A few days before taking a company public, the last thing a founder might hope for is a news cycle to kick off about how the company may have violated U.S. sanctions regulations. That happened this week to Cloudflare, a San Francisco-based network performance and cybersecurity firm.
“It’s one of those times when being in a quiet period sucks,” Matthew Prince, Cloudflare’s CEO and cofounder, told me on Friday afternoon, a few hours after his firm debuted on the New York Stock Exchange. An amendment to a filing with the Securities and Exchange Commission had recently disclosed that some customers of Cloudflare’s services may have been terrorists, drug traffickers, or agents of sanctioned governments.
Yet investors were not deterred. Cloudflare’s shares were set to open at $15 per share, marked up from an initial range of $10 to $12 per share and, later, an updated range of $12 to $14 per share. Upon the company’s debut, the price popped 20% to $18 per share, where it has since held steady.
The enthusiasm for Cloudflare’s offering, which raised around $525 million, is fueled by at least two hot trends. The first is business’ insatiable appetite for “cloud” software and services. The second is demand for new cybersecurity solutions (as we have seen in recent IPOs, like CrowdStrike’s whopper).
“What we set out to build at Cloudflare was a replacement for the network hardware that companies currently have to install to protect their on-premise data and applications,” Prince said. He referred to pieces of IT infrastructure with wonky names like load balancers and optimizers and firewalls and VPNs. “Ten years from now [those devices] are gonna look somewhat anachronistic,” he said.
On the subject of the potential sanctions violations, Prince said Cloudflare has always strived to do the right thing. “Whenever we see something that’s potentially problematic or illegal, we reach out to experts in organizations across the U.S. government and ask what they want us to do.” Some of those consulted preferred that Cloudflare continue to host unsavory customers, since the company at least responds to valid court orders—unlike some unscrupulous, overseas rivals, Prince said. Others objected.
“Since we couldn’t get a consistent answer across the government, we had to follow what the letter of the law was and, at that time, we kicked a bunch of organizations off the network,” Prince said. “Today have much more rigorous compliance process to make sure new sites signing up aren’t on a sanctions list.”
Cloudflare’s historically lax standards around customer acquisition, while fueling growth, has also caused a number of headaches for the company. A couple years ago, it pulled the plug on the Daily Stormer, a neo-Nazi site, after facing a public outcry. Earlier this year it booted 8chan, a haven for white supremacists and breeding ground for mass murderers, after a furor erupted in the wake of the multiple mass shootings linked to the site.
I asked Prince whether he plans to be more proactive about policing his platform in the future. A trained lawyer, he gave this reply: “From time to time there will be organizations like 8chan that are intentionally designed to thwart the law and, in those cases, it may require us to do something that, frankly, makes us uncomfortable, which is step beyond the law and make what is a discretionary judgment on our own.”
Now that the company is public, it will face greater scrutiny and have to placate a broader base of shareholders. At least for now though, many investors, using their own discretionary judgment, have indicated that they are prepared for these tribulations.
No fighting in the war room. Microsoft and the Hewlett Foundation are planning to debut a Geneva, Switzerland-based nonprofit called the Cyber Peace Foundation, CyberScoop reports. The group, said also to include Facebook, Mastercard, and the Ford Foundation, will investigate and call out attacks and offer up analysis and security tools for people and businesses.
Huawei out of line. The U.S. continues to tell the world that Huawei’s 5G networking equipment poses a security threat. Relatedly, federal prosecutors have charged a Chinese professor with allegedly stealing U.S. technology. Huawei has, meanwhile, dropped a lawsuit it had filed against the U.S. for seizing and detaining some of the company’s equipment for two years.
Name your price, Mr. Norton. A couple of private equity firms have floated an offer to buy what’s left of Symantec, the cybersecurity giant, for $16 billion, the Wall Street Journal reports. Broadcom is already in the process of acquiring Symantec’s enterprise business for $10.7 billion. The PE firms, Permira and Advent International Corp., would be taking over the company’s consumer business.
Israeli StingRays. Cellphone signal-intercepting spy devices discovered last year in proximity to the White House allegedly belonged to Israel, reports Politico, citing three unnamed former U.S. officials. The Trump administration supposedly decided not to rebuke its ally for attempting to snoop. A spokesperson for Israel’s embassy denied the allegation.
Feeling vulnerable. Google disclosed a now-fixed critical vulnerability affecting Chrome OS, the operating system that runs on Chromebooks. Telegram fixed a bug that let people recover “unsent” photos and videos. Security researchers disclosed a SIM card vulnerability, dubbed Simjacker, that could have allowed hackers to track the locations of peoples’ phones.
Hacking away. Tech firm Garmin disclosed a data breach affecting customers of the South African version of its online shop. Malware knocked a school district in Flagstaff, Arizona offline. And U.S. and overseas authorities arrested 281 people accused of an online scam known as “business email compromise.”
Attend the utterly wacky tale of “3AlarmLampscooter.”
Share today’s Cyber Saturday with a friend: http://fortune.com/newsletter/cybersaturday/
Looking for previous Data Sheets? Click here.
Heeding the Scout motto. Glenn Gerstell, general counsel of the U.S. National Security Agency, penned a dire op-ed for the New York Times this week. In it, he warns that the nation is unprepared for the threats that will result from the complete digital and technological remaking of the world economy, which is currently underway. “History suggests that we will appreciate the seriousness of the underinvestment only when a crisis has occurred,” he warns.
The digital revolution has urgent and profound implications for our federal national security agencies. It is almost impossible to overstate the challenges. If anything, we run the risk of thinking too conventionally about the future. The short period of time our nation has to prepare for the effects of this revolution is already upon us, and it could not come at a more perilous and complicated time for the National Security Agency, Central Intelligence Agency, National Geospatial-Intelligence Agency, Defense Intelligence Agency, Federal Bureau of Investigation and the other components of the intelligence community.
Secret Defense Tech Startup Anduril Reaches Unicorn Status by Polina Marinova
Bolton’s Out. Here’s How That Could Affect Trump’s Foreign Policy by Benjamin Harvey
Winklevoss Twins Launch a Crypto Storage Service by Jeff John Roberts
ONE MORE THING
The Moscow mole. America allegedly extracted a top Russian spy in 2017, CNN reported, citing anonymous intelligence sources. The mole had allegedly provided secret information to the Central Intelligence Agency for a decade—including, most recently, about how Russian President Vladimir Putin had ordered and orchestrated U.S. election interference in 2016. Russia is downplaying the importance of a man whose name has been floated as the recruit, one Oleg B. Smolenkov.