Source Code: Your daily look at what matters in tech.
To give you the best possible experience, this site uses cookies. If you continue browsing. you accept our use of cookies. You can review our privacy policy to find out more about the cookies we use.
yesIssie LapowskyNone
July 14, 2020
Facebook's 16-year history is riddled with privacy blunders. There was Mark Zuckerberg's original sin of scraping students' photos to build a Hot or Not copycat at Harvard. There was the launch of News Feed, when Facebook began broadcasting every action users took on the platform to all of their friends. And, of course, there was the 2018 Cambridge Analytica scandal that exposed, though not for the first time, just how much data the company was willing to give away to third parties in the name of growth.
Now, the social networking giant has a modest proposal for lawmakers drafting privacy rules around the world: Let us help you write them.
In a new white paper published Wednesday, Facebook pushes for a light-touch approach to privacy regulation that involves maximum input from and flexibility for businesses. These, of course, are already the sorts of policies most tech giants are lobbying for behind closed doors. But the paper pushes for this collaboration to happen out in the open.
It argues, for instance, that the best way to design privacy regulations is through "policy co-creation," in which governments and companies work together to prototype policies and test their viability before they're implemented. It makes a case for regulations that "avoid or remove strict, one-size-fits-all design requirements," opting instead for laws that "regulate the process for making privacy design decisions, not the outcome of those processes."
In Singapore, Facebook has already tested these concepts through an organization it launched called Trust, Transparency and Control Labs. Together with the Singapore government, TTC Labs created what the paper calls a "regulatory sandbox," where startups could design new types of privacy notices and consent features and get feedback from regulators.
Of course, the United States is not Singapore, and Congress has hardly met Facebook with open arms recently. Protocol spoke with Facebook's deputy chief privacy officer, Rob Sherman, about what the company is proposing, who it's trying to convince, and why anyone should trust Facebook now.
This interview has been edited and condensed for clarity.
Who is this for? Who is the intended audience?
I think there are a number of intended audiences. One of the things we've realized in thinking about these problems within Facebook is governments are thinking about the right ways to regulate. Experts are thinking about what the right practices are, and companies are thinking about how to build for privacy and build for the communities they're serving. But they're not necessarily talking to each other.
Part of what we're trying to do is create a conversation that brings together those sets of stakeholders into a common conversation. It's something we've started to do through our Trust, Transparency and Control Labs initiative, which we founded. It holds a series of design jam workshops with experts, governments and companies to try to develop design solutions to some of these problems and put them out in openly accessible formats, so people can have examples of what it looks like to improve their practices.
A lot of the points in the paper struck me as Facebook saying lawmakers need to work with industry to collaborate on these regulations. That's something I imagine a lot of the industry would agree with, but regulators and privacy advocates would be pretty hesitant about. All I see them wanting to do lately is punch Facebook in the nose. What's giving you the sense this collaborative spirit exists in Congress?
In some of our efforts outside the U.S., already we've found a fair amount of interest on the parts of other companies and governments to have some of these conversations, because it all helps us get to a shared, better place.
One example is the regulatory sandbox we built with the Singapore government. This involves 14 companies working in a startup accelerator. They have resources, including privacy and nonprivacy expertise from Facebook, but also the ability to work with the government on best practices. That helps the government learn what works and what doesn't for smaller startups. And it helps the companies, and us for that matter, learn how to do these things at scale in practice.
That's Singapore. Right now, in the U.S. there's a lot of point-scoring trying to beat up on Big Tech. Why is this the moment to step in and say: The real solution to the privacy debate is to let us help you write these rules?
Getting this right is really critical. For people to be comfortable using Facebook, they need to trust we are both handling their data appropriately and communicating with them straightforwardly about that. The best way to do that is by talking to them, but also talking to other stakeholders in the ecosystem.
I also think when you look at areas outside of privacy — the financial sector's a good example — there are examples of co-created policies where industry gets together with experts and government to figure out what the right path forward is.
Have you broached this possibility with anyone in Congress, and if so, who? And how are those conversations going?
We view this as the beginning of the conversation, rather than the end. There aren't specific efforts with members to announce.
Communicating your privacy policy to the user comes last. First you need to have the policy in place that protects people's privacy. Where does Facebook stand in terms of privacy legislation that has been proposed in Congress? Is there anything you're supportive of?
We've been participating pretty actively in a number of different discussions around what privacy regulation might look like at the federal level and the state level. I think a lot of the discussions are going to align with the framework of giving people increased, clear rights over their data, the idea of putting specific obligations on companies to handle data responsibly, and identifying a regulator that's empowered to do that. Getting to a place where there's consistent federal standards around how we approach privacy is important so we can have a specific standard we can build to.
Are any of the bills in Congress bills you support?
I don't think we've expressed views on specific bills. The goal really at this point is to have conversations with a number of different stakeholders and try to get to the best place regardless of what bill is getting traction.
What about the California Privacy Rights Act, which looks like it has a good shot in November and would rewrite the California Consumer Privacy Act, which was a big deal when it was passed. Would this make things harder for you or do you support it?
It's something we've spent a lot of time thinking about. If it becomes law, it's something we will aim to comply with. It moves closer to something like [Europe's General Data Protection Regulation], when it comes to broadening the topics the legislation covers and giving people more rights over their data. I know there's a lot of debate on the ballot measure.
So, you aren't backing it or fighting it?
We haven't taken a position either for it or against.
Given you've been working on privacy at Facebook since 2012, how do you think you missed the possibility that giving app developers access to data on people's friend networks could be a privacy risk? If you're asking to be at the table with regulators to write the rules around privacy, they're going to point to the fact that you didn't get it right last time and ask why should they trust you now? So, explain how you missed that risk, or is it possible it wasn't missed, it's just that the business incentives of growing the platform outweighed the potential privacy risks?
When you look at the way we've approached communicating with people about their data in the context of the Facebook platform, that's something that's seen a pretty significant evolution over the years. It used to be the app permissions screen had a lot of information because that was the best practice at the time. It included the app developers' privacy policy with information they'd be getting and all of this detail. Over time, we've shifted toward simpler consent screens that are very clear about what developers wanted and that ask people to make a yes or no choice. That was an effort based on research and our understanding of how people interacted with those things.
A lot of the investment today is also around third-party oversight and making sure we have robust systems in place to make sure we're enforcing our policies and making sure developers that get access to data through Facebook's systems, even with people's consent, are adhering to the standards they've agreed to.
Obviously it was a problem that people didn't know what they were agreeing to in the permissions page, but the communication part came after the policy was created allowing app developers to access people's friends' data in the first place. How did you miss that that was a privacy flaw?
It was something we considered and that we improved over time as a part of the way that we approached Platform. You saw changes in 2014. You saw changes in 2018. In parallel to that you saw changes in the way we communicated.
It's clear there's a lot we could have done differently back then to avoid some of the challenges that we're facing now, but I think we've tried to invest really aggressively in addressing those and getting to a better place. The hope is that the learnings we've made through making mistakes and trying to improve our approach will help other companies and the broader policy discussion get to a more nuanced place.
From Your Site Articles
- California Privacy Rights Act: How Google, Facebook and others ... ›
- Chair of Facebook's new oversight board criticized for reading a ... ›
- How Facebook's oversight board could rewrite internet rules - Protocol ›
- Bill Tai’s next bet? A company built from Cambridge Analytica’s data science team - Protocol ›
- Tech companies are ‘scrambling’ after the EU’s top court shot down the EU-US privacy shield - Protocol ›
- How COVID-19 helped — and hurt — Facebook’s fight against bad content - Protocol ›
- Facebook project will study its impact on the 2020 election - Protocol ›
- Van Buren v. United States: The SCOTUS case splitting the privacy world in two - Protocol ›
- In 2020, COVID-19 derailed the privacy debate in the U.S. - Protocol ›
Issie Lapowsky
Issie Lapowsky (@issielapowsky) is a senior reporter at Protocol, covering the intersection of technology, politics, and national affairs. Previously, she was a senior writer at Wired, where she covered the 2016 election and the Facebook beat in its aftermath. Prior to that, Issie worked as a staff writer for Inc. magazine, writing about small business and entrepreneurship. She has also worked as an on-air contributor for CBS News and taught a graduate-level course at New York University’s Center for Publishing on how tech giants have affected publishing. Email Issie.
People
Expensify CEO David Barrett: ‘Most CEOs are not bad people, they're just cowards’
"Remember that one time when we almost had civil war? What did you do about it?"
Expensify CEO David Barrett has thoughts on what it means for tech CEOs to claim they act apolitically.
Photo: Expensify
January 19, 2021
Benjamin Pimentel ( @benpimentel) covers fintech from San Francisco. He has reported on many of the biggest tech stories over the past 20 years for the San Francisco Chronicle, Dow Jones MarketWatch and Business Insider, from the dot-com crash, the rise of cloud computing, social networking and AI to the impact of the Great Recession and the COVID crisis on Silicon Valley and beyond. He can be reached at bpimentel@protocol.com or via Signal at (510)731-8429.
January 19, 2021
The Trump presidency ends tomorrow. It's a political change in which Expensify founder and CEO David Barrett played a brief, but explosive role.
Barrett became famous last fall — or infamous, depending on whom you ask — for sending an email to the fintech startup's clients, urging them to reject Trump and support President-elect Joe Biden.
<p>"Anything less than a vote for Biden is a vote against democracy," Barrett said in the email.</p><p>It was an unprecedented political maneuver by a CEO-founder in Silicon Valley, and one that drew praise from a preeminent historian of the region.</p><p>"This was a moment that utterly transcended politics as usual, and his statement utterly transcended politics as usual," futurist and historian Paul Saffo told Protocol. "I'm sure investors got a little bit of a case of indigestion over this. It was a bold move and I would say it was made with considerable character."</p><p><div class="ad-tag"><div class="ad-place-holder" data-pos="1">
</div>
</div></p><p>And it wasn't a one-off: Barrett sent another email to Expensify customers over the weekend, telling its users about its plans to spend $3 million on fighting inequality, while also railing against the "domestic terrorists" who invaded the Capitol earlier this month.</p><p>Barrett talked to Protocol last Friday, before the latest email, about the coming transition, which he reflected on in a celebratory mood even as he looked back on the controversial episode. "We just survived Trump. This is going to be an amazing year," he said. "The economy's coming back. The vaccines are rolling out. Travel is going to restart. We got a new administration that's going to make reasonable decisions. We avoided a civil war. Everything's on the up and up."</p><p><em>The interview has been edited for clarity and brevity.</em></p><p><strong>You sent that email taking a position on the election. I've talked to a lot of CEOs in Silicon Valley who'd rather stay in the middle. They're not going to say what they think or even who they voted for because it's safer.</strong></p><p>My opinion is a little bit different. I think this idea of "Oh, we're apolitical," I think that's kind of bullshit. I think there's no such thing in a democracy as being apolitical. Every action you take is your position. I think that a large number of these tech companies, by saying, "Oh, we're apolitical," that's a very convenient way of saying, "No, I'm voting for the status quo. I support the current administration, and I'm not going to take actions to do anything about it because it's actually good for business." I think it's actually pretty cynical.</p><p><div class="ad-tag"><div class="ad-place-holder" data-pos="2">
</div>
</div></p><p><strong>There's going to be a change, and there will be new issues. It's probably not going to be as intense as Trump, but there will be issues. How do you navigate them? It can be a slippery slope when you start to take positions.</strong></p><p>I think the litmus test is: What is the real-world potential impact of this? I don't anticipate to weigh in on the normal issues. It sounded bombastic back then when I wrote the newsletter: "Hey, I am genuinely concerned that we're going to have a true civil war, and that's going to be really bad for business. My business is great. We're profitable. We're growing. We're surviving the pandemic. So long as we don't descend into civil war, we'll be fine. But Trump is saying he's not going to leave office, and is anyone reading this crazy shit? We should take it seriously." </p><p>This is not normal politics. This is not taxes or health care or whatever. This is like the destruction of our nation up for discussion. The only reason I felt it was important as a CEO to weigh in was that the stakes are too high to be neutral here. </p><p>Even right now. The guy's still not out of office, by the way. The FBI's warning that we're going to have attacks on every state Capitol. Never has that happened in the history of the nation before. This is so wild, what we're talking about. </p><p><div class="ad-tag"><div class="ad-place-holder" data-pos="3">
</div>
</div></p><p>I feel that we need to keep reminding ourselves just how beyond the pale this is. As business leaders, it's just shameful to just sit out this entire thing. It's like, "Oh, remember that one time when we almost had civil war? What did you do about it? Oh, fucking nothing? Oh, good job."</p><p><strong>What was the reaction to the email like? Did any of it give you pause?</strong></p><p>Expensify is not a product you adopt overnight. You also don't leave it overnight. We just didn't know what the reaction was going to be. We saw this thing just go so much bigger than we expected. We were like, "Oh, fuck. OK. That's exciting."</p><p>Most people ignored it, or agreed with it, or vented about it or whatever. The vast majority of people, they're too busy. And in this Twitter news cycle, sustaining anger for more than like 10 seconds is hard. It's like, "Fuck Trump! Oh, such a cute puppy!" It's so hard to do anything.</p><p><strong>Where does that come from, that belief in taking a position? Can you talk a bit about your background?</strong></p><p>My background has always been in hard engineering. Never been in finance. Never been in politics or any of that stuff. I think what you're getting at [is]: Why are you so outspoken? I'm in a lucky position to do that. I run a very profitable business that has a very distributed customer base. </p><p><div class="ad-tag"><div class="ad-place-holder" data-pos="4">
</div>
</div></p><p>I think most CEOs, it's not that they're bad people, they're just cowards. They're like, "Yeah, I would like to take a stand, but I can't because of investors, customers and things like this." It basically comes down to, "I care more about hitting the next quarter results than preventing a civil war," which is so fucked up. They're more afraid of their investors than they are of militants. I'm in a lucky position where I don't have to be afraid of my investors. I'm super profitable. I can't get fired. There's no majority on the board that can fire me. So I think that I am in a position [where] I can take these stands much more than others. </p><p>I've heard from a lot of other CEOs [about speaking up, and they say]: "I can't. I wish I could. I feel bad. I feel ashamed. But I kind of can't." I feel I can give an example of, like, "Guys, speak up. The water's fine." Defending democracy is not actually a bold choice because most people agree with it.</p><p>Sure, we got a lot of shit on Twitter, or whatever. Those people weren't our customers anyway. It had no negative impact on revenue. If anything, I think we're gonna look back and this is going to be an incredible brand building event. We didn't expect this to go as viral as it did. It's like, "Shocker! Getting massive coverage for defending democracy is good for business, actually."</p><p><div class="ad-tag"><div class="ad-place-holder" data-pos="5">
</div>
</div></p><p>I think that CEOs need to have the courage to actually step up for things that matter, and be less sort of afraid of the impact on their businesses. Because most customers, especially the people who are actually buying the software, they care about stability, they care about democracy.</p><p><strong>Would you consider politics after your business career?</strong></p><p>No, that sounds like a huge pain in the ass. Plus that assumes that there is an "after my business career." I just made this giant profitable business, and it's fucking awesome. I want to work here forever. My goal is just to stay here forever.</p>
From Your Site Articles
Keep Reading
Show less
Benjamin Pimentel ( @benpimentel) covers fintech from San Francisco. He has reported on many of the biggest tech stories over the past 20 years for the San Francisco Chronicle, Dow Jones MarketWatch and Business Insider, from the dot-com crash, the rise of cloud computing, social networking and AI to the impact of the Great Recession and the COVID crisis on Silicon Valley and beyond. He can be reached at bpimentel@protocol.com or via Signal at (510)731-8429.
People
Amazon’s head of Alexa Trust on how Big Tech should talk about data
Anne Toth, Amazon's director of Alexa Trust, explains what it takes to get people to feel comfortable using your product — and why that is work worth doing.
Anne Toth, Amazon's director of Alexa Trust, has been working on tech privacy for decades.
Photo: Amazon
January 18, 2021
David Pierce ( @pierce) is Protocol's editor at large. Prior to joining Protocol, he was a columnist at The Wall Street Journal, a senior writer with Wired, and deputy editor at The Verge. He owns all the phones.
January 18, 2021
Anne Toth has had a long career in the tech industry, thinking about privacy and security at companies like Yahoo, Google and Slack, working with the World Economic Forum and advising companies around Silicon Valley.
Last August she took on a new job as the director of Alexa Trust, leading a big team tackling a big question: How do you make people feel good using a product like Alexa, which is designed to be deeply ingrained in their lives? "Alexa in your home is probably the closest sort of consumer experience or manifestation of AI in your life," she said. That comes with data questions, privacy questions, ethical questions and lots more.
<p>During CES week, when Toth was also on a popular panel about the future of privacy, she hopped on a Chime call to talk about her team, her career and what it takes to get users to trust Big Tech. </p><p><div class="ad-tag"><div class="ad-place-holder" data-pos="1">
</div>
</div></p><p><em>This interview has been edited and condensed for clarity.</em></p><p><strong>How does the Trust team work? That's what it's called, right?</strong></p><p>Yeah. I work on the Alexa Trust org, it's part of the Alexa organization overall. The team that I work on is responsible for building all the privacy features, all the privacy controls and settings, and thinking about privacy across Alexa, as well as accessibility. So the aging teams, the accessibility teams, Alexa for Everyone, all reside within this organization. And we're thinking about content issues and the whole gamut. So really all of the all of the policy dimensions and how they manifest in consumer-accessible controls and features is what this team thinks about.</p><p><strong>Why is that one team? You just named a bunch of different, equally important things. What is the tie that binds all of those things?</strong></p><p>Well … I think it's trust, right? It's, how do we develop trustworthy experiences? We are very much a horizontal organization that works throughout the Alexa org. </p><p>And the Alexa org actually is much larger than I even anticipated. When I first was interviewing with the organization, I was really surprised at how big and how quickly it's grown. So it's truly a horizontal effort to think about the customer experience, and all of these areas where there are potential trust issues, and try to deal with them very proactively. </p><p><strong>That's a much bigger definition of trust than I would have guessed. I feel like we talk about trust a lot as sort of synonymous with privacy, and so "what do you do with my data" is the core question. But then when you put things like accessibility and ethics in there, it broadens the definition of what you're looking at in this really interesting way.</strong></p><p><div class="ad-tag"><div class="ad-place-holder" data-pos="2">
</div>
</div></p><p>Yeah, it's a very expansive view. I have worked on privacy for most of my career. It often presents as a defensive issue for companies, right? And even the word "privacy" brings up a sort of connotation that makes you think about all the things you don't want people to know. </p><p>But I think of it really as an opportunity to innovate and to try to create more positive experiences, rather than to think of it as a defensive posture. How are we enabling the usage of data to help create better experiences for customers? Because that's really, ultimately what customers want: for you to use data to make this better for me. And I'm totally good with that. The concern is when I'm not sure what I'm getting out of you using my data, and you have it, and why do you have it? That's the area that's problematic. And what I see, and what we're trying to do, is to be very transparent, and to demonstrate time and again how your data is actually benefiting you in this product experience.</p><p><strong>That's actually one of the things I wanted to talk about. You said in another interview that so much of privacy and security is basically just, like, don't screw up. There's no positive experience, it's just there until you ruin it. It's interesting to think about it the other way: to say, "What does it look like to be more proactive about privacy and data security?" What does that look like for you, in terms of how to actually put it in front of people in a way that feels useful, instead of just having pop-ups that say, "Don't worry, we're not using your data for bad things?"</strong><br></p><p><div class="ad-tag"><div class="ad-place-holder" data-pos="3">
</div>
</div></p><p>Designing for privacy, or designing for trust more specifically, is about baby steps. It's like developing a relationship with a person, right? You have to earn the trust. And you have to do things in the beginning that over time become less important. So the wake word: We rely very heavily on the wake word. You have to invoke Alexa. But the use of the wake word, and the training around that, is in order to make people comfortable with the fact that we are only streaming your requests to the cloud once the wake word has been invoked. </p><p>That is about interjecting some conscious friction, to create a trusted experience so that later when we have more advanced features, more advanced conversational-type elements, you'll be in a place where you're comfortable with that experience. It moved you along that learning curve, and got to that place where you trust us to do that for you effectively. </p><p>I think it was on Twitter or on LinkedIn, I saw that there was an article that had gone viral. There was a security organization that did a breakdown of an Echo device because there was a theory the mic-off button was in fact just cosmetic. So they did a whole breakdown and sort of mapped out the electronics to prove, in fact, if the red light is on, the wiring to the mic is disabled. The red light and the mic cannot both be on at the same time and vice versa. That was a design choice. There are a lot of choices that are about getting people comfortable with the device, and feeling that degree of trust so that later down the road, we can introduce more features that people will be more likely to use. </p><p><div class="ad-tag"><div class="ad-place-holder" data-pos="4">
</div>
</div></p><p><strong>But it's telling even that those sort of conspiracy theories exist, right? People think the same thing about Facebook turning on their microphone. Does it feel like there is this perception hole that every big tech company is in right now? That you, as Alexa, have to go out of your way to convince people that you're doing the right thing, as opposed to even starting in a neutral place? It just feels like we're in this place where people are learning to be suspicious about things that they don't understand.</strong></p><p>I'm kind of a hardened cynic. That's just my natural disposition on things. So yes, I think we are in a period of time right now where skepticism is at an all-time high. And I think deservedly so, in the world we're living in at the present moment.</p><p><div class="ad-tag"><div class="ad-place-holder" data-pos="5">
</div>
</div></p><p>But what I'm often heartened by is that people have put this device into their homes, into their most sacred private spaces with their families with their loved ones. To do that is a big leap of faith and trust in Amazon and Alexa. So the mere fact that we're there is already a sign that people have extended to us the benefit of the doubt and have said "we trust you." </p><p>So it's not even so much about having to earn that trust in the first place as it is having to be worthy of that trust, right? Or be worthy of that privilege of being in that space. That's the goal for me: to make sure that we continue to be worthy of the trust they've already placed in us, which is not a hurdle everyone gets over. </p><p><strong>What about as you think about things like default settings versus giving people choice? You can give people all the options in the world, but we know for a fact that most people are never going to change anything. So I'm suspicious of the idea that that's a solution to these problems, but it's definitely part of the solution. How do you think about making good decisions for people versus letting people make decisions?</strong> </p><p>First of all, no two people have the exact same notions of privacy. It's different generations, different cultures, different backgrounds, different experiences, all driving different expectations. No matter where you set a default, it's not going to be right for everybody. So there has to be the ability to change it. And you have to make that easy to find. <br></p><p><div class="ad-tag"><div class="ad-place-holder" data-pos="6">
</div>
</div></p><p>So in the Alexa context, voice-forward commands to try to make it as easy as possible to be able to say, "why did you do that," or "delete what I just said," or "delete everything I have ever said" — those kinds of interactions help reduce the friction in privacy, they make it easier for people to exercise those those options. </p><p>Your default settings generally represent your organizational bias, in one way or the other. And in this case, the default settings that we have reflect our ability to use data in a way that's going to improve the product and make it better for the customer. So that's where they are. And that's how they've been determined. But they're not immovable. And that's the most important part. </p><p><strong>Well, that education piece seems hard, though. We've seen Facebook, for instance, try to explain why it collects a lot of data. And it doesn't necessarily track for a lot of people. There was this big dustup with WhatsApp, people lost their minds. Is it harder than you're making it sound to help people understand what you're doing with their data?</strong></p><p>In some ways, I think that this product gives you a more immediate example of that data benefit than other products. I mean, I spent a lot of my career talking about the benefits of targeted advertising, and how if you're going to get an ad, better to get a targeted ad than one that's irrelevant. But the relative benefit to you as a customer, as an individual, for that use of your data doesn't really feel as meaningful as the types of experiences or improvements we're able to make. </p><p><div class="ad-tag"><div class="ad-place-holder" data-pos="7">
</div>
</div></p><p>And there's lots of data, particularly looking at introducing Alexa into new countries and languages and dialects, where the ability to use that voice data to dramatically improve our responses and our accuracy is something that is noticeable by people over time. I think people would recognize that, that trajectory.</p><p><strong>That's fair. And it does seem like most people, when you explain it to them, will understand pieces of it like that.</strong> </p><p>This is why I love "Alexa, why did you do that?" Because Alexa doesn't always get it right the first time, and to be able to actually ask and get a response about what that reasoning was, and you can see it in real time — you can't do that with a lot of other experiences. That's a cool one that I hope more people use. </p><p>But we are faced with some real challenges under regulation about explainable AI. These technologies are getting more and more sophisticated, and when they work really well, sometimes we're delighted, and sometimes we're creeped out. It's that balancing act of like, "Wait a minute, that was really useful … should I be worried?" Which is why trust is so important to develop, so that when you get to that moment, you can offer a customer benefit without it being intrusive, or invasive or feeling somehow uncomfortable. Devices should learn!</p><p><div class="ad-tag"><div class="ad-place-holder" data-pos="8">
</div>
</div></p><p><strong>You're a privacy person, so I have a current events question for you: We're in the middle right now of this privacy versus transparency debate, where it's either better to let people use encrypted services because they can't be watched or becomes a problem because bad people can do bad stuff in those encrypted services and nobody can find them. And obviously, this shows up in lots of scary ways recently. Where do you fall on the debate?</strong></p><p>I will have to speak to this on a personal level, but all the messaging apps I use are end-to-end encrypted for primary messaging. I think it's important, and I think that there's a role that they play that is important. There are lots of people who think that people aren't really concerned about privacy in the world, and we've passed that moment where privacy is an issue. Just based on the number of people that I've seen crop up on Signal and Telegram in the last week, I can tell you that people really are paying attention. So I think that if that's the indicator that we should be looking at, then I would say privacy is not dead. People really do care. And it's something everybody should be paying attention to.</p><p><div class="ad-tag"><div class="ad-place-holder" data-pos="9">
</div>
</div></p>
Keep Reading
Show less
David Pierce ( @pierce) is Protocol's editor at large. Prior to joining Protocol, he was a columnist at The Wall Street Journal, a senior writer with Wired, and deputy editor at The Verge. He owns all the phones.
People
Poshmark made ecommerce social. Wall Street is on board.
"When we go social, we're not going back," says co-founder Tracy Sun.
Tracy Sun is Poshmark's co-founder and SVP of new markets.
Photo: Poshmark/Ken Jay
January 14, 2021
Hirsh Chitkara (@ChitkaraHirsh) is a researcher at Protocol, based out of New York City. Before joining Protocol, he worked for Business Insider Intelligence, where he wrote about Big Tech, telecoms, workplace privacy, smart cities, and geopolitics. He also worked on the Strategy & Analytics team at the Cleveland Indians.
January 14, 2021
Investors were keen to buy into Poshmark's vision for the future of retail — one that is social, online and secondhand. The company's stock price more than doubled within a few minutes of its Nasdaq debut this morning, rising from $42 to $103.
Poshmark is anything but an overnight success. The California-based company, founded in 2011, has steadily attracted a community of 31.7 million active users to its marketplace for secondhand apparel, accessories, footwear, home and beauty products. In 2019, these users spent an average of 27 minutes per day on the platform, placing it in the same realm as some of the most popular social media services. This is likely why Poshmark points out in its S-1 that it isn't just an ecommerce platform, but a "social marketplace." Users can like, comment, share and follow other buyers and sellers on the platform.
<p>For the first time since its founding, Poshmark <a href="https://www.sec.gov/Archives/edgar/data/1825480/000119312520320132/d66583ds1.htm" rel="noopener noreferrer" target="_blank">turned a profit</a> in its quarter that ended in June, and was again profitable the following quarter. It makes money by charging sellers a fee: 20% for items over $15, and $2.95 for everything else. And though Poshmark markets itself as a <a href="https://blog.poshmark.com/2020/02/26/the-revival-of-iconic-handbags/" rel="noopener noreferrer" target="_blank">trusted source for luxury items</a> (it provides <a href="https://poshmark.com/posh_authenticate" rel="noopener noreferrer" target="_blank">free authentication</a> for items over $500), the average order value in 2019 was just $33.<br></p><p><div class="ad-tag"><div class="ad-place-holder" data-pos="1">
</div>
</div></p><p>Co-founder and SVP of New Markets Tracy Sun spoke with Protocol soon after Poshmark's market debut. Sun discussed the importance of social commerce, why users are spending so much time on Poshmark, and how the company is investing for long-term growth. </p><p><em>The interview has been edited for clarity and brevity.</em></p><p><strong>As you went through the IPO process, what were some common questions from investors?</strong></p><p>The main questions we get from investors are about our social commerce marketplace and the magic behind it. Here's the thing: A lot of social networks are tacking on commerce, and a lot of commerce companies are tacking on social. Poshmark is different in that we built our business with social and commerce integrated from the very beginning. This means we are at the forefront of social commerce and this puts us in a leadership position. </p><p>Many people are aware that social commerce is a global phenomenon. So they really want to understand, "How does it work? Where is the momentum coming from? And why have we been able to get to where we are today?"</p><p><strong>What's driving customers to spend those 27 minutes each day on Poshmark? Are customers treating it as a social experience, even if they have no immediate intention of buying?</strong></p><p><div class="ad-tag"><div class="ad-place-holder" data-pos="2">
</div>
</div></p><p>Shopping, historically, has always been social. Hundreds of years ago, people wanted to talk to one another about the items they were buying. They wanted to know the people they were buying from. That's just inherent in us in shopping.</p><p>With the rise of ecommerce, all of that engagement and vibrancy that human beings have when they connect with one another got stripped out of shopping. What we see online is the photo of the product and price. What Poshmark does is put all of that vibrancy of social community connections back into shopping.</p><p>To your question of what people are doing on the platform: They are talking to one another; they are getting to know who they're buying from and selling to; they're getting inspiration; they're getting recommendations; they're asking questions about color, fit, sizing and everything else we're accustomed to asking in a social environment. And honestly, this is the way people are shopping today. Gen Z and the younger generations refuse to have one-way communication, they want to be involved, talk to their peers and socialize. So we've built this social marketplace in order to help enable that, and, as a result, help our buyers and sellers thrive.</p><p><strong>There's a fairly large gap between your average selling price of $33 and the authentication threshold of $500. How does Poshmark build consumer trust for customers making purchases below $500?</strong></p><p><div class="ad-tag"><div class="ad-place-holder" data-pos="3">
</div>
</div></p><p>Buyer and seller trust is extremely important to us. As you mentioned, we offer authentication services on certain items. There are also a lot of investments we're making — on the human, technology and program side — to protect our community.</p><p>We have machine learning in the background that helps strengthen the integrity of our marketplace. We have a community program where we enable anyone on our site to flag any listings that violate our politics, and our politics are very clearly stated on our site. We also have a team of people who are constantly monitoring listings.</p><p><strong>Poshmark experienced a dip at the onset of the pandemic in March, but then performed really well in the subsequent months. How do you plan on retaining that momentum as the pandemic hopefully subsides?</strong></p><p>There are three trends driving momentum in commerce: the shift online, the shift to social, and the shift to resale or secondhand. Over the past year, those trends that were already there have accelerated. Once we go online, we're not going back. When we go social, we're not going back. These trends are here to stay. </p><p>We see ourselves at the intersection of these trends and the leader at this intersection. We are focused on continuing to build long-term growth. So we started with women's products and added men's and kids'. Last year we added home goods, and most recently we launched beauty. We'll continue to add more categories so that our buyers and sellers can transact with more items, [and] international [expansion]. Then the last one is building enterprise-grade tools and services to support those sellers that are looking to move a high volume of inventory. </p><p><div class="ad-tag"><div class="ad-place-holder" data-pos="4">
</div>
</div></p>
Keep Reading
Show less
Hirsh Chitkara (@ChitkaraHirsh) is a researcher at Protocol, based out of New York City. Before joining Protocol, he worked for Business Insider Intelligence, where he wrote about Big Tech, telecoms, workplace privacy, smart cities, and geopolitics. He also worked on the Strategy & Analytics team at the Cleveland Indians.
People
Affirm CEO Max Levchin: ‘I see an ocean of opportunities’
The fintech startup's stock soared more than 90% in its IPO debut today.
January 13, 2021
Benjamin Pimentel ( @benpimentel) covers fintech from San Francisco. He has reported on many of the biggest tech stories over the past 20 years for the San Francisco Chronicle, Dow Jones MarketWatch and Business Insider, from the dot-com crash, the rise of cloud computing, social networking and AI to the impact of the Great Recession and the COVID crisis on Silicon Valley and beyond. He can be reached at bpimentel@protocol.com or via Signal at (510)731-8429.
January 13, 2021
It was a blockbuster debut for Affirm. The fintech startup's shares soared more than 90% when it went public on Wednesday.
The day itself began quietly for CEO Max Levchin: He kicked it off with a Zoom call with his kids, made a latte for his wife and joined a group chat with some high school friends, one of whom is recovering from COVID-19. "We were very happy to hear that he's doing well," he told Protocol shortly after his startup began trading on the Nasdaq Global Exchange.
<p>Affirm's stock opened at $90.90 after pricing at $49 a share, before climbing to as high as $96.07 in late trades.</p><p>Levchin took some time off to share his thoughts into what the successful trading debut means and what's next for the fintech startup.</p><p><em>The interview has been edited for clarity and brevity.</em></p><p><strong>Quick thoughts on why the stock is rallying?</strong></p><p>I think the market does what it does. I choose to interpret it as, "People love what we stand for beyond the opportunity for financial gain." We have a story to tell, and our story is special. We built a product that actually improves lives in financial services.</p><p><div class="ad-tag"><div class="ad-place-holder" data-pos="1">
</div>
</div></p><p><strong>What were the common questions you were asked by investors in the IPO process?</strong></p><p>The question I heard a bunch — and I enjoyed answering — was: What makes you different? It's a hot space. There are tons of incumbents and a lot of new players. What do you do that makes you special? One big part of it is how much we attach ourselves to the idea of honest financial products, not just an opportunity for profit. It's really powerful, and that's resonated with millions of consumers and thousands and thousands merchants. That's part of our story and we tell it every time.</p><p>We took the time to build a fully universal solution. We will scale with the merchant up and down, something as enormous and complex as Walmart, and as technologically advanced and sophisticated and demanding as Shopify, and literally thousands of brands that we would have only heard of if we were looking for very specific things. We are built by a lot of engineers who are very technology-first. And that allowed us to do things right.</p><p><strong>Some analysts, while acknowledging your growth, also point to the state of the economy. Given that consumers are still facing a lot of uncertainty given the pandemic and the economic downturn, how do you reflect on those concerns?</strong></p><p><div class="ad-tag"><div class="ad-place-holder" data-pos="2">
</div>
</div></p><p>I think they are justified in the sense that the U.S. economy took a giant step back, in many ways, and yet also transformed itself, in some pretty fantastic ways. We saw the massive acceleration of the offline to online movement in commerce. I think the economy is being forced to modernize itself.</p><p><strong>Are there things in the way the economy has changed over the past year since the pandemic began that worry you, that you feel could be a problem?</strong></p><p>Part of what makes us different and special is we work with our consumers and our merchants to evaluate every transaction. So in many ways, I think our products are more important than ever to consumers. Some of them have lost their jobs, some of them are trying to be a little bit smarter about budgeting and affordability. I think these folks really benefited from Affirm. And we take great pride in helping them navigate the uncertainty and complexity around them. From a more macro view, income inequality is something that our society struggles with and is right to be concerned about.</p><p><strong>What are the biggest challenges for you this year, post-IPO?</strong></p><p>We are fundamentally limited by a number of things we can build and ship in per-unit time. I see an ocean of opportunities, and probably prioritizing them, and being focused and not trying to do everything for the exact same time despite the fact that it feels like we can do so much to help, is probably my personal challenge.</p><p><div class="ad-tag"><div class="ad-place-holder" data-pos="3">
</div>
</div></p><p><strong>What was the toughest part of the IPO process for you?</strong> </p><p>The level of effort and intensity that our team brought to bear to make this happen constantly made me feel like I'm just not working hard enough. The sheer amount of work we were able to do in a shorter period of time was something else. That said, we weren't going to cut corners. We were going to do it right. We were going to go out when we were ready and when the market was ready for us.</p>
Keep Reading
Show less
Benjamin Pimentel ( @benpimentel) covers fintech from San Francisco. He has reported on many of the biggest tech stories over the past 20 years for the San Francisco Chronicle, Dow Jones MarketWatch and Business Insider, from the dot-com crash, the rise of cloud computing, social networking and AI to the impact of the Great Recession and the COVID crisis on Silicon Valley and beyond. He can be reached at bpimentel@protocol.com or via Signal at (510)731-8429.
Protocol | Enterprise
Twilio CEO Jeff Lawson explains how he decided to face off with Parler
Also, why he thinks the $3.2 billion purchase of Segment will help Twilio's customers help their customers and why he's OK with being reliant on AWS.
"I think in a society, words matter, actions matter," Twilio CEO Jeff Lawson said. "That's why companies have things like Terms of Service and acceptable use policies."
Photo: Twilio
January 13, 2021
Tom Krazit ( @tomkrazit) is a senior reporter at Protocol, covering cloud computing and enterprise technology out of the Pacific Northwest. He has written and edited stories about the technology industry for almost two decades for publications such as IDG, CNET, paidContent, and GeekWire. He served as executive editor of Gigaom and Structure, and most recently produced a leading cloud computing newsletter called Mostly Cloudy.
January 13, 2021
Cloud computing companies were one of the few segments of society that enjoyed 2020. But even companies like Twilio, whose stock price tripled over the last 12 months, have had enough of 2021 already.
Last Friday, in the wake of the deadly attack on the Capitol, Twilio sent a letter to the right-wing social media app Parler notifying the company that it was violating Twilio's acceptable use policy for two of its authentication services. Parler decided to turn off Twilio's services rather than moderate calls for violence against elected officials on its app, which became a moot point after AWS cut Parler off from its own computing and storage services Sunday evening.
<p>This was not the way CEO Jeff Lawson wanted to kick off a round of publicity for his new book, "<a href="https://www.amazon.com/Ask-Your-Developer-Software-Developers/dp/0063018292" rel="noopener noreferrer" target="_blank">Ask Your Developer</a>." But little that has happened this month has gone according to plan, and he is quick to defend his decision from last week.</p><p><div class="ad-tag"><div class="ad-place-holder" data-pos="1">
</div>
</div></p><p>"If you walk into a movie theater and yell 'fire,' or you walk into an ice cream parlor and start yelling racist epithets, don't expect to be a customer of that establishment for very long," he said in an interview with Protocol Tuesday.</p><p>Lawson built Twilio into a $60 billion company based around communications APIs that allow app and web developers to build customer service and support capabilities into their own products. Just as Stripe became a central hub for payment technology for a generation of developers, Twilio enjoys a similar position when it comes to communications technology.</p><p>In his conversation with Protocol, Lawson explained the thinking behind Twilio's decision on Parler, the strategy behind <a href="https://www.protocol.com/newsletters/protocol-enterprise/why-did-twilio-pay-3-billion-for-segment-developers" target="_self">last year's $3.2 billion acquisition of Segment</a> and why developers should be free to choose no code, low code or "yo code" tools when building their apps.</p><p><em>This interview has been edited and condensed for clarity.</em></p><p><strong>Given everything that's happened in the last week, I was wondering if you could walk me through your decision to suspend service to Parler?</strong></p><p>I think in a society, words matter, actions matter. And we all have to work together to build a society. That's why companies have things like Terms of Service and acceptable use policies, because they say "What is acceptable?" There's a wide variety of things that are acceptable, but there's also fringe things that aren't.</p><p>This is not new to the online world, but think about the offline world. If you walk into a movie theater and yell "fire," or you walk into an ice cream parlor and start yelling racist epithets, don't expect to be a customer of that establishment for very long. I think what you see is the online world doing the same thing.</p><p><div class="ad-tag"><div class="ad-place-holder" data-pos="2">
</div>
</div></p><p>When people at the fringes of society are doing things like advocating for violence, overthrow[ing] the government, murder and hate, those are things that are largely illegal. And therefore companies like Twilio are saying: That's not how you're allowed to use our products, our platform,</p><p>This is fringe, extremist stuff. And if this were some other religion we'd be having a very different conversation. I just think that because it is happening in America, and it's largely white, it's "why are we shutting it down?" But when it's religious extremism of other varieties? People have a very clear sense: "Oh, yeah, that's wrong. And that shouldn't be allowed."</p><p><strong>What was the motivation behind the Segment deal?</strong></p><p>Our goal is to build the leading customer engagement platform. And customer engagement is essentially the sum of all of the interactions a company has with its customer that makes the customer love the company and want to buy products and want to be a loyal customer and repeat customer. And there's really two parts to building a great customer experience or customer engagement.</p><p>One is knowing your customer, and then, two, engaging with them using communications to say relevant things and to actually be a good communicator. Twilio has long played in the second category of helping companies to communicate with their customers, with text, with voice, [with] video, with chat across many different parts of the customer experience spectrum, whether it's on the ... marketing side, or the sales side, or the customer support side, or while you're using a product.</p><p><div class="ad-tag"><div class="ad-place-holder" data-pos="3">
</div>
</div></p><p>But the first thing you need to do is really understand your customer: understand who they are, what products they're looking for and how they use your product. That's what helps you be really good at engaging with customers. And that's what Segment does.</p><p>If you think about especially B2C companies, the way the story of who you are, what products you're interested in, what your purchase history is, that is all told through data that is on various systems throughout the company. The marketing system knows which emails you clicked on, maybe indicating that you liked those products; the ecommerce system knows which products you bought, historically; the customer support system knows how many times you've interacted with the company and the problems that you've had. The sum of understanding you is the sum of all those data points about you.</p><p>Segment allows companies to take all those bits of data that are siloed, all throughout the company and all those different computer systems, and actually pull them together to build a cohesive picture of, you know, you.</p><p><strong>The way that your customers go about this is they build these customer service products for themselves, using some of your basic plumbing tools. Do you see yourself increasingly competing with companies that sort of just provide that whole experience as a service?</strong></p><p><div class="ad-tag"><div class="ad-place-holder" data-pos="4">
</div>
</div></p><p>Generally speaking, companies need to be able to build parts of their customer experience that their customers value, because that's how you differentiate in the market. If you have the exact same customer experience as all your competitors, you're not going to be very differentiated, especially in the digital era where the perception that customers have so many companies is the digital experience you have.</p><p>Companies who win are companies who are good at building software that differentiates them in the eyes of their customers. Now, you do that by buying some things and building some things. And so a lot of companies will have, you know, SaaS products that they bought, but they need to make those SaaS products do new and interesting things to answer their customers' needs. </p><p>Many of the problems that arise are from companies having bought a whole bunch of SaaS applications that can't talk to each other. They become data silos, and getting the data out of one into the other in order to build a really cohesive experience is tremendously hard. Segment and Twilio allow you to take the investments you've made in a bunch of SaaS products and make them better.</p><p><strong>It appears you're all in on AWS from an infrastructure standpoint, behind your own platform. As you get bigger, have you considered multicloud, or bringing in other providers as you scale?</strong></p><p><div class="ad-tag"><div class="ad-place-holder" data-pos="5">
</div>
</div></p><p>We do have other vendors in the mix at Twilio, although the majority of our infrastructure is with AWS. That doesn't trouble me per se, because if you think about it, what do I want my product teams at Twilio doing? I want them building the things our customers care about.</p><p>Our customers don't really care about where our CPU and storage is. They care about what our products do, and how our products are making our customers' lives better. The more time that we get to spend doing those things that our customers care about and are buying from us, the better.</p><p>That's the great role of infrastructure; infrastructure lets you focus on the things that you do well as your core competency. We are very happy Amazon customers, they provide a great platform. Of course, it helps that I worked there in the very early days of AWS and I know a lot of the people there. But ultimately it's about picking the best tool for the job and then allowing your teams to focus on building the differentiation that your customers care about.</p><p><strong>You mentioned picking the best tool for the job. Increasingly, there are options from Microsoft and Google that are best-in-class tools for a job depending on different needs. But there is obviously some convenience of being all in on AWS, they have a certain way of doing things you understand, so your engineers don't have to learn different tricks. How do you balance that?</strong></p><p><div class="ad-tag"><div class="ad-place-holder" data-pos="6">
</div>
</div></p><p>Developers have the freedom to propose the tool for the job. Now, if it's a new tool we've never used before, there may be an architectural review, there may be a security review, etc. But ultimately, we want developers at Twilio who are building products to be able to essentially pick the right piece of infrastructure that's going to facilitate them building the best product.</p><p>That's one of the points that I make in my book, which is that company policies are useful to protect customers: say, security, and things like that. Of course, you want those things to be taken care of, but you also want to trust your developers to make the right technical decisions for the products they're building.</p><p>In fact, in the areas where we don't use AWS, that's because a developer thought that some other service would be the best tool for the job. And having gone through the appropriate reviews, we let them do that.</p><p><strong>How do low code and no code strategies play into your thinking over the next few years?</strong></p><p>There's three varieties of building tools, if you will: There's low code, no code, and I like to call it "yo code," for the traditional developer approach. There's the right place for each and the right audience for each.</p><p>I think there's builders of many different kinds in the world: There's builders who want to open an IDE and hammer out code, there's builders who want to drag and drop and there's builders who want something in the middle. And we support all those methods of building; we're not religious about saying, in order to build something, you have to write code, you have to love Python, or C or whatever it is.</p><p><div class="ad-tag"><div class="ad-place-holder" data-pos="7">
</div>
</div></p><p>We've got a variety of low code and no code solutions on our platform already. And I think the traction that we're getting with those really speaks to the fact that there's a lot of different ways to build and a lot of different types of builders out there. And ultimately, what we care about is that people are able to innovate at the pace and speed and with the tools that they're most comfortable with.</p><p><strong>Even "yo code" has incorporated a lot of abstractions over time, right? I mean, no one's doing assembly.</strong></p><p>I like to think of it like how we've used Moore's law over the last 40 years. Computers haven't gotten that much faster in terms of how we use them. It's not like your word processor is 10 million times faster than it was in 1990.</p><p>But how we've used Moore's law is to create abstractions that make it easier and easier to build complex, sophisticated software, including the internet itself, right? The fact that you can use Google Docs, which is a word processor, delivered entirely inside the web browser, that's so many layers of abstractions that basically compost the layers below, and make it so that, as a developer or a user, you don't have to care about those details anymore.</p><p><div class="ad-tag"><div class="ad-place-holder" data-pos="8">
</div>
</div></p><p>That frees you to actually build more sophisticated, more agile software that gets updated more frequently. In many ways, as technologists and as [a] society, we've used Moore's law to do that, instead of to make our computers all that much faster for the user.</p>
Keep Reading
Show less
Tom Krazit ( @tomkrazit) is a senior reporter at Protocol, covering cloud computing and enterprise technology out of the Pacific Northwest. He has written and edited stories about the technology industry for almost two decades for publications such as IDG, CNET, paidContent, and GeekWire. He served as executive editor of Gigaom and Structure, and most recently produced a leading cloud computing newsletter called Mostly Cloudy.
Latest Stories
See more
Most Popular
Bulletins
January 15, 2021 13:45 EST
Get Source Code in your inbox
David Pierce's daily analysis of the tech news that matters.