Accessibility computer icons
Illustration: alexsl/iStock/Getty Images Plus

The limits of automation

Protocol Enterprise

Hello and welcome to Protocol Enterprise! Today: how AI-powered tools aren’t enough on their own to solve the accessibility challenge, why a new shift in the DOJ’s priorities was welcomed by the cybersecurity community, and this week in enterprise tech moves.

Spin up

There’s plenty of evidence demonstrating how ransomware has become such a threat to businesses around the world, and new research from Ivanti shows that security hygiene remains the best defense. Ransomware attackers are targeting older vulnerabilities — which can be hard to detect and patch — more than ever, growing 18% from the fourth quarter of 2021 to the first quarter of 2022.

Accessibility intelligence

“It’s a lot to listen to a robot all day long,” said Tina Pinedo, communications director at Disability Rights Oregon, a group that works to promote and defend the rights of people with disabilities.

But listening to a machine is exactly what many people with visual impairments do while using screen reading tools to accomplish everyday online tasks such as paying bills or ordering groceries from an ecommerce site.

  • “There are not enough web developers or people who actually take the time to listen to what their website sounds like to a blind person. It’s auditorily exhausting,” said Pinedo.
  • Whether struggling to comprehend a screen reader barking out dynamic updates to a website, trying to make sense of poorly written video captions or watching out for fast-moving imagery that could induce a seizure, the everyday obstacles blocking people with disabilities from a satisfying digital experience are immense.
  • Needless to say, technology companies have tried to step in, often promising more than they deliver to users and businesses hoping that automated tools can break down barriers to accessibility.
  • Although automated tech used to check website designs for accessibility flaws have been around for some time, companies such as Evinced claim that sophisticated AI not only does a better job of automatically finding and helping correct accessibility problems, but can do it for large enterprises that need to manage thousands of website pages and app content.

Still, people with disabilities and those who regularly test for web accessibility problems say automated systems and AI can only go so far.

  • “The big danger is thinking that some type of automation can replace a real person going through your website, and basically denying people of their experience on your website, and that’s a big problem,” Pinedo said.
  • But for a global corporation such as Capital One, relying on a manual process to catch accessibility issues is a losing battle.
  • “We test our entire digital footprint every month. That’s heavily reliant on automation as we’re testing almost 20,000 webpages,” said Mark Penicook, director of Accessibility at the banking and credit card company.
  • Even though Capital One has a team of people dedicated to the effort, Penicook said he has had to work to raise awareness about digital accessibility among the company’s web developers.
  • “Accessibility isn’t taught in computer science,” Penicook told Protocol. “One of the first things that we do is start teaching them about accessibility.”

Evinced’s software automatically scans webpages and other content, and then applies computer vision and visual analysis AI to detect problems.

  • The software might discover a lack of contrast between font and background colors that make it difficult for people with vision impairments like color blindness to read.
  • The system might find images that do not have alt text, the metadata that screen readers use to explain what’s in a photo or illustration.
  • Rather than pointing out individual problems, the software uses machine learning to find patterns that indicate when the same type of problem is happening in several places and suggests a way to correct it.
  • “It automatically tells you, instead of a thousand issues, it’s actually one issue,” said Navin Thadani, co-founder and CEO of Evinced.

Some companies that make accessibility overlay software take a blunt approach to selling it: The threat of lawsuits.

  • “There was a time when it was possible to get away with having a website that didn’t work for people with disabilities. But those days are long gone, and ADA regulations for web accessibility are being enforced in court,” states UserWay on its website, noting that its “AI-powered” software is “the easiest way to avoid lawsuits.”
  • Concerns about legal risks are warranted. There were nearly 27% more lawsuits related to digital accessibility filed in the last quarter of 2021 compared to the last quarter of 2020, according to, a website providing digital accessibility information that tracks accessibility lawsuits in state and federal jurisdictions throughout the U.S.
  • The Department of Justice published guidance in March reminding businesses that web accessibility for people with disabilities is “a priority,” and that the agency is watching to see that companies ensure digital services are accessible to everyone, including digital public health services.
  • The Justice Department has emphasized its position that the ADA’s requirements apply to all services and activities of state and local governments — such as applying for an absentee election ballot or filing taxes — as well as online public accommodations such as ordering food or buying other goods or services.

Even champions of AI-based tech for accessibility recognize the need to involve people in the process.

  • “There’s always a role for manual testing,” said Penicook, who said his group at Capital One conducts manual tests and monitors existing webpages and content. Assistance from tools like Evinced’s software allows his team to cover more bases, faster, he said.
  • “Testing for accessibility is not a straightforward thing at all. It has to be a combination of manual and automated,” said Lina Rivera, associate director of Quality Assurance at Rapp, a digital creative marketing agency.
  • “There’s no way to anticipate people with multiple types of disabilities that may be using older types of [screen readers or computers],” Pinedo said. “The best thing you can do is to have an accessibility statement and be receptive to when something isn’t accessible to people in some way.”
— Kate Kaye (email| twitter)


The speed at which security has been built up over the last 12 months has been a derivative benefit of what we’ve seen during the pandemic. Privacy, compliance and security are three legs of the same stool. What we’re seeing increasingly is that intersection continuing to happen. RingCentral has invested in all those elements.

Learn more

Hacking is not a crime

A major reversal by the U.S. Department of Justice on how it views good-faith security research is expected to be warmly welcomed by the cybersecurity community.

On Thursday, the DOJ announced a new policy that "for the first time directs that good-faith security research should not be charged" under the Computer Fraud and Abuse Act, according to a news release.

The act has long been controversial among cybersecurity professionals, particularly following the death of Reddit co-founder Aaron Swartz, who died by suicide in 2013 after facing severe legal issues for downloading documents from a server at MIT.

The DOJ said the new policy aims to ensure that the agency only focuses on certain specific Computer Fraud and Abuse Act cases. "The policy clarifies that hypothetical CFAA violations that have concerned some courts and commentators are not to be charged," the DOJ said in the release.

The news release says the agency will focus on cases where "a defendant is either not authorized at all to access a computer or was authorized to access one part of a computer — such as one email account — and, despite knowing about that restriction, accessed a part of the computer to which his authorized access did not extend, such as other users’ emails."

"However, the new policy acknowledges that claiming to be conducting security research is not a free pass for those acting in bad faith," the DOJ said in the release.

— Kyle Alspach (email | twitter)

Enterprise moves

Over the past week Google saw a number of executive shakeups, from promoting execs to lead a brand new industry group to grabbing a high-profile hire from Apple. Here’s what else happened with the people of enterprise tech at Google, Twilio and more.

Joyce Kim is Twilio’s new CMO. Kim was previously the CMO at Genesys.

Umesh Vemuri is now head of Google Cloud's newly formed group, called Global Strategic Customers & Industries. Vemuri will report directly to Google Cloud CEO Thomas Kurian.

Lori Mitchell-Keller is leaving her role as Google Cloud's VP of Global Industry Solutions to pursue new opportunities.

Ian Goodfellow joined Google's DeepMind AI group. Goodfellow had a high-profile exit from Apple earlier this month.

John Jester is the new CRO for Veeam. Jester was previously VP of Google Cloud Customer Experience, and was a corporate VP at Microsoft prior to that.

Teresa Carlson joined Karat as a board member. Carlson was formerly president and chief growth officer at Splunk.

Edd Wilder-James joined container and cloud security company Sysdig as VP of Open Source Ecosystem. Wilder-James was formerly open-source development lead at Google.

Sharath Keshava Narayana joined Sanas as co-founder and COO. Keshava was previously co-founder of

Pavan Karnam joined Sanas as VP of Data and Analytics. Karnam was formerly principal engineering and data science manager at Microsoft.

— Aisha Counts (email | twitter)

Around the enterprise

Meta launched a new API for WhatsApp that will allow companies to pay for the ability to use WhatsApp as part of their customer service or contact-center applications.

Fastly acquired low-code and no-code developer Glitch for an undisclosed amount to help build out its edge computing strategy.

Intel will build a $700 million research facility at its campus outside Portland, Oregon, in order to work on improving data-center cooling technologies.

TSMC is considering adding a new chipmaking plant in Singapore, which is one of the larger hubs in Asia for chipmaking outside its home in Taiwan.


At RingCentral, we’re focused on making hybrid work simpler for organizations so they can best set up, run and manage their business. We’re asking ourselves what's the benefit that we can derive, or that we can enable, that is better than the best-in-class in the industry?

Learn more

Thanks for reading — see you tomorrow!

Recent Issues