Startup ecosystem report: China is rising while the US is waning

Startups are a gamble, but it’s possible to better understand why some thrive and many more die by looking at the ecosystems in which they operate. Such is the mission of eight-year-old Startup Genome, composed of a group of researchers and entrepreneurs who, every year, interview thousands of founders and investors around the world to get a better handle on what’s changing in the regions where they operate, and what remains stubbornly the same.

The larger objective is to figure out how to help more startups succeed, and the outfit — which this year surveyed 10,000 founders with the help of partners like Crunchbase and Dealroom — produced some data that should perhaps concern those in the U.S. To wit, China looks positioned to overtake U.S. dominance when it comes to numerous tech sectors. Consider: In 2014, just 14 percent of so-called unicorns were based in China. Between the start of last year through today, that percentage has shot up to 35 percent, while in the U.S., the number of homegrown unicorns has fallen from 61 percent to 41 percent of the overall global number.

You could argue that investors are simply assigning China-based startups overly lofty valuations, as happened here in the U.S., and we partly believe that to be true. But China is also clearly “in it to win it,” based on a look at patents, with four times as many AI-related applications and three times as many crypto- and blockchain-related patents registered in China last year. With so much of the tech industry now focused on deep tech, it’s worth noting. In fact, though we loathed the January Financial Times column penned by famed VC Michael Moritz, who suggested U.S. companies follow China’s lead, his underlying call to arms was probably, gulp, prescient in its own way.

What else should startups know? According to Startup Genome’s findings, in addition to the rise of AI, blockchain and robotics manufacturing, there are clearly declining sub sectors, too, including, least surprisingly, adtech, which has seen a roughly 35 percent drop in funding over the last five years. No doubt that ties directly to the growing dominance of Facebook and Google, which accounted for 73 percent of all U.S. digital advertising last year, according to the equity research firm Pivotal.

That doesn’t mean adtech startups are cooked, notes the study’s authors. Rather, declining sub-sectors are often “mature” but can be revived by new technologies. In this case, while funding for adtech has dropped, virtual reality and augmented reality could well inject some new growth into the industry at some point. Maybe.

Either way, to us, the most interesting facets of this report — and it really is worth poring over — are the connections it’s able to make by talking with so many people around the world. It addresses, for example, how Stockholm, a relatively small startup ecosystem, is able to produce sizable startups at a meaningful rate, versus Chicago, whose ecosystem is ostensibly three times bigger. (The answer: Stockholm’s startup founders are apparently better connected to the world’s top seven ecosystems.)

Also quite interesting is the report’s findings about women founders, who build more relationships with regional founders and are more locally connected than their male counterparts — except with investors. That’s bad news for both women founders and investors, as local connectedness is associated with better startup performance.

To read the report in full, click over here. You have to fork over your email address, but with 240 pages filled with fascinating nuggets and other useful information, you’ll likely find it worth it.

Twitter doesn’t care that someone is building a bot army in Southeast Asia

Facebook’s lack of attention to how third parties are using its service to reach users ended up with CEO Mark Zuckerberg taking questions from Congressional committees. With that in mind, you’d think that others in the social media space might be more attentive than usual to potentially malicious actors on their platforms.

Twitter, however, is turning the other way and insisting all is normal in Southeast Asia, despite the emergence of thousands of bot-like accounts that have followed prominent users in the region en masse over the past month.

Scores of reporters and Twitter users with large followers — yours truly included — have noticed swarms of accounts with generic names, no profile photo, no bio and no tweets have followed them over the past month.

These accounts might be evidence of a new ‘bot farm’ — the creation of large numbers of accounts for sale or usage on-demand which Twitter has cracked down on — or the groundwork for more nefarious activities, it’s too early to tell.

In what appears to be the first regional Twitter bot campaign, a flood of suspicious new followers has been reported by users across Southeast Asia and beyond, including Thailand, Myanmar Cambodia, Hong Kong, China, Taiwan, Sri Lanka among other places.

While it is true that the new accounts have done nothing yet, the fact that a large number of newly-created accounts have popped up out of nowhere with the aim of following the region’s most influential voices should be enough to concern Twitter. Especially since this is Southeast Asia, a region where Facebook is beset with controversies — from its role inciting ethnic hatred in Myanmar, to allegedly assisting censors in Vietnam, witnessing users jailed for violating lese majeste in Thailand, and aiding the election of controversial Philippines leader Duterte.

Then there are governments themselves. Vietnam has pledged to build a cyber army to combat “wrongful views,” while other regimes in Southeast Asia have clamped down on social media users.

Despite that, Twitter isn’t commenting.

The U.S. company issued a no comment to TechCrunch when we asked for further information about this rush of new accounts, and what action Twitter will take.

A source close to the company suggested that the sudden accumulation of new followers is “a pretty standard sign-up, or onboarding, issue” that is down to new accounts selecting to follow the suggested accounts that Twitter proposes during the new account creation process.

Twitter is more than 10 years old, and since this is the first example of this happening in Southeast Asia that explanation already seems inadequate at face value. More generally, the dismissive approach seems particularly naive. Twitter should be looking into the issue more closely, even if for now the apparent bot army isn’t being put to use yet.

Facebook is considered to be the internet by many in Southeast Asia, and the social network is considerably more popular than Twitter in the region, but there remains a cause for concern here.

“If we’ve learned anything from the Facebook scandal, it’s that what can at first seem innocuous can be leveraged to quite insidious and invasive effect down the line,” Francis Wade, who recently published a book on violence in Myanmar, told the Financial Times this week. “That makes Twitter’s casual dismissal of concerns around this all the more unsettling.”

ZTE postpones earnings report after being slapped with U.S. exports ban

ZTE will postpone the release of its quarterly earnings report after the United States government banned American companies from selling goods to the Chinese telecom and smartphone maker. In a filing with the Hong Kong stock exchange, ZTE said that its earnings report, originally set to be released on Thursday, is now delayed to an undetermined date.

About a year ago, ZTE pleaded guilty to violating U.S. sanctions against Iran and North Korea. Its deal with the U.S. government included penalties and fines totaling more than a billion dollars, but allowed it to continue doing business with U.S. suppliers.

On Monday, however, the U.S. Department of Commerce announced that ZTE had failed to follow the agreement’s terms. It accused the company of making false statements and failing to punish employees and senior management. As a result, the Department of Commerce slapped ZTE with a seven-year export restriction.

This is a huge blow to ZTE, which sources a significant portion of its most important components, including processors, from U.S. companies like Qualcomm . It also means ZTE may lose access to software licensed from Google, including Android.

This is the latest in ZTE’s string of entanglements with the U.S. government. Despite holding fourth place in the U.S. smartphone market share, after Samsung, Apple and LG, ZTE is under scrutiny by U.S. intelligence agencies, which believe that it and fellow Chinese smartphone maker Huawei may pose security concerns.

Data experts on Facebook’s GDPR changes: Expect lawsuits

Make no mistake: Fresh battle lines are being drawn in the clash between data-mining tech giants and Internet users over people’s right to control their personal information and protect their privacy.

An update to European Union data protection rules next month — called the General Data Protection Regulation — is the catalyst for this next chapter in the global story of tech vs privacy.

A fairytale ending would remove that ugly ‘vs’ and replace it with an enlightened ‘+’. But there’s no doubt it will be a battle to get there — requiring legal challenges and fresh case law to be set down — as an old guard of dominant tech platforms marshal their extensive resources to try to hold onto the power and wealth gained through years of riding roughshod over data protection law.

Payback is coming though. Balance is being reset. And the implications of not regulating what tech giants can do with people’s data has arguably never been clearer.

The exciting opportunity for startups is to skate to where the puck is going — by thinking beyond exploitative legacy business models that amount to embarrassing blackboxes whose CEOs dare not publicly admit what the systems really do — and come up with new ways of operating and monetizing services that don’t rely on selling the lie that people don’t care about privacy.

 

More than just small print

Right now the EU’s General Data Protection Regulation can take credit for a whole lot of spilt ink as tech industry small print is reworded en masse. Did you just receive a T&C update notification about a company’s digital service? Chances are it’s related to the incoming standard.

The regulation is generally intended to strengthen Internet users’ control over their personal information, as we’ve explained before. But its focus on transparency — making sure people know how and why data will flow if they choose to click ‘I agree’ — combined with supersized fines for major data violations represents something of an existential threat to ad tech processes that rely on pervasive background harvesting of users’ personal data to be siphoned biofuel for their vast, proprietary microtargeting engines.

This is why Facebook is not going gentle into a data processing goodnight.

Indeed, it’s seizing on GDPR as a PR opportunity — shamelessly stamping its brand on the regulatory changes it lobbied so hard against, including by taking out full page print ads in newspapers…

This is of course another high gloss plank in the company’s PR strategy to try to convince users to trust it — and thus to keep giving it their data. Because — and only because — GDPR gives consumers more opportunity to lock down access to their information and close the shutters against countless prying eyes.

But the pressing question for Facebook — and one that will also test the mettle of the new data protection standard — is whether or not the company is doing enough to comply with the new rules.

One important point re: Facebook and GDPR is that the standard applies globally, i.e. for all Facebook users whose data is processed by its international entity, Facebook Ireland (and thus within the EU); but not necessarily universally — with Facebook users in North America not legally falling under the scope of the regulation.

Users in North America will only benefit if Facebook chooses to apply the same standard everywhere. (And on that point the company has stayed exceedingly fuzzy.)

It has claimed it won’t give US and Canadian users second tier status vs the rest of the world where their privacy is concerned — saying they’re getting the same “settings and controls” — but unless or until US lawmakers spill some ink of their own there’s nothing but an embarrassing PR message to regulate what Facebook chooses to do with Americans’ data. It’s the data protection principles, stupid.

Zuckerberg was asked by US lawmakers last week what kind of regulation he would and wouldn’t like to see laid upon Internet companies — and he made a point of arguing for privacy carve outs to avoid falling behind, of all things, competitors in China.

Which is an incredibly chilling response when you consider how few rights — including human rights — Chinese citizens have. And how data-mining digital technologies are being systematically used to expand Chinese state surveillance and control.

The ugly underlying truth of Facebook’s business is that it also relies on surveillance to function. People’s lives are its product.

That’s why Zuckerberg couldn’t tell US lawmakers to hurry up and draft their own GDPR. He’s the CEO saddled with trying to sell an anti-privacy, anti-transparency position — just as policymakers are waking up to what that really means.

 

Plus ça change?

Facebook has announced a series of updates to its policies and platform in recent months, which it’s said are coming to all users (albeit in ‘phases’). The problem is that most of what it’s proposing to achieve GDPR compliance is simply not adequate.

Coincidentally many of these changes have been announced amid a major data mishandling scandal for Facebook, in which it’s been revealed that data on up to 87M users was passed to a political consultancy without their knowledge or consent.

It’s this scandal that led Zuckerberg to be perched on a booster cushion in full public view for two days last week, dodging awkward questions from US lawmakers about how his advertising business functions.

He could not tell Congress there wouldn’t be other such data misuse skeletons in its closet. Indeed the company has said it expects it will uncover additional leaks as it conducts a historical audit of apps on its platform that had access to “a large amount of data”. (How large is large, one wonders… )

But whether Facebook’s business having enabled — in just one example — the clandestine psychological profiling of millions of Americans for political campaign purposes ends up being the final, final straw that catalyzes US lawmakers to agree their own version of GDPR is still tbc.

Any new law will certainly take time to formulate and pass. In the meanwhile GDPR is it.

The most substantive GDPR-related change announced by Facebook to date is the shuttering of a feature called Partner Categories — in which it allowed the linking of its own information holdings on people with data held by external brokers, including (for example) information about people’s offline activities.

Evidently finding a way to close down the legal liabilities and/or engineer consent from users to that degree of murky privacy intrusion — involving pools of aggregated personal data gathered by goodness knows who, how, where or when — was a bridge too far for the company’s army of legal and policy staffers.

Other notable changes it has so far made public include consolidating settings onto a single screen vs the confusing nightmare Facebook has historically required users to navigate just to control what’s going on with their data (remember the company got a 2011 FTC sanction for “deceptive” privacy practices); rewording its T&Cs to make it more clear what information it’s collecting for what specific purpose; and — most recently — revealing a new consent review process whereby it will be asking all users (starting with EU users) whether they consent to specific uses of their data (such as processing for facial recognition purposes).

As my TC colleague Josh Constine wrote earlier in a critical post dissecting the flaws of Facebook’s approach to consent review, the company is — at very least — not complying with the spirit of GDPR’s law.

Indeed, Facebook appears pathologically incapable of abandoning its long-standing modus operandi of socially engineering consent from users (doubtless fed via its own self-reinforced A/B testing ad expertise). “It feels obviously designed to get users to breeze through it by offering no resistance to continue, but friction if you want to make changes,” was his summary of the process.

But, as we’ve pointed out before, concealment is not consent.

To get into a few specifics, pre-ticked boxes — which is essentially what Facebook is deploying here, with a big blue “accept and continue” button designed to grab your attention as it’s juxtaposed against an anemic “manage data settings” option (which if you even manage to see it and read it sounds like a lot of tedious hard work) — aren’t going to constitute valid consent under GDPR.

Nor is this what ‘privacy by default’ looks like — another staple principle of the regulation. On the contrary, Facebook is pushing people to do the opposite: Give it more of their personal information — and fuzzing why it’s asking by bundling a range of usage intentions.

The company is risking a lot here.

In simple terms, seeking consent from users in a way that’s not fair because it’s manipulative means consent is not being freely given. Under GDPR, it won’t be consent at all. So Facebook appears to be seeing how close to the wind it can fly to test how regulators will respond.

Safe to say, EU lawmakers and NGOs are watching.

 

“Yes, they will be taken to court”

“Consent should not be regarded as freely given if the data subject has no genuine or free choice or is unable to refuse or withdraw consent without detriment,” runs one key portion of GDPR.

Now compare that with: “People can choose to not be on Facebook if they want” — which was Facebook’s deputy chief privacy officer, Rob Sherman’s, paper-thin defense to reporters for the lack of an overall opt out for users to its targeted advertising.

Data protection experts who TechCrunch spoke to suggest Facebook is failing to comply with, not just the spirit, but the letter of the law here. Some were exceeding blunt on this point.

“I am less impressed,” said law professor Mireille Hildebrandt discussing how Facebook is railroading users into consenting to its targeted advertising. “It seems they have announced that they will still require consent for targeted advertising and refuse the service if one does not agree. This violates [GDPR] art. 7.4 jo recital 43. So, yes, they will be taken to court.”

“Zuckerberg appears to view the combination of signing up to T&Cs and setting privacy options as ‘consent’,” adds cyber security professor Eerke Boiten. “I doubt this is explicit or granular enough for the personal data processing that FB do. The default settings for the privacy settings certainly do not currently provide for ‘privacy by default’ (GDPR Art 25).

“I also doubt whether FB Custom Audiences work correctly with consent. FB finds out and retains a small bit of personal info through this process (that an email address they know is known to an advertiser), and they aim to shift the data protection legal justification on that to the advertisers. Do they really then not use this info for future profiling?”

That looming tweak to the legal justification of Facebook’s Custom Audiences feature — a product which lets advertisers upload contact lists in a hashed form to find any matches among its own user-base (so those people can be targeted with ads on Facebook’s platform) — also looks problematical.

Here the company seems to be intending to try to claim a change in the legal basis, pushed out via new terms in which it instructs advertisers to agree they are the data controller (and it is merely a data processor). And thereby seek to foist a greater share of the responsibility for obtaining consent to processing user data onto its customers.

However such legal determinations are simply not a matter of contract terms. They are based on the fact of who is making decisions about how data is processed. And in this case — as other experts have pointed out — Facebook would be classed as a joint controller with any advertisers that upload personal data. The company can’t use a T&Cs change to opt out of that.

Wishful thinking is not a reliable approach to legal compliance.

 

Fear and manipulation of highly sensitive data

Over many years of privacy-hostile operation, Facebook has shown it has a major appetite for even very sensitive data. And GDPR does not appear to have blunted that.

Let’s not forget, facial recognition was a platform feature that got turned off in the EU, thanks to regulatory intervention. Yet here Facebook is now trying to use GDPR as a route to process this sensitive biometric data for international users after all — by pushing individual users to consent to it by dangling a few ‘feature perks’ at the moment of consent.

Veteran data protection and privacy consultant, Pat Walshe, is unimpressed.

“The sensitive data tool appears to be another data grab,” he tells us, reviewing Facebook’s latest clutch of ‘GDPR changes’. “Note the subtlety. It merges ‘control of sharing’ such data with FB’s use of the data “to personalise features and products”. From the info available that isn’t sufficient to amount to consent for such sensitive data and nor is it clear folks can understand the broader implications of agreeing.

“Does it mean ads will appear in Instagram? WhatsApp etc? The default is also set to ‘accept’ rather than ‘review and consider’. This is really sensitive data we’re talking about.”

“The face recognition suggestions are woeful,” he continues. “The second image — is using an example… to manipulate and stoke fear — “we can’t protect you”.

“Also, the choices and defaults are not compatible with [GDPR] Article 25 on data protection by design and default nor Recital 32… If I say no to facial recognition it’s unclear if other users can continue to tag me.”

Of course it goes without saying that Facebook users will keep uploading group photos, not just selfies. What’s less clear is whether Facebook will be processing the faces of other people in those shots who have not given (and/or never even had the opportunity to give) consent to its facial recognition feature.

People who might not even be users of its product.

But if it does that it will be breaking the law. Yet Facebook does indeed profile non-users — despite Zuckerberg’s claims to Congress not to know about its shadow profiles. So the risk is clear.

It can’t give non-users “settings and controls” not to have their data processed. So it’s already compromised their privacy — because it never gained consent in the first place.

New Mexico Representative Ben Lujan made this point to Zuckerberg’s face last week and ended the exchange with a call to action: “So you’re directing people that don’t even have a Facebook page to sign up for a Facebook page to access their data… We’ve got to change that.”

WASHINGTON, DC – APRIL 11: Facebook co-founder, Chairman and CEO Mark Zuckerberg prepares to testify before the House Energy and Commerce Committee in the Rayburn House Office Building on Capitol Hill April 11, 2018 in Washington, DC. This is the second day of testimony before Congress by Zuckerberg, 33, after it was reported that 87 million Facebook users had their personal information harvested by Cambridge Analytica, a British political consulting firm linked to the Trump campaign. (Photo by Chip Somodevilla/Getty Images)

But nothing in the measures Facebook has revealed so far, as its ‘compliance response’ to GDPR, suggest it intends to pro-actively change that.

Walshe also critically flags how — again, at the point of consent — Facebook’s review process deploys examples of the social aspects of its platform (such as how it can use people’s information to “suggest groups or other features or products”) as a tactic for manipulating people to agree to share religious affiliation data, for example.

“The social aspect is not separate to but bound up in advertising,” he notes, adding that the language also suggests Facebook uses the data.

Again, this whiffs a whole lot more than smells like GDPR compliance.

“I don’t believe FB has done enough,” adds Walshe, giving a view on Facebook’s GDPR preparedness ahead of the May 25 deadline for the framework’s application — as Zuckerberg’s Congress briefing notes suggested the company itself believes it has. (Or maybe it just didn’t want to admit to Congress that U.S. Facebook users will get lower privacy standards vs users elsewhere.)

“In fact I know they have not done enough. Their business model is skewed against privacy — privacy gets in the way of advertising and so profit. That’s why Facebook has variously suggested people may have to pay if they want an ad free model & so ‘pay for privacy’.”

“On transparency, there is a long way to go,” adds Boiten. “Friend suggestions, profiling for advertising, use of data gathered from like buttons and web pixels (also completely missing from “all your Facebook data”), and the newsfeed algorithm itself are completely opaque.”

“What matters most is whether FB’s processing decisions will be GDPR compliant, not what exact controls are given to FB members,” he concludes.

US lawmakers also pumped Zuckerberg on how much of the information his company harvests on people who have a Facebook account is revealed to them when they ask for it — via its ‘Download your data’ tool.

His answers on this appeared to intentionally misconstrue what was being asked — presumably in a bid to mask the ugly reality of the true scope and depth of the surveillance apparatus he commands. (Sometimes with a few special ‘CEO privacy privileges’ thrown in — like being able to selectively retract just his own historical Facebook messages from conversations, ahead of bringing the feature to anyone else.)

‘Download your Data’ is clearly partial and self-serving — and thus it also looks very far from being GDPR compliant.

 

Not even half the story

Facebook is not even complying with the spirit of current EU data protection law on data downloads. Subject Access Requests give individuals the right to request not just the information they have voluntarily uploaded to a service, but also personal data the company holds about them; Including giving a description of the personal data; the reasons it is being processed; and whether it will be given to any other organizations or people.

Facebook not only does not include people’s browsing history in the info it provides when you ask to download your data — which, incidentally, its own cookies policy confirms it tracks (via things like social plug-ins and tracking pixels on millions of popular websites etc etc) — it also does not include a complete list of advertisers on its platform that have your information.

Instead, after a wait, it serves up an eight-week snapshot. But even this two month view can still stretch to hundreds of advertisers per individual.

If Facebook gave users a comprehensive list of advertisers’ access to their information the number of third party companies would clearly stretch into the thousands. (In some cases thousands might even be a conservative estimate.)

There’s plenty of other information harvested from users that Facebook also intentionally fails to divulge via ‘Download your data’. And — to be clear — this isn’t a new problem either. The company has a very long history of blocking these type of requests.

In the EU it currently invokes a exception in Irish law to circumvent more fulsome compliance — which, even setting GDPR aside, raises some interesting competition law questions, as Paul-Olivier Dehaye told the UK parliament last month.

“All your Facebook data” isn’t a complete solution,” agrees Boiten. “It misses the info Facebook uses for auto-completing searches; it misses much of the information they use for suggesting friends; and I find it hard to believe that it contains the full profiling information.”

“Ads Topics” looks rather random and undigested, and doesn’t include the clear categories available to advertisers,” he further notes.

Facebook wouldn’t comment publicly about this when we asked. But it maintains its approach towards data downloads is GDPR compliant — and says it’s reviewed what it offers via with regulators to get feedback.

Earlier this week it also put out a wordy blog post attempting to diffuse this line of attack by pointing the finger of blame at the rest of the tech industry — saying, essentially, that a whole bunch of other tech giants are at it too.

Which is not much of a moral defense even if the company believes its lawyers can sway judges with it. (Ultimately I wouldn’t fancy its chances; the EU’s top court has a robust record of defending fundamental rights.)

 

Think of the children…

What its blog post didn’t say — yet again — was anything about how all the non-users it nonetheless tracks around the web are able to have any kind of control over its surveillance of them.

And remember, some Facebook non-users will be children.

So yes, Facebook is inevitably tracking kids’ data without parental consent. Under GDPR that’s a majorly big no-no.

TC’s Constine had a scathing assessment of even the on-platform system that Facebook has devised in response to GDPR’s requirements on parental consent for processing the data of users who are between the ages of 13 and 15.

“Users merely select one of their Facebook friends or enter an email address, and that person is asked to give consent for their ‘child’ to share sensitive info,” he observed. “But Facebook blindly trusts that they’ve actually selected their parent or guardian… [Facebook’s] Sherman says Facebook is “not seeking to collect additional information” to verify parental consent, so it seems Facebook is happy to let teens easily bypass the checkup.”

So again, the company is being shown doing the minimum possible — in what might be construed as a cynical attempt to check another compliance box and carry on its data-sucking business as usual.

Given that intransigence it really will be up to the courts to bring the enforcement stick. Change, as ever, is a process — and hard won.

Hildebrandt is at least hopeful that a genuine reworking of Internet business models is on the way, though — albeit not overnight. And not without a fight.

“In the coming years the landscape of all this silly microtargeting will change, business models will be reinvented and this may benefit both the advertisers, consumers and citizens,” she tells us. “It will hopefully stave off the current market failure and the uprooting of democratic processes… Though nobody can predict the future, it will require hard work.”

Solar project lending startup Wunder Capital raises $112 million as renewable energy shines

As renewable energy continues to gobble up more and more of the new energy capacity coming online, the solar project lending company Wunder Capital has raised $112 million in primarily debt financing to boost its business.

The 90% debt and 10% equity commitment came from the multi-strategy investment firm Cyrus Investments, which has backed renewable energy projects for years through its investment in RePower Group.

“The debt component is going to blow out the lending opportunity,” says Wunder chief executive Bryan Birsic.

Wunder chose to consolidate the debt and equity round with a single lead investor to simplify the negotiation process on both sides of the table, Birsic said. “Since Cyrus is an equity holder in the company we can come to better terms,” on debt facilities and repayment, he said. 

Wunder lends money to commercial solar energy development projects throughout the U.S. and its business has been buoyed by a flood of demand for new solar energy projects coming online.

Since its launch in 2016, the company has financed over 180 projects throughout the U.S. which are generating somewhere in the range of 50 megawatts (or enough electricity to power roughly 32,500 homes).

The Boulder, Colo.-based company makes money in three ways. It charges closing fees, a servicing fee and annual interest rate on the debt it provides — typically Wunder will pull in between 4% and 5% off of each loan it provides to a project.

And business… for renewable energy … is booming.

For instance, the industry appears to have shaken off concerns over price increases stemming from the tariffs imposed on solar panels as part of broad punitive measures President Trump has taken against China (which supplies most of the world’s solar panels).

“It was really pleasant to see that folks were less reactionary and more responsive to the data,” says Birsic. The headlines, Birsic explains, were worse than the reality for the industry. The headlines in January predicted a 30% tariff on solar panels, but banks thought those increases would ultimately result in a 3% price increase for residential solar installations and a 4% price increase for commercial solar.

Those price increases would only bring costs in line with what they were at the end of 2017, since over the course of the year prices on installations declined 10%, Brisic says.

“We’re very cool with the economics as it existed in 2017,” he said. 

 

China’s relaxed rules on foreign car makers are good news for EVs

China is taking steps that could not only help ease trade tensions with the US, but help electric car manufacturers around the world. The country is phasing out rules that required foreign automakers to share factories and profits with local brands i…

US early-stage investment share shrinks as China surges

The global early-stage investment pie is getting bigger… a lot bigger. Just four years ago, investors were putting less than $10 billion per quarter into early-stage deals (Series A and B). The past two quarters, however, have all come in over twice that level. Q1 2018, meanwhile, looks to be a record-setting one, with Crunchbase projecting $25 billion in global early-stage investment.

But while overall investment is on the rise, the U.S.’ share is dwindling. A few years ago, North American startups reliably received at least two-thirds of global early-stage investment. No more. For the past three quarters, North America’s share has dwindled to less than half, as the chart below illustrates:

The rise of China’s startup scene, combined with local investors’ penchant for jumbo-sized Series A rounds, goes a long way to explaining the shift. Venture ecosystems in Southeast Asia, Brazil and elsewhere have also been in growth mode, and thus accounting for a more significant share of global early-stage investment.

Huge Series A rounds are huge in China

Before we venture further, it should be noted that although we associate Series A with early-stage companies, this is not always the case. Some of the largest Series A rounds globally have gone to companies that were relatively mature but previously bootstrapped or spun out of large corporations.

Recent data shows both the U.S. and China have their share of spin-outs and older companies gobbling up so-called early-stage rounds. OneConnect and Ping An Healthcare, subsidiaries of Chinese insurance giant Ping An, which raised $650 million and $1.2 billion, respectively, are examples of such activity.

Venture investors in China also put far more into Series A and B deals than U.S. counterparts. A Crunchbase News analysis found that the average Series A round for a China-based startup in 2017 was $32.8 million, just over triple the size of the average Series A for a U.S. company.

The momentum is holding up in 2018. So far this year, at least 12 Chinese companies have raised early-stage rounds of $100 million or more, altogether bringing in more than $4 billion (see list). Recipients of some of the largest rounds include:

  • Ziroom, an apartment rental service provider based in Beijing, raised $621 million in its Series A round.
  • Black Fish, a consumer finance platform, raised a $145 million Series A round.
  • Pony.ai, an autonomous vehicle startup with significant operations in both Silicon Valley and China, raised a $112 million Series A.

U.S. is no slouch in big A and B rounds, either

The U.S. has also had a dozen startups (plus Pony.ai) bring in $100 million or more in early-stage rounds this year. However, the aggregate total these startups have raised — about $1.8 billion — is less than half that of Chinese counterparts.

As mentioned previously, many of the largest early-stage round recipients are mature companies or spin-outs of mature companies. The list includes two companies founded in 2009 that closed Series B rounds of around $100 million this year: Joby Aviation, a developer of electric planes, and Vacasa, a vacation property management company.

Healthcare spin-outs are also attracting big dollars, including Celularity, a developer of placental stem cell-based therapies, and Viela Bio, a developer of therapies for autoimmune diseases.

But while big rounds are still getting done, the number of U.S. early-stage rounds of all sizes has declined a bit over the past four years. Over the last two quarters, Crunchbase projects fewer than 900 early-stage rounds are closing quarterly. Globally, however, the number of early-stage rounds has been trending up:

Part of the pattern is that the dynamics of early-stage funding have changed over the years. In the past, Series A and B rounds were for startups to develop working prototypes, hone market segments to target and attract the earliest customers. Scaling on a national or international level was generally for later stages, after a company had proven demand and a working product.

These days, markets move faster, and it’s not uncommon to see startups move in just a few quarters from concept to scaling en masse. Just look at Bird, the scooter sharing company that raised $115 million after mere months of operation with a business model intended to terrorize pedestrians and motorists provide a last-mile transit solution.

The entire bike, scooter and moped sharing sector has blossomed over a couple of short years, with big early-stage rounds all around. And it’s an area where China was the early leader for scaling. But fintech, biotech, agtech and other fields are also providing fertile ground for substantial early-stage funding rounds.

Should we worry?

So is the declining share of North American early-stage funding a source of worry for founders and investors in the region? Or is it a predictable evolution following economic growth in China and elsewhere?

We won’t attempt to answer that here, but others have tried. Sequoia Capital’s Michael Moritz drew wide criticism earlier this year for an essay sounding the warning bell on what he perceived as superior work ethic among Chinese entrepreneurs compared to their U.S. counterparts.

Purely following the money, the takeaway is this: Investors globally have decided the early-stage opportunity is a lot bigger than they thought a couple of years ago. And while investors are putting a bit more into mature ecosystems like the U.S. and Silicon Valley, they are putting a lot more into China and other regions with underdeveloped venture markets relative to their size and technology prowess.

The United States needs a Department of Cybersecurity

This week over 40,000 security professionals will attend RSA in San Francisco to see the latest cyber technologies on display and discuss key issues. No topic will be higher on the agenda than the Russian sponsored hack of the American 2016 election with debate about why the country has done so little to respond and what measures should be taken to deter future attempts at subverting our democracy.

For good reason. There is now clear evidence of Russian interference in the election with Special Counsel Mueller’s 37-page indictment of 13 Russians yet the attack on US sovereignty and stability has gone largely unanswered.  The $120 million set aside by Congress to address the Russian attacks remains unspent. We expelled Russian diplomats but only under international pressure after the poisoning of a former Russian spy and his daughter.

Recent sanctions are unlikely to change the behavior of the Putin administration. To put it bluntly, we have done nothing of substance to address our vulnerability to foreign cyberattacks. Meanwhile, our enemies gain in technological capability, sophistication and impact.

Along with the Russians, the Chinese, North Koreans, Iranians and newly derived nation states use cyber techniques on a daily basis to further their efforts to gain advantage on the geopolitical stage. It is a conscious decision by these governments that a proactive cyber program advances their goals while limiting the United States.

Krisztian Bocsi/Bloomberg via Getty Images

We were once dominant in this realm both technically and with our knowledge and skillsets. That playing field has been leveled and we sit idly by without the will or focus to try and regain the advantage. This is unacceptable, untenable and will ultimately lead to potentially dire consequences.

In March of this year, the US CyberCommand released  a vision paper called “Achieve and Maintain Cyberspace Superiority.” It is a call to action to unleash the country’s cyber warriors to fight  for our national security in concert with all other diplomatic and economic powers available to the United States.

It’s a start but a vision statement is not enough.  Without a proper organizational structure, the United States will never achieve operational excellence in its cyber endeavors.  Today we are organized to fail.  Our capabilities are distributed across so many different parts of the government that they are overwhelmed with bureaucracy, inefficiency and dilution of talent.

The Department of Homeland Security is responsible for national protection including prevention, mitigation and recovery from cyber attacks. The FBI, under the umbrella of the Department of Justice,  has lead responsibility for investigation and enforcement. The Department of Defense, including US CyberCommand, is in charge of national defense.  In addition, each of the various military branches  have their own cyber units. No one who wanted to win would organize a critical  capability in such a distributed and disbursed manner.

How could our law makers know what policy to pass? How do we recruit and train the best of the best in an organization, when it might just be a rotation through a military branch? How can we instantly share knowledge that benefits all when these groups don’t even talk to one another? Our current approach does not and cannot work.

Image courtesy of Colin Anderson

What is needed is a sixteenth branch of the Executive — a Department of Cybersecurity — that  would assemble the country’s best talent and resources to operate under a single umbrella and a single coherent policy.  By uniting our cyber efforts we would make the best use of limited resources and ensure seamless communications across all elements dealing in cyberspace. The department would  act on behalf of the government and the private sector to protect against cyberthreats and, when needed, go on offense.

As with physical defense, sometimes that means diplomacy or sanctions, and sometimes it means executing missions to cripple an enemy’s cyber-operations. We  have the technological capabilities, we have the talent, we know what to do but unless all of this firepower is unified and aimed at the enemy we might as well have nothing.

When a Department of Cybersecurity is discussed in Washington, it is usually rejected because of the number of agencies and departments affected. This is code for loss of budget and personnel. We must rise above turf battles if we are to have a shot at waging an effective cyber war. There are some who have raised concerns about coordination on offensive actions but they can be addressed by a clear chain of command with the Defense Department to avoid the potential of a larger conflict.

We must also not be thrown by comparisons to the Department of Homeland Security and conclude a Cybersecurity department would face the same challenges. DHS was 22 different agencies thrust into one. A Department of Cybersecurity would be built around a common set of skills, people and know-how all working on a common issue and goal. Very different.

Strengthening our cyberdefense is as vital as having a powerful standing army to defend ourselves and our allies. Russia, China and others have invested in their cyberwar capabilities to exploit our systems almost at will.

Counterpunching those efforts requires our own national mandate executed with Cabinet level authority. If we don’t bestow this level of importance to the fight and set ourselves up to win, interference in US elections will not only be repeated …  such acts will seem trivial in comparison to what could and is likely to happen.