Cyber Saturday—How Facebook and GDPR Propelled an Underdog to Victory at RSA Conference

Happy Saturday, dear readers.

Earlier this year I noted that Europe’s General Data Protection Regulation, or GDPR, would be a big topic of conversation at this year’s RSA Conference, the biggest hobnobbing affair in the cybersecurity industry. I could not have foreseen how scandal after data privacy scandal at Facebook would intensify the discussion.

At this year’s ever entertaining “innovation sandbox contest,” a startup competition and hallmark of the conference, a little-known, New York City-based concern called BigID capitalized on the zeitgeist. The company, which had just eight employees as recently as December (mostly engineers in Israel), pitched itself differently than the typical cybersecurity marketing spiel. There was nary a mention of “detection,” “defense,” or “artificial intelligence.”

“I’m with BigID and our big idea is that privacy matters,” said Dimitri Sirota, CEO and cofounder of the firm, taking the stage. He explained that his company’s technology indexes business’s private data, maps out the inter-relationships between databases, and helps identify what companies need to do to comply with data regulations in different parts of the world.

“Ours was understandable,” Sirota told me later on a call. “You didn’t have to have a PhD in computer science to get what we did. It was accessible to the audience and judges.”

Sirota’s clarity of thinking was apparent to me years ago, back when he was heading up the security business at CA Technologies. In 2014, he livened up a panel I moderated at an enterprise security summit. A couple years later, Sirota strolled into Fortune’s offices clad in a black leather jacket and told me his plan to build a business around data privacy and compliance. Looks like he had the right idea at exactly the right time.

“Big data is almost like this atomic collider—smash all this data together to get value from it,” as Sirota put it on our recent call. “No one has been thinking of stewardship or custody or management of that information.”

Now everyone is thinking about it. With British officials raiding the offices of embattled political consultancy Cambridge Analytica, Mark Zuckerberg bending the knee before congress, and GDPR set to go into effect next month, no story holds greater sway in techland. It’s no surprise BigID took home the crown.

Dream big and have a great weekend.

Robert Hackett

@rhhackett

[email protected]

Welcome to the Cyber Saturday edition of Data Sheet, Fortune’sdaily tech newsletter. Fortune reporter Robert Hackett here. You may reach Robert Hackett via Twitter, Cryptocat, Jabber (see OTR fingerprint on my about.me), PGP encrypted email (see public key on my Keybase.io), Wickr, Signal, or however you (securely) prefer. Feedback welcome.

How to Build Custom Alexa Skills for the Amazon Echo

When Amazon first introduced developer tools that let people build stuff for Alexa, the company made a conscious decision to call these functions “skills” rather than apps. It was a subtle way of making Alexa seem capable, and also, suggesting to developers that building these skills would be a low lift. With just a “few lines of code,” Amazon promised, “you can build entirely new experiences designed around voice.”

Amazon says most Echo users in the US have tried these third-party skills at least once, but getting them to work can be tricky. Alexa’s voice skills often require super specific queries, and until Amazon started paying attention to the discovery process, taking the time to find new skills felt like a non-essential burden.

Now, Amazon has decided to make Alexa’s skills all about you: your dad jokes, your homework, your birthday. Yesterday the company rolled out a tool called Blueprints, which helps anyone—even non-coders—build custom skills for their Echos.

Amazon

Amazon

The announcement felt like a curious little leap in the world of virtual assistance. (Can you imagine Apple letting people program Siri to say whatever they want?) It also seemed like a gimmick, but a good one—one that could encourage more people to embrace skills.

The website for Blueprints lists 21 different skills, categorized by topics like “fun and games,” “home,” and “storytelling.” Annoyingly, the banner in the Alexa mobile app for Blueprints leads you to the mobile web, and at some point you’ll have to log into your Amazon account again. You also have to agree to Amazon’s terms for developers before you can make a new skill. Congrats! You’re a dev.

The Blueprints are not quite as customizable as you might think. Think of them more like Mad Libs for pre-existing Alexa narratives. Using the “family jokes” template, you can type in a joke like, “You know who would like a pet owl?” and then add the punchline, “Who?” You can also start a joke with “When I wake up” and teach Alexa to complete it with “Well you know I’m gonna be, I’m gonna be the man who wakes up next to you.” I’m not saying I did those things, because that would be incredibly corny. But you could.

You can also leave custom voice message for people, like an incoming houseguest or a pet sitter. But they’ll have to know the exact prompt to use in order to get that message. So you might end up texting your guest anyway, or leaving them a written note, and while you’re at it you might as well just mention that you’ve switched the cat’s food again or that the towels are in the third closet down the hall and at that point, why create a custom Blueprint for Alexa?

Still, I could see couples or families using this feature to leave private voice messages for each other. You can also program Alexa to pay you a personalized compliment.

There are a few restrictions: Alexa won’t swear. Try to program a custom response with profanity and the Blueprint will ask you to remove the offending word. (I tried twice.) The Blueprints also leave a lot of room for interpretation. You could, for example, create a question like “Who is the president?” and have Alexa respond that it’s Barack Obama. If you go back to asking Alexa a more generic question, one you haven’t personally programmed, like “Who is the leader of the US?”, Alexa will then correctly say Donald Trump.

And even after you’ve built these skills, you have to ask the questions verbatim. I built a Q&A asking whether the cat is hungry. (The answer is always yes.) By the time I processed that and other skills, I forgot the exact question I had written, and had to go back into my Blueprints to find the right terminology. Those verbal gymnastics can make it difficult to use the skills you’ve created.

But these personalized responses are by far the closest brush I’ve had with non-Amazon skills since I’ve been using Echo devices. Amazon says engagement with Alexa skills grew more than 50 percent from January 2017 to January 2018, and that there are more than 40,000 skills currently available. I have no reason to doubt this; this just hasn’t been the case for me.

I often use Alexa to access timers, music, and news; I’ve also used it to buy household goods, and at one point, to trigger my coffee maker. But I’ve never used Alexa to order a pizza, or to call an Uber—the third-party skills that are supposed to nudge voice into the future. Voice computing just hasn’t made sense when I’ve wanted to see the thing I’m ordering, or track the car as it’s pulling up to my house. But at the same time, I could see how adding custom-made, hyper-personal responses could drive even more of this kind of engagement with Alexa, especially since other smart home speakers don’t really do this.

My Blueprints test was brief, and yet it was one of the most fun experiences I’ve had so far with a virtual personal assistant at home. That’s probably because it enabled the “personal” part of that whole equation. The home bots may someday be our overlords, but at least we can program them to say ridiculous things in the meantime.

Hey, Alexa

DNC Lawsuit Against Russia Reveals New Details About 2016 Hack

The Democratic National Committee Friday filed a lawsuit against a broad slate of people and entities allegedly responsible for the 2016 hack of its email, phone calls, and more. But while the suit claims involvement from a host of headliners—Wikileaks, Julian Assange, Donald Trump, Jr., and Russia among them—its immediate importance lies in the previously unreported timeline it lays out.

While a rough outline of the DNC hack that rocked the 2016 election had previously been established, the 66-page lawsuit, first reported by The Washington Post gives exact dates for the first time. It also asserts coordination among a web of characters affiliated with the Trump campaign, Russia’s GRU intelligence service, and WikiLeaks.

“No one is above the law,” the suit begins. “In the run-up to the 2016 election, Russia mounted a brazen attack on American Democracy.”

The details of when and how that attack occurred, though, are more clear than ever—and may indicate that Russia’s plan to interfere in the US election predated its DNC intrusion.

According to the DNC lawsuit, Russian intelligence group Cozy Bear—the GRU-affiliated hacker group, also known as APT29—infiltrated the DNC network as far back as July 27, 2015, nearly a year before the leaks of the pilfered material began. The suit says that a second Russian group—Fancy Bear, the outfit that has recently tormented the International Olympic Committee as well—hacked the DNC’s systems on April 18, 2016. The DNC wouldn’t notice the presence of either until April 28, 2016, at which point it called in security firm CrowdStrike to help analyze and mitigate the damage.

The remedy was costly. The suit details the necessary fixes; the DNC had to “decommission more than 140 servers, remove and reinstall all software, including the operating systems, for more than 180 computers, and rebuild least 11 servers.” Between repairing and replacing equipment and hiring experts to manage the fallout, the bill came out to over a million dollars.

By then, of course, the worst damage had already been done. The DNC had been devastatingly compromised. The Russians had gained access not only to email systems but also to backup servers, VOIP calls, and chats. They were prepared to make off with “several gigabytes of data,” the suit says, a little over a week before the DNC even knew they were there.

The timeline from there has been a matter of public record. On June 14, the DNC first disclosed the hack. The following day, a persona going by Guccifer 2.0—only recently confirmed to be a Russian intelligence agent—claimed responsibility, leaking a 237-page opposition research report on Donald Trump in the process.

The leaks continued steadily from there, as the suit details. Guccifer 2.0 struck again on June 27, June 30, and July 6. On July 22, WikiLeaks took the wheel, releasing nearly 20,000 internal DNC emails. The following day, according to the suit, multiple DNC employees received an email that said: “I hope your children get raped and murdered. I hope your family knows nothing but suffering, torture, and death.”

The rest of the suit rehashes the connections that have played out in the press over the last several months, alleging Roger Stone, Paul Manafort, George Papadopoulos, and a host of Russians as ingredients in a collusive soup. But for close observers of Russia’s hacking efforts against the US in 2015 and beyond, it’s the timeline that provides the most valuable information.

That’s in part because of how it aligns with two incidents not mentioned in the suit. Many of the early leaks appeared on a site called DCLeaks, which went live in June 2016 but was registered on April 19, which the suit confirms was a day after Fancy Bear broke into the DNC. But the same group that registered DCLeaks had attempted but failed to register ElectionLeaks.com on April 12, nearly a week before the Fancy Bear hack.

The timeline strongly implies that Russia’s aim was to disrupt the election from the start, rather than a reconnaissance mission that rapidly escalated.

“They had already carried out the Podesta intrusion in March, and carried out a pretty large scale attempt to target the campaigns,” says John Hultquist, director of threat intelligence at security firm FireEye, referring to the emails of Hillary Clinton campaign chairman John Podesta, which were ultimately leaked a month before the 2016 election. That, combined with registering ElectionLeaks before the Fancy Bear break-in, “suggests they had this plan prior to even compromising the organization.”

It’s unclear how likely the DNC lawsuit is to succeed, especially in its efforts to hold Russia accountable in a US court. But its revelations shed light on one of the most impactful hacks of recent memory—and maybe the intentions of the country behind it.

Russian Hacks

3 Reasons Why Subscription Businesses Like Blue Apron and Trendy Butler Will Beat out Retail

The earliest subscription services such as newspapers and milk cartons have existed for decades without much attention. However, In the past five years, we have seen an explosion of innovative startups using the subscription business model to dominate their niche, beating out incumbents in the traditional retail sector.

This disruption is happening across a wide variety of industries, with over 2,000 business entities that operate under the subscription model in the United States alone. Meal kit subscription service Blue Apron went public earlier this year at a company valuation of nearly $2 billion. Birchbox, the New York-based startup that sells monthly boxes of beauty samples, is now valued at over $500 million. And Dollar Shave Club, the eccentric shaving brand, was acquired for over $1 billion, just to name a few success storiees.

Success achieved by early players in the industry has inspired a fresh wave of entrepreneurs to apply the subscription box model to new areas. Many of these hot startups are proving you can leverage big data and machine learning models to create extremely lucrative steady sources of recurring revenue.

One example of this is Trendy Butler, which offers a $65/month subscription box that comes with a combination of designer clothing (t-shirts, jackets, pants, etc.). The company, like many of today’s subscription services, uses an algorithm that collects your personal tastes and preferences (like sizes, styles, colors, etc.) to craft the perfect mix of outfits. It’s like Spotify, but for your clothing.

In analyzing the success of startups like Trendy Butler, I dug into why the subscription service model is likely to beat out conventional brick and mortar retail long term. Here are 3 reasons why:

1. Personalization at scale.

The assumption that entrepreneurs must operate under is that their customers are inherently trying to maximize their personal value while doing as little work as possible. In the case of shopping for clothing, we all want to look good, but many of us do not want, have the time, or frankly the talent to pick out the best outfits.

That’s what fueled Trendy Butler’s founders into realizing that we can use technology to completely rethink the way a shopping “experience” is delivered. Rather than randomly recommend products, predictive machine learning algorithms are used that take in a large data set (100+ points) of personalized information. As you expand the scope of the inputs to the algorithm, it gets smarter.

As recommendations are able to improve and become more personalized, the traditional brick and mortar way of doing business will simply not be able to keep up.

2. Predictable revenue sources.

Subscription business models also bring a sense of predictability that the retail industry has been lacking for decades. Since many stores cannot accurately forecast demand, there is often lots of waste, saturated product and overhead costs. These inefficiencies can often mean the difference between success and failure for many retailers.

Subscription companies circumvent these costs by doing much of the work behind the scenes. Additionally, most of if not all of their customers are paying monthly in exchange for a routine service/product. This is an extremely secure source of revenue that companies can develop over time

3. Establishing relationships with customers.

There is something special about opening your door to a new package even just once or twice a month. I personally love it when I receive a shipment from BarkBox and get to see my puppy light up with joy. The surprise in every subscription box is a unique opportunity for a company to delight their customers and provide a unique and memorable experience.

These touch points, which are rare in most other industries, develop customer loyalty. Over time, subscription box businesses tend to develop relationships with their customers because of the recurring nature of the interactions.

Retail is far more transactional as most of the instances are one time exchanges. With subscriptions, there is a constant need to interface with customers and continue the relationship.

As more and more companies infiltrate different industries, the only true competitive advantage startups will have will be in their ability to establish a strong and loyal community of backers. Building defensible relationships with customers is a great method of doing just that.

Time Warner CEO says AT&T merger needed to compete with internet titans

WASHINGTON (Reuters) – Time Warner (TWX.N) Chief Executive Jeff Bewkes on Wednesday defended his company’s planned merger with telecoms firm AT&T (T.N) as necessary to compete effectively for advertising with internet giants like Google and Facebook.

FILE PHOTO: Time Warner CEO Jeff Bewkes arrives ahead of arguments in the trial to determine if AT&T’s merger with Time Warner is legal under antitrust law at U.S. District Court in Washington, U.S., March 22, 2018. REUTERS/Aaron P. Bernstein

Bewkes told Judge Richard Leon, who will decide if the $84.5 billion deal may go forward, that the U.S. Justice Department was wrong to say that AT&T would be reluctant to license Time Warner’s TV and movie content to rivals, causing blackouts, in order to win over new customers to AT&T subsidiary DirecTV.

“I think it’s ridiculous,” said Bewkes, who has been CEO for more than 10 years. “If our channels are not in distribution we lose lots of money (from lost subscriptions and advertising).”

He said that “one percent, less than one percent, maybe two percent” of subscribers would drop their pay TV subscription because of a blackout, far below the 12 percent estimated by an economist for the government who testified earlier in the trial.

Bewkes argued it was in Time Warner’s best interest financially to license its television channels, which range from movies to CNN to sports, broadly online.

He said Time Warner had been hampered in innovating and advertising because it does not have the granular information about viewers held by pay TV and internet companies.

With digital advertising, Chevrolet, for example, can target car ads at people looking to actually buy a car, he said.

AT&T has said a key benefit of owning Time Warner is that it can take data about its 141 million U.S. wireless subscribers and 25 million video subscribers and marry it with Time Warner’s programming to enable advertisers to target TV ads.

Targeted TV ads, also known as addressable TV, have yet to go mainstream because they involve renegotiating carriage deals with programmers and distributors, said Brian Wieser, an analyst at Pivotal Research.

Targeted TV could represent more than $100 billion in revenue by 2030 for companies that offer it, according to an April Credit Suisse report, which called it “a largely overlooked benefit of the AT&T/Time Warner transaction.” The ads can be sold at triple the price of regular ads.

“The Google/Facebook duopoly has such a strong hold on the market, I think it’s important that there is healthy competition and that we aren’t just forced to invest in two places,” said Tim Villanueva, head of media strategy for Fetch, an ad agency focused on mobile, whose clients include eBay and Lululemon. He said he was interested in using the new platform.

Advertisers’ spending on TV ads in 2018 is expected to be around $70 billion, a 1.45 percent increase from three years ago, according to research firm eMarketer.

ALREADY INNOVATING?

In cross examination, Justice Department lawyer Claude Scott pointed to efforts that Time Warner was already making to move into targeted advertising and online distribution, including contracting with tech companies, an apparent attempt to call into question the need for the megamerger.

Scott referred to Bewkes’ compensation package, noting that he would be leaving the company when the deal closed and that he owned more than 2 million Time Warner shares. AT&T’s deal for Time Warner is about a 35 percent premium over the market price.

The trial has seen a parade of witnesses testifying about how the merger would affect them. Executives from smaller pay TV companies talked about how important it was to have access to Time Warner’s movies and television shows.

The trial, which began in mid-March in U.S. District Court in Washington, is expected to wrap up this month.

Reporting by Diane Bartz; Additional reporting by Jessica Toonkel; Editing by Bernadette Baum and Rosalba O’Brien

Electric Scooter Startups in Battle with San Francisco 

This is a guest post by Applico CTO and Principal Tri Tran. Prior to joining Applico, Tri was the co-founder and CEO of Munchery. 

After years of public battles with Uber, San Francisco has learned some valuable lessons. 

This time around, three electric scooter rental companies – Bird, Lime and Spin – are trying to roll out their service in downtown San Francisco. But the city is fighting back. As I happen to live in San Francisco and work in downtown, I’ve been able to witness this battle first hand.

Fast Rollout

As a startup entrepreneur, I quickly recognized the strategies that these three companies have taken to maximize business traction in as short a time as possible:

  • Flood a certain limited geography (such as downtown San Francisco) with a lot of scooters.
  • Get as many people as possible using them, very quickly. Once certain critical mass is reached, perhaps leverage them and their loyalty to fight off any regulations.
  • The default is seeking forgiveness afterward instead of seeking permission prior to operating. Let the city take any actions it needs to, assuming it’s historically very slow to react anyway.

I would not be surprised if these three companies also employ “fake” users and have them ride the scooters around town to create buzz, and thus word of mouth referral.

The City Fights Back

To my surprise, the city worked quickly and City Attorney Dennis Herrera issued cease-and-desist orders to all three companies.

The city wants the scooter companies to take actions to:

  1. Keep users from riding scooters on sidewalks
  2. Keep scooters from blocking sidewalks when parked
  3. Ensure that riders use helmets

It’s all in the name of public safety. Until then, the city will impound these scooters and may issues fines of a minimum of $125 for each violation. That is unless the companies can abate the problem within 30 days or prevail in an appeal hearing.

What Will Happen Next

It is not clear what these companies would do next, but here’s my take:

  • These three companies don’t have the operations to meet the city’s demand for the above described points
  • Limiting riders from sidewalks and ensuring unused scooters not block sidewalks is too tall of an order

Technically, it’s entirely possible to track riders on where they ride and whether they had left the scooters on sidewalks. They can even issue fines to riders who disobey such rules. But these rules would be a direct conflict to the convenience of ride-wherever and park-wherever, and thus would greatly reduce the attractiveness of using their scooters in the first place.

So what should they do? San Francisco has clearly established that it can move fast to regulate AND has created a repeatable process to impound these scooters.

Not complying will simply be too costly. More importantly, San Francisco also provides a model for all other cities to copy if/whenever the service rolls out to their cities. That’s bad news for Bird, Lime and Spin.

Ultimately, the service that these scooter companies provide is convenient, but not nearly as convenient as Uber was when it first arrived and replaced the painful taxi experience.

Additionally, the immediate public disruption of a horde of unfamiliar vehicles taking over sidewalks is much more apparent. Scootering on the streets has its own dangers as well when mixed with automobile traffic. The bike accident rate in San Francisco hasn’t changed much in the past few years. Relatively few people will brave their lives for that convenience.

Thus, these scooter companies will not have similar leverage nor political power from their small user bases to what Uber had when it fought against regulation attempts.

Based on the above, my prediction is that this service will go down into history as a fail, at least in major U.S. cities. It’s not necessarily a bad thing as these entrepreneurs will have learned a lot from the experience. They may find better, more sustainable businesses as a result. Cities are still grappling with what the future of transportation looks like, as are entrepreneurs. Scooters may not be it.

Majority of divisive Facebook ads bought by "suspicious groups" – study

(Reuters) – Most of the political ads about divisive issues that ran on Facebook Inc before the 2016 U.S. presidential election were sponsored by “suspicious groups” with no publicly available information about them, according to a study released on Monday and based on a database of five million ads on Facebook.

FILE PHOTO: Silhouettes of mobile users are seen next to a screen projection of Facebook logo in this picture illustration taken March 28, 2018. REUTERS/Dado Ruvic/Illustration/File photo

One in six of those groups was linked to Russia, according to a University of Wisconsin-Madison study here, and the identities of the rest of the 122 groups that are labeled “suspicious” are still unknown, an indication of the influence of “astroturf” or shell companies in U.S. politics.

Over a quarter of the suspicious ads mentioned Donald Trump or Hillary Clinton, two of the presidential candidates in the election, and 9 percent expressly advocated for or against individual candidates.

Most other ads deliberately avoided mentioning candidate names while still getting the message out by doing things like supporting policies pushed by candidates, Young Mie Kim, the lead researcher said. 

The researchers labeled suspicious ad-buyers as groups with pages that have been inactive, inaccessible, removed or banned by Facebook since the election and there was no information available publicly about them.

Project DATA, the research team, also found that voters were also disproportionately targeted in swing states like Wisconsin and Pennsylvania with ads that focused on issues like guns, immigration and race relations.

Facebook Chief Executive Officer Mark Zuckerberg has announced a crackdown on who buys ads about divisive issues, saying this month that the company would require every such advertiser to confirm their identity and location.

Reporting by Shariq Khan in Bengaluru; Editing by Bernard Orr

Renowned Gay Rights Lawyer Self-Immolates in Protest of Climate Policy

David Buckel, a lawyer who spent much of his life campaigning for gay rights, died after setting himself on fire in Brooklyn’s Prospect Park early Saturday. A pair of suicide notes from Buckel described the act as a “protest suicide” intended to “bring some attention to the need for expanded actions” on climate change policy and the use of fossil fuels.

According to eyewitnesses interviewed by the New York Daily News, Buckel’s burning body was near a main entrance to the park, highly visible to Saturday-morning joggers and cyclists. Witnesses described mistaking the burning body for a mannequin before emergency services arrived.

Buckel left two notes — one describing his suicide as a protest, and a second expanding on his motivations. In the second, a copy of which was sent to the Daily News, Buckel wrote that “my early death by fossil fuel reflects what we are doing to ourselves,” suggesting he had used gasoline or a similar fuel in his suicide.

“Polution ravages our planet, oozing inhabitability via air, soil, water and weather,” he wrote. “Our present grows more desperate, our future needs more than what we’ve been doing.”

Get Data Sheet, Fortune’s technology newsletter.

Recent years, and even recent days, have seen alarming signs that climate change is progressing even faster than scientists had previously projected. Climate scientists this week announced findings that an Atlantic Ocean current that helps equalize global temperatures has slowed drastically, in part because of human-caused climate change, potentially leading to disastrous climate shifts in Europe.

Meanwhile, U.S. political leadership has rolled back efforts to limit the carbon emissions that cause climate change. The Trump administration announced in June of last year that the U.S. would withdraw from the Paris climate accords. Earlier this month, Trump’s Environmental Protection Agency — led by the embattled, free-spending Scott Pruitt — announced that it would roll back fuel economy standards set under President Barack Obama.

Buckel, 60, had played a prominent role in the fight for gay rights in America for decades. He was the lead attorney in a lawsuit involving Brandon Teena, a transgender murder victim who was portrayed by Hilary Swank the film Boys Don’t Cry, as the Daily News reported.

He had led the push for gay marriage rights at Lambda Legal, a national organization devoted to LGBT issues. In a statement Saturday, Lambda executive Camilla Taylor described Buckel as a “brilliant legal visionary,” particularly praising his work on the cases Nabozny v. Podlesny, which in 1996 established that schools had a responsibility to protect gay students from harassment; and Lewis v. Harris, which helped expand gay marriage rights in the U.S.

In his suicide notes, Buckel compared his death to that of Tibetan monks who have committed suicide in a similar manner to protest Chinese rule over the region.

Apple Warns Employees to Stop Leaking Information to Media

Apple Inc. warned employees to stop leaking internal information on future plans and raised the specter of potential legal action and criminal charges, one of the most-aggressive moves by the world’s largest technology company to control information about its activities.

The Cupertino, California-based company said in a lengthy memo posted to its internal blog that it “caught 29 leakers,” last year and noted that 12 of those were arrested. “These people not only lose their jobs, they can face extreme difficulty finding employment elsewhere,” Apple added. The company declined to comment on Friday.

Apple outlined situations in which information was leaked to the media, including a meeting earlier this year where Apple’s software engineering head Craig Federighi told employees that some planned iPhone software features would be delayed. Apple also cited a yet-to-be-released software package that revealed details about the unreleased iPhone X and new Apple Watch.

Leaked information about a new product can negatively impact sales of current models, give rivals more time to begin on a competitive response, and lead to fewer sales when the new product launches, according to the memo. “We want the chance to tell our customers why the product is great, and not have that done poorly by someone else,” Greg Joswiak, an Apple product marketing executive, said in the memo.

The crackdown is part of broader and long-running attempts by Silicon Valley technology companies to track and limit what information their employees share publicly. Firms like Google and Facebook Inc. are pretty open with staff about their plans, but keep close tabs on their outside communications and sometime fire people when they find leaks.

Facebook executive Sheryl Sandberg last week talked about her disappointment with leakers. In 2016, Google fired an employee after the person shared internal posts criticizing an executive. The employee filed a lawsuit claiming their speech was protected under California law.

In messages to staff, tech companies sometimes conflate conversations employees are allowed to have, such as complaining about working conditions, with sharing trade secrets, said Chris Baker, an attorney with Baker Curtis and Schwartz, PC, who represents the fired Googler. “The overall broad definition of confidential information makes it so employees don’t say anything, even about issues they’re allowed to talk about,” he said. “That’s problematic.”

Apple is notoriously secretive about its product development. In 2012, Chief Executive Officer Tim Cook pledged to double down on keeping the company’s work under wraps. Despite that, the media has continued to report news on the firm to satisfy demand for information on a company that’s become a crucial part of investment portfolios, many of which support public retirement funds for teachers and other essential workers.

In 2017, Apple held a confidential meeting with employees in another bid to stop leaks. Since then, publications, including Bloomberg News, published details about the iPhone X, a new Apple TV video-streaming box, a new Apple Watch with LTE, the company’s upcoming augmented-reality headset, new iPad models, software enhancements, and details about the upcoming iPhones and AirPods headphones.

Here’s the memo:

Last month, Apple caught and fired the employee responsible for leaking details from an internal, confidential meeting about Apple’s software roadmap. Hundreds of software engineers were in attendance, and thousands more within the organization received details of its proceedings. One person betrayed their trust.

The employee who leaked the meeting to a reporter later told Apple investigators that he did it because he thought he wouldn’t be discovered. But people who leak — whether they’re Apple employees, contractors or suppliers — do get caught and they’re getting caught faster than ever.

In many cases, leakers don’t set out to leak. Instead, people who work for Apple are often targeted by press, analysts and bloggers who befriend them on professional and social networks like LinkedIn, Twitter and Facebook and begin to pry for information. While it may seem flattering to be approached, it’s important to remember that you’re getting played. The success of these outsiders is measured by obtaining Apple’s secrets from you and making them public. A scoop about an unreleased Apple product can generate massive traffic for a publication and financially benefit the blogger or reporter who broke it. But the Apple employee who leaks has everything to lose.

The impact of a leak goes far beyond the people who work on a project.

Leaking Apple’s work undermines everyone at Apple and the years they’ve invested in creating Apple products. “Thousands of people work tirelessly for months to deliver each major software release,” says UIKit lead Josh Shaffer, whose team’s work was part of the iOS 11 leak last fall. “Seeing it leak is devastating for all of us.”

The impact of a leak goes beyond the people who work on a particular project — it’s felt throughout the company. Leaked information about a new product can negatively impact sales of the current model; give rival companies more time to begin on a competitive response; and lead to fewer sales of that new product when it arrives. “We want the chance to tell our customers why the product is great, and not have that done poorly by someone else,” says Greg Joswiak of Product Marketing.

Investments by Apple have had an enormous impact on the company’s ability to identify and catch leakers. Just before last September’s special event, an employee leaked a link to the gold master of iOS 11 to the press, again believing he wouldn’t be caught. The unreleased OS detailed soon-to-be-announced software and hardware including iPhone X. Within days, the leaker was identified through an internal investigation and fired. Global Security’s digital forensics also helped catch several employees who were feeding confidential details about new products including iPhone X, iPad Pro and AirPods to a blogger at 9to5Mac.

Leakers in the supply chain are getting caught, too. Global Security has worked hand-in-hand with suppliers to prevent theft of Apple’s intellectual property as well as to identify individuals who try to exceed their access. They’ve also partnered with suppliers to identify vulnerabilities — both physical and technological — and ensure their security levels meet or exceed Apple’s expectations. These programs have nearly eliminated the theft of prototypes and products from factories, caught leakers and prevented many others from leaking in the first place.

Leakers do not simply lose their jobs at Apple. In some cases, they face jail time and massive fines for network intrusion and theft of trade secrets both classified as federal crimes. In 2017, Apple caught 29 leakers. 12 of those were arrested. Among those were Apple employees, contractors and some partners in Apple’s supply chain. These people not only lose their jobs, they can face extreme difficulty finding employment elsewhere. “The potential criminal consequences of leaking are real,” says Tom Moyer of Global Security, “and that can become part of your personal and professional identity forever.”

While they carry serious consequences, leaks are completely avoidable. They are the result of a decision by someone who may not have considered the impact of their actions. “Everyone comes to Apple to do the best work of their lives — work that matters and contributes to what all 135,000 people in this company are doing together,” says Joswiak. “The best way to honor those contributions is by not leaking.”

A Russian Court Just Ordered the Immediate Blocking of the Telegram Encrypted Messaging App

The encrypted messaging app Telegram must immediately be blocked in Russia, a Moscow court ruled Friday due to Telegram’s refusal to hand over the keys to its users’ conversations.

The Russian communications regulator, Roskomnadzor, told Telegram in mid-2017 that it had to hand over the keys to users’ encrypted conversations. Telegram, which was founded by Russian tech luminary Pavel Durov but operates from outside the country, refused to do so.

As with other modern encryption apps such as WhatsApp, the keys to Telegram users’ private conversations are held on their own devices, so the company running the service does not hold anything it can turn over.

The matter came to a head on Friday morning when, according to Russian news agency TASS, Telegram asked Moscow’s Tagansky court to delay hearings. Durov reportedly told his lawyers not to show up, so as “not to legitimize an outspoken farce by their presence.”

The court turned down the request, and swiftly ordered Telegram’s blocking. “The court ruled to satisfy the demand of Rosomnadzor,” judge Yulia Smolina said.

According to Vedomosti, Telegram now has a month to appeal the block. Telegram’s lawyer told the newspaper that the messaging service plans to do so.

Fortune has asked Telegram for comment, but had received none at the time of writing.

The case has echoes of WhatsApp’s repeated blockage in Brazil, where prosecutors were frustrated by their inability to access the private messages of a suspect in a major drug case.

Telegram has also frequently hit the headlines over its use by terrorists, although that is more to do with its unencrypted “channels” feature, through which people can broadcast their opinions to followers.