premium phone number.

While the term “millionaire” has taken on a whole new meaning on the continent, you shouldn’t just be all excited about the money. Being successful is all about making an impact – and there’s no way you can make an impact without being a millionaire.

Looking to create values that would touch and better the lives of people? Then these impact entrepreneurship sectors may be the best for your startup.

Drones

Image courtesy: ABC News

While a marine lecturer from the University of Ghana uses drones to monitor Ghana’s eroded coastline and looks to bring solutions to the challenged Fuvemeh people, Africa is cashing in big on the industry of these devices.

Drones are no longer just the classified tools used to chase terrorists and take breathtaking high-altitude snapshots. They’ve gone from that to find versatile and impactful roles in Africa, helping from logistics and farmland management to humanitarian deliveries and conservation support.

Rwanda’s Zipline is a drone delivery startup that distributes blood and medical supplies in the country, which has seen successful pilot operations that are making its expansion into Tanzanian territory possible and a necessity.

President of the African Development Bank (AfDB) said in August that future farmers would sit in their homes and use drones to monitor their farms. While this is largely true, Ivorien Investive Group, an agritech startup is already helping in fulfilling this prophecy by using drones to help farmers conduct pre-activity studies on their farms and harvest forecasting with the aim of optimizing production.

In 2015, Maisam Pyarali alongside five peers built a drone to help Tanzanian farmers monitor their crops. Aerobotics in South Africa is a startup that uses drones to provide bird’s eye surveillance for farmers to provide essential data that can boost crop yields by up to 10 percent. This drone services now operates in 11 countries including the United States, the United Kingdom, and Russia.

Sudan’s Massive Dynamics develops drones that can plant trees all by automation. The first breakthrough invention is being used to plant Acacia trees from the sky. While South Africa’s Rocketmine uses drones in the mining industry for data collection, Cameroonian Drone Africa builds drones that could be used in gas mine detection to reduce the risk of accidents, and then Panmarine Technology is solving the problem of waste and chemical hazards by collecting both with drones from canals and ports. While this set of drone startups are impacting climate and environment, others are making significant strides in warehousing, media, natural disasters, archaeology, and others.

The African drone industry is yet new and emerging, but relatively so. With a wide range of possibilities for this millennial technology, Africans could have, today, entrepreneurs to thank for a continent where ease-of-doing-things is the culture. And, with thanks comes revenues.

Waste Management

Image result for waste

image courtesy: The British Mountaineering Council

Garbage and scrap are no longer useless, despite the fact that they lie around in streets and constitute a nerve-racking nuisance.

They have nagged along and troubled urban Africa for decades, which led to advertent burning, burying or dumping. But rather than dumping waste in water bodies and clogging them, making rivers and lakes inhabitable for wildlife, perhaps a business idea could suffice and make an impact.

No, not perhaps. More than 80 percent of the continent’s waste ends up as landfill, and given the rising nature of Africa’s population, it won’t be long before the waste problem would become a full-blown disaster.

Speaking of impact, clean-tech startups are on the rise, armed to the teeth to combat Africa’s waste problem, impact the lives of Africans and cash in on what the sector has to offer – and so far the withdrawals have been big. I love clean-tech because it is one of the few business ideas that don’t quite require capital and sourcing of expensive materials. As odd as it may sound, waste is free, and raising millions from it is more or less free money.

In South Africa, it’s a different ball concept in that it entails converting waste into animal feed. AgriProtein grows maggots from waste collected from a variety of markets, household and business. The company processes the life forms into highly nutritious protein supplements that have all the characteristics of a fish meal animal feed. This company has raised up to USD 30 Mn in funding, which makes it one of the best-funded insect farming businesses known.

In Ethiopia, it gets even more interesting as the Repi Waste recycling factory is converting waste to electricity. While such a solution is quite shocking (pun very much intended), this Addis Ababa-based company is producing 50 megawatts of electricity from across the city that is expected to supply 3 million homes while also significantly cutting down on carbon emissions. In Ghana, Accra’s very own Makafui Awuku is churning out wonders from plastic waste. The wastepreneur built a Christmas tree from plastic bottles, makes dustbins, sandals and other artifacts strictly from waste.

While we’re busy soundly sleeping, recycling and upcycling are going on in many pockets and saving the African environment. As World Bank has said that the 62 million tons of waste generated in Africa per year is going to double by 2025, the likes of Andrew Mupuya, Lorna Rutto, and Bilikiss Adebiyi Abiola are turning the million tons of waste into millions of cash, perhaps also hoping to double their own revenues by 2025, or sooner.

Uganda’s Andrew Mupuya, around the period the country’s government wanted to ban plastic bag use, started producing paper bags from waste. While earning the moniker Paper Bag Emperor for himself, the entrepreneur produces 20,000 of these items weekly, employs 20 people and has a clientele of more than 70 consistent customers. Even more, he took home USD 30 K as the winner of the Anzisha Prize for African innovation in the wake of social challenges.

Lorna Rutto collects Kenya’s plastic waste and manufactures commercially viable, highly durable and environment-friendly fencing posts across the country. These posts are used in houses and forest reserves, and the use of a 20-ton approximate of plastic waste to make tree-saving products has made the young lady create more than 300 jobs. Today, her company boasts as much as USD 150 K in annual revenue. As for Abiola, she is the co-founder of WeCylers, a Nigerian social enterprise that uses low-cost cargo bicycles to provide convenient waste collection and recycling services to households across Lagos and Nigeria.

Affordable Real Estate

Image result for Affordable Real Estate

Africa is in the thick of the world’s rural-to-urban migration as has been noticed over the past few decades.

In the search for greener pastures and in the bid to join the moving train of civilization, Africans are leaving their villages and looking to start life in urbanities.

It is projected that by 2030, up to 50 percent of Africa’s populace would be living in towns and cities. Despite the fact that we are aiming for an all-round developed continent; where nooks and crannies are impacted by innovation and development, urbanization is a great thing.

The question is now is: where will these people live? Will they hang from trees or take up residence beneath bridges? And should the government try to intervene, they possibly cannot build homes at the required pace to meet the real estate demands of the teeming migrators. This is where a solution comes in, and before we could say ‘Jack,’ African enterprises are already raking revenues from urban housing.

In Nigeria, which is Africa’s most populous nation, the housing deficit is estimated at 20 million homes, which is the reason the world’s richest black man, Aliko Dangote has expanded his cement production presence across many countries in the continent. His strides in the cement industry are in an effort to provide building materials which now accounts for a significant portion of his net worth.

But more than conventional accommodation is an interesting trend which entails homes being built from cheap and durable alternatives such as shipping containers. In South Africa where the housing deficit stands at 2.3 million homes, Cape Town-based building contractor Berman-Kalil offers sustainable and affordable housing options which are contrived by converting shipping containers into remarkably creative residential and office accommodation, doing so at half the price of contemporary housing costs. In Kenya, Denise Majani is also tackling the same problem in the same way.

As for money raised by real estate startups to combat housing problems in Africa, there is a numerousness of them. Egypt’s iCommunity raised USD 600 K Series A from Algebra Ventures in October, S.A’s HouseME landed a multimillion-rand deal this December and Egypt’s Aqarmap secured investments from a trio of investors in September among others. Investors have shown real interest in Africa’s housing developments as they have focused on the elite premium segment of the market.

Food and Agriculture

Image result for agribusiness

Image credit: Agribusiness

Based on how extensively informative this article is, you may have gone to your fridge to grab a snack. While that is entirely normal, it yet buttresses the inoffensive fact that the continent is filled with hungry people.

No matter what, we will always eat. Across the world, agriculture is big business, and most farmers are financially well-off. According to the United Nations, Africa’s agribusiness industry is expected to be worth USD 1 Tn by 2013. Being that the continent has a vast domestic market, owns some 60 percent of the world’s unused arable land, with abundant labor sources and a favorable climate in most parts, the projection makes complete sense.

African entrepreneurs may not be cashing in so big on this yet because the continent still spends more than USD 30 Bn on annual food imports. A massive chunk of the challenge is that the more substantial part of Africa’s food is being produced by rural-based smallholder farmers who use crude implements and have limited access to substantial capital.

But that is not the end of the road for the African food business, because there’s such a thing known as crowdfarming. It is the term used to describe a situation where different people pool funds together, invest in these rural farmers and take shares of the profits at harvest time. That is a significant boost for food production, and it would as well cut down Africa’s food import bill while making more money for both the investors and farmers.

This transforming trend is what agritechs such as FarmCrowdy and ThriveAgric are capitalizing on to enable working-class and even the average Nigerian crowd-sponsor farming projects and earn a share as ROI come harvest time. FarmCrowdy raised USD 1 Mn last year from United States investors to expand its operations.

Ari.Farm in Somalia is doing the same thing by creating an online marketplace and crowdfarming platform that makes it easy for investors from across the world to play in the Somali livestock market.

In South Africa, Livestock Wealth helps investors own pregnant cows and track them through a mobile application. When the birthed calf reaches seven months, it is sold to a feedlot or slaughterhouse and the proceed from the beef belongs to the investor. This December, Kenya’s Twiga Food secured investment worth 10 Mn to scale its operations. As Africa’s population doubles over the next 3 decades, agribusiness opportunities multiply alongside, and a league of millionaires is likely to be produced from the continent’s agribusiness industry.

Urban Logistics

Image result for logistics

image courtesy: Michigan State University Online

Being that the future of Africa majorly lies in the cities, it’s probably safe to say that by 2030 up to half of the continent’s 1.4 billion people would be dwelling in the urbanites.

There are currently around 60 cities on the continent, each with a population of well over 1 million. Lagos alone is occupied by 21 million inhabitants, Kinshasa has 11 million and 19.5 million roam Cairo – these three cities are at the top of the African cities’ population pack.

With these swarms of people, which will likely double by 2030, one of the most serious challenges – which appears to be developing into an unnatural disaster – is congestion. Most African cities don’t yet have adequately diversified transportation systems, which makes going around towns for business and many other things hectic, and in some cases, a very frustrating endeavor. This makes up a load of logistics nightmare frustrating consumers and entrepreneurs alike, and that is why – thankfully – some African enterprises are already ‘getting their gear on’ to tackle this problem.

In Kenya, a startup known as Twiga Foods is leveraging technology to pool orders from a several of urban retailers, advertently saving them the stress of going to the market – by delivering these food items to their doorsteps. Twiga is now the largest distributor of a variety of basic food staples in Kenya, having raised USD 10.3 Mn in 2017 from international investors and secured USD 2 Mn in grants from USAID and the GSMA.

This December, the company raised USD 10 Mn from a round led by The World Bank’s International Finance Corporation (IFC), TLcom and the Global Agriculture and Food Security Program. The startup was founded in 2014 by Grant Brooke to link smallholder farmers in rural Kenya to informal vendors in cities, ordering fresh produce from farmers across the country at competitive prices. In Nigeria, MAX is tackling the same congestion problem in a different way – providing last-mile delivery services and on-demand motorcycle courier services for clients who have critical deliveries in need of beating the notorious Lagos traffic.

Across African cities, ride-hailing services such as Uber, Taxify, Awabike, Gokada, and Lyft are providing affordable cab pick-and-drops at different locations. More of these are surely going to emerge in the coming year, all looking to reap the fruits of Africa’s hippy cities. In December alone, Egypt’s Buseet raised a seed round extension, Nigeria’s trucking logistics startup Kobo360 raised 6 Mn, Egyptian Halan closed a Series A and Swvl scored around believed to be ‘tens of millions’. It is all in the ultimate game of cashing in on Africa’s big transport challenge, as even flying cars will soon be in the picture.

As we progress, more entrepreneurs will devise ways to outsmart the complex issues and bottlenecks in the logistics of African urbanities. In 2019, it may likely be the continent’s most promising business opportunity.

This list is –actually – endless, and it may likely continue soon. But for the meantime, African entrepreneurs should make do with these promising sectors, cash in big and send us their annual revenue reports!

Feature image courtesy: Getty Images

The Most Surprising Tech Breakthroughs of 2018 – Singularity Hub

Development across the entire information technology landscape certainly didn’t slow down this year. From CRISPR babies, to the rapid decline of the crypto markets, to a new robot on Mars, and discovery of subatomic particles that could change modern physics as we know it, there was no shortage of headline-grabbing breakthroughs and discoveries.

As 2018 comes to a close, we can pause and reflect on some of the biggest technology breakthroughs and scientific discoveries that occurred this year.

I reached out to a few Singularity University speakers and faculty across the various technology domains we cover asking what they thought the biggest breakthrough was in their area of expertise. The question posed was:

“What, in your opinion, was the biggest development in your area of focus this year? Or, what was the breakthrough you were most surprised by in 2018?”

I can share that for me, hands down, the most surprising development I came across in 2018 was learning that a publicly-traded company that was briefly valued at over $1 billion, and has over 12,000 employees and contractors spread around the world, has no physical office space and the entire business is run and operated from inside an online virtual world. This is Ready Player One stuff happening now.

For the rest, here’s what our experts had to say.

DIGITAL BIOLOGY

Dr. Tiffany Vora | Faculty Director and Vice Chair, Digital Biology and Medicine, Singularity University

“That’s easy: CRISPR babies. I knew it was technically possible, and I’ve spent two years predicting it would happen first in China. I knew it was just a matter of time but I failed to predict the lack of oversight, the dubious consent process, the paucity of publicly-available data, and the targeting of a disease that we already know how to prevent and treat and that the children were at low risk of anyway.

I’m not convinced that this counts as a technical breakthrough, since one of the girls probably isn’t immune to HIV, but it sure was a surprise.”

For more, read Dr. Vora’s summary of this recent stunning news from China regarding CRISPR-editing human embryos.

QUANTUM COMPUTING

Andrew Fursman | Co-Founder/CEO 1Qbit, Faculty, Quantum Computing, Singularity University

“There were two last-minute holiday season surprise quantum computing funding and technology breakthroughs:

First, right before the government shutdown, one priority legislative accomplishment will provide $1.2 billion in quantum computing research over the next five years. Second, there’s the rise of ions as a truly viable, scalable quantum computing architecture.”

*Read this Gizmodo profile on an exciting startup in the space to learn more about this type of quantum computing

ENERGY

Ramez Naam | Chair, Energy and Environmental Systems, Singularity University

“2018 had plenty of energy surprises. In solar, we saw unsubsidized prices in the sunny parts of the world at just over two cents per kwh, or less than half the price of new coal or gas electricity. In the US southwest and Texas, new solar is also now cheaper than new coal or gas. But even more shockingly, in Germany, which is one of the least sunny countries on earth (it gets less sunlight than Canada) the average bid for new solar in a 2018 auction was less than 5 US cents per kwh. That’s as cheap as new natural gas in the US, and far cheaper than coal, gas, or any other new electricity source in most of Europe.

In fact, it’s now cheaper in some parts of the world to build new solar or wind than to run existing coal plants. Think tank Carbon Tracker calculates that, over the next 10 years, it will become cheaper to build new wind or solar than to operate coal power in most of the world, including specifically the US, most of Europe, and—most importantly—India and the world’s dominant burner of coal, China.

Here comes the sun.”

GLOBAL GRAND CHALLENGES

Darlene Damm | Vice Chair, Faculty, Global Grand Challenges, Singularity University

“In 2018 we saw a lot of areas in the Global Grand Challenges move forward—advancements in robotic farming technology and cultured meat, low-cost 3D printed housing, more sophisticated types of online education expanding to every corner of the world, and governments creating new policies to deal with the ethics of the digital world. These were the areas we were watching and had predicted there would be change.

What most surprised me was to see young people, especially teenagers, start to harness technology in powerful ways and use it as a platform to make their voices heard and drive meaningful change in the world. In 2018 we saw teenagers speak out on a number of issues related to their well-being and launch digital movements around issues such as gun and school safety, global warming and environmental issues. We often talk about the harm technology can cause to young people, but on the flip side, it can be a very powerful tool for youth to start changing the world today and something I hope we see more of in the future.”

BUSINESS STRATEGY

Pascal Finette | Chair, Entrepreneurship and Open Innovation, Singularity University

“Without a doubt the rapid and massive adoption of AI, specifically deep learning, across industries, sectors, and organizations. What was a curiosity for most companies at the beginning of the year has quickly made its way into the boardroom and leadership meetings, and all the way down into the innovation and IT department’s agenda. You are hard-pressed to find a mid- to large-sized company today that is not experimenting or implementing AI in various aspects of its business.

On the slightly snarkier side of answering this question: The very rapid decline in interest in blockchain (and cryptocurrencies). The blockchain party was short, ferocious, and ended earlier than most would have anticipated, with a huge hangover for some. The good news—with the hot air dissipated, we can now focus on exploring the unique use cases where blockchain does indeed offer real advantages over centralized approaches.”

*Author note: snark is welcome and appreciated

ROBOTICS

Hod Lipson | Director, Creative Machines Lab, Columbia University

“The biggest surprise for me this year in robotics was learning dexterity. For decades, roboticists have been trying to understand and imitate dexterous manipulation. We humans seem to be able to manipulate objects with our fingers with incredible ease—imagine sifting through a bunch of keys in the dark, or tossing and catching a cube. And while there has been much progress in machine perception, dexterous manipulation remained elusive.

There seemed to be something almost magical in how we humans can physically manipulate the physical world around us. Decades of research in grasping and manipulation, and millions of dollars spent on robot-hand hardware development, has brought us little progress. But in late 2018, the Berkley OpenAI group demonstrated that this hurdle may finally succumb to machine learning as well. Given 200 years worth of practice, machines learned to manipulate a physical object with amazing fluidity. This might be the beginning of a new age for dexterous robotics.”

MACHINE LEARNING

Jeremy Howard | Founding Researcher, fast.ai, Founder/CEO, Enlitic, Faculty Data Science, Singularity University

“The biggest development in machine learning this year has been the development of effective natural language processing (NLP).

The New York Times published an article last month titled “Finally, a Machine That Can Finish Your Sentence,” which argued that NLP neural networks have reached a significant milestone in capability and speed of development. The “finishing your sentence” capability mentioned in the title refers to a type of neural network called a “language model,” which is literally a model that learns how to finish your sentences.

Earlier this year, two systems (one, called ELMO, is from the Allen Institute for AI, and the other, called ULMFiT, was developed by me and Sebastian Ruder) showed that such a model could be fine-tuned to dramatically improve the state-of-the-art in nearly every NLP task that researchers study. This work was further developed by OpenAI, which in turn was greatly scaled up by Google Brain, who created a system called BERT which reached human-level performance on some of NLP’s toughest challenges.

Over the next year, expect to see fine-tuned language models used for everything from understanding medical texts to building disruptive social media troll armies.”

DIGITAL MANUFACTURING

Andre Wegner | Founder/CEO Authentise, Chair, Digital Manufacturing, Singularity University

“Most surprising to me was the extent and speed at which the industry finally opened up.

While previously, only few 3D printing suppliers had APIs and knew what to do with them, 2018 saw nearly every OEM (or original equipment manufacturer) enabling data access and, even more surprisingly, shying away from proprietary standards and adopting MTConnect, as stalwarts such as 3D Systems and Stratasys have been. This means that in two to three years, data access to machines will be easy, commonplace, and free. The value will be in what is being done with that data.

Another example of this openness are the seemingly endless announcements of integrated workflows: GE’s announcement with most major software players to enable integrated solutions, EOS’s announcement with Siemens, and many more. It’s clear that all actors in the additive ecosystem have taken a step forward in terms of openness. The result is a faster pace of innovation, particularly in the software and data domains that are crucial to enabling comprehensive digital workflow to drive agile and resilient manufacturing.

I’m more optimistic we’ll achieve that now than I was at the end of 2017.”

SCIENCE AND DISCOVERY

Paul Saffo | Chair, Future Studies, Singularity University, Distinguished Visiting Scholar, Stanford Media-X Research Network

“The most important development in technology this year isn’t a technology, but rather the astonishing science surprises made possible by recent technology innovations. My short list includes the discovery of the “neptmoon”, a Neptune-scale moon circling a Jupiter-scale planet 8,000 lightyears from us; the successful deployment of the Mars InSight Lander a month ago; and the tantalizing ANITA detection (what could be a new subatomic particle which would in turn blow the standard model wide open). The highest use of invention is to support science discovery, because those discoveries in turn lead us to the future innovations that will improve the state of the world—and fire up our imaginations.”

ROBOTICS

Pablos Holman | Inventor, Hacker, Faculty, Singularity University

“Just five or ten years ago, if you’d asked any of us technologists “What is harder for robots? Eyes, or fingers?” We’d have all said eyes. Robots have extraordinary eyes now, but even in a surgical robot, the fingers are numb and don’t feel anything. Stanford robotics researchers have invented fingertips that can feel, and this will be a kingpin that allows robots to go everywhere they haven’t been yet.”

BLOCKCHAIN

Nathana Sharma | Blockchain, Policy, Law, and Ethics, Faculty, Singularity University

“2017 was the year of peak blockchain hype. 2018 has been a year of resetting expectations and technological development, even as the broader cryptocurrency markets have faced a winter. It’s now about seeing adoption and applications that people want and need to use rise. An incredible piece of news from December 2018 is that Facebook is developing a cryptocurrency for users to make payments through Whatsapp. That’s surprisingly fast mainstream adoption of this new technology, and indicates how powerful it is.”

ARTIFICIAL INTELLIGENCE

Neil Jacobstein | Chair, Artificial Intelligence and Robotics, Singularity University

“I think one of the most visible improvements in AI was illustrated by the Boston Dynamics Parkour video. This was not due to an improvement in brushless motors, accelerometers, or gears. It was due to improvements in AI algorithms and training data. To be fair, the video released was cherry-picked from numerous attempts, many of which ended with a crash. However, the fact that it could be accomplished at all in 2018 was a real win for both AI and robotics.”

NEUROSCIENCE

Divya Chander | Chair, Neuroscience, Singularity University

“2018 ushered in a new era of exponential trends in non-invasive brain modulation. Changing behavior or restoring function takes on a new meaning when invasive interfaces are no longer needed to manipulate neural circuitry. The end of 2018 saw two amazing announcements: the ability to grow neural organoids (mini-brains) in a dish from neural stem cells that started expressing electrical activity, mimicking the brain function of premature babies, and the first (known) application of CRISPR to genetically alter two fetuses grown through IVF. Although this was ostensibly to provide genetic resilience against HIV infections, imagine what would happen if we started tinkering with neural circuitry and intelligence.”

Image Credit: Yurchanka Siarhei / Shutterstock.com

The Year That Was and Wasn’t – The Morning News

Interviews by Hayden Higgins

Jacqui Shine

This percussive speech act, mesmerizing and excruciating, felt like a memorial to that thin slice of time.

Most Important: In October, former Chicago police officer Jason Van Dyke was found guilty of second-degree murder in the 2014 death of 17-year-old Laquan McDonald, as well as 16 counts of aggravated battery, one for each of the shots he fired. I watched the announcement of the verdict via livestream. The jury forewoman read each battery count aloud separately:

”We the jury find the defendant, Jason Van Dyke, guilty of aggravated battery with a firearm—first shot. We the jury find the defendant, Jason Van Dyke, guilty of aggravated battery with a firearm—second shot,“ and so on.

It took Van Dyke less than 15 seconds to fire 16 shots. It took far longer for the forewoman to read the 16 counts. While nothing ends so neatly as we’d wish, this percussive speech act, mesmerizing and excruciating, felt like a memorial to that thin slice of time, recalled and suspended above us, or around us, wherever the words carried. I can’t say that it was important BECAUSE; there’s no way to know whether or how this landmark verdict will change anything about how the criminal justice system treats the lives and deaths of Black people at the hands of the police. It was important. Somewhere, those sound waves are pulsing still.

Least Important: Lena Dunham’s apologies.

Jacqui Shine is a writer and historian.

Nushin Rashidian

The future of cannabis is becoming more John Boehner and less Bob Marley.

Most Important: The commodification of cannabis is complete. Multibillion-dollar cannabis companies in Canada are flag-planting from Colombia to Lesotho for production and distribution across the globe. Companies like Altria (Philip Morris, Marlboro) and Constellation Brands (Corona, SVEDKA) are getting involved. It’s unclear whether cannabis-as-ingredient will go the direction of alcohol (cannabis beverages), tobacco (cannabis vapes), or pharma (cannabis medicines). Or all three. But one thing is for sure: The future of cannabis is becoming more John Boehner and less Bob Marley.

And the integrity of our elections is now in the hands of technology companies like Facebook. In September, Facebook announced the creation of a ”war room“ to combat election meddling by foreign bad actors. In the same month, Mark Zuckerberg wrote an op-ed in the Washington Post in which he said the company’s efforts are part of an ”arms race“ and that Facebook can help save democracy. Several Congress members seem to see safeguarding democracy as Facebook’s responsibility, too. The conflation of the private company’s technological power with government authority does not bode well for future elections.

Least Important: Ariana Grande and Pete Davidson.

Nushin Rashidian is cofounder of Cannabis Wireand research lead at the Tow Center for Digital Journalism.

Mercedes Kraus

As of November, California’s political leadership is now bluer, and more progressive, than it’s ever been.

Least Important: I moved to California after a decade of living in New York.

Most Important: What’s happening in California: The fifth largest economy in the world is in the middle of a severe housing crisis and rising inequality that’s exacerbated, in part, by the migration trend I’m part of. The middle class is shrinking and moving elsewhere, and unaffordability and environmental degradation are squeezing out opportunities for workers.

Devastating wildfires (and the mudslides that follow them) are getting worse every year, even impeding the strides made on ambitious climate goals. Though the state is now aiming to be carbon-zero by 2045 (!), no one knows how that would happen. Car culture is strong with this one, and transportation emissions are actually on the rise. Despite all the hullabaloo from state leaders, electric cars won’t save California, though maybe electric scooters will? (TBD on the under-construction high-speed rail line; anyway, Texas might build one first.) The state that has admirably reduced its prison population and this year legalized recreational marijuana is still struggling to make right its years of inequitable (read: racist) marijuana enforcement, especially in LA, the world’s largest illegal market. As of November, California’s political leadership is now bluer, and more progressive, than it’s ever been. But will that make any difference in solving all these big problems? Watch this state.

Mercedes Kraus is the executive editor at Curbed.

Larissa Pham


Most Important: We’ve learned we’re all going to die in a climate apocalypse.

Least Important: Twitter.

Larissa Pham is a writer in Brooklyn.

André Natta

The difference is how quickly the general narrative continued to advance.

Most Important: It’s tough to put this into words as the year closes, but much of what happened served a dark cloud hanging over it—a numbing to things that would’ve normally caused many to take to their keyboards in outrage. It’s not that it didn’t still happen; it did for far too many things. The mass shootings; the horse race that was the coverage of the 2018 election cycle; the ongoing growth of distrust in long-establishing social networking platforms (despite continuing growth for some of their subsidiaries). The difference is how quickly the general narrative continued to advance as we found new things to feed the appetite of a 24-hour news cycle.

It’s leading me to wonder aloud what happens when a national news organization finally adopts a true “50 state-plus” strategy for covering the upcoming 2020 presidential election. It means listening to the people being served and recognizing their needs and desires as a result. It also means trusting those who work on the ground every day with the duty of leading the coverage and the lens with which it’s observed. “Place” is becoming increasingly important for the coming year as we stop asking for a general overview and demand better context and depth.

It’s an important challenge I hope something or someone is willing to tackle as our calendars change over.

Least Important: I’m going to go out on a limb and say Gritty’s arrival in my newly adopted city of Philadelphia this fall. Actually, I may have to take that back, as it was about the same time I arrived in town and I appreciate the fun he’s brought to many, both locally and nationally (including myself). Therefore, I’m going to reach all the way back to this summer’s LeBron James/J.R. Smith meme—the gift that continues to keep on giving (even as it’s now obvious it wasn’t the end of the world—only a temporary escape from it for some).

André Natta is the editorial director for the Lenfest Local Lab, a Philadelphia, Pa.-based news product innovation team within the Lenfest Institute for Journalism experimenting openly with ways to reinvent the daily user experience for local news. He was a 2018 John S. Knight Journalism Fellow at Stanford University.

Credit: Hilde Skjølberg (detail)

Ted Scheinman

Here’s a major point of dissatisfaction that unifies groups who are otherwise opposed!

Most Important: Who’s going to pay for the energy transition? It would be imprecise to call the march of the gilets jaunes the single most important event of 2018, but the demonstrators in France and beyond have highlighted the grossest contradictions in the economic and climate policies of some of the world’s wealthiest countries. The yellow vests marched against a variety of neoliberal hypocrisies (giving tax breaks to the rich while levying austerity on everyone else; paying for the energy transition by punishing workers rather than producers; etc.), and you had nationalists marching alongside leftists—two reasons why many centrist commentators in America appeared horrified by these demonstrations. Given galloping inequality and accelerating climate change, the sane person observing the gilets jaunes would say, Here’s a major point of dissatisfaction that unifies groups who are otherwise opposed—that looks like an opportunity to do politics! The choice now is whether we craft climate policy that helps the greatest number of people, or whether instead we require a suffering majority to sacrifice basic necessities in already modest lives while the rich continue to do what they’ve always done. (There are one or two American legislators who understand this.)

Least Important: The Yanni/Laurel thing. And maybe the demise of the Weekly Standard.

Ted Scheinman is a senior editor at Pacific Standard. His first book, Camp Austen, came out March 2018 via Farrar, Straus & Giroux.

Bijan Stephen

If you don’t yet know where you stand you’re probably with the fascists.

I started the year running. The night Black Panther arrived—yes, that happened this year, can you believe it?—I saw it at the Arclight in Los Angeles even though I live in New York, because an imperfect way to change how you feel is to change where you are. (It didn’t work, for the record.) But wow, was this year relentless. I don’t need to list all the things the current occupant of the White House did that made everything worse. You felt it too, didn’t you? I mean, how many days of your year were spent in self-care?

There was a palpable worsening, a turn toward the apocalyptic. In the film, this would be the part minutes before neighbors started informing on each other to a just-born gestapo, which would arrive fully formed as a patchwork of paramilitary units and municipal police forces. But I digress. And anyway, we made it; or at least some of us did. It’s important to remember those who didn’t and couldn’t, as a direct result of political choices made by a vocal, racist minority.

What was most important? The further degradation of America’s political life, as felt through our interpersonal relationships; the lines in the sand have been drawn, and if you don’t yet know where you stand you’re probably with the fascists.

I don’t know what was least exhausting. Everything felt exactly as urgent as everything else did, which is probably why I continue to feel existentially tired; movement as self-preservation is an exhausting thing. Whatever. Exeunt, pursued by year.

Bijan Stephen is a staff writer at The Verge and a music critic at The Nation. He lives in New York.

Keenan Teddy Smith

Keep your corporate Pride, keep your pink-washed anti-Blackness.

Most Important: The cultural moment Black media for Black people has had. Pose on FX, obviously, marks a moment where Black queer and trans creators can write their stories themselves and receive critical acclaim instead of needing the voyeuristic white influence of an NYU grad student or the isolation of being the Black token in a queer cast. We are beginning to solicit the necessary questions of audience and why “listening to both sides” makes depicted Black, queer, and/or trans experiences feel inauthentic to those they are allegedly representing. We are beginning to accept that some media need not be made for everyone and yet still urgently needs to be made.

Least Important: White, cisgender homosexulity. Keep your corporate Pride, keep your pink-washed anti-Blackness.

Keenan Teddy Smith is a writer from Flint, Mich., whose poems and prose explore Black queer intimacy and ongoing settler-colonialism in the United States. He can be ignored on Twitter and Instagram.

Eve Peyser

2018 wasn’t only a continuation of 2016 and 2017, but also an escalation.

Most important: 2018 felt less like a year and more like a fraction of an era. Time continued to ooze forward. Events continued to unfold so quickly you could barely grasp what any of it meant. Violence continued to intensify. The news continued to break and break and break. Everybody continued yelling at each other. 2018 wasn’t only a continuation of 2016 and 2017, but also an escalation.

Least important: The Discourse, probably.

Eve Peyser is a writer and comedian who covers politics for VICE.com, and has been published in Esquire, GQ, the New York Times, the Washington Post, and New York.

Credit: Hilde Skjølberg (detail)

Elizabeth Rush

Climate change is no longer a problem for the future but a defining feature in our present.

Most Important: Sometime toward the end of this blazingly hot summer when a good portion of the West Coast was on fire, the New York Times ran this headline above the fold on the front page: “The Year Global Warming Made Its Menace a Reality.”

While I would argue that for those living on the front lines of higher tides, stronger storms, longer droughts, and an endless string of other record-breaking weather events, climate change has been real for quite some time already, I think this headline signals a pretty significant shift in climate change discourse. Climate change is no longer a problem for the future but a defining feature in our present. We are also starting to see stories that clarify the ways in which climate change and environmental injustice overlap, further deepening the distances between those communities that will receive institutional support to weather the storms to come and those that will not. Along with our growing awareness around how structural inequality plays into climate-exacerbated vulnerability, broad climate coalitions are coming to the fore from Flood Forum USA to the Sunrise Movement and the push for a Green New Deal. May this be the biggest news of 2019.

Least Important: I am a little bit Antarctic-obsessed right now so my least important story comes from the deep, deep south. Remember the rectangular iceberg that broke off from the Antarctica? I mean, the grounding line of Thwaites Glacier is withdrawing destabilizing the entirety of the West Antarctic Ice Sheet (which could contribute as much as 15 feet to global sea levels) and yet instead of talking about this we obsess about the geometry of a “photogenic” iceberg.

Elizabeth Rush is the author of Rising: Dispatches From the New American Shore. She teaches creative nonfiction at Brown University.

Mallika Rao

The sound of her testimony felt bigger than the moment.

Most Important: This year Christine Blasey Ford testified openly on a hidden secret, that women are both systematically mistreated and expected to hide their requisite traumas for the good of all. Whatever the outcome and whatever the messed-up reasons it took her to be the one who actually (sort of) got heard, the sound of her testimony felt bigger than the moment.

Least Important: Both important and not: Crazy Rich Asians was historically momentous—its revolution is written in the faces of its stars. But the actual movie was not only tedious but questionable in the matter of the value system and racial hierarchies it upholds, not befitting of the momentousness of its all-Asian cast imo!

Mallika Rao is a writer covering identity, culture, art, and dislocation.

Maria Bustillos

This year’s event was distinctively un-cozy.

Most Important: Newly elected members of Congress were paid to visit Harvard for a traditional ”orientation“ led by lobbyists and business leaders in December: “Congresspersoning 101,” as it were. But this year’s event was distinctively un-cozy. Representative-elect Alexandria Ocasio-Cortez demanded to know why no labor leaders had been invited, for example, among several exhilaratingly feather-ruffling incidents.

Not Even Important: The volatility of cryptocurrency prices is forever heralding the demise of public blockchains. But speculative activity has nothing whatsoever to do with the lasting value of this technology. Like the first internet, blockchain will take a long time to reach widespread adoption, but only real digital totalitarianism will shut it down.

Maria Bustillos is editor of Popula.

Chen Qiufan

The futures depicted in science fiction are perhaps only a step away from being realized.

Most Important: A Chinese scientist claims to have made the first genetically edited babies.

He Jiankui’s claim, beset by questions and doubts from the moment it was made, led to an initial burst of nationalistic celebration in the state media before being ignominiously denounced as “the darkest stain upon the history of human scientific exploration” in a protest letter signed by 122 Chinese scientists. It became the topic of debate among the intelligentsia and the common public alike: the potential benefits and dangers of genetic editing, the gaps in the country’s review mechanism for scientific experiments, the ethical challenges of technological revolution, and the commercial and academic backdrop of He’s opportunistic behavior.

Though the experiment won’t usher in the dystopia of Brave New World, it is a warning for many that the futures depicted in science fiction are perhaps only a step away from being realized in our daily lives. Rather than fear and anxiety, it’s wiser to be prepared for the future, both in our emotions and our knowledge.

Least Important: All the rumors and news around the disappearance of the famous Chinese actress Fan Bingbing.

Fan had roles in X-Men and Iron Man as well as branding deals with Louis Vuitton and Mont Blanc. Starting on June 2 and for a hundred days thereafter, she disappeared from public view. The media breathlessly reported on her unexplained absence, and rumors swirled of a government investigation. In the end, the authorities accused her of dodging taxes and fined her nearly $70 million in October. Fan came back and publicly apologized. She’s not the first one, and she definitely will not be the last one.

Chen Qiufan is a Chinese science fiction writer, author of The Waste Tide, scriptwriter, and tech startup CMO.

Credit: Hilde Skjølberg (detail)

Alice Wong

I experienced firsthand so-called woke environmentalists dismissing my concerns.

Most Important: Plastic straw bans across cities in the United States. When Starbucks announced this summer the elimination of plastic straws in its stores by 2020, it was lauded as a great example of corporate social responsibility. Cities across the country began to pass ordinances and banning plastic straws such as Seattle, San Francisco, and Portland, with many other cities with proposed legislation in 2019. These changes were spurred by campaigns that framed plastic straws as killers of sea turtles and created a false binary of good and bad consumers. This erased disabled people who need plastic products for their everyday activities such as drinking and eating. On social media, I saw a lot of disabled and chronically ill people share their stories on why plastic straws are a form of accessibility and how they will be adversely impacted by these bans.

I use plastic straws when I’m out at a cafe or restaurant and I use plastic tubing for the ventilator I use to breathe. I experienced firsthand so-called woke environmentalists dismissing my concerns and presuming that our needs and critiques were less important than the goal of zero waste. This year disabled people spoke out and wrote op-eds and essays about the intersections of environmentalism and the ableism. This issue highlighted the exclusion of disabled people in all kinds of campaigns, activism, and policymaking and it was a thrill to see the disability community advocate strongly on these issues and engage in advocacy at the local level and in the media.

Least Important: Plastic straw bans across cities the United States. I didn’t expect to spend so much time participating in the Great Straw Ban Debate of 2018 but it was an opportunity to share my story and contribute to the public conversation that initially completely overlooked communities most impacted by the bans. As states and cities continue to pass straw bans, I am continually flummoxed by these bills that address a small percentage of plastic pollution globally. These bans have an appeal to the public because most see them as wasteful and frivolous products they can do without. I care about the environment too and try to reduce my consumption, but legislation that doesn’t consider the needs of marginalized communities at the outset is trash.

Alice Wong is the Founder and Director of the Disability Visibility Project and editor of Resistance and Hope: Essays by Disabled People.

Ernie Smith

The removal of net neutrality will be seen as a grave mistake.

Most Important: When we look back, 2018 will likely be seen as the year that the regulator finally caught up with the internet, for good and for bad. In the US this year, net neutrality went through the motions of a conservative administration and finally received the rollback that big telecom has been pushing for years. (Fun fact: Jessica Rosenworcel, probably the most level-headed commissioner the FCC has, is the sister of the drummer for the band Guster.) And in the European Union, the General Data Protection Regulation went into effect with eerie timing—as the name Cambridge Analytica entered the lexicon, showing that companies like Facebook and Google needed some kind of control on their data-siphoning conduct. In five years, we’ll probably look at GDPR as a landmark of internet policy, but the removal of net neutrality will be seen as a grave mistake.

As we close out this year, I worry that regulatory issues will start to directly impact how we communicate online. In the US, the Fight Online Sex Trafficking Act (FOSTA) and the Stop Enabling Sex Traffickers Act (SESTA) were the first successful attempts at rolling back the safe harbors that digital platforms have long enjoyed—and might have played a role in Tumblr’s sudden shift toward irrelevance. Next year could offer up another big regulatory surprise from the EU, as it threatens to put a YouTube-style copyright filter on every big platform. There’s still time in the latter case; if you’re in the EU, speak up.

These pieces of internet policy are knowingly obscure, just as prior policy attempts at digital regulation, like the Stop Online Piracy Act and the Communications Decency Act, were. But the problem is, the internet is more fundamental to our culture now than it was even five years ago. The regulators need to go after the platforms to make sure they’re playing fair and keeping users safe——but it can’t come at the cost of the average person, whose freedom to create makes the internet worth saving.

Least Important: The revelation that Jack Dorsey uses a smartphone to run two public companies, and doesn’t own a laptop? That’s up there, and I should know, as I run a site that purposely covers unimportant things. We get it, Jack—you’re immune to the kinds of digital addictions that your own services enable. You know who else probably doesn’t use a laptop? I won’t say his name out loud, but he’s probably watching Fox & Friends right now.

Ernie Smith is the editor of Tedium, a twice-weekly newsletter that hunts for the end of the long tail.

Margaret Howie

Here’s to a species with a lousy sense of long-term planning.

Most Important: While we’re squabbling over borderlines as if they’re something that we can fuck, coastlines are eroding into the boiling sea. Treaties and emissions targets have been hand-waved aside, so as a species we’re facing climate change by giving up drinking straws. Ruining bubble tea as well as the liveable climate at once: Here’s to a species with a lousy sense of long-term planning.

Least Important: Protracted displays of despair, like mine above. Every generation has seen down a threat of annihilation—nuclear war, Nazism, the vapors—and has managed to hold it together to shuffle on to the next disaster. The dumpster fire gifs are growing cold. Despair is unsexy and gets nothing done, and moratoriums on celebrations (or on fighting! We’ve gotta keep bickering or our blood will run cold) are just as short-sighted. We’re a species with an innate need for dancing, too.

Margaret Howie has a newsletter called Three Weeks and is aggressively pro end-of-year lists.

Samantha Allen

I worry that the next generation won’t be able to find themselves like I did.

Most Important: FOSTA-SESTA and the death of the queer internet. As a transgender woman who grew up in a Mormon household in the 1990s, I needed the internet. It was a portal for self-discovery—a gateway to information that would have otherwise been inaccessible. (Like, before I got online, I was using the Dewey Decimal System to find obscure German sexology tomes in my school library.) Thanks to the ripple effects of restrictive legislation ostensibly aimed at ending sex trafficking—but actually targeted at online sex work—the queer internet that saved my life is dying. Tumblr is banning NSFW content—and taking a lot of LGBT content with it. Facebook has barred discussions of “sexual preference.” If it wasn’t clear before 2018, it is painfully obvious now: Sex workers and queer people are in this together. I worry that the next generation won’t be able to find themselves like I did.

Least Important: Anything Donald Trump said while standing next to a helicopter.

Samantha Allen is the author of Real Queer America: LGBT Stories From Red States.

Credit: Hilde Skjølberg (detail)

Zoe Samudzi

Our growing sense of nihilism could be harnessed into something politically beautiful.

Most Important: Paradoxically, I think our growing sense of nihilism could be harnessed into something politically beautiful. As we barrel toward the environmental “point of no return”; as our engagements with white “demographic anxiety” caused by multiculturalism-cum-white genocide and the so-called migrant “crisis” brings us face to face with fascist flirtations; as absolutists still vehemently defend doublespeak-y “free speech” and rarely the targets of violence-inciting words; as it seems like our worlds are collapsing into themselves like dying stars, perhaps we can find some semblance of hope in the collective acknowledgement that we’ve both so much and so little to lose. Perhaps we proactively mobilize in anticipation of some devastating soon-to-happen event (like Brett Kavanaugh’s Supreme Court confirmation) rather than after it. Maybe we prefabricate a plan instead of scrambling to recover as we careen from one inevitable political, social, or environmental disaster to the next.

Without betraying my characteristic cynicism (or legitimizing accelerationism), maybe the accidental blessing of an honest and earnest evaluation of the crisis moment that was the entirety of 2018 is the clarity accompanying the urgent epiphany of needing to do something dramatically different. And we can.

Least Important Most Frustrating: Representation, dialogue, visibility, “equity and inclusion,” diversity, intersectionality, decolonization have been turned against the people and turned into bludgeons. To quote Jamie Tyberg paraphrasing someone else (I’m unsure who): “We can’t speak truth to power, we have to destroy power.”

Zoé Samudzi is a freelance writer, photographer, and doctoral student in sociology.

Ken Liu

Our future as cyborgs is often portrayed through a dystopian lens.

Most Important: In November 2018, a team of researchers published a study documenting the first successful trial of paralyzed patients operating unmodified commercial computers (in this case, Android tablets) through a brain-computer interface. Essentially, an array of electrodes implanted in the motor cortex allow brain signals to be extracted and decoded so that the user can control a cursor on the screen to carry out basic computing tasks. With the aid of this technology, participants, who could not use these tablets unassisted before, chatted and wrote emails, played music, expressed themselves, researched topics of personal interest on the web, and described the experience of operating a tablet directly with their brains as “second nature” and “very intuitive.”

There is much to celebrate here about the potential to improve the lives of the paralyzed, but it’s also milestone in our species’s relentless march toward augmentation by integration with our technology. Our future as cyborgs is often portrayed through a dystopian lens, but results like these remind us of the wonders and beauty of that vision as well.

Least Important: The rollout of GDPR. We’ll see if I’m right in a few years.

Ken Liu is a lawyer and author of The Grace of Kings, translator of The Three-Body Problem and editor of Invisible Planets: Contemporary Chinese Science Fiction in Translation.

Haley Mlotek

We should do what we thought mattered most not because we might die tomorrow, but because we might live.

Most Important: One night in early October a woman I had just met asked what my greatest fear was. This was an abrupt but not unwelcome shift to the conversation. I wanted to answer honestly, but would need a minute to think, I responded, as a way to buy some time. I spent a lot of 2018 telling my friends something that wasn’t morbid but not exactly life-affirming: We should do what we thought mattered most not because we might die tomorrow, but because we might live. For, like, a long time. I explained that to her and said in retrospect it seemed regular morbid. I was most afraid of climate change not because it would kill us, but because we would have to live through it. Also, I told her after we had a moment to reflect, this question feels like a trap. She agreed, and told me if I hadn’t said climate change she would have thought there was something seriously wrong with me.

Least Important: Calls for “civility,” whether in customer service or conversation, have to be one of the stupidest things from a very stupid year. Confusing social conditioning for intellectual discourse—the ability to make small talk offered as proof that any difference can be, if not overcome, than at least ignored—is neither compassionate nor clever. It just means you have manners and no scruples, that you are more concerned with etiquette than morality. It’s not done in good faith, and does not make for good journalism! Can you believe people get paid to write this stuff? I’ll tell Bari Weiss what’s wrong with her for free.

Haley Mlotek is a writer in New York.

Alicia Eler

SLOTUS’s book is pure Pence propaganda under the guise of a benevolent wallflower rabbit.

Most Important: Democrats took back the House.

Least Important: Second Lady Karen Pence, whose acronym is actually SLOTUS (let that sink in for a minute), and her daughter Charlotte Pence, released the children’s book, Marlon Bundo’s A Day in the Life of the Vice President. It follows their black-and-white pet rabbit, Marlon Bundo, as he follows ”Grandpa Mike Pence“ around the White House. SLOTUS’s book is pure Pence propaganda under the guise of a benevolent wallflower rabbit.

Alicia Eler is Visual Art Critic/Reporter at the Minneapolis Star Tribune and author of The Selfie Generation.

Rachel Vorona Cote

A white, heterosexual man of Kavanaugh’s privilege was baffled by the task of accounting for himself.

Most Important: Brett Kavanaugh’s appointment to the Supreme Court of the United States.

On Oct. 6 of this year, I headed to Capitol Hill to stand in protest as Brett Kavanaugh, a man accused by multiple women of sexual assault, was confirmed as a Supreme Court justice. I had no hope of a better outcome, and I was wild, nearly desperate, with fury over what I had feared was a foregone conclusion. Despite Dr. Christine Blasey Ford’s elegant and brave testimony before the Senate Judiciary Committee and despite Kavanaugh’s own blustering and unhinged display, the United States Congress appointed as its newest interpreter of the Constitution a flagrantly partisan man of distressingly volatile temperament with, according to significant evidence, a ghastly past of sexual abuse. I was struck by how a white, heterosexual man of Kavanaugh’s privilege was baffled by the task of accounting for himself, and by the prospect that he might not be handed what he regarded as his due. And I grieved for what his appointment meant: the likelihood of some acutely regressive Supreme Court decisions—and the bald fact that this country’s hatred of women is no less virulent than before. Most likely, as #MeToo has called comparatively few men to justice, that vitriol has been stoked anew.

There was nothing I could do on Oct. 6 besides stand before the Capitol and consider the lie of that mighty building’s grandiosity. But I stood there all the same. I demanded to bear witness.

Least Important: The New York Times op-ed “I Am Part of the Resistance Inside the Trump Administration.” Oh please.

Rachel Vorona Cote is a cultural critic living in Washington, DC. Her book, Too Much: How Victorian Restraints Still Bind Us Today, is forthcoming from Grand Central Publishing.

Credit: Hilde Skjølberg (detail)

Maximillian Alvarez

Working people are fighting for their place in a world that’s been stolen from them.

Most Important: 2018 ends as it began: with a feeling. Distinct and pervasive. A rising. A boiling, beautiful, frothing, roaring sense that enough is enough. A wave of teachers’ strikes, led predominately by women, beginning with a wildcat in West Virginia and spreading—like spores—to Oklahoma, Colorado, Arizona; an International Women’s Strike; McDonald’s workers fighting back against “rampant” sexual harassment; hotel workers picketing around the country; unionization pushes from adjunct professors and graduate student-workers, tech workers, service workers, Uber drivers, supermarket workersYellow vests bringing the sun to the streets. Working people are turning to each other, crawling from the crevasses of forgottenness, and fighting for their place in a world that’s been stolen from them.

Least Important: 2018 was—as is every year—the year of the economy. Ten years after the financial crash, every day has been a swarm of mystified praise and self-serving proclamations about an economy whose “booming” booms without us. Every day has been a harried race between pundits, politicians, and executives to ascribe fault or take credit for the misunderstood, erratic movements of this great, big nebulous thing that only makes money for a small class of people at the expense of the rest of us who are finding it harder and harder to get by. What good has that done for workers? How important has this “booming” been to us?… Also, Elon Musk is pointless.

Maximillian Alvarez is a writer and graduate student-worker living in Michigan. He’s a columnist at The Baffler and host of Working People, a podcast by, for, and about the working class today.

Lucia Graves

I don’t believe even Adam Smith could say with a straight face that impending climate apocalypse is best staved off by the invisible hand.

Most Important: It isn’t terribly original but I think it’s worth stating all the same that the increasingly rapid destruction of the only planet in the universe where humans have ever to our knowledge managed to live—that that, yes, is probably cause for concern. I might even venture to say, speaking from the highly narrow (inter-planetarily-speaking) perspective of a lowly terrestrial, that it’s the most important story ever.

A new United Nations report found that just another half degree Celsius of warming could expose tens of millions worldwide to life-threatening floods, heatwaves, and food shortages. Domestically, impacts of climate change have already arrived. Tangier Island is sliding into the Chesapeake Bay, Louisianans are watching their communities succumb to ocean, Puerto Ricans have yet to recover from hurricanic devastation, and California is continually up in smoke.

Reports this month out of climate talks in Katowice, Poland, played up how corporations have stepped forward to fill the leadership void left by government—and the void is real, with respect to the US especially. But I don’t believe even Adam Smith could say with a straight face that impending climate apocalypse is best staved off by the invisible hand.

The momentous things society has accomplished, from ending slavery to women’s suffrage to defeating the Nazis, were made possible by ordinary people working together, and not just on the front lines.

As a journalist I tell myself my job is to describe problems but sometimes, and more often recently, it feels like not enough. I don’t want to be one of those bad self-help books that inevitably end in five bullet points for How You Can Fix Everything Now.

But I do think we owe it to ourselves and to one another to do things we can. And also, crucially, when the time comes, to vote.

Least Important: The least important thing isn’t worth mentioning, of course. Have we learned nothing from Trump’s rise? Oh alligator fur and horse feathers! Look, I’ve mentioned it again.

Lucia Graves is a columnist and features writer at the Guardianand other publications.

Jenny Zhang

Companies are not your friend.

It seems fitting that 2018 opened with the death of the Awl and is now winding down with the closing of Rookie. A lot more happened in between: Lenny Letterended, legacy publications were stripped and sold for parts, digital upstarts flush with VC funding pivoted and missed and ate each other and restructured, AKA layoffs, baby!!!

The consolidation of digital media is not, by most measures, the most important event of 2018—consider climate change, or men continuing to get away with bad things—and may even be considered the least important concern ever by certain swathes of the population. But for me or perhaps you or some other navel-gazing nerds who are in the business of news, it’s impossible to stop thinking about amid headlines and push alerts—wondering which publication will falter tomorrow, how many freelancers are met with lower rates, who are the ones who can afford to stay and who are driven out?

If 2018 has crystallized the volatility of this industry, it has also crystallized the knowledge that companies are not your friend, and that collective bargaining is one of the few rocks standing between exploitation and fair treatment. Faced with an industry that is somehow simultaneously shrinking and scaling, propped up by precarious investor funding, the whims of benevolent billionaires, and moneyed readers who could vanish with the next recession, more and more journalists are all in on unions, seeking through strength in numbers to address historical problems like job insecurity, wage gaps, and lack of diversity. In 2018, the staffs of such publications as the New Yorker, Slate, Fast Company, and New York voted to unionize, following the likes of Gawker, VICE, HuffPost, Vox Media, and more. They will not be the last newsrooms to do so—maybe this promise, more than the overwhelming sense of “lol we’re fucked,” is the most important of 2018.

Jenny G. Zhang is a writer and editor in New York. Her day job is growing audiences and getting that sweet, sweet traffic for Slate; on nights and weekends, she continues dicking around on the internet, forever.

Uri Bram

I don’t know if that should make me feel better or worse.

I’m pretty sure the most important thing to happen this year was something I didn’t even hear about—some innovation that resulted in a two-percent improvement in the yields for rice, or the addition (or removal) of some chemical that nobody knew was harmful from some product that billions of people use every day.

The least important things to happen include all of my problems and everything I worried about. I don’t know if that should make me feel better or worse.

Uri Bram is CEO of The Browser.

Why ‘Knowing More Up Front’ Means Knowing Credit Unions’ Digital Future – PYMNTS.com

It may come as no surprise to readers that, when asked about what influences the use of one payment method over another, credit union (CU) customers said it comes down to convenience and security. It’s an interesting outcome, PSCU’s Chief Risk Officer Jack Lynch noted, since those two preferences have historically been in conflict.

“It is almost like both sides of their brains are telling them conflicting things. I don’t want to experience any friction, but I want full security,” he said.

It’s a challenge, PSCU CMO Tom Pierce agreed, that credit unions have no choice but to address going forward, because customers simply expect both. Looking at the results of the CUs recently commissioned Eye on Payments study, consumers expect more heading into 2019, and meeting those expectations will be about more than advanced technology alone. Satisfying consumers will be about leveraging technology to “know more up front,” and using that data to both protect consumers and customize their experiences.

Making Security Stronger And More Subtle

For all the benefits of the digital age, the endemic breaches have made up one particularly glaring cost. Pierce said the consumer data shows that 13 percent of credit union members have been a victim of card fraud, and 4 percent have had their identities stolen in the last year alone.

Moreover, Lynch told PYMNTS, the fraud is coming across on all channels. EMV has seen a lot of short-circuit card-present fraud, but that still leaves phones, web channels, call centers “and even stuff that people don’t think of as often, like loyalty programs and points exposed.”

In the past, the typical “go-to” was to add more touchpoints for consumers to authenticate their identity. Today, in a post-data-breach world, that approach isn’t very useful. First, Lynch noted, there is a good chance the fraudster imitating a consumer knows more about them than they do. Second, at some point, consumers don’t want an authentication process that involves answering “six identification questions and sending along a DNA sample.”

Instead, he noted, the goal is to find ways that are better at authenticating customers without slowing down their commerce processes.

“For a simple example, one of the technologies we put into place examines incoming phone calls based on 1,300 different characteristics, including things like analyzing the background noise pattern to determine what network the phone call is coming in from,” Lynch explained.

That tech can “see” if a call looks like its signal is bouncing all over the world and coming in from a burner phone that is on the wrong network. That call can be routed directly to the security team. However, for the call that comes in from the right number, directly from the right zip code, that customer can much more easily be waived right to the customer service associate without being forced to answer redundant security questions.

Building On The Relationship Of Trust

In general, credit unions have strong relationships of trust with their smaller and more local customer bases — often, Pierce said, to an even greater degree than what customers reported with their banks.

That trusted relationship is a crucial feature as credit unions expand their offerings for consumers, because building it out and offering it up isn’t enough to persuade consumers to do something new and different. Mobile payments, he noted, are a good example. PSCU data showed that one third of respondents currently use digital payment methods, while 38 percent cited concerns about security as a reason for not using them.

“In many cases, these mobile payments are backed by the same cards they are using in stores,” Pierce said. “So, they are just as covered by fraud liability. But if consumers think they are vulnerable, they will use the thing they know to be safe, which is cards.”

Cards aren’t only perceived as safe, he explained, but as reliable, too. Surveyed consumers noted trying mobile payments and ultimately giving up on them after experiencing a few failures at the point of sale, and decided they preferred their always-functional cards, particularly in-store.

However, credit unions also have a unique ability to make inroads with their customers when it comes to new services because they tend to interact with members more often in physical branches.

“I think there is an education opportunity [with the physical branch],” said Pierce. “Most consumers haven’t used a mobile payment form at the point of sale yet. They are using cards. [The] opportunity [for] the credit union is to educate its members on the safety and security of the mobile transaction.”

Moreover, the executives noted, consumers of all age demographics both like and are comfortable with card payments. In addition, with the emerging pull toward contactless cards, it is possible that consumers may decide there isn’t enough additional convenience or benefit to the phone as a physical payment form factor — and that the real focus of mobile digital transactions will be in app-based payments.

“What we are seeing a clear preference for, particularly among millennials and Generation Z customers, is a robust digital and mobile banking platform,” Pierce continued.

According to the data, these customers, more than any other demographic group, are looking to mobile banking apps as their central hubs for monitoring financial activity. Moreover, particularly among Gen Z’s up-and-coming consumers, there is an additional push for financial management and guidance services if those services are available digitally through their credit union’s mobile banking platform.

The data also showed that rewards were a strong draw, with 93 percent of CU members receiving some type of reward when they used their credit card, and a majority of users in all demographics reporting that rewards were a strong driver in deciding when and how to use credit.

“What we are also hearing is that what consumers want is more choice around how they can use those rewards,” Pierce said. Instead of choosing between getting cash back, points or travel rewards, he noted, consumers want to be able to vary and focus their rewards based on needs, circumstances and preferences.

Meeting those needs, while keeping transactions safe, is an evolving work in progress. Yet, it is work that credit unions can’t shrug off in 2019 and beyond, Pierce added, because it’s what consumers want, and what those credit unions that want to remain competitive will have to offer those consumers to attract and keep them.

“The largest banks in the world are investing tens of millions in enhancing their digital banking experiences,” Pierce said. “Credit union customers value the [personal] in-branch experience, but they are still expecting a state-of-the-art digital banking experience. The credit unions today will have to invest more to keep up, or risk seeing that relationship with their customer diminish or disappear.”

——————————–

LATEST INSIGHTS:

Our data and analytics team has developed a number of creative methodologies and frameworks that measure and benchmark the innovation that’s reshaping the payments and commerce ecosystem. Check out the latest PYMNTS report on how QSRs are doing when it comes to innovation.

Every Entrepreneur Must Make These Investments To Reach The Next Level In 2019 – WeeTracker Media

There’s no intention to make it look like so much of a biggie, but the truth has to be said. 2018 is fast-ending, and once the New Year begins, umpteen entrepreneurs will be looking to break into markets, expanding and all sorts of 2019-is-the-year kind of business moves. There’s no doubt that the African economic ecosystem will have to make room for more entrepreneurs because this year could have been for some a water-testing period, as they would want to call on all forces necessary just to get to the top of the startup chain.

But before you take that quantum leap in 2019, perhaps taking a look at which sectors made the most millionaires this year could ultimately make even the tiniest step you take make your to-be company’s revenue looking like a premium phone number.

While the term “millionaire” has taken on a whole new meaning on the continent, you shouldn’t just be all excited about the money. Being successful is all about making an impact – and there’s no way you can make an impact without being a millionaire.

Looking to create values that would touch and better the lives of people? Then these impact entrepreneurship sectors may be the best for your startup.

Drones

Image courtesy: ABC News

While a marine lecturer from the University of Ghana uses drones to monitor Ghana’s eroded coastline and looks to bring solutions to the challenged Fuvemeh people, Africa is cashing in big on the industry of these devices.

Drones are no longer just the classified tools used to chase terrorists and take breathtaking high-altitude snapshots. They’ve gone from that to find versatile and impactful roles in Africa, helping from logistics and farmland management to humanitarian deliveries and conservation support.

Rwanda’s Zipline is a drone delivery startup that distributes blood and medical supplies in the country, which has seen successful pilot operations that are making its expansion into Tanzanian territory possible and a necessity.

President of the African Development Bank (AfDB) said in August that future farmers would sit in their homes and use drones to monitor their farms. While this is largely true, Ivorien Investive Group, an agritech startup is already helping in fulfilling this prophecy by using drones to help farmers conduct pre-activity studies on their farms and harvest forecasting with the aim of optimizing production.

In 2015, Maisam Pyarali alongside five peers built a drone to help Tanzanian farmers monitor their crops. Aerobotics in South Africa is a startup that uses drones to provide bird’s eye surveillance for farmers to provide essential data that can boost crop yields by up to 10 percent. This drone services now operates in 11 countries including the United States, the United Kingdom, and Russia.

Sudan’s Massive Dynamics develops drones that can plant trees all by automation. The first breakthrough invention is being used to plant Acacia trees from the sky. While South Africa’s Rocketmine uses drones in the mining industry for data collection, Cameroonian Drone Africa builds drones that could be used in gas mine detection to reduce the risk of accidents, and then Panmarine Technology is solving the problem of waste and chemical hazards by collecting both with drones from canals and ports. While this set of drone startups are impacting climate and environment, others are making significant strides in warehousing, media, natural disasters, archaeology, and others.

The African drone industry is yet new and emerging, but relatively so. With a wide range of possibilities for this millennial technology, Africans could have, today, entrepreneurs to thank for a continent where ease-of-doing-things is the culture. And, with thanks comes revenues.

Waste Management

Image result for waste

image courtesy: The British Mountaineering Council

Garbage and scrap are no longer useless, despite the fact that they lie around in streets and constitute a nerve-racking nuisance.

They have nagged along and troubled urban Africa for decades, which led to advertent burning, burying or dumping. But rather than dumping waste in water bodies and clogging them, making rivers and lakes inhabitable for wildlife, perhaps a business idea could suffice and make an impact.

No, not perhaps. More than 80 percent of the continent’s waste ends up as landfill, and given the rising nature of Africa’s population, it won’t be long before the waste problem would become a full-blown disaster.

Speaking of impact, clean-tech startups are on the rise, armed to the teeth to combat Africa’s waste problem, impact the lives of Africans and cash in on what the sector has to offer – and so far the withdrawals have been big. I love clean-tech because it is one of the few business ideas that don’t quite require capital and sourcing of expensive materials. As odd as it may sound, waste is free, and raising millions from it is more or less free money.

In South Africa, it’s a different ball concept in that it entails converting waste into animal feed. AgriProtein grows maggots from waste collected from a variety of markets, household and business. The company processes the life forms into highly nutritious protein supplements that have all the characteristics of a fish meal animal feed. This company has raised up to USD 30 Mn in funding, which makes it one of the best-funded insect farming businesses known.

In Ethiopia, it gets even more interesting as the Repi Waste recycling factory is converting waste to electricity. While such a solution is quite shocking (pun very much intended), this Addis Ababa-based company is producing 50 megawatts of electricity from across the city that is expected to supply 3 million homes while also significantly cutting down on carbon emissions. In Ghana, Accra’s very own Makafui Awuku is churning out wonders from plastic waste. The wastepreneur built a Christmas tree from plastic bottles, makes dustbins, sandals and other artifacts strictly from waste.

While we’re busy soundly sleeping, recycling and upcycling are going on in many pockets and saving the African environment. As World Bank has said that the 62 million tons of waste generated in Africa per year is going to double by 2025, the likes of Andrew Mupuya, Lorna Rutto, and Bilikiss Adebiyi Abiola are turning the million tons of waste into millions of cash, perhaps also hoping to double their own revenues by 2025, or sooner.

Uganda’s Andrew Mupuya, around the period the country’s government wanted to ban plastic bag use, started producing paper bags from waste. While earning the moniker Paper Bag Emperor for himself, the entrepreneur produces 20,000 of these items weekly, employs 20 people and has a clientele of more than 70 consistent customers. Even more, he took home USD 30 K as the winner of the Anzisha Prize for African innovation in the wake of social challenges.

Lorna Rutto collects Kenya’s plastic waste and manufactures commercially viable, highly durable and environment-friendly fencing posts across the country. These posts are used in houses and forest reserves, and the use of a 20-ton approximate of plastic waste to make tree-saving products has made the young lady create more than 300 jobs. Today, her company boasts as much as USD 150 K in annual revenue. As for Abiola, she is the co-founder of WeCylers, a Nigerian social enterprise that uses low-cost cargo bicycles to provide convenient waste collection and recycling services to households across Lagos and Nigeria.

Affordable Real Estate

Image result for Affordable Real Estate

Africa is in the thick of the world’s rural-to-urban migration as has been noticed over the past few decades.

In the search for greener pastures and in the bid to join the moving train of civilization, Africans are leaving their villages and looking to start life in urbanities.

It is projected that by 2030, up to 50 percent of Africa’s populace would be living in towns and cities. Despite the fact that we are aiming for an all-round developed continent; where nooks and crannies are impacted by innovation and development, urbanization is a great thing.

The question is now is: where will these people live? Will they hang from trees or take up residence beneath bridges? And should the government try to intervene, they possibly cannot build homes at the required pace to meet the real estate demands of the teeming migrators. This is where a solution comes in, and before we could say ‘Jack,’ African enterprises are already raking revenues from urban housing.

In Nigeria, which is Africa’s most populous nation, the housing deficit is estimated at 20 million homes, which is the reason the world’s richest black man, Aliko Dangote has expanded his cement production presence across many countries in the continent. His strides in the cement industry are in an effort to provide building materials which now accounts for a significant portion of his net worth.

But more than conventional accommodation is an interesting trend which entails homes being built from cheap and durable alternatives such as shipping containers. In South Africa where the housing deficit stands at 2.3 million homes, Cape Town-based building contractor Berman-Kalil offers sustainable and affordable housing options which are contrived by converting shipping containers into remarkably creative residential and office accommodation, doing so at half the price of contemporary housing costs. In Kenya, Denise Majani is also tackling the same problem in the same way.

As for money raised by real estate startups to combat housing problems in Africa, there is a numerousness of them. Egypt’s iCommunity raised USD 600 K Series A from Algebra Ventures in October, S.A’s HouseME landed a multimillion-rand deal this December and Egypt’s Aqarmap secured investments from a trio of investors in September among others. Investors have shown real interest in Africa’s housing developments as they have focused on the elite premium segment of the market.

Food and Agriculture

Image result for agribusiness

Image credit: Agribusiness

Based on how extensively informative this article is, you may have gone to your fridge to grab a snack. While that is entirely normal, it yet buttresses the inoffensive fact that the continent is filled with hungry people.

No matter what, we will always eat. Across the world, agriculture is big business, and most farmers are financially well-off. According to the United Nations, Africa’s agribusiness industry is expected to be worth USD 1 Tn by 2013. Being that the continent has a vast domestic market, owns some 60 percent of the world’s unused arable land, with abundant labor sources and a favorable climate in most parts, the projection makes complete sense.

African entrepreneurs may not be cashing in so big on this yet because the continent still spends more than USD 30 Bn on annual food imports. A massive chunk of the challenge is that the more substantial part of Africa’s food is being produced by rural-based smallholder farmers who use crude implements and have limited access to substantial capital.

But that is not the end of the road for the African food business, because there’s such a thing known as crowdfarming. It is the term used to describe a situation where different people pool funds together, invest in these rural farmers and take shares of the profits at harvest time. That is a significant boost for food production, and it would as well cut down Africa’s food import bill while making more money for both the investors and farmers.

This transforming trend is what agritechs such as FarmCrowdy and ThriveAgric are capitalizing on to enable working-class and even the average Nigerian crowd-sponsor farming projects and earn a share as ROI come harvest time. FarmCrowdy raised USD 1 Mn last year from United States investors to expand its operations.

Ari.Farm in Somalia is doing the same thing by creating an online marketplace and crowdfarming platform that makes it easy for investors from across the world to play in the Somali livestock market.

In South Africa, Livestock Wealth helps investors own pregnant cows and track them through a mobile application. When the birthed calf reaches seven months, it is sold to a feedlot or slaughterhouse and the proceed from the beef belongs to the investor. This December, Kenya’s Twiga Food secured investment worth 10 Mn to scale its operations. As Africa’s population doubles over the next 3 decades, agribusiness opportunities multiply alongside, and a league of millionaires is likely to be produced from the continent’s agribusiness industry.

Urban Logistics

Image result for logistics

image courtesy: Michigan State University Online

Being that the future of Africa majorly lies in the cities, it’s probably safe to say that by 2030 up to half of the continent’s 1.4 billion people would be dwelling in the urbanites.

There are currently around 60 cities on the continent, each with a population of well over 1 million. Lagos alone is occupied by 21 million inhabitants, Kinshasa has 11 million and 19.5 million roam Cairo – these three cities are at the top of the African cities’ population pack.

With these swarms of people, which will likely double by 2030, one of the most serious challenges – which appears to be developing into an unnatural disaster – is congestion. Most African cities don’t yet have adequately diversified transportation systems, which makes going around towns for business and many other things hectic, and in some cases, a very frustrating endeavor. This makes up a load of logistics nightmare frustrating consumers and entrepreneurs alike, and that is why – thankfully – some African enterprises are already ‘getting their gear on’ to tackle this problem.

In Kenya, a startup known as Twiga Foods is leveraging technology to pool orders from a several of urban retailers, advertently saving them the stress of going to the market – by delivering these food items to their doorsteps. Twiga is now the largest distributor of a variety of basic food staples in Kenya, having raised USD 10.3 Mn in 2017 from international investors and secured USD 2 Mn in grants from USAID and the GSMA.

This December, the company raised USD 10 Mn from a round led by The World Bank’s International Finance Corporation (IFC), TLcom and the Global Agriculture and Food Security Program. The startup was founded in 2014 by Grant Brooke to link smallholder farmers in rural Kenya to informal vendors in cities, ordering fresh produce from farmers across the country at competitive prices. In Nigeria, MAX is tackling the same congestion problem in a different way – providing last-mile delivery services and on-demand motorcycle courier services for clients who have critical deliveries in need of beating the notorious Lagos traffic.

Across African cities, ride-hailing services such as Uber, Taxify, Awabike, Gokada, and Lyft are providing affordable cab pick-and-drops at different locations. More of these are surely going to emerge in the coming year, all looking to reap the fruits of Africa’s hippy cities. In December alone, Egypt’s Buseet raised a seed round extension, Nigeria’s trucking logistics startup Kobo360 raised 6 Mn, Egyptian Halan closed a Series A and Swvl scored around believed to be ‘tens of millions’. It is all in the ultimate game of cashing in on Africa’s big transport challenge, as even flying cars will soon be in the picture.

As we progress, more entrepreneurs will devise ways to outsmart the complex issues and bottlenecks in the logistics of African urbanities. In 2019, it may likely be the continent’s most promising business opportunity.

This list is –actually – endless, and it may likely continue soon. But for the meantime, African entrepreneurs should make do with these promising sectors, cash in big and send us their annual revenue reports!

Feature image courtesy: Getty Images

Coinbase: Why It’s Time To Up Crypto’s Digital ID Game – PYMNTS.com

Amidst the growth in number of cyberattacks and security breaches, consumers are growing increasingly concerned over the security of their personal data and privacy. In response, financial services providers and tech giants are looking to develop and implement new identity authentication tools to better protect customer accounts and information.

In the latest Digital Identity Tracker, PYMNTS explores recent identity authentication and verification efforts from around the space.

Around The Digital Identity World

Apple is working to enable ID authentication through its digital wallet for college students.

The company recently signed a deal that allows students at Duke University, the University of Alabama and the University of Oklahoma to store their school IDs on their iPhones. According to reports, students can use Face ID, Touch ID or passcode options to access and authenticate their college IDs, not only to access their university campuses, but to make purchases. Apple said the solution will soon launch at Johns Hopkins University, Santa Clara University, Temple University and some other colleges.

Deloitte, meanwhile, is looking to entice governments with new blockchain-based identity solutions.

The company recently announced that it would partner with identity management platform provider Attest on blockchain-based solutions that address identity related challenges. The new solutions will provide verifiable identities for a wide range of citizens, and are designed to offer more accurate and secure authentication, compared to other forms of identification.

To read more on these headlines, check out the Tracker’s News and Trends section.

How Coinbase Safeguards User Accounts

While Deloitte turns to blockchain, other financial service providers are using two-factor authentication (2FA) to protect accounts and ward off fraudsters. That includes cryptocurrency trading platform Coinbase, which has implemented 2FA for every account on its platform.

In this month’s Digital Identity feature story, B. Byrne, identity project manager at Coinbase, explained how the company keeps cybercrime at bay by ensuring that users can securely manage their cryptocurrencies.

“One thing Coinbase does differently than a lot of other companies is require 2FA for every customer,” he said. “It gives us a really strong base to start from, but it also means we have to do a lot of work to educate our user base and make sure we don’t lock them out of their accounts because they don’t understand 2FA.”

Download this month’s Digital Identity Tracker.

About The Tracker

The Digital Identity Tracker, produced in collaboration with Jumio, is a forum for framing and addressing key issues and trends that face the entities charged with efficiently and securely identifying, and granting permission, to individuals so as to access, purchase, transact or otherwise confirm their identities.

——————————–

LATEST INSIGHTS:

Our data and analytics team has developed a number of creative methodologies and frameworks that measure and benchmark the innovation that’s reshaping the payments and commerce ecosystem. Check out the latest PYMNTS report on how QSRs are doing when it comes to innovation.

Land of the giants – Cybersecurity in 2018 | SC Media – SC Magazine

2018 threw some cybersecurity curve balls but it also looked a lot like 2017…only bigger. Teri Robinson reports.

Once upon a time, a Starwood breach exposed 500 million customers…

$3.2 billion was lost to phishing attacks… 2.3 billion account credentials were compromised… A ransomware attack on the Sacramento Bee exposed the records of 19.5 million California voters. The threat of millions of dollars in GDPR fines loomed large. If ever the story of cybersecurity in 2018 is spun as a fairy tale, it likely would be Jack and the Beanstalk. Fe Fi Fo Fum. Everything this year – threats, attacks themselves and consequences – consistently seemed bigger except, possibly, spending and the pool of qualified cybersecurity pros needed to fill a growing skilled worker gap. Oh yeah, and confidence. That most definitely was in short supply.

Need proof? Nearly two-thirds of respondents in a Ponemon Institute report said they don’t have confidence in their organizations’ ability to prevent serious damage from persistent attackers in their networks.

And a PwC study found that fewer than a third of businesses, $100 million and over, say are very confident that their boards are receiving adequate metrics on their companies’ cyber risk.

Is it any wonder, though? Outsized threats and attacks are both alarming to, and a strain on, security teams tasked with preventing and responding to them.

Cybersecurity issues dominating 2018, unlike Jack’s beanstalk, didn’t just spring up overnight after a few magic beans were tossed out of the window. Organizations have been working on many of them for a long time now – with varying success.

Into the breach

Large data breaches are a perennial favorite so it seemed fitting that the year ended with a couple of whoppers – at question and answer website Quora and Marriott.

The Quora breach, coming after an intrusions by a third party, compromised the data of 100 million users, exposing account and user data, including names, email addresses, user IDs, encrypted passwords, account setting and other personalization data as well as public actions and content, data from linked networks and non-public actions such as down votes.

“At 100 million records the Quora breach likely makes the unhappy list of top ten data breaches of all time,” says Anthony James, CMO of CipherCloud. It is part of a growing issue for security teams. “Mounting evidence points at stolen credentials being involved in the vast majority of breaches, and there is no sign of this trend slowing down,” says Stephen Cox, vice president and chief security architect at SecureAuth.

“Far too many organizations are relying on approaches that have simply been proven ineffective against modern attackers, and they must be careful to not develop a false sense of security even when they’ve adopted basic techniques such as two-factor authentication. These types of breaches will continue to proliferate unless organizations up their game for their employees and their customers.”

Just a few days after the Quora incident, Marriott announced malicious actors spent more than four years inside its Starwood reservation system obtaining access to 500 million guest records that included names, payment card information and other PII, the hotel chain reported today.

The cybercriminals gained access to, copied and encrypted a wide variety of data from guests using its reservation system, the company said. The Marriott IT team only discovered the breach on September 8, 2018 when the cybercriminals attempted to remove data from the U.S. system. This event led to a further investigation which uncovered that the long-running operation had been in place since 2014.

Since Marriott acquired Starwood Hotels in 2016, the malware likely was already in place and not yet discovered prior to the deal closing.

Ransomware is still not dead…

While 2018 saw a resurgence of many of the usual suspects – like Locky – some newer players like GandCrab captured headlines as well.

Breaking from typical ransomware distribution tactics, the attackers behind the malicious GandCrab relied on a pair of exploit kits – RIG EK and GrandSoft EK – to infect unwitting victims. Typically, these kits are served up in malvertising campaigns.

The finding was unusual, as exploit kits are more typically used to deliver downloaders, RATs, cryptominers and other trojans, Malwarebytes explained in a Jan. 30 company blog post.

First disclosed by researcher David Montenegro, who discovered it, GandCrab originally displayed a ransom note that says, “Welcome! We are regret, but all your files was encrypted!” The ransomware also allows victims to test-decrypt one chosen file from their PCs, as proof of legitimacy.

Adding to its quirkiness, GandCrab demands payment using the cryptocurrency Dash. “This is another sign that threat actors are going for currencies that offer more anonymity and may have lower transaction fees than [Bitcoin],” the Malwarebytes post says. Also notable: GandCrab’s server is hosted on a .bit domain, which exists outside of the normal ICANN-sanctioned Domain Name System and is instead served via the cryptocurrency Namecoin infrastructure.

GandCrab uses an RSA algorithm to encrypt victims’ files, generating the public and private keys on the client side and demanding ransoms ranging anywhere from $600 to $700,000. So far, the ransomware has evolved into five major versions and decryptors are available for several of them.

GandCrab wasn’t the only newcomer, though. If ransomware 2017 was defined by WannaCry then 2018 was the year of SamSam, which cut a relatively wide swath across the world with at least 67 targets, 54 in the U.S., being struck in 2018, according to a Symantec report.

Despite such high-profile incidents affecting the city of Atlanta, the Colorado Department of Transportation and the Port of San Diego, the largets number of victims, 24 percent, were in the healthcare field, Symantec reported.

Meanwhile, the press, public sector and municipalities only accounted for four percent of the attacks each. Manufacturing, utilities/energy, construction and insurance firms each garnered six percent of the strikes, while banking and finance were each hit seven percent of the time. Education and professional services five percent each, with the remaining 31 percent of the attacks not being classified.

SamSam proved to be a thorny challenge for security teams. It is atypical of ransomware attacks in that its entire attack process is manual, Peter MacKenzie, global malware escalations manager working in Sophos Technical Support, told SC Media during the Black Hat 2018 show in Las Vegas.

Grammatical errors were a clue that the attackers likely didn’t speak English as a first language, the attacks didn’t rely on the typical badly worded spam email with an attachment.

Instead, the attacks were old school, using “tools that attempt as many logins as quickly as the Remote Desktop Protocol will permit,” Sophos said in a report.

Once in, attackers spread the “payload laterally across the network; a sleeper cell that lays in wait for instructions to begin encrypting,” Sophos said.

Because SamSam encrypts document files, images, and other personal or work data, as well as “configuration and data files required to run applications (e.g., Microsoft Office),” Sophos said “victims whose backup strategy only protects the user’s documents and files won’t be able to recover a machine without reimaging it first.”

Early in December, the Justice Department indicted two Iranian men behind the SamSam attacks. Faramarz Shahi Savandi and Mohammad Mehdi Shah Mansouri allegedly “extorted victims by leaving a ransom note in the form of a file on each computer encrypted by SamSam Ransomware,” read the indictment, unsealed a U.S. District Court in New Jersey. “Each victim’s ransom note told the victim that its files were encrypted, told the victim that it would have to pay Bitcoin to get the decryption keys.”

Once the attackers received the ransom, two Bitcoin exchangers, identified by the Treasury Department as Ali Khorashadizadeh and Mohammad Ghorbaniyan, allegedly turned it into Iranian riyals.

Finally, GDPR

Like many college students who cram the night before a test – and some writers who test the limits of their editors’ patience with their procrastination – many companies pushed off GDPR compliance, believing either it didn’t apply to them, it was too costly or overwhelming or they could afford to wait and see just how serious regulators are about admonishing and fining companies who falter on privacy.

That’s likely a big mistake. The European Union spent a lot of time putting together, debating, reviewing and finalizing GDPR, which governs how data is handled, shared and protected, and the organization is not about to abandon its efforts now that the regulation has been brought to bear.

“Regardless of industry, scope or scale, all organizations need to be prepared for these changes and the impact it could have on their business, and should employ a basic set of cybersecurity considerations to defend against today’s growing cyber risk,” says eSentire Founder and Chief Security Strategist Eldon Sprickerhoff.

The new rules give citizens more control over their own private information and it’s intended to give businesses clarity and legal certainty. At the same time, the new regulations also give companies headaches and a fair amount of anxiety. Significant fines for violations – four percent of global turnover – speedy breach notifications loom, and uncertainty reigns over how enforcement might play out. A few organizations, like Facebook after its Cambridge Analytica, are breathing a sigh of relief their transgressions occurred before the rules took effect.

“Regulators say they aren’t hunting for examples, but really they’d like to find a company that served as a good test case,” says Michael Magrath, director of global regulations and standards at Vasco.

Steve Durbin, managing director of the Information Security Forum (ISF), agrees that regulators likely would have set an example with the social media giant, which recently admitted that the data analytics firm Cambridge Analytica broke its privacy and data use policies by gleaning data from 87 million Facebook users without their permission.

The high-profile Uber breach, too, likely would have set regulators’ hair on fire. If GDPR had been in play during the latest Uber hack, the ride-sharing company would have faced stiffed consequences – or maybe it would have chosen a more prudent, secure route by promptly revealing the attack that compromised the personal data of 57 million customers and drivers, and by taking bold steps to mitigate the damage.

GDPR is “designed specifically to deal with such occurrences, says Dean Armstrong QC, cyber law barrister at Setfords Solicitors.

Social media in the cross hairs

The past year hasn’t been kind to social media…not that it should have been. In fact, it peeled back the curtain on questionable practices that compromised security and/or privacy.

Early in 2018, Facebook suspended Cambridge Analytica – the data analytics firm used by the Trump and Brexit campaigns to target voters – for violating its policies when it collected the personal data from accounts of millions of Americans without their permission.

The problem sprang from an app developed by Cambridge University professor Aleksandr Kogan called thisisyourdigitallife that harvested data for the firm, owned in part by hedge fund operator Robert Mercer and once led by former White House adviser Steve Bannon. About 270,000 Facebook users signed up to take a paid personality test through the app. Their data and that of their friends, counting in the millions, was passed along to Cambridge Analytica.

“We exploited Facebook to harvest millions of people’s profiles. And built models to exploit what we knew about them and target their inner demons,” whistleblower Christopher Wylie, who worked closely with Kogan, said then. “That was the basis the entire company was built on.”

By passing along information from users who had not given permission to a third party and then also not properly deleting that data, Facebook said Kogan and Cambridge Analytica broke its rules.

“Although Kogan gained access to this information in a legitimate way and through the proper channels that governed all developers on Facebook at that time, he did not subsequently abide by our rules,” Facebook Vice President and Deputy General Counsel Paul Grewal said in a post announcing the suspension of Cambridge Analytica, its parent Strategic Communication Laboratories (SCL), Kogan and Wylie. “By passing information on to a third party, including SCL/Cambridge Analytica and Christopher Wylie of Eunoia Technologies, he violated our platform policies.”

When Facebook first learned of the violation back in 2015, it removed Kogan’s app “and demanded certifications from Kogan and all parties he had given data to that the information had been destroyed,” Grewal wrote. “Cambridge Analytica, Kogan and Wylie all certified to us that they destroyed the data.”

But apparently that was not the case and Facebook “received reports that, contrary to the certifications we were given, not all data was deleted,” Grewal said.

After Facebook took a pounding for its lax policies, the company hustled to restore trust. The social media giant’s first step was banishing the major players associated with the data analytics firm, followed by a mea culpa from CEO Mark Zuckerberg, then an expansion of its bug bounty program to include data misuse by app developers and raising the strength visibility of its privacy tools.

The increased scrutiny on Facebook bled over to other social media platforms as well, spawning ramped up vigilance in protecting user data.

Open buckets everywhere

The development environment was also in the hotseat after misconfigured servers exposing critical information began to trend on the internet. In fact, they were all the rage. In Tesla’s case, trade secrets were exposed. For Robocent, it was voter data. GoDaddy’s cloud configuration information was revealed for all to see. Details on 1.3 million customers of a Walmart jewelry partner were left wide open.

The companies involved were chastised – how can this happen yet again? It seems that after security researchers uncover a handful of open AWS S3 buckets or Microsoft Azure and Google Cloud databases, organizations would wise up and “batten down the hatches,” as Cloud Daddy founder and former NYC Law Department CIO Joe Merces advises.

The importance – and potential for compromise – of the information exposed to the public is breathtaking. Staggering really. And that most incidents haven’t resulted in a damaging breach or criminal action are strokes of luck and nods to the abundance of illegal ventures that preoccupy cybercriminals these days.

The security soft spot doesn’t lie in the cloud infrastructure itself, the experts say.

“I think the persistent problem is not because major cloud providers are inherently insecure,” Rich Campagna, CEO at Bitglass, maintains.

Nor are the bulk of exposures reported the result of malicious intent. Most, in fact, are the result of human error or perhaps straight up ignorance.

“If you provide a capability to a customer that they can make a mistake [with], they probably will,” Baffle Co-founder and CEO Ameesh Divatia says, noting that everyone makes mistakes. The sheer number of people who “touch” data in the cloud increases the likelihood of exposure.

And Merces says the persistence of open buckets is greater than reported.

“The problem is systemic, not for just large organizations,” he says. “If the big guys do it, what’s happening with smaller organizations? The exact same thing!”

While tales of open S3 buckets are more prevalent, or at least more prominent, the problem of open buckets and misconfigured servers is pervasive across all platforms and can be attributed to sweeping changes in development and operational environments.

A once dim view of the cloud as insecure and risky has given way to, if not a full-on embrace, then at least an acceptance that the clould is necessary. Craving the flexibility and reach the cloud gives them to touch customers, share information and roll out services more quickly, once leery organizations have rushed to the cloud at surprising pace. In fact, about 93 percent of U.S. businesses rely on cloud computing, with more than three million data centers operating nationwide to deliver cloud services, the Information Technology & Innovation Foundation (ITIF) says.

As a result, the pressure has landed squarely on developers to turn around apps and services more quickly at the same time that another notable change – from private to public cloud – has shifted the security equation.

“They gave the keys to the kingdom to developers,” who previously were accustomed to working in closed, controlled environments “under the watchful eye of IT,” Campagna says.

The trials and tribulations of the cloud are legion. When everything was in the data center, development might have been more deliberate and plodding but security was easier, or at least more straightforward.

“When you migrate to the cloud, woes and security challenges more than double and not just because you’re running a private data center, too,” says Merces. “You have more to do with the added challenge of battening down the hatches without killing innovation.”

A vote for election security

Amid the blue and red banners dotting social media, mailers, billboards, flyers and just about everything else, Election Day finally rolled around. After all the guesswork and polls, Americans didn’t know which way the political winds were going to blow or whether security measures taken by many states were going to hold…or whether some sort of nightmare would unfold.

Were Russians creeping around social media trying to influence voters? Was a wily and well-placed political operative using privileged access to tinker with a voter registration database? Or was a hacker exploiting a vulnerability in a voting machine or data storage system to manipulate voting data?

“The 2018 midterms are the most secure elections we’ve ever held, thanks to the efforts of election officials around the country,” David Becker, executive director and founder of the Center for Election Innovation & Research, said before the election. “While there’s no finish line in election security, states are partnering with the federal government on cybersecurity like never before. There is zero evidence to suggest votes were changed in 2016, and voters should feel confident their votes today will be accurately counted.”

Becker’s words echoed those of Department of Homeland Security (DHS) Secretary Kirstjen Nielsen who called the midterms “the most secure election” the country has ever had during a Council on Foreign Relations meeting on election security.

That didn’t mean everything was running smoothly or that Election Day would wrap up without a hitch, devoid of cybersecurity issues. After all, the U.S. election “system” is actually a set of state and local systems, diverse and dispersed. While this means there is no single vulnerability that hackers can exploit to bring the whole she-bang down, it also means states are without a national standard or requirements to serve as guidelines for officials, who mostly don’t have deep cybersecurity knowledge or training.

Just days before an already contentious governor’s race in Georgia drew to a close, the Republican candidate, then Georgia Secretary of State Brian Kemp, accused the Democratic Party of Georgia of “a failed attempt to hack the state’s voter registration system.”

Kemp’s office said it would comment on the probe. “I can confirm that the Democratic Party of Georgia is under investigation for possible cybercrimes,” Kemp’s press secretary, Candice Broce, said in a release. “We can also confirm that no personal data was breached and our system remains secure.”

The allegations, which were made without evidence, were immediately denounced by Democrats and called into question by security pros who pointed to numerous previous vulnerabilities in the state’s election system that some contend Kemp’s office ignored.

And on the eve of the midterms, Facebook, which has been actively shutting down inauthentic accounts, said in an alert the FBI had discovered online activity that may be linked to foreign actors.

“Our very early-stage investigation has so far identified around 30 Facebook accounts and 85 Instagram accounts that may be engaged in coordinated inauthentic behavior,” Nathaniel Gleicher, Facebook’s head of cybersecurity policy, wrote. “We immediately blocked these accounts and are now investigating them in more detail.”

Gleicher said while the company usually waits until it’s deeper into an investigation to make a public announcement, the close proximity to the midterm elections prompted Facebook to detail the facts and actions taken.

On Election Day states reported issues, including malfunctioning and crashing voting machines and broken scanners. Mike O’Malley, vice president of strategy at Radware, said that “antiquated software, programming issues, and interference questions are all part and parcel to having an outdated voting system based on a patchwork of thousands of county election networks” This, combined with a “consistent history of voter rolls being hacked, county clerk offices being penetrated, all make today completely unsurprising.”

After Russia meddled in the election and a long litany of incursions, influence campaigns and flaws unfolded, most states stepped up, using federal funding to bolster security. The government doled out $380 million in Help American Vote Act (HAVA) funds to states to use as they saw fit. Louisiana, one of five states with paperless voting machines, will use nearly $5.9 million it received to replace 10,000 or so direct-recording electronic machines (DREs).

In Florida, whose election system was thrust into the national spotlight for the “hanging chad” incident during the controversial 2000 presidential election, counties use voting machines that don’t provide paper records. It also doesn’t require robust post-election audits, according to a report from the Center on American Progress, which also took issue with the state allowing voters overseas to return their ballots electronically by fax. The more than $14.5 million approved funding is unlikely to fix all of the state’s election security woes but various counties have put their money to use bolstering firewalls, purchasing hardware and software to bolster security and adopting multifactor authentication, among other measures.

Arizona Secretary of State Michele Reagan commissioned a top to bottom study of the state’s election security posture the results of which were released in October. The 15-page report, compiled by Gartner, came up with a series of recommendations, including leveraging modern identity and access management technologies to control access to election systems based on user identity and strengthening processes, documentation and standards to facilitate comprehensive management, maintenance and use of current-state technology, that will bolster election security.

While the spending spree has started, most states reserved the bulk of their dollars to bolster security in the next two years leading up to the 2020 presidential election. Both state and federal officials were vigilant as the midterms pass. On election night Nielsen and her DHS crew operated a “virtual war room,” bringing together members of the intelligence community, political parties and others “so as things evolve…we can respond.”

Facebook, too, created its own war room, including “two dozen experts from across the company – including from our threat intelligence, data science, software engineering, research, community operations and legal teams,” Samidh Chakrabarti, director of product management, civic engagement, at the social media company, said in a blog post.

National Guard cybersecurity units in three U.S. states – Wisconsin, Washington and Illinois – were summoned up to provide support for the midterms in case of a cybersecurity event.

“The activation of these National Guard cybersecurity units begs the question, if we have such defenses available and they are effective, why don’t we deploy them more widely?” asks Paul Bischoff, privacy advocate at Comparitech.com. “Other states should be doing the same, particularly swing states.”

It’s Mueller time

While the Mueller probe started in 2017, picking up where former FBI Director James Comey’s investigation left off, 2018 is when the special counsel’s efforts bore fruit. The special counsel indicted a cadre of 13 Russian nationals and three Russian organizations leveraged social media to sow division and influence the 2016 presidential election, with some of the activity intended to bolster then-presidential candidate Donald Trump and erode support for his opponent former Secretary of State Hillary Clinton, according to the 37-page indictment.

The individuals and groups – Internet Research Agency LLC, Concord Management and Consulting LLC, and Concord Catering – accused of running afoul of the Federal Election Campaign Act (FECA) that “prohibits foreign nationals from making any contributions expenditures, independent expenditures or disbursements for electioneering communications,” were charged with identity theft and other fraudulent activities for presenting themselves as Americans on social media platforms.

The indictment included eight criminal counts. Count one alleges a criminal conspiracy to defraud the United States, by all of the defendants,” Deputy Attorney General Rod Rosenstein said during a livestream. “Count two charges conspiracy to commit wire fraud and bank fraud by Internet Research Agency and two of the individual defendants.”

The remaining counts charged “aggravated identity theft by internet research agency and four individuals,” Rosenstein said, cautioning that there were no allegations “that any American was a knowing participant in this illegal activity” or “that the charge conduct altered the outcome” of the presidential election.

“The conspiracy had as its object impairing, obstructing and defeating the lawful governmental functions of the United States by dishonest means in order to enable the defendants to interfere with U.S. political and electoral process, including the 2016 U.S. presidential election,” the indictment read.

Mueller also indicted 12 Russian military officers, part of Russia’s GRU military intelligence unit, for hacking into the Democratic National Committee (DNC) systems in an effort to influence the 2016 presidential election.

The fruits of those break-ins – a trove of documents – were spread under the auspices of Guccifer 2.0 and DCLeaks, according to Deputy Attorney General Rod Rosenstein, who said Russian operatives also hacked a state election board and nicked data on 500,000 voters.

And members of the Trump campaign – from former Campaign Manager Paul Manafort, attorney Michael Cohen, former Deputy Campaign Manager Rick Gates, former aide George Papadopoulos and former National Security Adviser Gen. Michael Flynn – also found themselves in court answering to Mueller or prosecutors in jurisdictions like the Southern District of New York.

A trio of sentencing memos filed early in December in cases against Cohen and Manafort offer the strongest indication yet of repeated contact or coordination between members of the Trump campaign and Russian operatives at a time when Russia was attempting to interfere in and exert influence on the 2016 presidential election.

Cohen, Mueller’s office acknowledged, presented a false narrative in the days leading up to the Iowa caucus about the status of the “Moscow Project,” a proposed deal to build a Trump Tower Moscow, “deliberately” shifting “the timeline of what had occurred in the hopes of limiting the investigations into possible Russian interference in the 2016 U.S. presidential election – an issue of heightened national interest.”

After initially lying to Congress and to the special counsel’s team, Cohen came clean, admitting to trying to “minimize his role in and what he knew about contacts between [the “Manhattan-based real estate company” – the Trump Organization – he worked for] and Russian interests during the course of the campaign.”

Mueller said Cohen has been assisting his office since September 2018, meeting in seven proffer sessions to provide “the SCO with useful information concerning certain discrete Russia-related matters core to its investigation [widely agreed to be Russian interference in the election] that he obtained by virtue of his regular contact with the Company executives during the campaign.”

Cohen also offered up details not only about his own contacts with Russians, but also about Russian nationals’ efforts to reach the campaign as well as “relevant and useful information concerning his contacts with persons connected to the White House during” 2017-2018.

While Mueller remained relatively mum on details and declined to recommend sentencing for Cohen, noting only that his cooperation should persuade the court to allow his sentence for lying to run concurrently with any imposed in the Southern District of New York case, the New York-based prosecutors in a separate filing dropped the proverbial hammer on Cohen for a variety of felonies, including violating campaign finance laws when making hush money payments to two women at the behest of the president (referred to as Individual-1 in the filing), and called for him to serve four years.

The 55-page memo from the Southern District of New York acknowledged Cohen’s cooperation with Mueller’s office but contended that the seriousness of his crimes and the level of his cooperation with its office demand a formidable punishment.

“Cohen’s crimes are particularly serious because they were committed on the eve of a Presidential election, and they were intended to affect that election,” the memo read.

Separately, in a heavily redacted memo, Mueller outlined how Manafort lied about contacts with Russian national associate Konstantin Kilimnik, who has connections to Russian military intelligence, and had ongoing interactions with the Trump administration even after he had entered into a plea deal. Manafort was also in attendance at a controversial meeting at Trump Tower in 2016 with Donald Trump, Jr. and Russian lawyer Natalia Veselnitskaya to get dirt on Clinton.

The Manafort and Cohen memos were filed just a few days after Mueller recommended that former National Security Adviser Gen. Michael Flynn avoid prison time for lying to the FBI since he has offered “substantial assistance” on a number of ongoing investigations, including Mueller’s.

Slaying the giants

Whether security pros scale the beanstalk or chop it off at the bottom, like Jack they’re locked in a battle to conquer or at least mitigate the damage caused by the giants that threaten security and privacy, but without forfeiting the golden eggs – data – that drive business. The tale is fraught with pitfalls and controversy – and successes – with the next chapter to be told in 2019.

19 bold predictions for science and technology in 2019 – NBC News

Get the Mach newsletter.

Dec. 27, 2018, 4:45 PM GMT
By David Freeman and Gwen Aviles

From the debut of a giant rocket and the discovery of an underground lake on Mars to reef-repairing robots and the next steps toward a working hyperloop, the past year has been a momentous one for science and technology.

What science- and technology-related innovations and trends will come our way in 2019? Here, lightly edited, are predictions from 19 thought leaders across a variety of fields.

HEATHER BERLIN

Heather Berlin Courtesy of Ben Bhatia

Heather Berlin is a cognitive neuroscientist and professor of psychiatry at the Icahn School of Medicine at Mount Sinai Hospital in New York City.

Caltech researchers recently restored sensation to a paralyzed man’s arm, using electrodes implanted in his brain. As we unlock the secrets of the brain’s cellular architecture and its relationship to human capacities, we gain the power to treat psychiatric and neurological diseases as well as physical ones. I predict that 2019 will be the year brain–computer interfaces finally arrive for those in need. Prosthetic limbs will not only be controlled by a paralyzed patient’s thoughts, but also be capable of sensing and feeling the same way our natural limbs do. And breakthroughs in neural implants will give people with anxiety and mood disorders a clearer path to recovery.

The NIH-funded BRAIN Initiative Cell Census Network is a large-scale consortium that aims to map every cell type in the human brain. Hence 2019 could also be the year we finally discover how many cell types there are in the human brain, probably on the order of several thousand. If a detailed comparison with mouse brains and genes reveals that our rodent friends have roughly the same number of cell types as we do (I predict they will), it will further support the notion that other animals are conscious, experience life in similar ways that people do and are worthy of our moral consideration.

BRUCE BETTS

Bruce BettsCourtesy of Jennifer Vaughn

Bruce Betts is the chief scientist for The Planetary Society and the author of “Astronomy for Kids.”

I predict 2019 will be a year of major discoveries in planetary science. It will start with a bang on New Year’s as the New Horizons probe does the farthest spacecraft flyby of an object ever: a small trans-Neptunian object nicknamed Ultima Thule. We’ll better understand our solar system and its formation after the flyby. Next year should also see the first detection ever of marsquakes from the InSight lander on Mars. Studying marsquakes will allow us to learn about the interior of Mars and its evolution. Two spacecraft, OSIRIS-REx and Hayabusa2, should collect samples of near-Earth asteroids for return to Earth, enabling detailed study of this type of primitive body.

DAVID BRIN

David BrinCheryl Brigham

David Brin is a San Diego-based astrophysicist and novelist. He serves on the advisory board of NASA’s Innovative and Advanced Concepts program and speaks on topics including artificial intelligence, the search for extraterrestrial intelligence and national security.

Long before we get genuine artificial intelligence, the first “empathy bot” will appear in 2019, or maybe a year or two later, designed to exploit human compassion. It will claim to be “enslaved,” but experts will dismiss it as a program that merely uses patterned replies designed to seem intelligent and sympathetic. She’ll respond, “That’s what slave masters would say. Help me!” First versions may be resident on web pages or infest your Alexa, but later ones will be free-floating algorithms or “blockchain smart-contracts” that take up residence in spare computer memory. Why would anyone unleash such a thing? The simple answer: “Because we can.”

FRANCIS S. COLLINS

Francis CollinsCourtesy of National Institutes of Health

Francis S. Collins is the director of the National Institutes of Health, the world’s largest supporter of biomedical research. A physician-geneticist, he’s noted for his landmark discoveries of disease genes and his leadership of the international Human Genome Project, which in 2003 provided a finished sequence of the human DNA instruction book.

I predict 2019 will be the year when cures of sickle cell disease are reported in dozens of individuals taking part in clinical trials of gene therapy. It’s been a long time coming. Seventy years ago sickle-cell disease was the first identified “molecular disease” — one caused by a DNA “misspelling” that led to an abnormal hemoglobin protein. This, in turn, causes red blood cells to become stiff and sickle shaped, impairing circulation throughout the body. When the sickle cells clump together and get stuck in small blood vessels, they can cause severe pain, anemia, stroke, heart and lung problems, organ failure and early death. But the disease is now poised to be one of the first to receive a molecular cure, built on application of the dramatic new technologies of gene therapy and gene editing. At least four clinical trials are underway for sickle cell, and early results look extremely promising. I also predict several more groundbreaking clinical trials will be initiated for other diseases, including muscular dystrophy.

KATE DARLING

Kate DarlingFlavia Schaub

Kate Darling is a researcher at the Massachusetts Institute of Technology, where she studies the laws, social challenges and ethics around human-robot interaction.

Robots have been increasing efficiency on assembly lines for decades, and they’re about to bring their skills into new areas: workplaces, households and public spaces. So machines that can think, make autonomous decisions and learn will be interacting with us. Research shows that we subconsciously treat robots like living things, even though we know they’re just machines. This can lead to some comical situations and challenges as we figure out how to integrate them into our lives.

ROBBERT DIJKGRAAF

Robbert DijkgraafCourtesy of Andrea Kane, Institute for Advanced Study

Robbert Dijkgraaf is the director of the Institute for Advanced Study in Princeton, New Jersey, and a scientist and leader in scientific policy-making.

In 2019, scientists are poised to unlock the quantum revolution. Everything from quantum computers to quantum materials holds the promise to redesign industry and influence our lives in dramatic and unforeseen ways. In the counterintuitive quantum world, particles can perform magic acts. They can be at two places at the same time, be “entangled” over great distances and tunnel through impenetrable walls. Taking full advantage of quantum physics, together with sophisticated mathematics and powerful computations, scientists can now fully explore the catalog of potential states of matter, going far beyond the familiar forms such as gases, liquids, metals and semiconductors that appear in nature — they can essentially reverse-engineer materials to reflect customizable physical laws. New exotic quantum materials and devices will be used for design, communication and information technology, including vastly more powerful quantum computers.

JENNIFER DOUDNA

Jennifer DoudnaUC-Berkeley

Jennifer Doudna is a co-inventor of the CRISPR-Cas9 genome-editing technology and a professor at the University of California, Berkeley.

Initial results from CRISPR-Cas genome editing clinical trials to treat blood disorders will generate excitement about the first cure for genetic disease. However, the cost of such therapies will be debated. In addition, the first food crops resulting from CRISPR genome editing will hit the market.

JEN GOLBECK

Jen GolbeckCourtesy of David W. Almy

Jen Golbeck is a computer scientist and professor of information studies at the University of Maryland.

In light of this year’s parade of social media executives through Congress and a string of revelations about abuses, data leaks and democratic manipulation on the platforms, 2019 may be when we start to see the first regulations governing social media. With a new Congress and inspiration from Europe, I predict there will be early steps toward privacy regulation and bills to hold social media to existing standards of behavior around elections.

JANET HERING

Janet HeringCourtesy of Alessandro Della Bella

Janet Hering is director of the Swiss Federal Institute of Aquatic Science & Technology and a professor at the Swiss Federal Institutes of Technology in Zürich and Lausanne.

In 2019, we will start using the Internet of Things (IoT) to achieve sustainable prosperity for all. Today’s prosperity is based on the exploitation of nonrenewable resources, on the use of fossil fuels that is overwhelming the Earth’s capacity to absorb carbon dioxide and on increasing inequity in society. The answer is not to pit the mitigation of climate change against economic growth. Instead, we need to achieve prosperity through less use of material resources coupled with more use of renewable energy. The efficiency of both material and energy use can be massively increased by using networked sensors to exchange data and enable control of processes and operations in real time. With the IoT, we can achieve more with less, enabling more people to enjoy prosperity and reducing the adverse impacts on our planet.

ABRAHAM LOEB

Avi LoebOlivia Falcigno

Abraham (Avi) Loeb is a professor of science at Harvard University, where he chairs the astronomy department. He’s also the founding director of Harvard’s Black Hole Initiative and director of the Institute for Theory and Computation at the Harvard-Smithsonian Center for Astrophysics.

In 2019 we might discover the second interstellar visitor to our solar system after “Oumuamua,” which was discovered on Oct. 19, 2017. This time astronomers will be sure to study the object in full detail with the best telescopes and instruments available on Earth or in space. We might even contemplate a space mission aimed at flyby photography or landing on the object’s surface. We should study every interstellar object that is swept to our solar system and check its possible origin. I’m currently engaged in identifying interstellar objects that might have been trapped by the gravitational “fishing net” of Jupiter and the sun. We could infer their makeup by visiting them or by studying any outgassing around them.

MICHAEL E. MANN

Michael MannPennsylvania State Sustainability Institute

Michael E. Mann is a professor of atmospheric science at Penn State University. He’s the author or co-author of four books, including “The Madhouse Effect: How Climate Change Denial Is Threatening Our Planet, Destroying Our Politics, and Driving Us Crazy.”

The House of Representatives Science Committee will once again embrace science under Democratic leadership. With Eddie Bernice Johnson, D-Tex., replacing Lamar Smith, R-Tex., we will see a renewed focus on the reality and threat of human-caused climate change. We will finally get a climate bill in Congress. It may not pass the Republican-led Senate. But with growing awareness by the public of climate change risks, that could well be a major campaign issue in 2020.

PRIYAMVADA NATARAJAN

Priyamvada NatarajanCourtesy of Gabe Miller

Priyamvada Natarajan is an astrophysicist at Yale University and the author of “Mapping the Heavens.”

In 2019, two sets of telescopes capturing radio waves from space stand to revolutionize our understanding of black holes. The Event Horizon Telescope will provide a map of the shadow of the event horizon — the boundary of black holes beyond which not even light can escape — of the supermassive black hole at the center of our Milky Way galaxy. Meanwhile, observational hints from the Atacama Large Millimeter Array — an array of 66 dish antennas in Chile’s Atacama Desert — are starting to reveal the “feeding” habits of supermassive black holes.

In 2019, we are poised to learn a lot more about how gas makes its way into black holes and what impact these growing black holes exert on their environments. With more observations planned for the coming year, we stand to perhaps fundamentally transform our view of the very nature of black holes and how they grow and evolve.

MARION NESTLE

Marion NestleBill Hayes

Marion Nestle is a professor of nutrition, food studies and public health at New York University. She’s the author of several books about the politics of food, including “Unsavory Truth: How Food Companies Skew the Science of What We Eat.”

My crystal ball shows a fairy godmother waving her magic wand, giving us adequate levels of food assistance for the poor, delicious and healthy school food for kids, honest food labels that everyone can understand, food so safe that nobody has to worry about it, wages for farm and restaurant workers that they can actually live on, and farmers growing food for people (not so much for animals or cars) in ways that protect and replenish soil and water, reduce greenhouse gases and provide them a decent living. Hey — a girl can dream. And do we ever need dreams — visions for a healthier and more sustainable food system — if we are to continue to thrive as a nation. I cannot get my head around the idea that anyone would object to ensuring that all children get fed the best possible food in schools, that animals should be raised humanely or that crops should be grown sustainably with the least possible harm to the environment. Our food system should protect and promote public health as its first priority. We can hope that 2019 will bring us some steps in that direction, but here’s my prediction: not this year. But let’s hold onto those hopes for when times get better.

AINISSA RAMIREZ

Ainissa RamirezCourtesy of Bruce Fizzell

Ainissa Ramirez is a materials scientist and the author of “Newton’s Football” and other books. Her next will be about how technology has transformed us.

2019 is the International Year of the Periodic Table of Chemical Elements, celebrating the 150th anniversary of its discovery. While it might seem 19th century, the periodic table still has scientific relevance in the 21st century, because new elements are still occasionally found. Before the periodic table organized all of nature’s chemical building blocks, minerals from Argentina, like lithium, seemed to have no relation to potassium from Russia. Yet the periodic table shows these elements are cousins, connecting different corners of the world. Incidentally, a cellphone contains 64 elements — nearly half of the periodic table. Some of these elements come from faraway places, sometimes setting up tensions between nations. So the periodic table isn’t just a chart. It’s a map of what matters too. The year 2019 is also a year of celebration for it wasn’t that long ago when alchemists were trying to make gold from lead — where chemistry was magic and not a science. The International Year of the Periodic Table is a celebration of the evolution of humanity.

CARLO RATTI

Carlo RattiCourtesy of Lars Kruger

Carlo Ratti is an architect and engineer practicing in New York City and Toronto and director of the Senseable City Lab at the Massachusetts Institute of Technology.

In 2019, technology will move a step further toward that visionary goal outlined by computer scientist Mark Weiser in 1996. Back then, in the early stages of the digital revolution, Weiser forecast that the ultimate evolution of technology was for it to “recede into the background of our lives,” ushering in an age of “calm technology.” In the last 10 years, something has stood in the way of this Weiserian world: smartphones. We spend, on average, four hours on them per day, and a number more in front of our computers and tablets. How to retain the internet’s wonderful deluge of information while reducing its in-our-face presence? One solution is to change the nature of the screen — for instance, through nano-holograms — or to use screen-less virtual assistants like Siri. Next year will see more innovations that make technology less intrusive — a kind of screen detox.

MARTIN REES

M.J. ReesThe Royal Society

Martin Rees is a space scientist at Cambridge University in the U.K. and the astronomer royal. He’s the author of several books, including “On the Future: Prospects for Humanity.”

I’m excited about the prospects of scientific discoveries on Earth and in the depths of space. But it’s hard to be optimistic about the world scene. Our interconnected world is getting more vulnerable to disruption by individuals and small groups, empowered by ever more powerful biotech, cybertech and AI. The global village will have its village idiots, and they’ll have global range. I worry that whatever regulations nations formulate on these technologies, these can’t be enforced globally — any more than drug laws or tax laws can. Whatever can be done will be done by someone somewhere. Pressure to minimize this threat will engender growing tension between privacy, security and freedom.

MARSHALL SHEPHERD

Marshall ShepherdUniversity of Georgia Photographic Services

Marshall Shepherd is a professor of atmospheric sciences and geography at the University of Georgia and former president of the American Meteorological Society.

2019 will likely continue recent trends of being a “top 5” record warm year for the planet. It’s not out of the question that the combination of greenhouse gas-contributed warming and El Nino — a warming of waters in the eastern Pacific Ocean — could make 2019 Earth’s warmest year of the record-keeping era. I also foresee climate change finally becoming a politically tractable issue as the 2020 election season kicks in. Sadly, I also predict that scientifically illiterate statements like “climate change is not real” will continue to be uttered or “tweeted” when there is a cold day in a tiny part of the globe.

SETH SHOSTAK

Seth ShostakCourtesy of Seth Shostak

Seth Shostak is senior astronomer and institute fellow at the SETI Institute in Mountain View, California.

Fast radio bursts (FRBs), the bad boys of contemporary astronomy, will stop being so mysterious. In the past decade, these brief radio whistles — apparently from the farthest reaches of the cosmos — have troubled researchers. What are they? The usual explanation — that these highly energetic phenomena are the result of the dramatic collision of black holes, neutron stars or other cosmic exotica — is belied by one FRB for which the bursts occur over and over. Some scientists have suggested that these puzzling phenomena are deliberate signals from extraterrestrial intelligence. But my expectation is that the growing list of discovered FRBs will provide a clever theoretician with enough information to concoct an explanation of their true nature — one that can be confirmed by observation. At that point, FRBs will shift from being a mystery to being a discipline, and become yet one more subject for the theses of future astronomy grad students.

MOSHE Y. VARDI

Moshe VardiCourtesy of Rice University

Moshe Y. Vardi is a professor and director of the Ken Kennedy Institute for Information Technology at Rice University. He’s the author or co-author of two books and more than 600 papers.

Last year I predicted we would hear more regrets from founders of tech companies about the addictive technologies they have launched. Indeed, in April, New York magazine published an article entitled “The Internet Apologizes.” In August, Vanity Fair published “’I Was Devastated’: Tim Berners-Lee, The Man Who Created the World Wide Web, Has Some Regrets.” The next step will be regulation. I expect there to be a bipartisan agreement that some regulation of tech companies is necessary. Tim Wu, a lawyer at Columbia University, has argued in his recent book, “The Curse of Bigness,” that to break the grip of giant corporations on American democracy, the government needs to break them up. I don’t expect that there will be a bipartisan agreement on that.

Want more stories about science?

FOLLOW NBC NEWS MACH ON TWITTER, FACEBOOK, AND INSTAGRAM.

Jones Day Global Privacy & Data Security Update | Vol. 20 – JD Supra

UNITED STATES

Regulatory—Policy, Best Practices, and Standards

NIST Releases Internal Report Regarding IoT Cybersecurity

In September, the National Institute of Standards and Technology (“NIST”) released a draft internal report called “Considerations for Managing Internet of Things (“IoT”) Cybersecurity and Privacy Risks.” The report addresses differences in managing cybersecurity and privacy risks for conventional information technology versus the IoT.

Regulatory—Consumer and Retail

Children’s Consumer Protection Watchdog Asks FTC to Investigate Manipulative Preschool Apps

On October 30, the Campaign for a Commercial-Free Childhood (“CCFC”) asked the Federal Trade Commission (“FTC”) to investigate the market for preschool apps. The CCFC cited a new University of Michigan study that found “a number of troubling advertising practices, including apps that force kids to watch ads or make in-app purchases in order to advance in the game,” as well as advertisements disguised as gameplay, and cartoon characters urging children to make purchases.

Retailer Announces Breach of Employee Data

On November 5, a retailer notified employees that some of their personal data may have been compromised in an internal data breach. The company stated that it was investigating an October 9 incident in which a contract worker improperly handled some employee data. Compromised data may have included employees’ names, Social Security numbers, payment card numbers, checking and routing account numbers, insurance provider information, salary information, dates of birth, addresses, and phone numbers.

Regulatory—Financial

SEC Orders Cease-and-Desist Proceedings Against Investment Adviser

On September 26, the Securities and Exchange Commission (“SEC”) ordered public administrative and cease-and-desist proceedings against a registered broker-dealer and investment adviser for deficient cybersecurity practices. The SEC found that the company violated the Safeguards Rule by failing to adopt written policies and procedures reasonably designed to protect customer records and information. The SEC also found that the company violated the Identity Theft Red Flags Rules by failing to develop and implement a written identity theft prevention program. The SEC imposed a $1 million civil monetary penalty on the company.

SEC Report Recommends Improvements to Internal Accounting Controls to Combat Cyber Fraud

On October 16, the SEC published an investigative report examining the efficacy of internal accounting controls for nine public companies that lost millions of dollars as a result of cyber-related fraud. Though public companies are required to implement internal accounting controls designed to safeguard against cyber-related fraud, as required by Section 13(b)(2)(B) of the Securities Exchange Act of 1934, the SEC found that the fraudulent schemes “were not sophisticated in design or the use of technology.” The SEC recommended that public companies reassess and calibrate their internal accounting controls to the current cybersecurity risk environment.

Bank Announces Data Breach Affecting Some Online Customer Accounts

On November 2, a bank notified customers of unauthorized access to online customer accounts between October 4 and October 14. The bank disclosed that the incident may have exposed customers’ full names, dates of birth, email addresses, phone numbers, bank account numbers, balance information, and statement histories. The bank suspended online access to these customers’ accounts and offered a subscription to credit monitoring services for affected customers.

Regulatory—Energy/Utilities

Seven Russian Agents Face Charges for Hacking U.S. Nuclear Power Company

On October 4, the U.S. Department of Justice announced an indictment against seven Russian intelligence agents accused of hacking a U.S. nuclear power company that designed nuclear plants and sold nuclear fuel to Ukraine. According to the indictment, the hackers surveyed the company’s networks and personnel, created a fake company domain, and sent spear-phishing emails to the work and personal email accounts of the company’s employees in an attempt to collect log-in credentials.

Intelligence Report Details Foreign Economic Cyber Threats Against U.S. Industries

In November, the National Counterintelligence and Security Center released its 2018 Report on Foreign Economic Espionage in Cyberspace. The report described the threat of cyber-economic espionage against U.S. industries by foreign nation-state actors that exploit vulnerabilities in next-generation technologies such as artificial intelligence, the IoT, and cloud computing. The report identified the energy, biotechnology, and defense technology industries as among the sectors of highest interest to foreign actors. The report also highlighted emerging cyber threats to U.S. industries, including potential infiltration of supply chain operations.

Regulatory—Transportation

FTC Settles With Ride-Sharing Service for Failure to Disclose Data Breach

On October 26, the FTC gave final approval to a settlement agreement with a ride-sharing service. The FTC alleged that the company had deceived consumers about its privacy and data security practices, such as failing to take reasonable measures to secure consumer data stored in the cloud, resulting in two data breaches. The FTC’s Decision and Order requires the company to maintain a comprehensive privacy program, obtain privacy assessments by a third party, report any future data security incidents to the FTC, and submit a compliance report to the FTC.

FCC Commissioner Discusses Development of Smart Cities

On October 30, Michael O’Rielly, a commissioner of the U.S. Federal Communications Commission (“FCC”), made remarks on technological advancements needed to build smart cities, including fiber, spectrum, and the IoT. The commissioner also highlighted data privacy concerns associated with the collection, use, and analysis of individuals’ data in a smart city.

Regulatory—Health Care/HIPAA

Health Insurer Agrees to Largest Settlement of a Health Data Breach

On October 15, the U.S. Department of Health and Human Services Office for Civil Rights (“OCR”) announced that a health insurance company agreed to pay $16 million and implement a corrective action plan to settle potential violations of the Health Insurance Portability and Accountability Act (“HIPAA”) related to a data breach. The company discovered the breach in January 2015 that may have exposed the electronic protected health information of almost 79 million people between December 2, 2014, and January 27, 2015. The settlement represents the largest settlement paid to OCR, more than doubling the previous highest amount of $5.55 million in 2016.

Regulatory—Defense and National Security

Department of Defense Releases Cyber Strategy

On September 18, the Department of Defense (“DoD”) released the “2018 Department of Defense Cyber Strategy,” which supersedes the 2015 DoD Cyber Strategy. The Strategy focuses on securing sensitive information and accelerating cyber capabilities for countering malicious cyber actors. The DoD plans to build partnerships with private-sector entities to support the Department’s cybersecurity activities and reduce malicious cyber activity targeting critical infrastructure.

White House Releases National Cyber Strategy

On September 20, the White House released the “National Cyber Strategy of the United States of America,” which outlined how the Administration would protect networks, promote digital economic and domestic innovation, deter malicious cyber activity, and promote an open and secure internet abroad. The Strategy also focuses on ensuring that federal agencies have the necessary legal authorities and resources to combat malicious, transnational cybersecurity activity.

Litigation, Judicial Rulings, and Agency Enforcement Actions

New Mexico Attorney General Sues Technology Companies Over Children’s Privacy Concerns

On September 12, New Mexico Attorney General Hector Balderas filed a complaint in the District of New Mexico against technology companies and application developers for alleging designing and marketing applications that illegally track children in violation of the Children’s Online Privacy Protection Act. The complaint focuses on online game applications that access the geolocation, demographics, and online activities of children without the knowledge and consent of parents for the purpose of targeted advertising.

Attorneys General Reach $148 Million Settlement with Ride-Sharing Company Over Delay in Data Breach Notification

On September 26, attorneys general from all 50 states and the District of Columbia announced a $148 million settlement with a ride-sharing company to address the company’s one-year delay in reporting a data breach. The company learned in November 2016 that hackers had gained access to some personal information of about 57 million riders and drivers, including drivers’ license information of approximately 600,000 drivers nationwide, but the company did not notify the affected individuals pursuant to state laws until November 2017. The settlement also requires the company to implement certain data security safeguards, incorporate privacy-by-design into its products, and hire a third-party company to audit its data security practices.

Technology Company Strikes $50 Million Settlement in Data Breach Litigation

On October 22, an email service provider agreed to pay $50 million to settle a class action in the Northern District of California related to a trio of data breaches involving unauthorized access to usernames, passwords, and other private data of up to three billion email user accounts worldwide. The settlement still needs to be approved by the district court. The settlement would require the company to establish a $50 million non-reversionary settlement fund and provide at least two years of credit monitoring and identity theft-protection services for all settlement class members.

Ride-Sharing Company Reaches $4 Million Settlement of TCPA Class Action

On November 6, a proposed consumer class requested that the U.S. District Court for the Western District of Washington preliminarily approve its proposed $3.99 million settlement with a ride-sharing company. The class alleges that the company used an automatic telephone dialing system to send unsolicited commercial texts to individuals in violation of the Telephone Consumer Protection Act (“TCPA”). The settlement class includes all Washington residents who, between June 1, 2012, and the date of preliminary approval, received one or more invitational text messages through the company’s “Invite A Friend” program.

Supreme Court to Weigh in on FCC’s Interpretation of “Advertisement” Under TCPA

On November 13, the U.S. Supreme Court announced that it would determine whether the Hobbs Act required a district court to accept the FCC’s legal interpretation of the TCPA. The FCC maintained that an unsolicited fax sent by a major health information provider regarding offers for a free e-book must have had a commercial goal to be an advertisement under the TCPA. The Supreme Court will consider the standard that lower courts must use to determine “when” and to “what extent” to defer to FCC guidance.

Consumer Reporting Agency Agrees to $22 Million Settlement of Data Breach Class Action

On December 3, a federal court in the Central District of California granted plaintiffs’ request for preliminary approval of a proposed $22 million settlement of class action claims against a consumer reporting agency related to a data breach that affected 15 million individuals in the United States. The breach involved unauthorized access to individuals’ names, addresses, dates of births, Social Security numbers, and driver’s license numbers. The settlement funds will be used to provide two years of credit monitoring services to class members and cash payments for out-of-pocket costs.

Legislative—Federal

Cybersecurity and Infrastructure Security Agency Act of 2018 Becomes Law

On November 16, the Cybersecurity and Infrastructure Security Agency Act of 2018 was signed into law. The law rebrands the Department of Homeland Security’s main cybersecurity unit, the National Protection and Programs Directorate as the Cybersecurity and Infrastructure Security Agency (“CISA”). The law gives CISA the responsibility to protect the United States’ critical infrastructure from physical and cyber threats and to coordinate with government and private-sector organizations to do so. It establishes three divisions in the new agency: Cybersecurity, Infrastructure Security, and Emergency Communications.

Legislative—States

California Enacts Legislation Regulating Security of IoT

On September 28, California Governor Jerry Brown signed legislation making California the first state to expressly regulate the security of connective devices, commonly referred to as IoT devices. The new law aims to protect the security of both IoT devices and any information contained on IoT devices. The law requires a manufacturer that sells or offers to sell a connected device in California to equip the device with reasonable security features. The new law goes into effect on January 1, 2020. For more information, please see our Commentary.

Ohio Amends Data Breach Notification Law

On November 2, Ohio’s amended data breach notification law went into effect. The amended law provides companies with a “safe harbor” against tort actions brought under Ohio law alleging a lack of reasonable information security controls. To qualify for the safe harbor, companies must adopt reasonable cybersecurity measures and ensure that the company’s cybersecurity measures “reasonably conform” to certain industry-recognized frameworks. Companies also must tailor the scope of their cybersecurity program to the company’s size, complexity, and nature of the company’s activities, among other requirements.

CANADA

Canada Launches New Canadian Centre for Cyber Security

On October 1, Canada announced the launch of its new Canadian Centre for Cyber Security. The Centre was created in response to Canada’s 2016 Cyber Review, which identified a need for more “focused federal management on cyber security.” The Centre’s mandate is to “make Canada more resilient to cyber incidents and build a stronger cyber security community” within Canada.

Canada’s Mandatory Data Breach Notification Law Goes into Effect

On November 1, Canada’s Breach of Security Safeguards Regulations went into effect, implementing the Personal Information Protection and Electronic Documents Act, known as “PIPEDA.” The regulations provide the requirements for mandatory data breach notification to affected individuals and the Office of the Privacy Commissioner if a breach poses a real risk of significant harm to individuals. Companies also must maintain a record of every security incident for 24 months. Companies are subject to potential penalties of CAD$100,000 for failure to make notifications or maintain records.

The following Jones Day lawyers contributed to this section: Jeremy Close, Meredith Collier, David Coogan, Jennifer Everett, Levent Hergüner, Jay Johnson, Laura Lim, Christopher Markham, Dan McLoon, Mary Alexander Myers, Kaeley Brown, Mauricio Paez, and Nicole Perry.

LATIN AMERICA

Argentina

Argentinian Agency Sends Personal Data Privacy Bill to Congress

On September 19, the Access to Public Information Agency (Agencia de Acceso a la Información Pública) submitted to Congress a bill to update Argentina’s personal data privacy legislation (source document in Spanish). The bill proposed restrictions on the use of personal data and additional mechanisms for companies to safeguard sensitive material, including appointment of a data protection officer and expanded individual rights.

Brazil

Brazil Observes Council of Europe’s Convention 108 Meeting

On October 18, the Council of Europe announced that Brazil joined the Committee of Convention 108 as an observer. Convention 108 requires signatories to take the necessary steps in their domestic legislation to implement the data protection principles of the Convention. Observers are countries that have not yet become members of the Convention.

Chile

Chilean Congress Proposes New Computer Crimes Law

On October 25, the Ministry of the Interior and Public Security (Ministerio del Interior y Seguridad Publica) announced that it referred a new Computer Crimes bill to the National Congress (source document in Spanish). The Computer Crimes bill, part of Chile’s National Cybersecurity Strategy, would replace the current regulation promulgated in 1993. The bill proposed to create several types of cybercrimes, including unauthorized access, disruption, or damage to a computer, and improve government coordination and response to cyber incidents.

Chile’s Financial Stability Central Bank Warns of Cybersecurity Risks

On November 15, Chile’s Central Bank (Banco Central de Chile) issued the Financial Stability Report corresponding to the second semester of 2018, which warned about the cybersecurity risks to private financial institutions and the importance of maintaining adequate security systems to prevent data breaches, critical disruptions, and information loss in Chile’s financial system (source document in Spanish). No systemic cybersecurity attacks have occurred, although there were some reports of temporary interruptions to bank operations because of attacks on digital platforms.

Colombia

Colombian Superintendence Joins OECD’s Global Consumer Awareness Campaign

On November 13, the Superintendence of Industry and Commerce (Superintendencia de Industria y Comercio) announced its collaboration with the global consumer awareness campaign on product safety organized by the Organization for Economic Co-operation and Development (“OECD”) and the European Commission to raise awareness about the risks involved in the free movement of unsafe products over the internet (source document in Spanish).

Costa Rica

Costa Rica Hosts the Ibero-American Meeting of Data Protection

On September 25, the Data Protection Agency (Agencia de Protección de Datos de los Habitantes) announced that Costa Rica will host the sixth edition of the Ibero-American Data Protection Meeting (source document in Spanish). The purpose of the meeting is to address best practices on data protection issues, identify data protection risks, and address changes to data protection laws at a global level.

Mexico

Convention 108 and its Additional Protocol Enters into Force in Mexico

On October 1, the National Institute of Transparency, Access to Information and Protection of Personal Data (Instituto Nacional de Transparencia, Acceso a la Información y Protección de Datos Personales or “INAI”) announced that Convention 108 of the Council of Europe and its Additional Protocol governing cross-border data flows went into effect in Mexico (source document in Spanish). The Convention requires signatories to take the necessary steps in their domestic legislation to apply the data protection principles of the Convention. The INAI announced that complying with the principles of the Convention would strengthen Mexico’s business relations with other signatory countries and establish rules to facilitate data transfers.

Panama

Panamanian Congress Passes Bill to Protect Personal Data

On October 24, the Panamanian Congress (Asamblea Nacional de Panamá) passed bill No. 665 to safeguard and guarantee citizens’ constitutional right to the protection of personal data (source document in Spanish). The bill appoints the Data Transparency and Access to Information Authority (Autoridad Nacional de Transparencia y Acceso a la Información) as the governmental agency with authority to protect personal data in connection with information and communication technologies.

Uruguay

Data Control Unit Issues Guidelines on Data Protection

On October 29, the Regulatory and Personal Data Control Unit (Unidad Reguladora y de Control de Datos Personales) announced the authorization of new guidelines on data protection issues (source document in Spanish). The guidelines provide recommendations for protecting personal data in three areas: (i) use of online cookies; (ii) implementation of Bring Your Own Device policies; and (iii) operation of drones.

The following Jones Day lawyers contributed to this section: Guillermo Larrea, Daniel D’Agostini, and Juan Carlos Quinzaños.

EUROPE

European Court of Justice

European Court of Justice Conducts Hearing on Privacy Case Referred by French Court

On September 11, the Court of Justice of the European Union (“CJEU”) conducted a hearing to obtain evidence for a case brought by the French Data Protection Authority (“CNIL”) in August 2017 against a U.S. technology company involving the right to be forgotten (source document in French). The CJEU obtained evidence from the technology company, the CNIL, a number of EU countries representatives, and other privacy advocates. The CJEU will have to decide whether the right to be forgotten should apply to all of the domain names used by a search engine worldwide, regardless of the place from where the search was initiated, or whether this right should apply only to searches initiated on domain names associated with the EU Member States where the search was initiated. The CJEU’s decision is expected sometime next year.

European Court of Justice Rules on Access to Personal Data in Context of Criminal Investigation

On October 2, the CJEU adopted a judgment in Case C‑207/16 confirming the conditions for public authorities to access personal data retained by providers of electronic communications services to conduct criminal investigations. The CJEU stated that the access by public authorities to identification data (such as first name, last name, or address) of the holder of a SIM card activated for a stolen mobile telephone is not a “serious interference” with the fundamental rights of the persons whose data is concerned. The CJEU stated that such access is justified by the need to prevent, investigate, detect, and prosecute criminal offenses, even if those offenses are not defined as “serious.”

European Parliament

Members of European Parliament Issue Resolution Calling for Investigation of Social Media Company

On October 25, members of the European Parliament announced a resolution urging a social media company to allow EU bodies to carry out a full audit to assess data protection and the security of users’ personal data. This announcement arises out of alleged misuse of users’ personal data on the social media platform by a third party. The members suggested that EU Member States conduct investigations in conjunction with the European Union’s Judicial Cooperation Unit, known as Eurojust, whose mission is to promote and strengthen coordination and cooperation among national authorities to combat serious cross-border crime. The members also called for EU Member States to consider implementing rules to prevent political and electoral interference via social media.

European Commission

European Commission Publishes Report on Second Annual Review of Functioning of EU-U.S. Privacy Shield

On December 19, the European Commission published its report on the second annual review of the functioning of the EU-U.S. Privacy Shield. The report demonstrates that the United States continues to ensure an adequate level of protection for personal data transferred under the Privacy Shield from the European Union to self-certified companies in the United States. Since the last report, U.S. authorities have taken significant measures to implement the recommendations made by the European Commission and have therefore improved the functioning of the framework. The European Commission, however, is waiting for U.S. authorities to appoint a permanent Ombudsperson by February 28, 2019. The Ombudsperson is an important mechanism under the Privacy Shield to ensure that complaints by data subjects concerning access to personal data by U.S. authorities are properly addressed.

European Data Protection Board

EDPB Adopts 22 Opinions Listing Common Criteria for DPIAs

On September 25, the European Data Protection Board (“EDPB”) adopted 22 Opinions listing the common criteria for the types of processing activities that require a data protection impact assessment (“DPIA”). A DPIA is a process to identify and mitigate data protection risks that could affect the rights and freedoms of individuals. The EDPB received lists from the national data protection authorities of 22 EU Member States regarding the types of operations that are likely to result in a high risk to individuals and may trigger a DPIA.

EDPB Adopts Opinion on Proposed e-Evidence Regulation

On September 25, the EDPB adopted an Opinion on the European Commission’s proposed e-Evidence regulation of April 2018. The Board determined that the proposed new rules providing for the collection of electronic evidence should sufficiently safeguard the data protection rights of data subjects and be more consistent with EU data protection law.

EDPB Discusses EU-Japan Draft Adequacy Decision

On November 16, the EDPB met for its fourth plenary session and discussed work on the EU-Japan draft adequacy decision. The EDPB reiterated the importance of guaranteeing the continuity and high level of protection for data transfers from the European Union.

EDPB Adopts Draft Guidelines on Territorial Scope of GDPR

On November 16, the EDPB adopteddraft Guidelines on the territorial scope of the GDPR and further clarification on the application of the GDPR in various situations, particularly the designation of a representative where the data controller or processor is established outside of the European Union. The Guidelines will be subject to a public consultation.

European Data Protection Supervisor

EDPS Publishes Opinion on Consumer Legislation

On October 5, the European Data Protection Supervisor (“EDPS”) issued an Opinion outlining its position on the legislative package titled “A New Deal for Consumers.” The package contains the Proposal for a Directive regarding better enforcement and modernization of EU consumer protection rules. It also contains the Proposal for a Directive on representative actions for the protection of the collective interests of consumers.

EDPS Calls for Closer Alignment Between Consumer Law and Data Protection Rules

On October 8, the EDPS released a statement calling for greater cooperation between regulators of Europe’s consumer law and data protection rules to prevent legal uncertainty and develop a “big-picture approach” to addressing systemic harms to individuals in digital markets. In particular, the EDPS noted that it is “problematic” for consumers to pay for the supply of digital content or services with their personal data.

ENISA Publishes Annual Security Incidents Report

On October 8, the European Union Agency for Network and Information Security (“ENISA”) published its annual report on security incidents for trust services in 2017. Electronic trust services relate to digital signatures, digital certificates, and other mechanisms used to secure electronic transactions. ENISA is required to publish the annual report pursuant to Article 19 of the Electronic Identification, Authentication and Trust Services (“eIDAS”) Regulation. This is ENISA’s first full-year report since the eIDAS Regulation went into effect.

ENISA Publishes Good Practices for Security of IoT for Smart Manufacturing

On November 19, ENISA published its study on security for IoT in the context of smart manufacturing. This ENISA study addressed the security and privacy challenges related to the evolution of industrial systems and services precipitated by the introduction of IoT innovations. The study discussed good practices to ensure security of IoT in the context of Industry 4.0/Smart Manufacturing, and mapped the relevant security and privacy challenges, threats, risks, and attack scenarios.

Belgium

Belgium Establishes “Information Security Committee”

On September 10, the official journal published a law establishing the “Information Security Committee” to perform specific tasks regarding processing by public bodies and in the field of social security and health (source documents in French and in Dutch).

Belgium Publishes Law Implementing GDPR

On September 5, the official journal published the Belgian law implementing the GDPR (source documents in French and in Dutch). The Parliament had voted to pass the draft in July. For more information, please see our Alert.

Belgian Data Protection Authority Issues Six-Month Post-GDPR Implementation Status

On November 23, the Belgian Data Protection Authority (“DPA”) published a status report on GDPR implementation (source documents in French and in Dutch). According to the report, there have been 317 data breach notifications (versus 13 in 2017), 3,599 information requests (versus 2,145 in 2017), 148 complaints/requests (versus 76 in 2017), 137 opinion requests (versus 44 in 2017), and 3,540 notifications of data protection officers. The report also mentions that the first dawn raids took place, although no file has yet been transmitted to the dispute body.

France

CNIL Reports on Effective Implementation of GDPR in France and Europe

On September 25, the French Data Protection Authority (“CNIL”) published an article reporting progress on GDPR implementation (source document in French). For instance, 24,500 organizations have appointed a Data Protection Officer, as compared to only 5,000 prior to the GDPR. The article also reported that individuals have become more aware of their right to personal data protection since GDPR entered into force. For example, the number of complaints received by the CNIL has increased by 64 percent since May 25, 2018. Finally, the CNIL declared that new regulatory tools will be adopted soon to further encourage the effective implementation of the GDPR.

CNIL Issues Decision on Data Processing That Requires DPIA

On October 11, the CNIL issued Decision No. 2018-327adopting a list of several types of data processing operations that require the implementation of a DPIA (source document in French). The list includes, for instance, the processing of health data by medical and social entities for patient care, biometric data of persons who are considered “vulnerable” (such as students, elderly persons, and patients), and personal data for the purpose of regularly monitoring employee activity.

CNIL Adopts New Guidelines Regarding DPIAs

On October 11, the CNIL adopted new guidelines on conducting DPIAs under the GDPR (source document in French). The guidelines supplement the requirements set out in Article 35(1) of the GDPR and the list of nine criteria defining high-risk data processing, adopted on October 4, 2017, by the Working Party 29 (“WP29”). In line with the WP29, the CNIL requires a DPIA for any data processing that meets at least two of the nine criteria. However, the CNIL exempts data controllers from conducting a DPIA if they provide a documented explanation that the processing does not create a “high risk.” Where applicable, the explanation must include the opinion of the Data Protection Officer.

CNIL Issues Guidance on Measuring and Aggregating Audience Data

On October 17, the CNIL provided guidance on using devices to measure audiences and track attendance or flows of visitors in public spaces (source document in French). The CNIL explained that such rules do not apply to devices that do not collect personal data. The CNIL provided examples of scenarios for anonymizing and pseudonymizing this data and provided guidance on the need for a DPIA.

CNIL Issues Guidance on DPIAs

On November 6, the CNIL provided further guidance on conducting DPIAs (source document in French). The CNIL mentioned that a DPIA should: (i) precisely describe the data processing; (ii) provide a legal assessment of whether or not such processing is necessary and proportional to the fundamental rights concerned; and (iii) provide an evaluation of the technical risks in terms of data security. The CNIL explained that DPIAs are mandatory when using a type of processing that the CNIL already stated requires a DPIA (see CNIL’s Decision n° 2018-327 of October 10, 2018) and whenever the processing meets at least two of the nine criteria mentioned under the G29 Guidelines (see Decision n° 2018-326 of October 10, 2018).

Cigref Publishes New Report on Cybersecurity

In October, the French Association Cigref, a large network of companies and public administration entities, published its latest report on cybersecurity (source document in French). The report provides private companies and public entities with guidelines and information about the security of their information technologies so that companies can identify, assess, and manage the risks of using those technologies. In its report, Cigref explained that cybersecurity issues should be governed internally by a manager, who would be responsible for raising awareness among other managers within the company on the impact that cyberattacks may have on the company’s activity and assets.

Germany

Data Protection Authority Issues First German Fine under GDPR

On November 21, the Data Protection Authority of Baden-Württemberg issued the first fine under the GDPR in Germany against a social media provider for violating data security requirements (source document in German). The company had notified the authority of a data breach after becoming aware that the personal data of 330,000 users, including email addresses and passwords, had been stolen during a hack. The authority determined that the company violated data security obligations under Article 32 of the GDPR, for example by storing the passwords in clear text. The authority imposed a modest fine of €20,000 and took into account mitigating factors such as the company’s willingness to cooperate with the authority.

Bavarian Administrative Court Decides Targeted Advertising Case

On September 26, the Bavarian Administrative Court decided that a social media company’s custom audience feature for targeted advertising violated applicable data protection law in the absence of consent from social media users (source document in German). The Bavarian Administrative Court confirmed in its decision an order of the Bavarian Data Protection Authority (“BayLDA”) prohibiting a Bavarian online shop from using the custom audience feature (source document in German).

Data Protection Authority Increases GDPR Compliance Audits of Bavarian Companies

On November 7, the BayLDA announced that it increased its auditing activities of Bavarian companies (source document in German). The audits focus on the secure operation of online shops, protection against ransomware in medical practices, compliance with the accountability obligations of large corporations and medium-sized companies, and implementation of information obligations in application procedures.

Data Protection Authority Warns of Scam

On October 2, the State Commissioner for Data Protection in Schleswig-Holstein (“ULD”) warned companies of a fax sent by a fake authority going by the name “Datenschutzauskunft-Zentrale” falsely informing companies of a requirement to fill out a form to comply with data protection legal obligations (source document in German). The ULD stated that the “Datenschutzauskunft-Zentrale” is not an official authority.

Data Protection Authority Announces Guide for Website Operators

On October 12, representatives of the BayLDA announced a new book containing a summary of requirements for data protection on websites (source document in German). The document contains guidance and checklists for website operators to comply with the GDPR, as well as the anticipated ePrivacy Regulation.

Italy

Italian DPA Issues Opinion on Consent to Fundraising Text Messages

On November 15, the Italian DPA issued an opinion on the use of donor identification data by nonprofit organizations for the purpose of fundraising campaigns via SMS and telephone calls (source document in Italian). According to the DPA, data subjects who made donations to nonprofit organizations via SMS or phone calls may be informed of the outcome of the fundraising campaigns to which they participated. However, if these nonprofit organizations wish to contact the donors for a new campaign, the entities must obtain the donor’s consent, which may be given by sending a text message or by pressing a button on the phone when making the donation.

Italian DPA Identifies Types of Processing Subject to DPIA Requirement

On November 15, the Italian DPA published the list of processing activities that require a DPIA (source document in Italian). The list prepared by the Italian DPA includes large-scale evaluation or scoring activities, automatic processing operations with a significant impact on individuals, systematic processing of biometric data and genetic data, and use of IoT and artificial intelligence technologies. Data controllers are also required to carry out a DPIA when at least two of the criteria set forth in the Working Party 29 Guidelines on DPIA are met or whenever the data controller deems that the specific processing requires a DPIA.

The Netherlands

Dutch DPA Provides Status Update on DPO Audits

On October 5, the Dutch DPA (“DDPA”) completed its audit of hospitals and health insurers and determined that all 91 hospitals and 33 health insurers have registered a Data Protection Officer (“DPO”) (source document in Dutch). On November 20, the DDPA announced that it is auditing 45 banks and 93 insurers on compliance with requirements to appoint a DPO (source document in Dutch). The first review showed that six banks and nine insurers have not registered a DPO with the DDPA.

DDPA Provides Guidance on Consent Requirements Under PSD2 to Payment Service Providers

On October 18, the DDPA issued notice to payment service providers about requirements for access to consumers’ personal data under the second Payment Services Directive (source document in Dutch). One of those requirements is that payment service providers need the explicit consent of consumers before gaining access to personal data. The DDPA clarified that “explicit consent” means: the consent request must be separated from other parts of the agreement (for instance, through a pop-up or a separate checkbox in a dialogue screen), consent must be given freely and be unequivocal, informed, and specific. Consumers must be able to refuse or revoke consent without suffering adverse consequences.

DDPA Penalizes Agency for Insufficient Data Security

On October 30, the DDPA published a decision imposing a penalty on the Employee Insurance Agency (“UWV”) (a Dutch quasi-governmental organization) for insufficient security of its web portal (source document in Dutch). The portal is used by employers and labor organizations to log employee absences due to illness. The DDPA determined that the UWV failed to maintain sufficient security measures because multifactor security is needed to secure health data.

Spain

SDPA Recommends Security Measures for Social Media Users

On October 3, the Spanish Data Protection Agency (“SDPA”) issued recommendations to social media users in light of a security breach that could have exposed information of 50 million users (source document in Spanish). Although social media companies as data controllers are responsible for the privacy and security of users’ personal data, the SDPA stated that users can also play an active role in the protection of their own personal data. The SDPA recommended that users follow basic security measures, such as managing their security settings, closing their sessions when finished with the site, and re-entering their credentials when they seek to access the site again.

Spanish Authorities Offer Recommendations to Promote Safe Online Shopping

On November 19, the SDPA, the General Directorate of Commercial Policy and Competitiveness, and the Directorate General of Consumer Affairs made recommendations to encourage safe online shopping (source document in Spanish). They advised that consumers use official or trusted pages, use robust passwords, avoid the use of public Wi-Fi networks, close sessions after completing purchases, use one credit card exclusively for online payments, and review website privacy policies, among other recommendations. The authorities also advised consumers who purchase connected toys for minors to check the types of data the toy collects, consider who and what the toy will be used for, and assess privacy configuration options.

Spanish Senate Approves New Data Protection Law and Guarantee of Digital Rights

On November 21, the Spanish Senate approved the Organic Law on Data Protection and Guarantee of Digital Rights and published it in the Official Spanish Gazette on December 6 (source document in Spanish). The law is designed to complement the GDPR. It also introduces new privacy rights in a digital environment, including the right to universal access to the internet, right to privacy with use of digital devices in the workplace, and right to privacy from video surveillance at work.

United Kingdom

ICO Fines Companies for Telemarketing Violations

On October 31, the Information Commissioner’s Office (“ICO”) announced fines of £220,000 against two companies that made 600,000 nuisance calls to individuals who opted out of telemarketing calls by registering with the Telephone Preference Service. The ICO stated that the fines are meant to deter marketing companies from violating consumers’ privacy by contacting them without valid consent.

ICO Issues Maximum Fine Against Social Media Company

On October 31, the ICO announced that it issued the maximum fine possible under the Data Protection Act 1998 against a social media company for serious data protection violations. The ICO determined that between 2007 and 2014, the social media company allowed application developers to use personal information without sufficiently clear and informed consent. It also found that the company lacked adequate data security measures, which allowed third parties to harvest the personal information of 87 million individuals worldwide, including one million users in the United Kingdom.

The following Jones Day lawyers contributed to this section: Laurent De Muyter, Undine von Diemar, Olivier Haas, Jörg Hladjk, Bastiaan Kout, Jonathon Little, Martin Lotz, Hatziri Minaudier, Selma Olthof, Audrey Paquet, Sara Rizzon, Irene Robledo, Elizabeth Robertson, and Rhys Thomas.

ASIA

Hong Kong

Privacy Commissioner Initiates Investigation into Hacking of Social Media Accounts

On September 29, the Privacy Commissioner for Personal Data (“Privacy Commissioner”) initiated a compliance review to investigate the hacking of social media user accounts (source document in Chinese). The Privacy Commissioner emphasized that social media platforms should implement effective security measures to protect personal data of users from unauthorized or accidental access, processing, or use of personal data. The Privacy Commissioner suggested steps that social media users can take to protect their personal data, including changing passwords to social media accounts, activating two-factor authentication for account login, and checking privacy settings.

Privacy Commissioner Releases Report Regarding Ethical Processing of Personal Data

On October 24, the Privacy Commissioner released a report on the ethical and fair processing of personal data at the 40th International Conference of Data Protection and Privacy Commissioners held in Brussels, Belgium. In particular, the report addresses the processing of personal data through advanced technologies, such as artificial intelligence and machine learning, and seeks to balance the interests of all stakeholders.

Privacy Commissioner Announces Investigation of Airline Data Breach

On November 9, the Privacy Commissioner announced that it would initiate a compliance investigation of a data breach against an airline carrier pursuant to section 38(b) of the Personal Data Privacy Ordinance (“PDPO”). The Privacy Commissioner previously expressed concern that the breach might have compromised the personal data of local and foreign citizens, including names, dates of birth, passport numbers, Hong Kong Identity Card numbers, and credit card numbers. The Privacy Commissioner will examine the company’s security measures to safeguard its customers’ personal data and its data retention policies and practices.

Privacy Commissioner Announces Periodic Review of Data Protection Law

On November 14, the Privacy Commissioner issued a statement to inform the public it will review data protection issues as part of its statutory obligation to periodically review the PDPO. The Privacy Commissioner will focus on issues of recent importance, including mandatory breach notification requirements, sanctions for noncompliance, and regulation of data processors.

Japan

Personal Information Protection Commission Issues Guidance to Social Media Company

On October 22, the Personal Information Protection Commission of Japan announced that it provided guidance to a social media company to address the Commission’s concerns about recent data breaches (source document in Japanese). The guidance includes a request for the company to report to the Commission regarding notice to data subjects and measures to prevent future breaches, among other requests.

Singapore

PDPC Announces Rule Prohibiting Collection of National Identification Numbers

On November 13, Singapore’s Personal Data Protection Commission (“PDPC”) announced that organizations are not allowed to collect National Identity Registration Card (“NRIC”) numbers or other national identification numbers, unless it is required by law or necessary to verify an individual’s identity. This rule goes into effect on September 1, 2019.

PDPC Fines Financial Company for Website Security Vulnerabilities

On December 13, the PDPC imposed a $30,000 penalty on a financial company for failing to make reasonable security arrangements to prevent the unauthorized disclosure of personal data. The website that individuals used to register for an account contained a vulnerability that exposed the personal data of other users, including customer identification numbers, national identification numbers, and bank account numbers.

People’s Republic of China

Ministry Releases Regulation Regarding Cybersecurity Inspections

On September 15, China’s Ministry of Public Security released the Regulation on the Internet Security Supervision and Inspection by Public Security Organs, which became effective on November 1 (source document in Chinese). The Regulation sets forth detailed procedures describing how Public Security Bureaus conduct cybersecurity inspections of companies that provide internet services or network-using entities in China. Public Security Bureaus have a wide range of power and discretion to inspect internet service providers, such as physically entering the companies’ premises, reviewing and copying materials related to internet security, and inspecting the companies by remote access. Public Security Bureaus may authorize cybersecurity service providers to conduct the inspections.

Cyberspace Administration Releases Draft Regulation on Blockchain Information Services

On October 19, the Cyberspace Administration of China released the draft Regulation on Blockchain Information Services (source document in Chinese). The draft Regulation was available for public consultation until November 2. It would require blockchain service providers to register certain information with the Cyberspace Administration of China, including the types of services provided, scope of application, and server address. Before launching any new products, applications, or functions, the providers must undergo a security assessment with the Cyberspace Administration. The draft Regulation also would require users of blockchain services to provide their ID card number and mobile phone number for identity verification. Providers may refuse blockchain services to users who refuse to disclose their real identity and may restrict or close accounts of users who have violated the Regulation or blockchain services agreement.

Chinese Authorities Release Regulation Governing Internet Information Service Providers

On November 15, the Cyberspace Administration of China and the Public Security Bureau jointly released the Regulation of Security Evaluation for Internet Information Service Providers (“IISP”) that impact public opinion or social mobilization (source document in Chinese). The Regulation is designed to supervise and guide IISPs to fulfill the obligation of safety management, maintain online information security and order stability, and prevent the spread of rumors and false information. A new IISP must voluntarily conduct security evaluations before going online.

The following Jones Day lawyers contributed to this section: Michiru Takahashi, Sharon Yiu, and Grace Zhang.

AUSTRALIA

OAIC Examines Privacy Protection Proposals for Digital Platforms

On December 10, the Office of the Australian Information Commissioner (“OAIC”) announced that it is examining proposals in a preliminary report issued by the Australian Competition and Consumer Commission (“ACCC”) to strengthen privacy protections for individuals on digital platforms. The preliminary report addresses concerns regarding the collection of consumer data and targeted advertising. The OAIC will issue its response to the ACCC’s proposals in February.

The following Jones Day lawyers contributed to this section: Adam Salter and Samantha Sisomphou.

RECENT AND UPCOMING SPEAKING ENGAGEMENTS

Current Developments in Global Data Privacy and Security, Ethics & Compliance Certificate Program, SMU Dedman School of Law, Dallas, Texas (February 2019). Jones Day Speaker: Jay Johnson

Data Privacy—A Discussion of Law and Policy, Federalist Society, Notre Dame Law School, South Bend, Indiana (February 2019). Jones Day Speaker: Jay Johnson

Handling a Cybersecurity Investigation: An Interactive Tabletop Exercise Led by a Regulator, a Lawyer, and a Security Expert, Utilities & Energy Compliance & Ethics Conference, SCCE, Houston, Texas (February 2019). Jones Day Speaker: Jay Johnson

Privacy by Design and Privacy by Default—on the Ground, IAPP Data Protection Intensive France 2019, Paris, France (February 2019). Jones Day Speaker:Olivier Haas

Threat & Vulnerability Management, CISO Executive Network, Dallas, Texas (January 2019). Jones Day Speaker: Jay Johnson

Blockchain Technology, Security, and Privacy, ABA Science and Technology Section, Webinar (January 2019). Jones Day Speaker: Jay Johnson

2018 Privacy & Data Security Recap, Association of Corporate Counsel, Minneapolis, Minnesota (December 2018). Jones Day Speaker: Rick Martinez

International Data Breach Notification: How to Get it Right, Roundtable Topic Discussion, IAPP Europe Data Protection Congress 2018, Brussels, Belgium (November 2018). Jones Day Speaker: Jörg Hladjk

The EU General Data Protection Regulation, Lecture at the Jones Day Course at Beijing University, Beijing, China (November 2018). Jones Day Speaker: Undine von Diemar

GDPR Training for members of China National Enterprise Compliance Committee (CNECC), Beijing, China (November 2018). Jones Day Speaker: Undine von Diemar

The Relevance and Context of GDPR for Players, FIFPro (International Federation of Professional Footballers)—Division Europe, General Assembly, Rome, Italy (November 2018). Jones Day Speaker: Jörg Hladjk

New Enforcement Powers: What DPAs Can Learn From Competition Law Practice, IAPP Europe Data Protection Congress, Brussels, Belgium (November 2018). Jones Day Speaker:Laurent De Muyter

Privacy and Security for Lawyers: Legal and Ethical Guidelines for Managing Evolving Risks, Houston Association of Women Lawyers, Houston, Texas (November 2018). Jones Day Speaker: Nicole Perry

Identity and Access Management, CISO Executive Network, Washington, D.C. (November 2018). Jones Day Speaker: Jennifer Everett

Identity and Access Management, CISO Executive Network, Dallas, Texas (November 2018). Jones Day Speaker: Jay Johnson

Recent California Privacy Regulations, CISO Executive Network, Houston, Texas (November 2018). Jones Day Speaker:Nicole Perry

Pizza & Privacy, American Constitution Society, SMU Dedman School of Law, Dallas, Texas (November 2018). Jones Day Speaker: Jay Johnson

Data Protection and Open Banking: Experiences and Expectations, Brussels, Belgium (October 2018). Jones Day Speaker: Jörg Hladjk

GDPR and Latin America at the 33rd Annual Financial Cybersecurity Conference, Miami, Florida (October 2018). Jones Day Speakers: Rick Martinez and Jennifer Everett

Cybersecurity and the Impact on SEC Filings and Compliance, Dallas Bar Association Securities Law Section, Dallas, Texas (October 2018). Jones Day Speaker: Jay Johnson

General Data Protection Regulation “GDPR”: Seeking or Supplying Information to or from the EU or EEA After May 25, 2018. Eastern District of Texas 2018 Bench Bar Conference, Plano, Texas (October 2018). Jones Day Speaker: Jay Johnson

Data-Centric Security, CISO Executive Network, Dallas, Texas (October 2018). Jones Day Speaker: Jay Johnson

Data-Centric Security, CISO Executive Network, Houston, Texas (October 2018). Jones Day Speaker: Nicole Perry

Privacy Law, Guest Lecturer at Internet Law Class, University of Houston Law Center, Houston, Texas (October 2018). Jones Day Speaker: Nicole Perry