Smartphone maker Xiaomi's shares open 2.9 percent down on debut in HK

HONG KONG (Reuters) – Chinese smartphone maker Xiaomi Corp’s (1810.HK) shares dropped 2.9 percent on debut in Hong Kong on Monday, in a blow to investor sentiment for the tech sector as a raft of peers line up their own listings in the city.

Xiaomi founder, Chairman and CEO Lei Jun (L) and CFO Shou Zi Chew attend the listing of the company at the Hong Kong Exchanges in Hong Kong, China July 9, 2018. REUTERS/Bobby Yip

Xiaomi priced its Hong Kong initial public offering (IPO) at HK$17 per share, the bottom of an indicative range, raising $4.72 billion in the world’s biggest technology float in four years.

Slideshow (2 Images)

The shares touched a low of HK$16.50 in opening deals on Monday.

Xiaomi’s listing comes at a delicate time for Hong Kong’s stock market, with the benchmark Hang Seng index falling 2.7 percent last week and 5.8 percent this year as investors fret over escalating trade tensions between the United States and China.

The Sino-U.S. trade dispute has roiled financial markets including stocks and currencies, and the global trading of commodities from soybeans to coal over the past several weeks.

The weak pricing values the firm, which also makes internet-connected home appliances and gadgets, at about $54 billion, almost half its original $100 billion ambition earlier this year.

Xiaomi’s float failed to attract strong interest among investors with the retail tranche gathering demand that was only 9.5 times the number of shares on offer, according to its filing on Friday.

By contrast, China Literature Ltd (0772.HK), the e-book arm of Chinese gaming and social media firm Tencent Holdings (0700.HK), late last year raised $1.1 billion for its Hong Kong IPO amid heavy demand, with the retail portion being 625 times oversubscribed.

Reporting by Julie Zhu; Writing by Sumeet Chatterjee; Editing by Muralikumar Anantharaman

3 YouTube Daredevils Dead in Waterfall Accident

Three popular YouTubers died on Tues., July 3, after accidentally falling over a waterfall more than 1,000 feet in height. Two of the deceased were founders of the High on Life YouTube channel, which featured exotic travel and dangerous outdoor stunts.

The three victims were reportedly part of a group of seven swimming near Shannon Falls outside Squamish, British Columbia. According to eyewitness reports, Megan Scraper slipped and fell 30 meters into fast-moving water just above the falls. Alexey Lyakh and Ryker Gamble are believed to have jumped into the water to try and save her, but all three were swept over the falls. Their bodies were recovered the next day.

According to the CBC, Gamble and Lyakh started High on Life with two other childhood friends. Previous videos posted by the deceased and the High on Life channel show lots of exotic travel as well as some high-risk outdoor activities, including cliff jumping and crossing decrepit rail bridges. Some of the group’s YouTube videos emphasize the danger of certain activities. One video, featuring Gamble descending a harrowing natural water chute, is accompanied by a disclaimer stating that “Our team has been trained and involved in gymnastics, diving, stunts, and the extreme sports community for over a decade,” and warning others against trying to replicate what they see.

Get Data Sheet, Fortune’s technology newsletter.

The accident has nonetheless added new fuel to long-running debates about the potential danger of social media featuring risky activities. That’s in large part because the High on Life group has previously been accused of violating safety and natural preservation rules. In 2016, Gamble and Lyakh posted video showing themselves leaving designated trails in Yellowstone National Park and walking near the Grand Prismatic Spring, an ecologically delicate and potentially dangerous hot spring. They were ultimately sentenced to seven days in jail and apologized for their behavior.

Members of the group, including Gamble and Lyakh, were also accused of violating rules elsewhere. Those incidents included using bicycles in prohibited areas in Death Valley National Park; swinging from the Corona Arch rock formation in Utah; and wakeboarding on the sensitive Bonneville Salt Flats in the same state. At least some of those incidents were filmed, according to citations.

High on Life currently has more than 500,000 subscribers, no doubt partly thanks to such high-risk stunts. Some have argued that the quest for thrilling footage led the team to take more extreme risks, without the safeguards or oversight that might have been imposed by a more conventional media organization. That dynamic mirrors the documented tendency of algorithm-driven media platforms to encourage ideological extremism among users.

In a video message posted after the tragic deaths, other members of the High on Life team praised the trio’s legacy. “They lived every single day to its fullest,” the memorial stated in part. “They stood for positivity, courage, and living the best life that you can, and they shared and taught their values to millions of people worldwide.”

No Joke: The Onion Faces Layoffs by Univision, Says Report

It sounds like a headline from The Onion, the satirical newspaper that seems to have the perfect riposte to every political and cultural event: Its parent company plans significant layoffs in perhaps the richest era of satire known to humanity.

But in this case, the news is real.. Univision, which owns a controlling interest in Onion Inc. may lay off or buy out as many as 15% of the relatively small staff, according to the Daily Beast. This follows a significant number of buyouts of staff at other websites owned by Univision. A spokesperson from the company declined to comment to Fortune on the report. The Onion’s union hasn’t replied to a request for a comment.

The impact on the publication is unclear, though the Daily Beast notes that The Onion has a relatively small staff, many of whom are currently on vacation during a regular summer hiatus.

The publication turns out fast, sharp headlines about contemporary events, often as quickly as news breaks. It made its name by writing in a straight news style that mimics mainstream media. For instance, in the recent disclosure of the Trump administration’s family separation policy, the headline, “Stephen Miller Furious At ProPublica For Only Releasing 7-Minute Recording Of Immigrant Children Sobbing,” appeared shortly after that investigative news outlet released the audio.

Meanwhile, the phrase “not the Onion” has become commonplace in an era in which political and social norms are in upheaval.

The Onion was founded in 1988 in Madison, Wisc., by two university students and distributed as a print weekly, which grew into multiple markets, reaching a circulation as high as 500,000 copies, and then gradually shrunk until the print edition was canceled in 2013.

The Onion has been sold twice and moved from Madison to New York City in 2000 and then to Chicago in 2012. Univision reportedly purchased 40% of Onion Inc. in 2016 along with a controlling interest and the right to purchase the remaining stock. Univision reportedly wants to sell its stake in the company and other digital properties.

Univision co-created, founded, or purchased several popular tech, culture, and humor websites starting in 2012 with Fusion. This included the family of Gawker publications after its publisher went into bankruptcy after losing a lawsuit brought by wrestler and celebrity Terry Bollea, better known as Hulk Hogan. was shut down, but Jezebel, Gizmodo, Deadspin, and several others remain highly active, along with the Clickhole and A.V. Club sites run by The Onion staff. Before Univision’s purchase, Gawker’s staff had unionized, and the staff publications at Fusion, The Onion, and other sites voted in favor of union representation in Nov. 2016.

Univision gave up in March 2018 on a plan to go public that had begun in with filing paperwork in July 2015. Executives have been forced out or left since then, including some key to its digital operations.

Check Out The Rocket League 'Year Three' Infographic

, I write about gaming and technology, giving news, insights, and more. Opinions expressed by Forbes Contributors are their own.
Psyonix/Rocket League

Rocket League Year 3 Infographic

</div> </div> <p>July 7th, 2018 is Rocket League’s third birthday, and Psyonix has released their yearly infographic to celebrate. This year’s graphic provides statistics like player base, community involvement, and item popularity- statistics that would be unknown to us if Psyonix wasn’t the community-involved team that it is.</p> <p>I was hoping we’d be treated to another infographic this year, since they&nbsp;provide not only a great snapshot of the game’s current state, but also allow us the chance to compare to previous years’ statistics to see how the community has changed.</p> <p>I’ve collected some of more interesting statistics from the graphic with some comments below, but feel free to check out the entire infographic (without my interruptions!) <a href="" target="_blank" data-ga-track="ExternalLink:" rel="nofollow">on the Rocket League site</a>.</p> <p> </p>

Psyonix/Rocket League

Match statistics since Rocket League’s release

</div> </div> <p>2.5&nbsp;<em>Billion&nbsp;</em>matches played is a staggering figure. If each match takes 5 minutes, that’s about 24,000 years of Rocket League played in just 3 real-life years. Time flies when you’re having fun!</p>

<p>Interestingly, across the 46 million players that number averages to only 55 matches each. I’d love to see the&nbsp;distribution of average matches played, if only to see where my obsession places me among others.</p>

Psyonix/Rocket League

Rocket League’s "Big Numbers"

</div> </div>” readability=”34.3465272591″>

Psyonix/Rocket League

Rocket League Year 3 Infographic

July 7th, 2018 is Rocket League’s third birthday, and Psyonix has released their yearly infographic to celebrate. This year’s graphic provides statistics like player base, community involvement, and item popularity- statistics that would be unknown to us if Psyonix wasn’t the community-involved team that it is.

I was hoping we’d be treated to another infographic this year, since they provide not only a great snapshot of the game’s current state, but also allow us the chance to compare to previous years’ statistics to see how the community has changed.

I’ve collected some of more interesting statistics from the graphic with some comments below, but feel free to check out the entire infographic (without my interruptions!) on the Rocket League site.

Psyonix/Rocket League

Match statistics since Rocket League’s release

2.5 Billion matches played is a staggering figure. If each match takes 5 minutes, that’s about 24,000 years of Rocket League played in just 3 real-life years. Time flies when you’re having fun!

Interestingly, across the 46 million players that number averages to only 55 matches each. I’d love to see the distribution of average matches played, if only to see where my obsession places me among others.

Psyonix/Rocket League

Rocket League’s “Big Numbers”

Page 1 / 2

Samsung Suddenly 'Confirms' Galaxy Note 9 In Europe

Most read

, I write about technology’s biggest companies Opinions expressed by Forbes Contributors are their own.

Galaxy Note 9 concept proved too ambitious

</div> </div> <p><span style="font-weight: 400"></span><span style="font-weight: 400">Ever the tease, Samsung’s support pages only list the Galaxy Note 9 by its model number (SM-N960F) but that matters little given we already know ever major detail about the phone including its </span><a href="" target="_self"><span style="font-weight: 400">incrementally larger display</span></a><span style="font-weight: 400">, </span><a href="" target="_self"><span style="font-weight: 400">additional storage and RAM</span></a><span style="font-weight: 400"> and a&nbsp;</span><a href="" target="_self"><span style="font-weight: 400">massive battery</span></a><span style="font-weight: 400">. </span></p> <p> </p> <p><span style="font-weight: 400">The bad news is these increases will make the Galaxy Note 9 </span><a href="" target="_self"><span style="font-weight: 400">heavier and thicker</span></a><span style="font-weight: 400"> than the Galaxy Note 8, the in-display fingerprint sensor has been postponed until the </span><a href="" target="_self"><span style="font-weight: 400">more exciting Galaxy S10</span></a><span style="font-weight: 400"> and the core design has barely changed. The latter is a real disappointment given claims about </span><a href="" target="_self"><span style="font-weight: 400">the technology Samsung has</span></a><span style="font-weight: 400"> to do better, but at least there’s no notch.</span></p>

Ice Universe

Galaxy Note 9 – the claimed potential and the reality

</div> </div>

<p><span style="font-weight: 400">Interestingly, for my money, the most exciting thing about the Galaxy Note 9 isn’t the phone itself but the potentially game-changing way its </span><a href="" target="_self"><span style="font-weight: 400">new S Pen will work</span></a><span style="font-weight: 400">. This alone may well be enough for may users to upgrade, especially in combination with a long-overdue big battery upgrade. </span></p> <p><span style="font-weight: 400">Then again, it’s noticeable Samsung has been far less sloppy about Galaxy </span><a href="" target="_self"><span style="font-weight: 400">S10 redesign</span></a><span style="font-weight: 400"> and </span><a href="" target="_self"><span style="font-weight: 400">wallet-busting</span></a><span style="font-weight: 400"> folding Galaxy X. Those devices will do more than enough to sell themselves…</span></p> <p><span style="font-weight: 400">___</span></p> <p><i><span style="font-weight: 400">Follow Gordon on </span></i><a href="" target="_blank" data-ga-track="ExternalLink:" rel="nofollow"><i data-ga-track="ExternalLink:"><span style="font-weight: 400" data-ga-track="ExternalLink:">Twitter</span></i></a><i><span style="font-weight: 400">, </span></i><a href="" target="_blank" data-ga-track="ExternalLink:" rel="nofollow"><i data-ga-track="ExternalLink:"><span style="font-weight: 400" data-ga-track="ExternalLink:">Facebook</span></i></a><i><span style="font-weight: 400"> and </span></i><a href="" target="_blank" data-ga-track="ExternalLink:" rel="nofollow"><i data-ga-track="ExternalLink:"><span style="font-weight: 400" data-ga-track="ExternalLink:">Google+</span></i></a></p> <p><b>More On Forbes</b></p> <p><a href="" target="_self"><span style="font-weight: 400">Massive Galaxy Note 9 Leak Details All-New Features</span></a></p> <p><a href="" target="_self"><span style="font-weight: 400">FCC Reveals Galaxy Note 9 Has Exciting New S Pen</span></a></p> <p><a href="" target="_self"><span style="font-weight: 400">Galaxy Note 9’s Big Battery Has A Serious Shortcoming</span></a></p> <p><a href="" target="_self"><span style="font-weight: 400">Samsung’s Radical Galaxy Smartphone Costs $2,000</span></a></p> <p><a href="" target="_self"><span style="font-weight: 400">Samsung’s Galaxy X And Galaxy S10 Plans Revealed</span></a></p> <p>&nbsp;</p>” readability=”39.7298649325″>

Samsung Electronics is at it again. The company has repeatedly ‘accidentally’ leaked the Galaxy Note 9 via China, Columbia, the FCC (twice) and ‘lost’ a unit which resulted in the first hands-on review. But now Samsung has gone one step further and put the phone on its website… 

Picked up by the eagled-eyed SamMobile, Samsung has listed the Galaxy Note 9 on its support sites in France, Norway, Denmark and Finland.

Galaxy Note 9 concept proved too ambitious

Ever the tease, Samsung’s support pages only list the Galaxy Note 9 by its model number (SM-N960F) but that matters little given we already know ever major detail about the phone including its incrementally larger display, additional storage and RAM and a massive battery.

The bad news is these increases will make the Galaxy Note 9 heavier and thicker than the Galaxy Note 8, the in-display fingerprint sensor has been postponed until the more exciting Galaxy S10 and the core design has barely changed. The latter is a real disappointment given claims about the technology Samsung has to do better, but at least there’s no notch.

Ice Universe

Galaxy Note 9 – the claimed potential and the reality

Interestingly, for my money, the most exciting thing about the Galaxy Note 9 isn’t the phone itself but the potentially game-changing way its new S Pen will work. This alone may well be enough for may users to upgrade, especially in combination with a long-overdue big battery upgrade.

Then again, it’s noticeable Samsung has been far less sloppy about Galaxy S10 redesign and wallet-busting folding Galaxy X. Those devices will do more than enough to sell themselves…


Follow Gordon on Twitter, Facebook and Google+

More On Forbes

Massive Galaxy Note 9 Leak Details All-New Features

FCC Reveals Galaxy Note 9 Has Exciting New S Pen

Galaxy Note 9’s Big Battery Has A Serious Shortcoming

Samsung’s Radical Galaxy Smartphone Costs $2,000

Samsung’s Galaxy X And Galaxy S10 Plans Revealed

Walmart Sells 'Impeach 45' Shirts and MAGA Fans Yell 'Boycott'

Walmart has landed in some water hot enough for this Fourth. Conservative and political consultant Ryan Fournier noticed Walmart selling “Impeach 45” clothing online, in addition to “MAGA” apparel.

The tweet saw just over 9,000 retweets and a lot of people who became irate at the company and called for a boycott.

It wasn’t technically Walmart carrying the products, but small third parties that use the company’s online marketplace. Like Amazon before it, the retailer is learning the hard way that if you host the sales of others, you can be marked with the same brush.

The issue is one of branding. Any actions associated with your company end up tied to you. The closer the connection between activity and your name, the tighter the bond.

Realistically, when a company like Walmart or Amazon opens its order taking and maybe fulfillment mechanisms to others, it has taken responsibility for anything those third parties do. If not in some legalistic sense, then in the eyes of consumers. People aren’t going to pay close attention to who gets the money in the end. And, given that the big resellers get a part of the financial action for enabling the product sales, that seems reasonable.

But to make money, the companies allow in heaven knows how many small companies and their wares. Corporate buyers aren’t involved. Neither are product marketing people. Well, except when things go belly up.

The numbers are vast, as a quick look around any of the big marketplaces will show. There might be AI software that could help do an analysis, but chances are that you’d have to keep retraining it to catch potential problems that constantly morph in appearance. That takes money and a lot more time than most people realize.

So, apparently, the preferred approach is to let things run along until problems appear and hope that you can deal with them before they get out of hand.

Walmart didn’t catch things in time in this case. According to a USA Today story, the company removed the items “pending review of our marketplace policies,” as a spokesperson said.

Dell/VMware and Nutanix dominate a growing hyper-converged market

Dell/VMware and Nutanix have continued to dominate the hyper-converged infrastructure (HCI) market in the first quarter of 2018.

Dell leads Nutanix in the market for appliances sold under their own brand, while VMware and Nutanix battle it out for the hyper-converged software products market.

That is according to analyst organisation IDC, which measures systems delivered to clients and the software they run, but not pure software revenues. It also found that HPE and Cisco registered strong growth, but fell way behind the market leaders.

According to IDC, the HCI market has leapt ahead by 76.3% in one year, driven by the performance of the four market leaders. Sales of appliances that run VMware have increased by 110%, while those driven by Nutanix have grown by 86%.

VMware has benefited from its position as market leader in virtualisation to score points in hyper-convergence, but has Nutanix snapping at its heels. The Dell EMC subsidiary posted hyper-converged systems revenue of $456m, compared with $398m for Nutanix. VMware and Nutanix took 70% of the hyper-converged market.

HPE and Cisco lag way behind, but the two suppliers did post impressive growth of 281% and 145%, respectively.

Another key point from the figures published by IDC is that hyper-converged system sales now roughly equal those of converged systems, with the former generating $1.27m in turnover, while the latter achieved $1.33m. Notably, converged systems revenue growth has come to a halt, with a small decline of 0.9% year-on-year.

In the converged systems market, Dell also leads with a turnover of $641m, with a market share of around 48%, ahead of Cisco/NetApp on $462m and about 35% of the market.

However, Dell has seen a 1% drop in sales while NetApp’s sales have grown by 16.8%.

HPE completes the rankings, but is not showing too healthily. The firm, run by Antonio Neri, posted converged systems sales of $105m, which is an 8% share of the market but a decline of 42.4% year-on-year from the equivalent period in 2017, when it had 14% of the market.

“Others” hold a 10% market share.

SCOTUS and Congress Leave the Right to Privacy Up for Grabs

Privacy is a squishy concept, one that constantly evolves with the times—and with changing technologies. Advances in how we store and communicate information shift expectations around what we can keep to ourselves, and what the rest of the world is able to know. The disruption of established privacy norms is nothing new: People were concerned when the postcard came out, for example, because they believed mail should be private.

Still, there’s a growing sense that our privacy is more vulnerable now than ever before. The technologies and devices we consider essential to modern life also create an exhaustive record of where we go, who we interact with, how we entertain ourselves, and more. The consequences of that come into sharp focus when we learn, as we have over the past several years, how often corporations fail to safeguard our most sensitive information, or that the government is secretly spying on us.

There are measures you can take to lock down your own data, but broader protections may require new legislation or even reimagining our constitutional rights for the digital era; after all, the Fourth Amendment’s protection against “unreasonable” searches and seizures gives significant room for interpretation. The push for more privacy has been gaining momentum. Now the question is whether the courts, the federal government, or the states will step in to protect our privacy. Its future is still up for grabs.

A Major Win

The Supreme Court handed privacy advocates some good news in June with Carpenter v. United States. In a 5-4 decision, it ruled that the government generally needs a warrant to get cell site location records, which are automatically generated whenever a mobile phone connects to a cell tower. In the opinion, chief justice John Roberts acknowledged the necessity of cell phones to modern life, as well as the powerful surveillance capabilities they have.

The biggest question is whether Carpenter is merely a flash in the pan or the start of a total overhaul of the Fourth Amendment.

The decision was a victory for proponents of reforming constitutional law for the digital age, including Justice Sonia Sotomayor, who was part of the majority. But Roberts was also careful to rule narrowly, meaning that Carpenter’s protections extend only to cell site location information and not to any other type of data, such as emails, text messages, and browsing histories.

“The Carpenter decision, it’s kind of an unsatisfying one I think, because it still leaves open so many questions. The majority’s rationale is a little all over the place,” says April Doss, a data privacy and cybersecurity lawyer who worked at the National Security Agency for years. “It still leaves open a ton of questions for the future about how this approach might apply to other technologies.”

The Supreme Court could clarify its position by taking on more cases. For example, the justices have yet to address whether Stingrays—the powerful surveillance devices that behave like fake cell phone towers—are constitutional. But it’s not clear there’s a desire in the court to take on such projects.

For one, Carpenter was a divided, 5-4 ruling that took the justices a significant amount of time to deliberate. Another problem is that if the Supreme Court issues a ruling too broad, it risks impeding an ongoing investigation that relies on electronic surveillance. And there are plenty of obstacles cases need to pass just to get to that point.

“The courts realize that they’re just stepping through a minefield here, and they don’t even know what the potential landmines are,” says Joshua Matz, a former clerk to justice Anthony Kennedy and the coauthor of Uncertain Justice: The Roberts Court and the Constitution.

And so, we will likely see a plethora of scholars, public defenders, and lower court judges attempt to interpret how Carpenter protects against electronic search and seizures over the next several years instead. “The chief justice decided to vote for his result, assigned himself the opinion, wrote the opinion narrowly and leaves everything to everybody else,” says Eben Moglen, a professor at Columbia Law School and the founder of the Software Freedom Law Center. “He has opened a big can of worms for everyone to sort through.”

The Carpenter decision also comes at a moment of wider changes for the court, which will also bear on the future of the Fourth Amendment and digital privacy. This was the first Supreme Court term for Neil Gorsuch, and his dissent in Carpenter hints at how he may handle such issues going forward. He believes that the plaintiff’s lawyers should have argued their case a different way entirely, by relying on property rights to claim that cell phone location records belong to the defendant rather than the mobile carrier. He’s favored similar property-rights arguments in the past.

“He has very forcefully charted out his view of how we can and should protect these sensitive records held by third parties,” says Nathan Wessler, a staff attorney at the ACLU’s Speech, Privacy, and Technology Project, who argued Carpenter’s position before the court. “Every defense attorney and advocate litigating on these issues going forward would be remiss not to very seriously grapple with the theory that Gorsuch put forward.”

Carpenter was also one of the last cases for Justice Anthony Kennedy, who announced his retirement just five days after the ruling came down. Kennedy was a crucial swing vote on many close decisions, and his retirement paves the way for President Trump to shape the future of the judiciary for a generation. We don’t yet know who the president will nominate to replace Kennedy, but it’s safe to say that the court will likely skew even further right for years to come.

Congress Could Solve This Tomorrow

Congress could step in and reform existing digital privacy laws at any time. The most significant law on the books, the Electronic Communications Privacy Act, was passed in 1986, long before the advent of smartphones, social networks, and even widespread use of email. It doesn’t require law enforcement to obtain a warrant in order to access sensitive electronic records in many cases. In theory, Congress could reform the ECPA at any time, but several efforts to do so have fallen apart.

“They just haven’t been able to move it to a vote in the Senate, there are choke points in the process,” Wessler says. “There’s also just a lot of partisan division.”

Which is not to say that Congress never steps in. Back in February, the Supreme Court was set to make a decision in US v. Microsoft, which would have decided whether national borders matter when law enforcement seeks digitally stored data. The case stems from an incident five years ago, when Microsoft was served a warrant for emails as part of a drug trafficking investigation. The tech company didn’t hand them over because they were stored in Ireland, ostensibly outside the reach of a United States warrant. The justices never decided the case because Congress quickly passed the CLOUD Act, which clarifies that it doesn’t matter whether data is stored on American soil or not.

“The Microsoft case was one where everybody could see pretty quickly, ‘Wow this has huge implications,’” Doss says. “But there are a myriad of other questions that are equally complicated and equally challenging.”

There’s certainly more pressure on Congress to pass a comprehensive privacy bill, especially in the wake of the Cambridge Analytica scandal, when news broke that Facebook had allowed the political consulting firm to misuse data belonging to tens of millions of Americans. And many lawmakers are also looking to the European Union, which recently implemented a comprehensive privacy law designed to give users more rights over their data used by companies like Facebook and Google.

But the same momentum isn’t exactly building over government surveillance. In January, Congress reauthorized many of the warrantless government surveillance programs that Edward Snowden exposed, and even expanded some of their most invasive aspects.

If Congress doesn’t update existing digital privacy laws, it’s also possible that states may step in and craft their own. Some already have: California passed a law in 2015 that requires state law enforcement to obtain a warrant to get user data stored online, including things like text messages and location information. Last week, the state also unanimously passed another sweeping privacy law, designed to give citizens more control over the data collected about them by private companies like Facebook and Google. For now, we’ll have to wait and see if Congress and the Supreme Court follow California’s lead.

More Great WIRED Stories

How the Pentagon Keeps Its App Store Secure

Every day, companies like Google and Apple wage a constant battle to keep malicious apps out of their marketplaces and off people’s phones. And while they do catch a lot of malware before it does any damage, there are always a few nasty infiltrators that manage to sneak by and end up getting downloaded by thousands of consumers. No one wants these mistakes to happen, but when you’re a crucial app store for the Department of Defense, these mistakes can’t happen.

That was the problem facing the National Geospatial-Intelligence Agency as it set about creating a flexible yet ultrasecure app store in 2012. NGA is a combat support organization that primarily assesses and distributes geospatial intelligence. The agency wanted to provide sensitive and mission-critical apps to groups across the DOD through a platform that had the security and resilience of a government defense product, while also offering a streamlined, up-to-date user experience similar to ubiquitous commercial app stores.

“We recognized that we did not know everything when it came to apps, and we wanted to be using the innovation that was happening in the commercial sector,” says Joedy Saffel, division chief and source director of NGA who has worked on the GEOINT App Store from the beginning. “But how do we do that in a safe, secure manner? How do we do that from a contractual perspective? And how do we do that in a way that nontraditional vendors will trust doing business with the government? It was a great challenge.”

The key, Saffel says, is getting developers to agree to hand over the source code of their apps for in-depth analysis and review. Whether an app is a simple time/speed/distance calculator for a pilot or a hyper-specialized classified tool, sharing source code is a big risk for developers, because it means trusting third parties with the core intellectual property they have built their businesses on. But NGA soon realized that full access was the only way its project could work.

So NGA’s GEOINT App Store runs its security protections and screening processes in a way a commercial platform never could.

Need To Know

You can browse through the GEOINT App Store yourself today and see many of the mapping, aeronautical, weather-forecasting, location-sharing, and travel-alert services that it hosts for Android, iOS, desktop, and web. But that’s just the public unclassified section—one crucial aspect of designing the platform was building segmentation controls so DOD employees with different levels of clearance, or simply different needs, could have gated access to different apps.

“We built the App Store to be a completely unclassified environment that’s open to the public,” says Ben Foster, a technical director at NGA who is the product manager for the app store. “But it also has identity management that uses a federated approach to authentication. It’s even flexible enough to integrate with other identity-management platforms across DOD. If a user is a helicopter pilot, they might see and get different apps then someone who is a tactical operator in the Army.”

This system also works with the platform’s pricing variations: Some apps are free to everyone, some downloads come with a fee that needs to be taken out of a particular department’s budget, and some apps are licensed by NGA or another agency.

The most radical part of the GEOINT App Store from a government perspective is the speed with which NGA can process apps and get them live in the store. In general, government acquisition processes take many months or years, a clear problem when it comes to constantly evolving software. So NGA worked with its chief information officer, IT Directorate, legal team, international affairs division, and contracting office to establish a streamlined app-vetting process that would be acceptable under federal acquisition regulations. The agency also contracted with a private firm called Engility to directly manage the outreach, acquisition, and development environment for customizing prospective apps to NGA’s requirements. The process, known as the Innovative GEOINT Application Provider Program, or IGAPP, minimizes bureaucratic hurdles and guides developers who want to submit an app through a pipeline that vets, modifies, and generally grooms apps for NGA’s store.

“What we focused on early on was providing tools so developers can bring their app and do a lot of the pre-testing and development with Engility,” NGA’s Saffel says. “We’re able to be flexible with that because it’s being done outside of the government footprint in a brokered environment. And then NGA has a governance board that meets every week, and the whole process has matured enough that by the time an app comes to NGA, we can review it and get that application into the app store and exposed within two weeks’ time.”

Though the process might be even faster if NGA only did the minimum vetting required, Saffel says that the GEOINT team worked to find a balance where the apps go live quickly, but there’s still time for the automated code analyses and human audits that commercial app stores can’t do.

Check It Out

After a developer submits their app, Engility does extensive source code analysis and vulnerability scanning and produces an initial findings report. John Holcomb, the IGAPP program manager from Engility, notes that an initial vulnerability report can have as many as 1,000 items on it that a developer needs to address. “It’s a little intimidating at first,” Holcomb says. “But we walk them through it, and they go back and modify their code—it’s their code, we don’t modify it for them. We might go through four runs of that on a brand-new app, but by the time we’re done, they will have remediated their code down to the level that the government needs. There are still going to be bureaucratic hurdles, but it’s our job to break through those.”

In addition to digging deep into source code, IGAPP also tests how apps function in practice, to make sure that there aren’t benign-looking aspects of the code that actually underlie a shady function. “We take the compiled application and we watch what it does,” Holcomb says. “Who does it phone home to? Is it sending private information unencrypted?”

After an app gets approved for inclusion in the GEOINT App Store, developers continue to work with IGAPP on developing and vetting software updates so that patches and improvements can be pushed out quickly.

The brokered vetting process means that the government never holds developers’ source code directly. The inspection is always mediated by Engility, which signs nondisclosure agreements with developers and isn’t a software maker itself. Holcomb says that the company carefully guards app data while storing it, and once a project is done, Engility doesn’t just do a soft data deletion; it hard-purges the information from its cloud servers within 30 days. NGA’s Saffel and Holcomb both note that developers were apprehensive about the unusual workflow at first, but over the years the app store has gained credibility.

Developers say they benefit from the IGAPP process both by securing lucrative government contracts and by integrating the improvements from the IGAPP development into their commercial products. The code audits and security vetting IGAPP offers are expensive, so developers generally don’t do such extensive assessment on their own.

“Everyone’s dream is to sell to the government, but it normally takes years of effort to get to a position where you can. In our case, I was able to sell to the government in less than a month,” says Bill DeWeese, CEO of the firm Aviation Mobile Apps, which has had six apps accepted into the GEOINT App Store. “You do feel a little anxiety about sharing source code, you worry about your IP leaking and someone getting ahold of it. But I haven’t had any issues, and the benefit is the increased quality of your products at no cost—you get the analysis for free and you can put it in your commercial offerings.”

NGA’s Saffel says the governance board that evaluates the apps at the end of the process is careful to stay vigilant so nothing goes into the store by accident. The board will still push back on apps or turn them away when warranted, but Saffel says the process has matured such that most of what the board sees these days is ready or very near ready to go live. And IGAPP prioritizes its patching process and infrastructure, to make it easy for developers to push bug fixes and improvements throughout the life of an app. All of this means a consumer-grade turnaround time for critical Department of Defense tools without the consumer-grade security concerns.

“NGA is kind of a unique combat-support agency,” Saffel says. “With the GEOINT App Store we chose to go into a very risky new frontier for DOD and the government in general, but I think we’ve demonstrated that we can do things differently and still be secure and still control access. We’re supporting a lot of different mission sets, and I expect that the app store will keep growing.”

More Great WIRED Stories

Study backs pay rise for New York City's Uber, Lyft drivers

NEW YORK (Reuters) – New York City’s cash-strapped Uber and Lyft drivers have been campaigning for bigger paychecks, and their effort got a boost on Monday from a study two economists conducted for the city’s Taxi and Limousine Commission.

FILE PHOTO: The logo of Uber is seen on an iPad, during a news conference to announce Uber resumes ride-hailing service, in Taipei, Taiwan April 13, 2017. REUTERS/Tyrone Siu/File Photo

Drivers for ride-hailing companies, which also include Via and Gett’s Juno, should get a raise to $17.22 an hour after expenses, according to the study by James Parrott of the New School in New York City and Michael Reich at the University of California at Berkeley. The recommended rate amounts to an hourly wage of $15 with an allowance for paid time off.

“Driver pay is low, despite rapid industry growth and high pricing mark-ups, because companies depend upon having a large ready pool of available drivers,” Parrott and Reich wrote. Their study found that 85 percent of the drivers, many of them immigrants, now earn less than this proposed standard.

They said that if the drivers could attain the 22.5 percent raise in net pay, they would take home an additional $6,345 annually. The study is part of a review the taxi commission is conducting to develop a minimum wage and other rules for app-based drivers. The panel plans to release draft rules for public comment soon.

New York’s yellow taxi drivers have joined with drivers for Uber and other app-based ride services to call for guaranteed minimum pay and limits on growth in the number of cars for hire in the largest U.S. city.

“The new study confirms what we’ve been saying for some time – that drivers are in fact struggling and it’s time to act. New York must require exploitative companies like Uber and Lyft to pay a livable wage,” Jim Conigliaro, Jr., founder of the Independent Drivers Guild that represents some 65,000 app-based drivers in the city, said in a statement.

FILE PHOTO: An illuminated sign appears in a Lyft ride-hailing car in Los Angeles, California, U.S. September 21, 2017. Picture taken September 21, 2017. REUTERS/Chris Helgren/File Photo

Uber was critical of the study’s findings.

“We are concerned about the unintended consequences of implementing the findings in this report and believe many of the assumptions made about our industry are over-simplified to the point of flawed,” an Uber spokesperson said in a statement.

New York Mayor Bill de Blasio and other officials have been looking into wages at app-based ride-hailing companies as well as their effect on traffic congestion and price pressure on traditional yellow taxis, which are regulated and pay fees for medallions.

Uber, Lyft, Via and Juno account for 80,000 vehicles in New York City, nearly six times more than the 13,587 yellow taxis. Residents and visitors take over 17 million app-based rides, double the number of taxi trips, the study showed.

The economists said Uber would be the city’s No. 1 private for-profit employer if drivers were classified as employees instead of independent contractors.

Higher wages may lead to more shared rides and lower commission rates for ride-hailing companies to under 10 percent from 16 percent now, they said. A rider’s average wait time for a vehicle may go up by 12 to 15 seconds and fares might rise 3 to 5 percent.

Parrott and Reich listed several ways the companies could adjust to the recommended minimum wage, including an extra charge for shared rides.

“It thus seems feasible to improve the standard of living of app drivers while also allowing the industry to continue to meet passenger demand,” Parrott and Reich wrote.

Reporting by Richard Leong; Editing by David Gregorio and Susan Thomas