Experts told Protocol that the Chinese government’s efforts to steal intellectual property require more attention from targeted businesses — and in some cases, a different approach to cyber defense.
China’s priorities in IP theft have shifted from defense-related technologies — such as the designs for the F-35 jet, believed to have been used in those for China’s J-31 — and into the high-tech and biotech sectors.
While cybersecurity teams would be unwise to take their eyes off Russia, the evolving threat posed by China’s massive hacking operation deserves more attention than it’s getting among some targeted businesses — especially those involved in emerging technologies, experts told Protocol.
As the tech war between China and the U.S. heats up, cyber threat experts said the recent FBI warnings about the Chinese government’s efforts to steal intellectual property line up with the realities they see.
“Our government is correct: Companies actually need to pay more attention,” said Lou Steinberg, formerly the CTO at TD Ameritrade.
In recent years, threats from Russia have driven much of the cybersecurity attention and investment among businesses in the U.S. and Western Europe, especially after Russia’s invasion of Ukraine in February. Understandably, the threat of ransomware and disruption of critical infrastructure tends to provoke a response.
But when it comes to state-sponsored intrusions, China was behind a stunning 67% of the attacks between mid-2020 and mid-2021, compared to just 1% for the Russian government, according to data from CrowdStrike.
Without a doubt, China “stands out as the leading nation in terms of threat relevance, at least for America,” said Tom Hegel, a senior threat researcher at SentinelOne.
In July, the FBI and MI5 issued an unprecedented joint warning about the threat of IP theft by China. During an address to business leaders in London, FBI Director Christopher Wray said that China’s hacking program is “bigger than that of every other major country combined” and that the Chinese government is “set on stealing your technology — whatever it is that makes your industry tick.”
“The Chinese government poses an even more serious threat to Western businesses than even many sophisticated businesspeople realize,” Wray said.
During his three years as a researcher at Secureworks, Marc Burnard has seen Chinese government hackers go after customers in chemicals manufacturing, aviation, telecommunications and pharmaceuticals — to name just a few.
“It’s quite difficult to point out what the key sectors are for China, because they target so many,” Burnard said. “It’s a scale that just completely dwarfs anything from the likes of Iran, North Korea and Russia.”
One of the most brazen examples was China’s release of bomber jets with strikingly similar designs to the F-35 starting in 2011, according to Nicolas Chaillan, former chief software officer for the U.S. Air Force. Documents leaked by former NSA contractor Edward Snowden appeared to confirm that Chinese government hackers stole data on the F-35 Lightning II, which is believed to have been used in the design of Chinese jets including the J-31 and J-20.
Chaillan — who resigned in protest over the military’s progress on IT modernization amid the China threat — said the recent FBI warning on China is telling. “It takes a lot for the government to start saying stuff like that,” he told Protocol. “That usually gives you a hint that it’s really, really bad.”
China “stands out as the leading nation in terms of threat relevance, at least for America.”
Wray has made a number of public remarks on the China cyber threat this year. In a January speech, he said the FBI had 2,000 open investigations related to attempted theft of technology and information by the Chinese government. The FBI is opening a new case related to Chinese intelligence roughly every 12 hours, he said at the time.
In July 2021, the White House denounced the Chinese government over its “pattern of malicious cyber activity,” in tandem with the European Union, the U.K. and NATO. The action made it clear that the Biden administration believes China has been ignoring its 2015 agreement to cease hacking activities meant to steal the IP of U.S. businesses.
Major incidents have included the Chinese government’s widespread exploitation of vulnerabilities in Microsoft Exchange in 2021, which led to the compromise of 10,000 U.S. companies’ networks, Wray said in January.
In analyzing the Chinese cyber threat, the key is to understand the larger context for why China is targeting Western IP, said Michael Daniel, formerly cybersecurity coordinator and special assistant to the president during the Obama administration.
“China is an expanding power that fundamentally sees itself as challenging the West, and challenging the world order that the Western European system has set up,” Daniel said.
A central part of that aspiration is challenging the West economically, but China is prone to taking shortcuts, experts say.
The Chinese government laid out its “Made in China 2025” strategy, which identifies the industries that it considers to be most important going forward, in 2015. The document is extremely helpful when it comes to defending against IP theft by China’s government, said Daniel, who is now president and CEO of the Cyber Threat Alliance, an industry group.
“If your company is in one of those industries identified in that strategy, you are a target for Chinese intelligence,” he said. “It’s that simple, actually.”
Some of the industries that now face the biggest threat of IP theft from China — such as energy, aerospace defense technology and quantum computing — are already well aware of it, according to Steinberg, now the founder of cybersecurity research lab CTM Insights.
But other industries should be paying closer attention than they are, he said. Those include the AI/robotics, agricultural technology and electric vehicle sectors — which are among the industries mentioned in the “Made in China 2025” plan.
“If you’re on their list, they’ve got an army of skilled people who are trying to figure out how to get your intellectual property,” Steinberg said.
“If your company is in one of those industries identified in that strategy, you are a target for Chinese intelligence.”
Christian Sorensen, formerly a U.S. Cyber Command official and U.S. Air Force officer, said there’s been a clear shift in China’s IP theft priorities from its traditional focus on defense-related technologies — such as the designs for the F-35 — and into the high-tech and biotech sectors. For instance, in mid-2020, the U.S. accused Chinese government hackers of attempting to steal data from COVID-19 vaccine developer Moderna.
Threats of this sort can be more difficult for perennially overwhelmed security teams to prioritize, however, said Sorensen, who is now founder and CEO of cybersecurity vendor SightGain.
“Everybody pays attention to what’s right in their face,” he said. “Our intellectual property is just flying out of our borders, which is a serious strategic threat. But it’s not always the front-burner threat.”
That has been particularly the case in 2022 — the year of “Shields Up.”
Documents leaked by former NSA contractor Edward Snowden appeared to confirm that Chinese government hackers stole data on the U.S.’s F-35 Lightning II. Photo: Robert Atanasovski/AFP via Getty Images
Following the invasion of Ukraine, there was a widespread expectation that the U.S. and other allies of Ukraine would face disruptive cyberattacks by Russia. So far, major retaliatory attacks from Russia have not materialized — though experts believe a Russian escalation of this sort could still come as soon as later this year, depending on how events play out with Ukraine and sanctions.
America’s focus on its cyber adversaries tends to go in cycles, experts say. And even prior to the Ukraine war, Russian threat actors have been constantly in the spotlight, from the SolarWinds breach by Russia’s intelligence forces in 2020 to the Colonial Pipeline and Kaseya ransomware attacks by cybercriminals operating out of the country in 2021.
It’s not out of the question that China might pursue similar disruptive cyberattacks against the U.S. and Western Europe in the future, however, if China wants to prevent aid to Taiwan, Daniel said. It’s believed that China has been seeking the ability to strike critical infrastructure for a situation such as that, he said.
To date, however, China’s cyber activity has been “almost entirely covert cyber espionage campaigns,” said Josephine Wolff, associate professor of cybersecurity policy at Tufts University.
Whereas Russian cyberattacks are often meant to create noise and chaos, Wolff said, China’s attacks are “meant to happen undercover. They don’t want anyone to know it’s them.”
U.S.-China tensions rose Tuesday as House Speaker Nancy Pelosi visited Taiwan. Mandiant’s John Hultquist said in a statement that China is expected to carry out “significant cyber espionage against targets in Taiwan and the U.S.” related to the situation.
Notably, the Chinese government is very effective at organizing the hacking activities, said SentinelOne’s Hegel. “It’s a well-oiled machine for mass espionage.”
While China’s hacking program often does not perform the most technically advanced attacks, its sheer size and persistence allows it to be successful over the longer-term, he said.
But because China’s motives are different compared to Russia, “you’ve got to defend yourself [in] a completely different way,” said CTM Insights’ Steinberg.
The go-to technologies in these situations are data-loss prevention, data exfiltration detection and deception technologies such as tripwires, he said. Rather than expecting to prevent an intrusion every time, the key to stopping IP theft is “Can you catch it happening and shut it down?”
Businesses should also concentrate on applying special protections to systems that are hosting IP, said Burnard, who is senior consultant for information security research at Secureworks. That might include network segmentation and enhanced monitoring for those parts of the system, he said.
One way that China’s hackers have been evolving can be seen in their methods for gaining initial access to corporate systems, experts say. Recent years have seen Chinese attackers increasingly exploiting vulnerabilities, instead of just relying on phishing, said Kevin Gonzalez, director of security at cybersecurity vendor Anvilogic.
China-based attackers exploited a dozen published vulnerabilities in 2021, up from just two the prior year, CrowdStrike reported — making the Chinese government’s hacking operation the “leader in vulnerability exploitation.”
The threat actors have shown capabilities for exploiting both previously unknown, zero-day vulnerabilities as well as unpatched known vulnerabilities, Hegel said.
Additionally, China’s government hackers are now scanning for vulnerabilities “the second they pop up online,” he said — for instance, in the case of Log4Shell, a severe vulnerability in the widely used Apache Log4j software that was uncovered in December 2021. The Chinese government reportedly punished China-based tech giant Alibaba for informing the developers behind Log4j about the flaw prior to telling the government.
China has used more innovative techniques as well, such as software supply chain attacks. The compromises of CCleaner and Asus Live Update in 2017 are among the past instances.
Still, while China’s focus on IP theft makes some defenses unique from those needed to stop ransomware, there are plenty of countermeasures that can help against both Russia- and China-style threats, experts said.
Placing an emphasis on strong security hygiene, vulnerability and patch management, identity authentication and zero-trust architecture will go a long way toward defending against attacks regardless of what country they’re coming from, said Adam Meyers, senior vice president of intelligence at CrowdStrike.
Threat hunting is also a valuable investment, whether you’re concerned about threats from Russia, China or anywhere else, Meyers said. “You have to be out there looking for these threats, because the adversary is constantly moving,” he said.
But hacking is not the only cyber threat that China poses to the U.S. and the West, experts say. And it may not even be the most challenging, said Samuel Visner, a longtime cybersecurity executive and former NSA official, who currently serves as technical fellow at MITRE.
The harder question, according to Visner, is how to respond to China’s initiative to build a “Digital Silk Road” across much of the globe using exported Chinese IT infrastructure. The technology is believed to be capable of facilitating surveillance on citizens. Ultimately, the fear is that the Digital Silk Road could be used to feed information about Americans or Europeans traveling abroad back to the Chinese government, he said.
While meeting a different definition of cybersecurity, Visner said, “that is also a security challenge.”
Kyle Alspach ( @KyleAlspach) is a senior reporter at Protocol, focused on cybersecurity. He has covered the tech industry since 2010 for outlets including VentureBeat, CRN and the Boston Globe. He lives in Portland, Oregon, and can be reached at kalspach@protocol.com.
Great senior HR talent is scarce these days, headhunters say. Not everyone agrees on why.
Executives and recruiters say there’s a shortage of strategic, business-oriented HR talent prepared to take over as the next generation of senior people leaders.
Britt Sellin wasn’t sure if she was going to retire in 2019. But between ambitious acquisition plans at Cloudera, parents who were getting older, and kids in high school, she knew she couldn’t “do another big year” as the company’s SVP of HR, she said.
Months after she left, the COVID-19 pandemic hit, and with it a tidal wave of new challenges crashed into HR teams. As Sellin reflected on her next career move, she said she couldn’t get her “mind wrapped around another job for that amount of work.”
“You can be on vacation, but you’re going to get a call that somebody died in Brazil, and you don’t have a death benefit. Or you’re doing an acquisition and they wanted to let you know that it’s got to be done in 27 days — those 27 days happen to be over the long weekend you were planning to spend with your family,” Sellin said. “When you sign up for a job, you sign up for that.”
Many of the extraordinary challenges of the last two and a half years have fallen on the shoulders of chief people officers like Sellin, leading some of them to step away from operating roles or leave the workforce altogether.
At the same time, executives and recruiters say there’s a shortage of strategic, business-oriented HR talent prepared to take over as the next generation of senior people leaders. The dearth of great chief people officers is leaving companies scrambling — and in some cases, pulling in HR leaders from nontraditional backgrounds.
“Talented HR professionals in general are in high demand, and there’s just not enough of them,” said Brian Kropp, managing director at Accenture. “One of the biggest lessons that I think CEOs have really had is, great C-level HR talent can make or break a company.”
The last few years have brought a world of macro-level uncertainty, shifting power dynamics, and political tensions, both within companies and in the world at large. Between the pandemic, the economic downturn, and social changes, HR leaders are tired.
“A lot of them have decided, ‘Yeah, it’s been a pressure cooker for a number of years now, and I need to step back,’” said John K. Anderson, managing director in the HR practice of the search firm Allegis Partners.
Talented HR professionals in general are in high demand, and there’s just not enough of them.”
HR leaders have been “literally dealing with the life and death of their employees,” Kropp said. Not to mention taking teams remote; hiring rapidly; planning for hybrid work when employees don’t want to return to the office; facing slow gains around DEI; and supporting employees through everything from social justice movements and U.S. political tensions to inflation, economic downturn, and war.
All of this is pushing senior HR talent to leave operating roles, either for retirement, sabbatical, consulting, or VC jobs. Greg Selker, managing director and North American technology practice leader for the recruiting firm Stanton Chase, has seen many HR leaders opt to go into consulting rather than another operating role.
“A lot of them are stepping away to do something else, taking a break for a year from work, whatever it may be,” Kropp said.
Traunza Adams stepped down as chief people officer of the software maker H1 after realizing her “values no longer aligned with working in corporate America,” she said. She still advises startups formally and informally, and while she says she “absolutely loved” being a people leader, she’s not planning a return to an operating role anytime soon.
“Once I stopped working, I realized just how stressful it was,” Adams said. “And how nice it is to not have people depending on you every day and being beholden to people and having to fight for what you feel is right.”
HR also tends to take an outsize amount of flack from employees when things aren’t going well — but when things are going well, HR doesn’t get credit, Sellin said.
“If people liked the culture, they would say the CEO and the founders have done a fabulous job,” Sellin said. “If they did not like the culture, their experience wasn’t good, they blamed it on HR.”
Fighting for diversity, equity, inclusion, and belonging initiatives can be particularly trying for HR leaders. Adams said she had to “continually convince” other executives of the business case for building a diverse team, making employees feel included, and implementing equitable policies.
“That’s just continually an uphill battle,” Adams said. “Industrywide, the gains are small, so you get tired of always trying to convince people of the ‘right thing to do.’”
People leaders aren’t just fleeing for more work-life balance when they go to other roles. Tracy Keogh, for example, left her role as the CHRO of HP last year after what she said was an “amazing” decade with the IT giant.
But her transition hasn’t been one oriented toward more work-life balance: Keogh said she’s working just as hard as the chief people officer of Great Hill Partners, a $4.65 billion private equity firm that’s backed companies such as Wayfair, Zoominfo, and Bombas.
“I started my career at a startup, so I have a sensibility around small companies and how to help them,” Keogh said. “Very few people have a role like mine, where they do the inside HR and work with portfolio companies. They’re usually dedicated to one or the other. I really love that aspect of this job.”
Keogh said opportunities are opening up for people leaders in private equity; though Great Hill was founded in 1998, the firm never had a chief people officer until she joined. Keogh is a member of a network of HR leaders in PE. The group recently had to break into regional chapters because it got too big to coordinate nationally.
Chris Tobin, who stepped down from his role as SVP of people at Intercom in July, also said his departure was a long-planned transition away from being a full-time HR leader within a company. Now he spends his time advising entrepreneurs and people leaders at high-growth startups.
Despite the “very atypical and nonstop” demands of the last few years, Tobin said he didn’t leave Intercom exhausted.
“I’m not burnt out. I’m excited to focus on this next phase of my career,” Tobin said.
Not everyone said they’re noticing a postpandemic exodus of senior HR talent. At a certain point in executive careers, retirements and moves to consulting roles are to be expected. But departures aren’t the only explanation for the tight executive talent market.
Kathy Zwickert retired from her role as chief people officer of NetSuite in 2017, not long after Oracle acquired the company for $9.3 billion. Now she’s on the board of tax software company Avalara, and she’s seen the difficulty of hiring HR leaders from the other side.
Avalara struggled to find a people leader who was qualified, had led an HR organization before, and was willing to relocate to Seattle, Zwickert said. But she attributed the slow recruiting process not to an exodus of HR leaders, but to a pandemic-era hunkering down.
“When the return to the office started happening, people were deciding they didn’t want to and they were going to leave. That was a huge challenge for HR,” Zwickert said. “I think it made [senior HR leaders] more attached to their company. They just felt like they’d been through a war together, and a lot of them are just sticking around.”
With strong senior HR talent in short supply, some companies are choosing to hire HR leaders who don’t have HR backgrounds — both from traditional disciplines like legal or finance, and other less intuitive ones like marketing.
“Marketing executives have really been thinking about the customer experience, and how do you create an incredible customer experience,” Kropp said. Marketing leaders can apply the same principles of customer experience to employee experience, “Because at some level, it’s the same thing, right?” he said.
Zwickert even recalled a head of engineering colleague who complained “just nonstop” about the company’s HR leader, to the point where the CEO told him, “Guess what? It’s your job now.”
Zwickert herself went into HR over 25 years ago after starting her career as a CPA, a skillset that she said always gave her a leg up as a people leader. A two-week crash course through the Society for Human Resource Management helped prepare her to handle technical HR issues around compliance, employment law, and EEOC and HIPAA requirements.
When the return to the office started happening, people were deciding they didn’t want to and they were going to leave. That was a huge challenge for HR.”
“I don’t think you need a degree or a master’s in HR to run that function,” Zwickert said. “What’s more important is the ability to listen, the ability to understand the business and what the business imperatives are, and then understand your role in that context.”
Adams said she supports bringing in non-HR leaders, especially from departments like marketing or customer success, to run the people function. The basics that execs need to learn are “the easy stuff,” she said.
But not all people leaders agree that executives from other functions becoming heads of HR is a good idea.
“I don’t think marketers or legal folks should be heads of HR, nor do I think HR should report to the CFO or legal,” Tobin said. “The companies who understand the importance of people, talent, and culture, and how it moves the business forward, are companies that have a bit of a competitive advantage.”
Sellin, too, expressed concern that leaders of other functions think they can run HR programs or departments without any prior experience or knowledge.
Robert David, executive director of the nonprofit Community for Strategic HR Partnership, has noticed rising leaders from sales, marketing, and finance moving to HR. “It’s a way to get to the C-suite. It’s a way to get onto a board, if that’s a goal in your career,” David said. “What used to be seen as old, stodgy, fill out the forms and get benefits, it’s really become strategic and tactical, tying in to all parts of the organization.”
If CHROs are in short supply, it’s not just because established leaders are staying out of the job market. Some HR leaders say there’s also a lack of upcoming talent.
Compared to some other fields in tech, getting a job in HR doesn’t require much specific education or training, and as a result, many of the field’s professionals aren’t strategic enough to succeed as business leaders, Adams said. Rank-and-file HR jobs can be “really easy,” according to Adams, if you can master the basics of recruiting, putting in human resource information systems, running performance reviews, and ensuring employees have their benefits.
“That doesn’t make you a good leader,” Adams said. “What makes you a good leader is being able to think ahead, and being able to understand what the business actually needs, and being able to understand what employees are looking for, and what they’re going to be looking for two years from now.”
Most people leaders cannot manage the gray areas. They’re very black and white.”
This isn’t new: Over the last 15 or 20 years, the demands of people leaders have grown beyond administrative and compliance work to strategizing for the business. But the talent pipeline hasn’t kept up with these increasingly strategic responsibilities.
At the same time, there’s been a shift away from what Keogh called “academy companies” known for training up-and-coming HR talent. GE was one such company, she said.
Sellin named Cisco and Sun Microsystems — where she worked from 1995 to 2007 — as other companies known to have a strong HR function.
Yahoo, Intel, and HP have all produced an outsize number of successful people leaders who have taken leadership roles at other companies, David said. And younger HR pros are now staying at these companies for only a couple of years before moving on to a startup and learning in a “trial by fire” environment, he added.
Making HP an academy company was a goal of Keogh’s when she was leading HR. More than 40 of her employees have gone on to head HR departments at other companies, she said.
“A lot of my people got recruited out. There’s HP people all over the place,” Keogh said. “One of the headhunters said to me, ‘We love your people because they can deal with complexity.’”
Keogh isn’t the only CHRO working to develop the next generation of leaders. Tammy Polk, the CHRO of Formstack, said she has her team do yearlong rotations through different specialties within HR: recruiting, learning and development, HR insights, total rewards, benefits and compensation, and HR business partner generalist roles.
Polk’s use of this “rotations” practice has already led to one of her reports being made a director of total rewards at age 28.
“Most people leaders cannot manage the gray areas. They’re very black and white,” Polk said. “They have to manage the gray areas and live in risk, frankly. If you can train people to live in risk, they’re going to be a much stronger business partner.”
Jason Zins is a Partner at SkyBridge Capital where he leads the firm’s venture and growth equity investing with a focus on crypto and fintech companies. Prior to joining SkyBridge in 2014, Mr. Zins worked at Bloomberg L.P. Mr. Zins received his B.A. in Government from Dartmouth College.
The flow of capital and talent into Web3 startups continues, pulled through this crypto winter by conviction in the generational technology transition it represents. Capital is in place and looking for an early-stage home. Valuations and expectations have normalized, and that is facilitating rational, purposeful engagement with Web3 startups. We believe the Web3 investment environment is riper than ever.
At SkyBridge, we have invested over $400 million in leading crypto and fintech startups since 2020. We expect to accelerate our efforts following our partnership with FTX Ventures, which recently bought a 30% stake in SkyBridge. Our collective goal is to grow the ecosystem, and we’re here for the long term.
SkyBridge Capital’s Anthony Scaramucci and FTX’s Sam Bankman-Fried at Crypto Bahamas
To founders and operators, now is the time to invest in Web3 builders who are focusing on real-world impact. Investors are looking for tangible use cases, including in the physical world. The recent SALT New York conference, for instance, featured two projects that are interesting to investors at the moment:
As an investor at SkyBridge, I have seen countless pitches, read my fair share of term sheets, and developed a good sense for what makes Web3 founders more likely to succeed — and more likely to fail.
If you are a Web3 entrepreneur, here is our advice for you:
1. Focus on the product.
Demonstrate economic value. The crypto winter is proving once again that token price is the last thing we should care about. The VC correction is proving once again that valuations are not an indicator of success. While money continues to flow, the crypto winter and VC slowdown have forced even the most committed Web3 venture capitalists (and their investors) to proceed with more caution.
Valuations have become less hype-driven and more realistic; the amount of time spent on due diligence has increased substantially; and every founder needs to directly, clearly, and concisely answer the question, “Does this project have any real-world utility, and does it create economic value?”
Just as you would with any other tech product, focus on the fundamentals: user growth, customer acquisition cost, burn rate, and all the rest of that really boring stuff that drives return on investment and really matters.
2. Embrace transparency.
Our LPs want to know that their money is safe with us — and we need to know it is safe with the companies we invest in. That means a couple things for you.
Be as transparent as you can be about custody and security, especially if tokens are part of the deal structure. Where are the assets held? What measures are in place to protect them? We have a long history of operational due diligence, and we place a premium on careful control over the assets.
Don’t underestimate the business impact of regulation. Incorporate its advent into your thinking. We believe, as many investors do, that regulation is coming — it’s just a matter of time — and that it will have a positive impact on the industry. Embrace it; don’t try to hide or operate in the gray area.
3. Play the long game.
Believe it or not, we’re still early in the age of Web3. That has several implications for founders.
Keep your nose clean. Good character is hard to find and selling at a premium in this space (see: 3AC). The majority of Web3 founders are unfamiliar to most investors. That means a clean track record, references, and being able to demonstrate trustworthiness are more important than ever.
Play nice. Whether it’s an investor who rejects you or a competitor you feel like you’re racing against, don’t sling mud or burn bridges. The landscape is constantly shifting, people move around in this industry all the time, and your paths will almost certainly cross again. The borderless economy isn’t a zero-sum game. Don’t treat it like one.
Protect your culture. Make sure your employees share the same values and standards of conduct. The talent pool is deep right now, but remember that, for startups, every single hire has an outsize impact on the culture (and chances of survival). If you make one bad hire in a company with 10,000 employees, you won’t feel it. But make one bad hire in a company with 10, and it’ll probably kill you.
*****
Projects built on financial engineering are a thing of the past. The excess and easy capital has left the system. This is a good thing. Focus on building great products or protocols, and the valuation will take care of itself over time. Obsess over valuation, and you may find yourself a zombie without access to capital.
We want you to succeed, whether that translates to capital investment or not. Because every win in this space, no matter where it comes from, pushes the tide a little higher.
Jason Zins is a Partner at SkyBridge Capital where he leads the firm’s venture and growth equity investing with a focus on crypto and fintech companies. Prior to joining SkyBridge in 2014, Mr. Zins worked at Bloomberg L.P. Mr. Zins received his B.A. in Government from Dartmouth College.
The battle over California Proposition 30 is blurring tech’s battle lines.
Each side accuses the other of putting moneyed interests before the best interests of the state.
Issie Lapowsky ( @issielapowsky) is Protocol’s chief correspondent, covering the intersection of technology, politics, and national affairs. She also oversees Protocol’s fellowship program. Previously, she was a senior writer at Wired, where she covered the 2016 election and the Facebook beat in its aftermath. Prior to that, Issie worked as a staff writer for Inc. magazine, writing about small business and entrepreneurship. She has also worked as an on-air contributor for CBS News and taught a graduate-level course at New York University’s Center for Publishing on how tech giants have affected publishing.
In the fall of 2021, Stuart Cohen and Denny Zane had pretty much given up.
The two California public transit advocates had spent about a year trying to raise money for a state ballot measure that would subsidize electric vehicles and wildfire prevention by raising taxes on California’s millionaires. They’d held a series of symposiums with environmentalists and scientists, who helped shape the idea. And they’d approached Meta, Uber, and “all the biggest tech companies in the Bay Area, except for Apple,” Cohen said, to see if they might throw money behind the effort.
Nobody bit, and by September 2021, they still hadn’t raised the millions of dollars they would need to start collecting signatures. “We mostly left it for dead,” Cohen said.
But the measure, now known as Proposition 30 on the Nov. 8 ballot, didn’t die. It was rescued by Lyft, which went on to spend more than $45 million on the Prop. 30 campaign and now stands as by far its biggest backer — and its biggest liability.
Over the last two months, the fight over Prop. 30 has gotten ugly, with opponents — including California Gov. Gavin Newsom himself — casting the measure as a self-serving plot “devised” by Lyft and writing off the early work of public interest groups almost entirely. “When Newsom came out, I jumped back in,” Cohen said. “I wanted to help have the truth be told.”
That a ballot proposition to raise taxes in an already high tax state would lead to mudslinging was predictable. But the battle lines of the fight have been anything but. The measure has divided the tech industry’s allegiances and has put Newsom on the opposite side of the California Democratic party and many of his allies. In this bizarro world, Newsom and the teachers’ union have teamed up with business groups like the Chamber of Commerce and a whole bunch of billionaires to oppose what they deem to be a corporate carve-out, while environmentalists, labor unions and public interest groups are lining up to defend Lyft’s huge political spending. Uber, which is often aligned with Lyft politically and stands to benefit from the measure just as much as Lyft would, has stayed out of the fight altogether.
Each side accuses the other of putting moneyed interests before the best interests of the state. The No campaign — backed by the likes of Netflix’s Reed Hastings and Sequoia’s Michael Moritz — has cast Prop. 30 as a maneuver to help Lyft make the switch to EVs before a government mandated deadline in 2030. “There’s just zero possibility that it would be on the ballot without Lyft,” Dan Newman, a strategist for Newsom and the No campaign, told Protocol.
On the other side, supporters of Prop. 30 accuse Newsom of spreading misinformation about the measure’s origins and opposing it to appease his biggest donors and to prime the pump for a potential presidential run. “When he says Prop. 30 was devised by a single corporation, I know that’s not true,” said Max Baumhefner, a senior attorney with the Natural Resources Defense Council. “I was one of the people who helped write it, amongst many.”
When he says Prop. 30 was devised by a single corporation, I know that’s not true.
So far, it seems the No campaign’s anti-tech strategy is working. Since Newsom cut an ad in September calling Prop. 30 a “Trojan Horse” for Lyft, support for the measure has fallen precipitously from 63% in July to 41% in a poll released this week. “People have believed it,” Cohen said of the opposition’s talking points. “That’s why I got reengaged to tell the origin story, but it was a little late.”
When Cohen and Zane walked away from what would become Prop. 30 in the fall of 2021, they left it in the hands of Nick Josefowitz, chief policy officer of the transit advocacy group SPUR, who had been working with them to develop the measure. Josefowitz, who happens to be married to Lyft’s former vice president of product, is connected to Lyft CEO Logan Green through a mutual friend. In September of 2021, with other options exhausted, Josefowitz gave Green a call to see if Lyft might contribute. It wasn’t an immediate yes, but Josefowitz said Green was excited by Prop. 30’s potential environmental impact.
Of course, there was also a huge upside for Lyft. Months before, California had adopted its new Clean Miles Standard, which requires rideshare companies throughout California to ensure that by 2030, electric vehicles account for 90% of their vehicle miles traveled. That means rideshare companies will have to find ways to entice their drivers to go electric. Lyft had pushed to get the California Air Resources Board to create new EV incentives to go along with the standard. But ultimately, in comments to the board, Lyft said regulators wound up offering only “metaphorical sticks with no carrots.”
Then along came Prop. 30, which is effectively a carrot patch. The measure would raise taxes by 1.75% on about 35,000 Californians whose annual income is over $2 million, and it would use the majority of the money to offer rebates for new EV purchases and to invest in charging infrastructure. The measure places a special emphasis on people from disadvantaged communities in order to subsidize EVs for people who couldn’t otherwise afford them. That includes lots of Lyft drivers.
Josefowitz said he and Lyft’s leaders continued their conversations over the following months, and by January, Lyft made its first of many contributions to the campaign. “I don’t think we ever really knew how much Lyft was planning on investing,” Josefowitz said. “We took it one step at a time.”
Lyft declined to comment for this story and directed Protocol to a corporate blog post by Green, in which he wrote in underlined text: “Not a single dollar of Proposition 30 is earmarked for Lyft or the Ridesharing industry as a whole. Ridesharing drivers will be eligible just like ALL Californians, but they won’t receive any type of priority or preference.”
Lyft’s lawyers and policy experts were at the table in the fall of 2021 when the measure was being drafted, but so were environmental groups like NRDC, Coalition for Clean Air, and California Environmental Voters. “If Prop. 30 was what the billionaires funding the opposition are claiming it is, then we wouldn’t have supported it,” Baumhefner said, emphasizing that Lyft drivers constitute a tiny fraction of all of the Californians who stand to benefit from the measure. By the state of California’s own estimates, rideshare companies like Lyft and Uber combined account for only about 1.25% of annual vehicle miles traveled.
Lyft’s critics point to a provision in the measure that says people who drive “more than 25,000 miles per year on average” should be prioritized for rebates as evidence of Lyft’s imprint on Prop. 30. But Baumhefner argues it’s a common sense requirement if the ultimate goal is reducing emissions. “It makes sense to go after vehicles that drive a lot,” he said.
For a while, things were looking up for the Yes campaign. The measure received unanimous support at the California Democrats’ executive board meeting in July, and the campaign, which had been keeping the governor’s office apprised of its work, was holding out hope Newsom would back the measure. “It felt like it was just the kind of thing we could get a climate champion, progressive Democrat like Gov. Newsom really excited about,” Josefowitz said.
Then, in July, when the measure qualified for the ballot and donations began flowing into the No campaign, everything changed. That month, Newsom published a press release formally opposing the measure, along with the California Teachers Association, which dislikes that the measure fails to guarantee any funding for schools. Newsom cast the measure as a “special interest carve-out — a cynical scheme devised by a single corporation to funnel state income tax revenue to their company.”
Newsom’s public resistance to Prop. 30 only grew from there. In mid-September, he appeared in a statewide TV ad opposing Prop. 30, doubling down on the message and dealing a major blow to the Yes campaign. The ad came in the midst of a much broader tech crackdown by Newsom, who once enjoyed a cozy relationship with the industry.
At the same time, Newsom was just days away from signing an audacious $54 billion climate action plan into law, legislation that proves “there’s a much better, more thoughtful way” to invest in the climate, Newman said. “We all agree that we must do more to fight climate change,” he said. “The question is: Can we do it without raising taxes and letting one corporation push their own public policy?”
But if Lyft’s contributions to the Yes campaign have stoked speculation about Prop. 30’s hidden agenda, the No campaign’s lengthy list of billionaire backers has similarly raised questions about Newsom’s motives.
Campaign finance records show Newsom has raised millions of dollars from people who have also thrown their money behind the No campaign. Hastings, who spent $1 million fighting Prop. 30, also contributed $3 million to help Newsom battle a recall last year and has continued donating to the governor’s reelection campaign this year. Zynga founder Mark Pincus has spent nearly half a million on the No campaign and is also supporting Newsom’s gubernatorial race. Other No campaign backers who have contributed to Newsom’s reelection include Sierra Pacific Industries, Gap heirs William and Robert Fisher and Democratic megadonor Mark Heising.
California Governor Gavin Newsom Photo: Justin Sullivan/Getty Images
Newman called the idea that the governor is being swayed by donors “beyond absurd,” pointing to other Newsom backers, including Ron Conway and Lyft itself, who are funding the Yes campaign. “I assume the accusation would come if he supported it as well,” Newman said. He argues that Lyft’s attempt to frame itself as defender of the climate rings false, particularly since the company has pushed back against past efforts to force rideshare companies to go electric. “That timeline proves that they only care about their profits,” Newman said. “Prop. 30 is by Lyft, and for Lyft.”
While the No campaign has taken on an anti-tech flavor, many of the billionaires bankrolling it actually made their money in tech. That list includes Hastings and Pincus, but also tech investor Arthur Rock, Activision Blizzard CEO Bobby Kotick, Intuit co-founder Scott Cook and Sequoia’s Moritz, among others. In a recent op-ed in the Financial Times, Moritz referred to Prop. 30 as a “Lyft bailout” and warned that it could drive business leaders to leave California for lower-tax states. “Governors Ron DeSantis of Florida and Greg Abbott of Texas will be hoping Lyft’s tax bailout succeeds,” the op-ed read.
On the Yes campaign, no one is disputing the fact that but for Lyft’s funding, there would be no Prop. 30. What they refute — emphatically so — is the idea that the measure was “devised” by Lyft and not the transit and climate advocates who say it was their brainchild. “It would have been fair to say this is being funded by a single corporation. That’s the truth,” Cohen said. “But [the opposition] is saying that it was a scheme devised by a single corporation. That’s the difference between misinformation and information.”
Asked to clarify whether the No campaign has any additional evidence to suggest Prop. 30 originated with Lyft, Newman said, “It is because of the money.”
If Prop. 30 does help Lyft in any way, the dozens of climate, health, and public interest groups that have lined up to back it don’t seem to mind. The No campaign, by contrast, has no such institutional support from climate advocates.
And yet, it’s the No side that’s managing to win over voters by the day, turning the cash infusion from Lyft — once Prop. 30’s salvation — into its biggest threat. “The easiest way to peel off the progressives is to say this is all a scheme by a single corporation,” Cohen said. “If they actually focused on the measure, there’s not compelling arguments that peel off progressives and Democrats. Don’t tax the millionaires? Don’t clear the air? Don’t give incentives to low-income folks? None of those work.”
Issie Lapowsky ( @issielapowsky) is Protocol’s chief correspondent, covering the intersection of technology, politics, and national affairs. She also oversees Protocol’s fellowship program. Previously, she was a senior writer at Wired, where she covered the 2016 election and the Facebook beat in its aftermath. Prior to that, Issie worked as a staff writer for Inc. magazine, writing about small business and entrepreneurship. She has also worked as an on-air contributor for CBS News and taught a graduate-level course at New York University’s Center for Publishing on how tech giants have affected publishing.
Amid the usual checks for close Senate races, tech is giving to spread crypto, help out VC, and bring more tech talent to politics.
Tech elites seem eager to bring their own particular brand of expertise — and perhaps the sense that Silicon Valley can fix broken things — to the political process itself.
Ben Brody (@ BenBrodyDC) is a senior reporter at Protocol focusing on how Congress, courts and agencies affect the online world we live in. He formerly covered tech policy and lobbying (including antitrust, Section 230 and privacy) at Bloomberg News, where he previously reported on the influence industry, government ethics and the 2016 presidential election. Before that, Ben covered business news at CNNMoney and AdAge, and all manner of stories in and around New York. He still loves appearing on the New York news radio he grew up with.
AJ Caughey is a data researcher for Protocol | China. Previously, he worked at Meridian International Center administering State Department cultural exchange programs and as an Applied Data and Governance Fellow for the International Innovation Corps. AJ holds master’s degrees from the University of Chicago’s Harris School of Public Policy as well the Committee on International Relations.
GMI PAC has been one of the biggest recipients of Silicon Valley’s largesse in the leadup to the midterm election. The crypto-allied, independent group focused on races that attracted little national interest, and was almost studiously bipartisan.
In other words, GMI doesn’t really look like the stereotype of Big Tech’s big giving to progressives in hot-button contests — a caricature that certainly has a big grain of truth.
“Our mission is to keep this a bipartisan issue,” said Michael Carcaise, a strategist for GMI. “That appeals, fortunately.”
GMI, known for the patronage of Anthony Scaramucci’s SkyBridge Capital and FTX CEO Sam Bankman-Fried, seems to represent another side of Silicon Valley’s $291 million in political giving — one that, essentially, is trying to bring more Silicon Valley to the world, whether it’s GMI’s efforts to herald the arrival of the crypto industry as a political force or a PAC that helps Democratic campaigns hire top tech talent.
To get a sense of how the power players of Silicon Valley — the actual geographic region — have been channeling their political giving this cycle, Protocol worked with the Center for Responsive Politics. The nonprofit government transparency group, known for its OpenSecrets.org website, pulled government data on more than 27,000 donations greater than $2,000. The donors listed themselves as coming from ZIP codes on both sides of the Bay associated with Silicon Valley, in six counties from San Jose up to San Francisco and Marin, then back down through Berkeley and Fremont.
The tally, which includes donations made through the end of September, gives insight into what the area’s wealthy — who largely made their money in tech — actually want. There were donations, for instance, from tech and cultural luminaries such as Sheryl Sandberg, Tom Steyer, Peter Thiel, and Larry Ellison. As the data shows, this small but influential group is important because PACs can raise millions from just a dozen wealthy Bay Area donors.
The results of all that giving were in some ways typical: Many donations, and some of the biggest, went to the Democratic National Committee, liberal PACs, and Democrats in high-profile races, such as Sen. Raphael Warnock, whose reelection bid in Georgia is one of a handful of races that could determine the balance of power in the Senate. Millions of dollars also went to multiple GOP groups, such as the RNC, and to candidates such as Peter Thiel acolyte Blake Masters, who’s seeking an Arizona Senate seat. California politicians, including House Speaker Nancy Pelosi and House Minority leader Kevin McCarthy, pulled in big totals too.
But then there were groups that focused less on the brawl for gavels in Washington and more on specific issues but that still managed to raise tons of cash from Silicon Valley. GMI pulled in nearly $6 million just from the Bay Area, making it a top-10 recipient, beating out Steyer’s climate group.
GMI’s haul doesn’t represent much grassroots interest, though: Marc Andreessen and Ben Horowitz each gave $1 million, Bankman-Fried gave $2 million, and his crypto exchange additionally coughed up more than $350,000. (There are no caps on contributions to super PACs such as GMI.) Nonetheless, despite the notion that crypto was emerging as a multifaceted political force, Silicon Valley coalesced relatively quickly on GMI. Its fundraising made it by far the most successful crypto-allied PAC in the region.
Carcaise said GMI tries to support candidates who are knowledgeable about the crypto industry to fill open seats in strongly red or blue states or House districts. “The main mission is: elect people who can tackle this really challenging project of regulating new technology,” Carcaise told Protocol. “It’s the intersection of tech and finance. That throws up a whole bunch of new questions.”
Through its network, GMI supported both Democrats and Republicans in their primary races, although some of the candidates — such as Rep. Markwayne Mullin, who’s poised to become one of Oklahoma’s senators — have reputations as stalwart partisans themselves rather than compromisers who work across the aisle. It also supported incumbents Sen. John Boozman and Rep. Patrick McHenry, both of whom serve as top GOP members of congressional committees overseeing the industry.
GMI ultimately spent about $12 million, Carcaise said, adding that “the vast majority” of the PAC’s work had occurred in the primary season and thus was “completed.” Days later, however, a CNBC report said GMI would fund ads through Election Day.
Many industries have long given to both sides of the aisle as a way to give a boost to their policy priorities. Tech has embraced the strategy: The National Venture Capital Association’s PAC, for instance, brought in more than $350,000 with 83 donations from a “who’s who” of VC’s such as Kirsten Green of Forerunner, plus Brook Byers and John Doerr of Kleiner Perkins. Doug Leone, Bill Coughran, and Roelof Botha, all of Sequoia, gave too — but donations to corporate PACs are capped, so their donation totals aren’t as eye-popping compared to super PAC giving. PACs for Intel, Hewlett Packard Enterprise, and Deloitte collected more than $100,000 each from larger Silicon Valley donors as well.
Donors in the area were — on the surface — also apparently eager to support specific causes. The Opportunity Matters Fund raised more from Silicon Valley’s power players than any group besides the DNC. But essentially all of its more than $20 million came from Oracle chairman Ellison, a Trump ally. The group nominally supports a policy agenda from Republican Sen. Tim Scott, including tax breaks designed to spur investment in “distressed communities” known as opportunity zones, but the fund also seems poised to support Scott if he launches a presidential bid.
Steyer’s main environmental group, NextGen Climate Action, also received more than $4.5 million from donors in the area — mostly from Steyer himself, and other environmental causes like the Sierra Club’s PAC had good hauls. The Lincoln Project and the Republican Accountability PAC — two efforts by current and former Republicans to fight Trumpism — brought in more than $4.5 million between them from nearly 135 of the bigger donors in the six counties. Donors were also eager to give to pro-choice initiatives including Planned Parenthood, to groups including Emily’s List that support women in politics, and to the AAPI Victory Fund, which tries to mobilize Asian American and Pacific Islanders to vote.
In addition, tech elites seem eager to bring their own particular brand of expertise — and perhaps the sense that Silicon Valley can fix broken things — to the political process itself.
DigiDems was a particularly popular target for donations, bringing in more than $1 million from 138 contributions. Most of the donations were repeats by Reid Hoffman and his wife, Michelle Yee, but the group also attracted money from angel investor Ron Conway and from Chris Saccheri, LinkedIn’s original web developer.
DigiDems’ goal is to raise money to pay the salaries of advanced tech staffers working on Democratic races.
“Tech talent’s expensive,” said Kane Miller, the group’s executive director. “These are folks with skills who command higher salaries in the private sector than what we are accustomed to paying in political campaigns.”
Miller said the idea certainly does resonate in Silicon Valley, but insisted that “a wide variety of donors” like the idea of helping to build long-term digital and personnel capacity of Democratic campaigns for 2022 and beyond. Still, about half the group’s nationwide haul for the cycle came from the region.
“People do respond to the fact that this isn’t just a one-off opportunity to make an impact,” Miller said. “This is a chance to infuse new talent in the ecosystem and that’s going to pay dividends in the long run.”
Ben Brody (@ BenBrodyDC) is a senior reporter at Protocol focusing on how Congress, courts and agencies affect the online world we live in. He formerly covered tech policy and lobbying (including antitrust, Section 230 and privacy) at Bloomberg News, where he previously reported on the influence industry, government ethics and the 2016 presidential election. Before that, Ben covered business news at CNNMoney and AdAge, and all manner of stories in and around New York. He still loves appearing on the New York news radio he grew up with.
The consumer-protection agency’s head said Thursday that the agency’s goal is to “ultimately give more leverage to consumers.”
The CFPB released a 71-page outline of its priorities in the rule-making process.
The Consumer Financial Protection Bureau kicked off a rule-making process Thursday to give consumers more control over their financial data, a step toward an open-banking concept that director Rohit Chopra told Protocol he hopes initiates a “race to the top.”
“Our country has always benefited when markets were more decentralized, when they’re not dominated by a handful of incumbents,” Chopra said in an interview Thursday. “I want a financial market where consumers can switch products more seamlessly, and where financial companies have to constantly compete to keep them.”
Chopra announced the kick-off of the long-awaited rule-making process in a speech on Tuesday at the Money20/20 conference in Las Vegas. Congress tasked the CFPB with creating the data-sharing standards under the 2010 Dodd-Frank law, but the agency had yet to activate its authority.
“Our goal is to accelerate the shift toward open banking and ultimately give more leverage to consumers to find the products best for them,” Chopra said.
The CFPB released a 71-page outline of its priorities in the rule-making process, which starts with a review by a small business panel, as required by law. A formal proposal would come next year and could be finalized by 2024.
The rule would focus on transaction accounts, such as deposit accounts, credit cards, and digital wallets. As described in the outline, one goal is to allow consumers to move their data as needed, including pulling transaction history from one account to another.
Fintech trade groups cheered the announcement, while banks have offered support for open banking in concept but insist there need to be equal standards for all players. Some financial institutions have already taken steps to ensure secure data sharing, as the American Bankers Association trade group said in a statement Thursday.
“I think [financial institutions] rightfully have raised concerns about certain ways in which data is scraped or harvested,” Chopra said. “And so our goal would be to create a consistent set of safeguards and rights for consumers to be able to take their data and use it in ways that really benefit everybody.”
Chopra said the CFPB wants to build off what the market is already doing well, “and at the same time, we also want to make sure that incumbents who hold a lot of data aren’t playing any games when it comes to sharing.”
The details of that will be driven by the review process, he said. Security is of top concern, Chopra added, and extends beyond just preventing data breaches.
“I think it’s also a question of: What are people doing with the data once they get it?” Chopra said. “Are they actually using it to provide a product or underwrite a loan? Or are they going to monetize it by reselling it or resharing it? Making sure that people are only using it for the limited purpose that the consumer wants it to be used for is a key question for us.”
The rule-making effort comes as the CFPB is facing a significant legal threat. A federal appeals court ruled last week that the CFPB’s funding mechanism is unconstitutional, potentially undermining several of its most important rules.
Asked about the decision’s potential impact on this rule-making effort, Chopra said the agency is forging ahead.
“This is a dormant authority that’s over a decade old,” Chopra said. “I think it’s one of the most important rules the CFPB is working on, or will ever work on in its history. There’s a lot of appetite from all across the industry and the advocacy community to get this one done. We’re reviewing every court case that involves the CFPB. We’ve been doing that since day one. But we’re forging ahead with this one.”
The CFPB also announced this week in a press conference with President Joe Biden new guidance aimed at cracking down on “junk fees,” including overdrafts. Chopra said there are connections between the battle against junk fees and the open-banking push.
He pointed to a recent Federal Deposit Insurance Corporation report that found that unbanked U.S. households reached a decade low but still totaled about 6 million.
The report “cites some reasons about why people don’t want to have a bank account in the first place, and some of it relates to junk fees,” Chopra said. “I think in a world where there’s more seamless switching, you’ll see a race to the top when it comes to customer care, when it comes to fees, and when it comes to new features that really help people.”
To give you the best possible experience, this site uses cookies. If you continue browsing. you accept our use of cookies. You can review our privacy policy to find out more about the cookies we use.