Despite objection, Congress passes bill that lets U.S. authorities shoot down private drones

U.S. authorities will soon have the authority to shoot down private drones if they are considered a threat — a move decried by civil liberties and rights groups. The Senate passed the FAA Reauthorization Act on Wednesday, months after an earlier House vote in April. The bill renews funding for the Federal Aviation Administration (FAA) […]

U.S. authorities will soon have the authority to shoot down private drones if they are considered a threat — a move decried by civil liberties and rights groups.

The Senate passed the FAA Reauthorization Act on Wednesday, months after an earlier House vote in April. The bill renews funding for the Federal Aviation Administration (FAA) until 2023, and includes several provisions designed to modernize U.S aviation rule — from making commercial flights more comfortable for passengers to including new provisions to act against privately owned drones.

But critics say the new authority that gives the government the right to “disrupt,” “exercise control,” or “seize or otherwise confiscate” drones that’s deemed a “credible threat” is dangerous and doesn’t include enough safeguards.

Federal authorities would not need to first obtain a warrant, which rights groups say that authority could be easily abused, making it possible for Homeland Security and the Justice Department and its various law enforcement and immigration agencies to shoot down anyone’s drone for any justifiable reason.

Drones, or unmanned aerial vehicles, have rocketed in popularity, by amateur pilots and explorers to journalists using drones to report from the skies. But there’s also been a growing threat from hapless hobbyists accidentally crashing a drone on the grounds of the White House to so-called Islamic State terrorists using drones on the battlefield.

Both the American Civil Liberties Union and the Electronic Frontier Foundation have denounced the bill.

“These provisions give the government virtually carte blanche to surveil, seize, or even shoot a drone out of the sky — whether owned by journalists or commercial entities — with no oversight or due process,” an ACLU spokesperson told TechCrunch. “They grant new powers to the Justice Department and the Department of Homeland Security to spy on Americans without a warrant,” and they “undermine the use of drones by journalists, which have enabled reporting on critical issues like hurricane damage and protests at Standing Rock.”

“Flying of drones can raise security and privacy concerns, and there may be situations where government action is needed to mitigate these threats,” the ACLU said in a previous blog post. “But this bill is the wrong approach.”

The EFF agreed, arguing the bill endangers the First and Fourth Amendment rights of freedom of speech and the protection from warrantless device seizures.

“If lawmakers want to give the government the power to hack or destroy private drones, then Congress and the public should have the opportunity to debate how best to provide adequate oversight and limit those powers to protect our right to use drones for journalism, activism, and recreation,” the EFF said.

Other privacy groups, including the Electronic Privacy Information Center, denounced the passing of the bill without “baseline privacy safeguards.”

The bill will go to the president’s desk, where it’s expected to be signed into law.

Despite objection, Congress passes bill that lets U.S. authorities shoot down private drones

U.S. authorities will soon have the authority to shoot down private drones if they are considered a threat — a move decried by civil liberties and rights groups. The Senate passed the FAA Reauthorization Act on Wednesday, months after an earlier House vote in April. The bill renews funding for the Federal Aviation Administration (FAA) […]

U.S. authorities will soon have the authority to shoot down private drones if they are considered a threat — a move decried by civil liberties and rights groups.

The Senate passed the FAA Reauthorization Act on Wednesday, months after an earlier House vote in April. The bill renews funding for the Federal Aviation Administration (FAA) until 2023, and includes several provisions designed to modernize U.S aviation rule — from making commercial flights more comfortable for passengers to including new provisions to act against privately owned drones.

But critics say the new authority that gives the government the right to “disrupt,” “exercise control,” or “seize or otherwise confiscate” drones that’s deemed a “credible threat” is dangerous and doesn’t include enough safeguards.

Federal authorities would not need to first obtain a warrant, which rights groups say that authority could be easily abused, making it possible for Homeland Security and the Justice Department and its various law enforcement and immigration agencies to shoot down anyone’s drone for any justifiable reason.

Drones, or unmanned aerial vehicles, have rocketed in popularity, by amateur pilots and explorers to journalists using drones to report from the skies. But there’s also been a growing threat from hapless hobbyists accidentally crashing a drone on the grounds of the White House to so-called Islamic State terrorists using drones on the battlefield.

Both the American Civil Liberties Union and the Electronic Frontier Foundation have denounced the bill.

“These provisions give the government virtually carte blanche to surveil, seize, or even shoot a drone out of the sky — whether owned by journalists or commercial entities — with no oversight or due process,” an ACLU spokesperson told TechCrunch. “They grant new powers to the Justice Department and the Department of Homeland Security to spy on Americans without a warrant,” and they “undermine the use of drones by journalists, which have enabled reporting on critical issues like hurricane damage and protests at Standing Rock.”

“Flying of drones can raise security and privacy concerns, and there may be situations where government action is needed to mitigate these threats,” the ACLU said in a previous blog post. “But this bill is the wrong approach.”

The EFF agreed, arguing the bill endangers the First and Fourth Amendment rights of freedom of speech and the protection from warrantless device seizures.

“If lawmakers want to give the government the power to hack or destroy private drones, then Congress and the public should have the opportunity to debate how best to provide adequate oversight and limit those powers to protect our right to use drones for journalism, activism, and recreation,” the EFF said.

Other privacy groups, including the Electronic Privacy Information Center, denounced the passing of the bill without “baseline privacy safeguards.”

The bill will go to the president’s desk, where it’s expected to be signed into law.

Facebook named in suit alleging job ads on its platform unlawfully discriminated against women

Facebook’s ad platform is facing charges that it has enabled gender-based discrimination against millions of women in a class action suit filed on behalf of three female workers and backed by the American Civil Liberties Union (ACLU). The legal action also names ten employers who are alleged to have used the social media giant’s platform […]

Facebook’s ad platform is facing charges that it has enabled gender-based discrimination against millions of women in a class action suit filed on behalf of three female workers and backed by the American Civil Liberties Union (ACLU).

The legal action also names ten employers who are alleged to have used the social media giant’s platform to exclusively and unlawfully target job adverts at male Facebook users, thereby excluding women and non-binary users from receiving the ads.

The ACLU, law firm Outten & Golden LLP, and the Communications Workers of America have filed charges with the Equal Employment Opportunity Commission.

The 10 employers and employment agency advertisers named in the suit, which the charges allege ran discriminatory jobs in “mostly” male-dominated fields, include a police department, multiple retailers, a software development firm and various installation, repair and remodelling companies. (All ten named in the suit are listed in the ACLU’s press release.)

“I’ve heard stories about when people looked for jobs in the classified ads and big bold letters read ‘help wanted-male’ or ‘help wanted-female.’ I was shocked to find that this discrimination is still happening, just online instead of in newspapers,” said Bobbi Spees, a job-seeker and lead complainant in the case, commenting in a statement.  “I shouldn’t be shut out of the chance to hear about a job opportunity just because I am a woman.”

“The internet did not erase our civil rights laws.  It violates the law if an employer uses Facebook to deny job ads to women,” added Peter Romer-Friedman, an attorney at Outten & Golden, in another supporting statement. “The last time I checked, you don’t have to be a man to be a truck driver or a police officer.  But Facebook and employers are acting like it’s the 1950s, before federal employment law banned sex discrimination.”

The charges allege that Facebook, via its platform, delivers job ads selectively based on age and sex categories that employers expressly choose, and that it earns revenue from placing job ads that exclude women and older workers from receiving the ads.

The ACLU notes that targeting job ads by sex is unlawful under federal, state, and local civil rights laws, including Title VII of the Civil Rights Act of 1964.

“Sex segregated job advertising has historically been used to shut women out of well-paying jobs and economic opportunities,” said Galen Sherwin, senior staff attorney at the ACLU Women’s Rights Project, in another supporting statement. “We can’t let gender-based ad targeting online give new life to a form of discrimination that should have been eradicated long ago.”

While online platforms are not as heavily regulated as publishing platforms the lawsuit argues that Facebook can be held legally responsible for:

  1. creating and operating the system that allows and encourages employers to select the gender and age of the people who get their job ads, including providing employers with data on users’ gender and age for targeting purposes;
  2. delivering the gender- and age-based ads based on employers’ preferences; and
  3. acting as a recruiter connecting employers with prospective employees

We’ve reached out to Facebook for comment on the lawsuit.

It’s by no means the first time the company has faced civil rights complaints related to its ad platform.

Back in 2016 ProPublica exposed how Facebook’s ad tools could be used to exclude users based on their “ethnic affinity” — including in protected categories such as housing, employment and credit opportunities which prohibit discriminatory advertising.

The company responded by saying it would build tools to prevent advertisers from applying ethnic affinity targeting in the protected categories. And also by rewording its ad policies to more clearly prohibit discrimination.

But the following year another ProPublica investigation showed it was still failing to block discriminatory ads — leaving Facebook to apologize for failing to effectively enforce its own policies (hmmm, now where else have we heard the company accused of that… ), and saying: “Our systems continue to improve but we can do better.”

Last year the company was also shown to have allowed ads that included hateful sentiments targeted at Jewish people.

Around about the same time that Facebook was facing renewed criticism over ethnic affinity targeting on its platform being used as a tool for racial discrimination, the company said it would also take a look at how advertisers are using exclusion targeting across other “sensitive segments” — such as those relating to members of the LGBTQ community and people with disabilities.

It’s not clear whether Facebook included gender-based discrimination in those 2017 self reviews too. (We’ve asked and will update this post with any response.)

Either way, it appears Facebook has failed to pick up on the potential for gender-based discrimination to be carried out via its ad platform.

And given all the attention its ad tools have attracted lately as a vector for discrimination and other types of abuse that looks careless to say the least.

Facebook’s ad platform has faced additional criticism in Europe for sensitive inferences it makes about users — given the platform allows advertisers to target people based on political and religious interests, meaning Facebook’s platform is quietly making sensitive inferences about individuals.

Privacy experts argue this modus operandi entails Facebook processing the sensitive personal data of individuals without explicitly asking people for their upfront consent (as would be required under EU law when you’re processing sensitive personal data such as political or religious affiliation).

An opinion on a person is still personal data of that person, they contend.

Facebook disagrees, disputing that the inferences its ad platform makes about users (based off of its tracking and data-mining of people) constitutes personal data. But it’s yet another bone of legal contention now being lobbed at the company.

UK’s mass surveillance regime violated human rights law, finds ECHR

In another blow to the UK government’s record on bulk data handling for intelligence purposes the European Court of Human Rights (ECHR) has ruled that state surveillance practices violated human rights law. Arguments against the UK intelligence agencies’ bulk collection and data sharing practices were heard by the court in November last year. In today’s […]

In another blow to the UK government’s record on bulk data handling for intelligence purposes the European Court of Human Rights (ECHR) has ruled that state surveillance practices violated human rights law.

Arguments against the UK intelligence agencies’ bulk collection and data sharing practices were heard by the court in November last year.

In today’s ruling the ECHR has ruled that only some aspects of the UK’s surveillance regime violate human rights law. So it’s not all bad news for the government — which has faced a barrage of legal actions (and quite a few black marks against its spying practices in recent years) ever since its love affair with mass surveillance was revealed and denounced by NSA whistleblower Edward Snowden, back in 2013.

The judgement reinforces a sense that the government has been seeking to push as close to the legal line as possible on surveillance, and sometimes stepping over it — reinforcing earlier strikes against legislation for not setting tight enough boundaries to surveillance powers, and likely providing additional fuel for fresh challenges.

The complaints before the ECHR focused on three different surveillance regimes: 1) The bulk interception of communications (aka ‘mass surveillance’); 2) Intelligence sharing with foreign governments; and 3) The obtaining of communications data from communications service providers.

The challenge actually combines three cases, with the action brought by a coalition of civil and human rights campaigners, including the American Civil Liberties Union, Amnesty International, Big Brother Watch, Liberty, Privacy International and nine other human rights and journalism groups based in Europe, Africa, Asia and the Americas.

The Chamber judgment from the ECHR found, by a majority of five votes to two, that the UK’s bulk interception regime violates Article 8 of the European Convention on Human Rights (a right to respect for private and family life/communications) — on the grounds that “there was insufficient oversight both of the selection of Internet bearers for interception and the filtering; search and selection of intercepted communications for examination; and the safeguards governing the selection of ‘related communications data’ for examination were inadequate”.

The judges did not find bulk collection itself to be in violation of the convention but noted that such a regime must respect criteria set down in case law.

In an even more pronounced majority vote, the Chamber found by six votes to one that the UK government’s regime for obtaining data from communications service providers violated Article 8 as it was “not in accordance with the law”.

While both the bulk interception regime and the regime for obtaining communications data from communications service providers were deemed to have violated Article 10 of the Convention (the right to freedom of expression and information,) as the judges found there were insufficient safeguards in respect of confidential journalistic material.

However the Chamber did not rule against the government in two other components of the case — finding that the regime for sharing intelligence with foreign governments did not violate either Article 8 or Article 10.

While the court unanimously rejected complaints made by the third set of applicants, under Article 6 (right to a fair trial), about the domestic procedure for challenging secret surveillance measures, and under Article 14 (prohibition of discrimination).

The complaints in this case were lodged prior to the UK legislating for a new surveillance regime, the 2016 Investigatory Powers Act, so in coming to a judgement the Chamber was considering the oversight regime at the time (and in the case of points 1 and 3 above that’s the Regulation of Investigatory Powers Act 2000).

RIPA has since been superseded by IPA but, as noted above, today’s ruling will likely fuel ongoing human rights challenges to the latter — which the government has already been ordered to amend by other courts on human rights grounds.

Nor is it the only UK surveillance legislation judged to fall foul on that front. A few years ago UK judges agreed with a similar legal challenge to emergency surveillance legislation that predates IPA — ruling in 2015 that DRIPA was unlawful under human rights law. A verdict the UK Court of Appeal agreed with, earlier this year.

Also in 2015 the intelligence agencies’ own oversight court, the IPT, also found multiple violations following challenges to aspects of its historical surveillance operations, after they have been made public by the Snowden revelations.

Such judgements did not stop the government pushing on with the IPA, though — and it went on to cement bulk collection at the core of its surveillance modus operandi at the end of 2016.

Among the most controversial elements of the IPA is a requirement that communications service providers collect and retain logs on the web activity of the digital services accessed by all users for 12 months; state power to require a company to remove encryption, or limit the rollout of end-to-end encryption on a future service; and state powers to hack devices, networks and services, including bulk hacking on foreign soil. It also allows the security agencies to maintain large databases of personal information on U.K. citizens, including individuals suspected of no crime.

On the safeguards front the government legislated for what it claimed was a “double lock” authorization process for interception warrants — which loops in the judiciary to signing off intercept warrants for the first time in the U.K., along with senior ministers. However this does not regulate the collection or accessing of web activity data that’s blanket-retained on all users.

In April this shiny new surveillance regime was also dealt a blow in UK courts — with judges ordering the government to amend the legislation to narrow how and why retained metadata could be accessed, giving ministers a deadline of November 1 to make the necessary changes.

In that case the judges also did not rule against bulk collection in general — declining to find that the state’s current data retention regime is unlawful on the grounds that it constituted “general and indiscriminate” retention of data. (For its part the government has always argued its bulk collection activities do not constitute blanket retention.)

And today’s ECHR ruling further focuses attention on the safeguards placed around bulk collection programs — having found the UK regime lacked sufficient monitoring to be lawful (but not that bulk collection itself is unlawful by default).

Opponents of the current surveillance regime will be busily parsing the ruling to find fresh fronts to attack.

It’s not the first time the ECHR has looked at bulk interception. Most recently, in June 2018, it deemed Swedish legislation and practice in the field of signals intelligence did not violate EU human rights law. Among its reasoning was that it found the Swedish system to have provided “adequate and sufficient guarantees against arbitrariness and the risk of abuse”.

However it said the Big Brother Watch and Others vs United Kingdom case being ruled upon today is the first case in which it specifically considered the extent of the interference with a person’s private life that could result from the interception and examination of communications data (as opposed to content).

In a Q&A about today’s judgement, the court notes that it “expressly recognised” the severity of threats facing states, and also how advancements in technology have “made it easier for terrorists and criminals to evade detection on the Internet”.

“It therefore held that States should enjoy a broad discretion in choosing how best to protect national security. Consequently, a State may operate a bulk interception regime if it considers that it is necessary in the interests of national security. That being said, the Court could not ignore the fact that surveillance regimes have the potential to be abused, with serious consequences for individual privacy. In order to minimise this risk, the Court has previously identified six minimum safeguards which all interception regimes must have,” it writes.

“The safeguards are that the national law must clearly indicate: the nature of offences which may give rise to an interception order; a definition of the categories of people liable to have their communications intercepted; a limit on the duration of interception; the procedure to be followed for examining, using and storing the data obtained; the precautions to be taken when communicating the data to other parties; and the circumstances in which intercepted data may or must be erased or destroyed.”

(Additional elements the court says it considered in an earlier surveillance case, Roman Zakharov v. Russia, also to determine whether legislation breached Article 8, included “arrangements for supervising the implementation of secret surveillance measures, any notification mechanisms and the remedies provided for by national law”.)

Commenting on today’s ruling in a statement, Megan Goulding, a lawyer for Liberty, said: “This is a major victory for the rights and freedom of people in the UK. It shows that there is — and should be — a limit to the extent that states can spy on their citizens.

“Police and intelligence agencies need covert surveillance powers to tackle the threats we face today — but the court has ruled that those threats do not justify spying on every citizen without adequate protections. Our government has built a surveillance regime more extreme than that of any other democratic nation, abandoning the very rights and freedoms terrorists want to attack. It can and must give us an effective, targeted system that protects our safety, data security and fundamental rights.”

A Liberty spokeswoman also told us it will continue its challenge to IPA in the UK High Court, adding: “We continue to believe that mass surveillance can never be compliant in a free, rights-respecting democracy.”

Also commenting in a statement, Silkie Carlo, director of Big Brother Watch, said: “This landmark judgment confirming that the UK’s mass spying breached fundamental rights vindicates Mr Snowden’s courageous whistleblowing and the tireless work of Big Brother Watch and others in our pursuit for justice.

“Under the guise of counter-terrorism, the UK has adopted the most authoritarian surveillance regime of any Western state, corroding democracy itself and the rights of the British public. This judgment is a vital step towards protecting millions of law-abiding citizens from unjustified intrusion. However, since the new Investigatory Powers Act arguably poses an ever greater threat to civil liberties, our work is far from over.”

A spokesperson for Privacy International told us it’s considering taking the case to the ECHR’s Grand Chamber.

Also commenting in a supporting statement, Antonia Byatt, director of English PEN, added: “This judgment confirms that the British government’s surveillance practices have violated not only our right to privacy, but our right to freedom of expression too. Excessive surveillance discourages whistle-blowing and discourages investigative journalism. The government must now take action to guarantee our freedom to write and to read freely online.”

We’ve reached out to the Home Office for comment from the UK government.

On intelligence sharing between governments, which the court had not previously considered, the judges found that the procedure for requesting either the interception or the conveyance of intercept material from foreign intelligence agencies to have been set out with “sufficient clarity in the domestic law and relevant code of practice”, noting: “In particular, material from foreign agencies could only be searched if all the requirements for searching material obtained by the UK security services were fulfilled.”

It also found “no evidence of any significant shortcomings in the application and operation of the regime, or indeed evidence of any abuse” — hence finding the intelligence sharing regime did not violate Article 8.

On the portion of the challenge concerning complaints that UK intelligence agencies’ oversight court, the IPT, lacked independence and impartiality, the court disagreed — finding that the tribunal had “extensive power to consider complaints concerning wrongful interference with communications, and those extensive powers had been employed in the applicants’ case to ensure the fairness of the proceedings”.

“Most notably, the IPT had access to open and closed material and it had appointed Counsel to the Tribunal to make submissions on behalf of the applicants in the closed proceedings,” it also writes.

In addition, it said it accepted the government’s argument that in order to ensure the efficacy of the secret surveillance regime restrictions on the applicants’ procedural rights had been “both necessary and proportionate and had not impaired the essence of their Article 6 rights”.

On the complaints under Article 14, in conjunction with Articles 8 and 10 — that those outside the UK were disproportionately likely to have their communications intercepted as the law only provided additional safeguards to people known to be in Britain — the court also disgareed, rejecting this complaint as manifestly ill-founded.

“The applicants had not substantiated their argument that people outside the UK were more likely to have their communications intercepted. In addition, any possible difference in treatment was not due to nationality but to geographic location, and was justified,” it writes. 

Update: Snowden has broken several weeks of Twitter silence to tweet a response to the ECHR judgement…

Tall Poppy aims to make online harassment protection an employee benefit

For the nearly 20 percent of Americans who experience severe online harassment, there’s a new company launching in the latest batch of Y Combinator called Tall Poppy that’s giving them the tools to fight back. Co-founded by Leigh Honeywell and Logan Dean, Tall Poppy grew out of the work that Honeywell, a security specialist, had […]

For the nearly 20 percent of Americans who experience severe online harassment, there’s a new company launching in the latest batch of Y Combinator called Tall Poppy that’s giving them the tools to fight back.

Co-founded by Leigh Honeywell and Logan Dean, Tall Poppy grew out of the work that Honeywell, a security specialist, had been doing to hunt down trolls in online communities since at least 2008.

That was the year that Honeywell first went after a particularly noxious specimen who spent his time sending death threats to women in various Linux communities. Honeywell cooperated with law enforcement to try and track down the troll and eventually pushed the commenter into hiding after he was visited by investigators.

That early success led Honeywell to assume a not-so-secret identity as a security expert by day for companies like Microsoft, Salesforce, and Slack, and a defender against online harassment when she wasn’t at work.

“It was an accidental thing that I got into this work,” says Honeywell. “It’s sort of an occupational hazard of being an internet feminist.”

Honeywell started working one-on-one with victims of online harassment that would be referred to her directly.

“As people were coming forward with #metoo… I was working with a number of high profile folks to essentially batten down the hatches,” says Honeywell. “It’s been satisfying work helping people get back a sense of safety when they feel like they have lost it.”

As those referrals began to climb (eventually numbering in the low hundreds of cases), Honeywell began to think about ways to systematize her approach so it could reach the widest number of people possible.

“The reason we’re doing it that way is to help scale up,” says Honeywell. “As with everything in computer security it’s an arms race… As you learn to combat abuse the abusive people adopt technologies and learn new tactics and ways to get around it.”

Primarily, Tall Poppy will provide an educational toolkit to help people lock down their own presence and do incident response properly, says Honeywell. The company will work with customers to gain an understanding of how to protect themselves, but also to be aware of the laws in each state that they can use to protect themselves and punish their attackers.

The scope of the problem

Based on research conducted by the Pew Foundation, there are millions of people in the U.S. alone, who could benefit from the type of service that Tall Poppy aims to provide.

According to a 2017 study, “nearly one-in-five Americans (18%) have been subjected to particularly severe forms of harassment online, such as physical threats, harassment over a sustained period, sexual harassment or stalking.”

The women and minorities that bear the brunt of these assaults (and, let’s be clear, it is primarily women and minorities who bear the brunt of these assaults), face very real consequences from these virtual assaults.

Take the case of the New York principal who lost her job when an ex-boyfriend sent stolen photographs of her to the New York Post and her boss. In a powerful piece for Jezebel she wrote about the consequences of her harassment.

As a result, city investigators escorted me out of my school pending an investigation. The subsequent investigation quickly showed that I was set up by my abuser. Still, Mayor Bill de Blasio’s administration demoted me from principal to teacher, slashed my pay in half, and sent me to a rubber room, the DOE’s notorious reassignment centers where hundreds of unwanted employees languish until they are fired or forgotten.

In 2016, I took a yearlong medical leave from the DOE to treat extreme post-traumatic stress and anxiety. Since the leave was almost entirely unpaid, I took loans against my pension to get by. I ran out of money in early 2017 and reported back to the department, where I was quickly sent to an administrative trial. There the city tried to terminate me. I was charged with eight counts of misconduct despite the conclusion by all parties that my ex-partner uploaded the photos to the computer and that there was no evidence to back up his salacious story. I was accused of bringing “widespread negative publicity, ridicule and notoriety” to the school system, as well as “failing to safeguard a Department of Education computer” from my abusive ex.

Her story isn’t unique. Victims of online harassment regularly face serious consequences from online harassment.

According to a  2013 Science Daily study, cyber stalking victims routinely need to take time off from work, or change or quit their job or school. And the stalking costs the victims $1200 on average to even attempt to address the harassment, the study said.

“It’s this widespread problem and the platforms have in many ways have dropped the ball on this,” Honeywell says.

Tall Poppy’s co-founders

Creating Tall Poppy

As Honeywell heard more and more stories of online intimidation and assault, she started laying the groundwork for the service that would eventually become Tall Poppy. Through a mutual friend she reached out to Dean, a talented coder who had been working at Ticketfly before its Eventbrite acquisition and was looking for a new opportunity.

That was in early 2015. But, afraid that striking out on her own would affect her citizenship status (Honeywell is Canadian), she and Dean waited before making the move to finally start the company.

What ultimately convinced them was the election of Donald Trump.

“After the election I had a heart-to-heart with myself… And I decided that I could move back to Canada, but I wanted to stay and fight,” Honeywell says.

Initially, Honeywell took on a year-long fellowship with the American Civil Liberties Union to pick up on work around privacy and security that had been handled by Chris Soghoian who had left to take a position with Senator Ron Wyden’s office.

But the idea for Tall Poppy remained, and once Honeywell received her green card, she was “chomping at the bit to start this company.”

A few months in the company already has businesses that have signed up for the services and tools it provides to help companies protect their employees.

Some platforms have taken small steps against online harassment. Facebook, for instance, launched an initiative to get people to upload their nude pictures  so that the social network can monitor when similar images are distributed online and contact a user to see if the distribution is consensual.

Meanwhile, Twitter has made a series of changes to its algorithm to combat online abuse.

“People were shocked and horrified that people were trying this,” Honeywell says. “[But] what is the way [harassers] can do the most damage? Sharing them to Facebook is one of the ways where they can do the most damage. It was a worthwhile experiment.”

To underscore how pervasive a problem online harassment is, out of the four companies where the company is doing business or could do business in the first month and a half there is already an issue that the company is addressing. 

“It is an important problem to work on,” says Honeywell. “My recurring realization is that the cavalry is not coming.”