With regulations unclear and legislation slow in coming, companies see litigation as a way of cementing favorable treatment.
Litigation has emerged as an important tool for crypto.
When the SEC shot down Grayscale’s pitch for a bitcoin spot ETF, the crypto investment firm could have given it another try by filing a new proposal. But Grayscale was bent on going to court, the company signaled. And it’s not the only company to adopt an aggressive legal posture against a regulator.
Litigation has emerged as an important tool for crypto as it wrestles with unclear rules and a slow legislative path to clarity. Grayscale’s legal offensive and other disputes bubbling up shows how important the courts have become for settling disputes with regulators like SEC. In many cases, outcomes of court battles could have far-reaching consequences for the industry — especially if crypto companies win.
Grayscale CEO Michael Sonnenshein had talked about his company’s plans to lawyer up weeks before the SEC’s decision. He said the company hired prominent Washington attorney Donald Verrilli to prepare for a legal battle. Chief Legal Officer Craig Salm said “the court is the natural next step for us to take.”

“We’re at a stage where we have disagreement over how the existing regulations are being interpreted,” Salm told Protocol. “We can’t go to Congress … We can’t do nothing.”
There is a long history of the courts shaping how financial rules are interpreted. The Howey Test that the SEC still uses to determine whether an asset is a security is derived from a 1946 Supreme Court decision about orange groves.
Victory is never assured, but the courts can offer an outlet for well-funded crypto companies to flex their resources. “If you have enough money to file or defend enough lawsuits, you can more easily wear down your opposition, even if they are a major regulator, and even if you lose, you can win in the long term if the decisions made chip away at the regulatory apparatus itself,” said Mark Hays, a senior policy analyst on fintech at Americans for Financial Reform, a group that has advocated for stronger consumer protections in crypto regulation.
Marc Fagel, a former San Francisco regional director for the SEC, noted that companies that “proactively sue the SEC for its rules or status denials” will find that “the current Republican-dominated courts are favorable for them.”
The crypto industry is eyeing a fresh legal opening with the Supreme Court decision limiting the ability of the EPA to draft regulations related to climate change, a ruling that some think could have wide-reaching implications for all federal agencies.
The ruling “challenges the regulation by enforcement approach that the digital asset industry has been forced to navigate,” Perianne Boring, founder and CEO of the Chamber of Digital Commerce, a major crypto lobby group, said in a tweet the day the decision came out. “Without clear Congressional authorization, federal agencies must tread carefully,” she added.
It’s not clear how the EPA decision will affect crypto cases. Todd Phillips, director of financial regulation and corporate governance at the Center for American Progress, pointed out that the Supreme Court’s ruling is focused on the authority agencies have to address major questions not directly assigned by Congress.

“If an agency is trying to tackle some new issue that it has never tackled before — an issue that it seems Congress did not really intend for the agency to address — then courts are going to look at it,” Phillips said. But the SEC has long regulated securities, and has taken the position that many crypto assets are securities, “so it is not like the SEC is trying to address a problem it has never addressed before,” he said.
Fagel, who represented some crypto clients when he worked in the private sector, speculated that the ruling could even prompt more enforcement measures, “at least until the courts push back on the SEC’s interpretation of current securities law.”
That’s what Grayscale is hoping for in its lawsuit.
A Grayscale victory could open doors for other industry players that see a bitcoin ETF as a way to open crypto to more investors. The SEC has consistently rejected the proposals, citing concerns that investors would not be adequately protected from fraud or market manipulation.
Another closely watched legal brawl is the SEC suit against Ripple, which the regulator accused of failing to register $1.4 billion of XRP as securities. The lawsuit, which was filed in 2020, was damaging to Ripple, causing the value of XRP to fall dramatically.
But the legal battle is now seen as a potential turning point for crypto. If Ripple wins, it could weaken the SEC’s argument that most cryptocurrencies should be registered as securities.
“That could open the door for other other tokens out there being deemed not to be a security,” Fagel said. “It could shrink the SEC’s jurisdiction.”
But litigation can also be risky for crypto companies. Cathy Yoon, chief legal officer at MPCH, cited the costs of pursuing legal action if a case drags on. “In the end, even though you’ve won, you might not be able to continue” in business, she said.
Legal costs are rising at a time when the crypto industry could be facing more lawsuits from investors and consumers reeling from the market meltdown.

Roughly half of the more than 400 crypto-related court cases tracked by the law firm Morrison Cohen since 2014 were private cases: either a person suing a company or a company suing a person or another firm. Jason Gottlieb, a partner at the firm and lead author of the firm’s Cryptocurrency Litigation Tracker, said private actions are the fastest growing form of crypto litigation.
Some private lawsuits have focused on regulatory questions. Coinbase, crypto lender BlockFi and Solana Labs have each been hit with lawsuits from users or investors alleging, in part, that the companies offered unregistered securities.
Katherine Dowling, chief compliance officer and general counsel at Bitwise, said litigation can be “an avenue” for a crypto company. But “I don’t see it as the most efficient avenue.”
“I could see companies taking that step because the regulatory environment is not clear,” she told Protocol. But court rulings are typically based on the facts of a specific case, which can limit their application.
Legislation and clearer regulations, drafted in consultation with the industry, are still the preferred path, she said: “It shouldn’t only be enforcement actions. There needs to be dialogue and more definitional clarity, so that businesses that are trying to do the right thing have a clear path forward.”
Want your finger on the pulse of everything that’s happening in tech? Sign up to get Protocol’s daily newsletter.

Your information will be used in accordance with our Privacy Policy
Thank you for signing up. Please check your inbox to verify your email.

Sorry, something went wrong. Please try again.
A login link has been emailed to you – please check your inbox.
Benjamin Pimentel ( @benpimentel) covers crypto and fintech from San Francisco. He has reported on many of the biggest tech stories over the past 20 years for the San Francisco Chronicle, Dow Jones MarketWatch and Business Insider, from the dot-com crash, the rise of cloud computing, social networking and AI to the impact of the Great Recession and the COVID crisis on Silicon Valley and beyond. He can be reached at bpimentel@protocol.com or via Google Voice at (925) 307-9342.
Former government officials go into the private sector all the time to leverage their networks.
While working for Uber, former Obama adviser David Plouffe prompted U.K. embassy staff to set up a public event for him to discuss the gig economy.
Ben Brody (@ BenBrodyDC) is a senior reporter at Protocol focusing on how Congress, courts and agencies affect the online world we live in. He formerly covered tech policy and lobbying (including antitrust, Section 230 and privacy) at Bloomberg News, where he previously reported on the influence industry, government ethics and the 2016 presidential election. Before that, Ben covered business news at CNNMoney and AdAge, and all manner of stories in and around New York. He still loves appearing on the New York news radio he grew up with.
A trove of nearly 125,000 leaked documents detailing Uber’s efforts, under ex-CEO Travis Kalanick, to elbow into cities and countries around the world through secret ties to the highest levels of policymaking has gone public. The so-called Uber files show the company also went big on an expensive program to boost sympathetic researchers and carefully cultivate business allies with political pull.
They also reveal a company exporting a standard playbook for sophisticated U.S. firms, including many tech companies that hoped they could outrun regulation in the years before the techlash.
The documents — provided by Uber’s former chief European lobbyist to the U.K.’s Guardian newspaper and shared with investigative journalists around the world — provide rare insight into the day-to-day operations of Uber under Kalanick. The company was at the time known for its ethical compromises and culture of harassment, and Kalanick was ousted as CEO in 2017. But the files also show how the ride-hailing company’s strategy in dealing with international governments differed more in degree than in kind when compared to other U.S. tech companies. The result was that the company had valuable allies and contacts — if not always guarantees of success.

Take David Plouffe, who managed President Obama’s 2008 presidential campaign and later joined the White House before becoming Uber’s senior vice president of policy and strategy in 2014. Plouffe emailed Obama’s ambassador to the U.K. directly in late 2015, prompting embassy staff to set up a public event centered around him discussing the gig economy, according to The Guardian. The report also detailed hopes inside Uber that Plouffe and his team could reach out to the U.S. ambassadors to France and the Netherlands, where the company was clashing with regulators.
Or take Jim Messina, who managed Obama’s 2012 reelection campaign before he began consulting for Uber. In emails, he appeared to offer to plead the company’s case before the leaders of Italy and Spain, The Guardian reported. Messina was ostensibly meeting the heads of state in his capacity as an international political consultant.
Plouffe, who is now head of policy and advocacy for the Chan Zuckerberg Initiative, denied to The Guardian that his CV helped him in meetings, and a Messina spokesperson denied he’d ever gone through with approaching foreign leaders on Uber’s behalf. Uber has continued to distance itself from Kalanick and condemned several of his decisions — though not necessarily his hiring choices — in response to the leaks.
Hiring former government and campaign officials has, in fact, become the hallmark of many companies’ policy efforts. Sometimes firms are relying only on the name recognition and expertise in policymaking of new employees. At other times, those who enter the private sector from the worlds of politics fully plan to mix their old and new networks — at least after the end of mandated “cooling off” periods, during which they can’t reach out to old associates still serving in the government.
Hiring former government and campaign officials has become the hallmark of many companies’ policy efforts.

Companies and lobbying firms routinely celebrate the former government positions of their new employees. Amazon, for instance, hired former White House press secretary Jay Carney in 2015, while former Environmental Protection Agency administrator Lisa Jackson joined Apple soon after leaving the government in 2013. The D.C.-to-Silicon Valley pipeline was particularly robust late in the Obama years, when officials from the tech-savvy and tech-friendly administration joined companies that — particularly in cases like Uber, Lyft and Airbnb — were hoping to shape the policy gray areas in which they operated to their advantage. Some of those who went west, like Carney and Jackson, were boldfaced names; others were major players behind the scenes.
But just as Uber wasn’t alone in shelling out for policy talent, government officials from the mid-2010s weren’t the only ones in tech pursuing the practice. Republican former Federal Communications Commission Chair Kevin Martin, who served under President George W. Bush, still sits atop Facebook’s Washington office, while Sheryl Sandberg held a top post in the Treasury Department under President Bill Clinton. Chris Lehane, an alumnus of the Clinton White House, likewise joined Airbnb, in 2015, and stayed until earlier this year.
Nor was aggressive recruiting of former government officials unique to the U.S. Facebook also hired Nick Clegg, the U.K.’s former deputy prime minister. The Uber leaks also reveal a former European Commission official fighting ethics determinations that said she had to obey a cooling-off period before joining the company’s policy advisory board. And the Uber leaker himself, former European Uber official Mark MacGann, had a long career as a lobbyist in the EU.
Still, many tech companies, including Uber, have benefitted from more comfortable operating environments at home in the U.S., not least of all as they faced greater regulation and enforcement in the EU than here. For Uber, that included government raids in both Paris and Amsterdam (at which point the company tried to minimize what the authorities could seize from the rest of the company by cutting off computers from internal servers). The EU has also been faster to regulate privacy and competition than the U.S., although those efforts have mainly touched more on companies like Google rather than gig economy firms like Uber.

The coziness that some of Uber’s top policy employees seem to have felt with the very same government actors who might regulate the company has often prompted ethics concerns across business sectors. Watchdog organizations have decried those who leave lawmakers’ offices or federal agencies to go work for the private sector, labeling them part of a “revolving door” between industry and public service. Yet efforts to crack down on the practice have largely stuck to a far narrower conception of influence than many companies seek to pursue with their hires.
Many tech companies, including Uber, have benefitted from more comfortable operating environments at home in the U.S.
Obama, for instance, put in place a then-unprecedented ethics pledge that stopped administration officials from lobbying the executive branch until he left office. The policy did not, however, stop his former employees from lobbying Congress, states or international governments — or from designing a strategy for influencing policy or coming up with effective public persuasion that supposedly isn’t tailored to the government.
The breadth of Uber’s efforts to leverage various connections internationally revealed the many ways that companies can try to prod policy one way or another. The Uber documents, for instance, show the company sometimes paid more than $100,000 to ostensibly independent economic researchers in the EU and U.S. for a single study, according to another Guardian report. Those researchers at times even promised in advance that their results would provide good PR. The practice mirrors efforts by Google, which routinely issued grants to sympathetic academics even as it insisted it didn’t dictate particular conclusions, and Facebook, which has declared it’s facilitating scholarship while it imposes intense burdens on scholars whose conclusions might be unflattering.
Uber also tried to extend its influence through its business arrangements. The company brought in Russian oligarchs to invest, for example, and launched a partnership on mobile payments and vehicle financing with Sberbank, Russia’s biggest bank, which is close to the country’s elite. Both relationships were meant to — and to a certain extent did — provide Uber with introductions to policymakers and help smooth regulatory battles, according to The Washington Post.

The ties, however, raised questions in a country that even by 2014 was already facing sanctions and returning to authoritarianism and regional aggression, according to the Post. Uber’s local oligarch investors even pushed the company to hire an overly expensive local lobbyist who Uber worried might simply bribe people.
Ultimately, Uber’s U.S.-style lobbying and policy operation met with mixed success.
Still, it’s common, in the EU and U.S., for tech companies to seek business partners that can tout their good name and open doors, including regulatory ones. SoftBank, for instance, has often used its lobbyists to help boost tech startups in which it has taken a stake. (After Kalanick was forced out, those investments for a time included Uber.) And it’s not unusual for companies to hire lobbyists and strategists simply because they come highly recommended or because they’re particularly close to figures at the top reaches of government.
Ultimately, Uber’s U.S.-style lobbying and policy operation met with mixed success. In France, the company was in direct contact with Emmanuel Macron, who was then economy minister and who seemed happy to negotiate Uber-friendly policies. But in Russia, Uber appeared to have overestimated the sway of the oligarchs it partnered with, and the local lobbyist appears to have done little. Ultimately, Uber’s efforts yielded so little that it essentially had to let the Russian tech giant Yandex take over its operations.
Just as in the U.S., a sophisticated operation could still fall through.
Ben Brody (@ BenBrodyDC) is a senior reporter at Protocol focusing on how Congress, courts and agencies affect the online world we live in. He formerly covered tech policy and lobbying (including antitrust, Section 230 and privacy) at Bloomberg News, where he previously reported on the influence industry, government ethics and the 2016 presidential election. Before that, Ben covered business news at CNNMoney and AdAge, and all manner of stories in and around New York. He still loves appearing on the New York news radio he grew up with.
Many people might think of the Google Play Store when they want to download a new app. But the Google Play Store is much more than that: It creates revenue for small businesses and provides jobs for many employees at those businesses. Google Play connects developers with over 2.5 billion monthly active users around the globe, helping to generate over $120 billion in revenues for developers, to date.
Purnima Kochikar, Vice President, Google Play Partnerships
As part of an exclusive fireside chat, Purnima Kochikar, Vice President, Google Play Partnerships, sat down with Protocol to discuss how Google helps developers succeed by giving them the tools to turn ideas into apps, build an audience to receive those apps and get feedback needed to create the best possible app to change people’s lives.
What do you find most gratifying about your role overseeing all aspects of the Google Play app ecosystem?
We started as a very tiny team, and over the past 10 years that I’ve been at Google, we’ve generated over $120 billion in revenue for developers, many who are entrepreneurs or work at small businesses.
I have the best job in the world – it is a huge responsibility and incredibly humbling. It’s also inspirational to provide business and technical consulting to help developers build apps that change people’s lives.
Because we sit on a large platform, we can look at best practices and guide developers to the best tools and technologies. We also have generated 2.5 billion monthly active users, which creates a ready-made global audience for the amazing creativity of app developers.
I’ve always said that Android and Google Play are blank canvases, and developers are the artists who paint on them. I love seeing how developers turn ideas into reality.
What have you learned while leading the Google Play Store?
One of the most important things that I’ve learned is that imagination and creativity are not constrained to the places where we think they are. You always think about Silicon Valley. We think about New York. We think about London and the big cities. But our developers come from everywhere — most are also small businesses, like the brick-and-mortar companies you see in your town or neighborhood. You can have a great idea sitting in Nashville, Tennessee, or San Diego, or New York, or San Francisco. But when you offer those ideas through Google Play, you have a global audience waiting for you.
One of my favorite examples is GoNoodle, which is a small business in Nashville. A creative entrepreneur there saw joy when people get together and get healthy. Now, 95% of elementary schools in the U.S. use the app, which shares interesting ways for kids to get moving and focus on their health. This level of reach would have been unthinkable in the past, but now the app builder has the platform and distribution model to give all schools access to the app.
You mentioned developer creativity. Let’s talk about the role that creativity plays in the app development process.
Small businesses have amazing ideas. And they really understand their customers. They want to create truly amazing apps and really focus on their uses. But some stumble with the practical reality. We give developers the tools and technology to turn their creative ideas into apps that users can download and then use to change both their lives and their users’ lives.
One of the ways that we help small businesses succeed is Google Play Academy, which is a self-serve education platform. A developer anywhere in the world can access our videos, blogs and tips to understand how to both build and publish a great app. Because small companies don’t have lengthy testing times like bigger companies do, we also created the alpha-beta program where a developer can invite users to test their apps. We also provide tools and templates, such as pre-registration, to help generate an audience for their app before it’s even published.
The statistic that I’m most proud of is that in 2021, more than 2 million jobs existed in the United States, thanks to Android and Google Play. These aren’t jobs at Google, these are jobs that exist because developers grew their small businesses after publishing apps on the Play Store.
Many small businesses were hit especially hard during the pandemic – did you see any effects of that for the Google Play ecosystem?
During the past two years there has been a big debate between life and livelihood. A lot of people had to make a choice between the two. Those who could work from home didn’t have to make that hard choice because we could have both life and livelihood — and tech was the reason people could have both.
Mobile apps let small businesses digitize, pretty much overnight. We saw small restaurants use apps to make food delivery possible so people could stay home and order food. The apps helped them stay open and even created new jobs, especially in delivery. During the pandemic, most of the delivery apps in the Play Store hit 10-year KPIs – meaning that they saw engagement in just two years that most apps take 10 years to hit. It’s been truly fascinating — and truly humbling — to see what apps made possible in the middle of some of the worst times of our lives.
You’ve shared several differences in the apps and developers — location, size, ideas. Is there something that most apps have in common?
Each app developer truly focuses on a problem that’s near and dear to their heart, something that sparked their imagination, or something they feel deeply about. They each truly believe that they have a solution to make their community, their country, or the world better – and they aspire for their app to be used by a lot of people – they want to succeed.
Interestingly, most app developers with apps in the Play Store are actually small businesses, and they’re experiencing the benefits and challenges that come with starting out — even today’s big businesses started as small businesses.
People often ask me if they can succeed, because they don’t see other successful people who look like themselves. We need more women starting companies. We need more underrepresented groups starting companies. So, we are investing in this area. We want to make sure there are more people and companies like each of us on Google Play — so that the next kid who has a dream believes that they can be successful with their app.
I’m super excited about a program we launched in 2017 called Change the Game. Many people are surprised to learn that in 2020, 41% of people playing digital games were women. We still need more people to build apps for women. We want women and girls to know that they can create games, and so with Change the Game, we’re helping them build game apps – helping to support and empower women as game players and creators. We want to help developers succeed, and this is one of the many ways we are doing that.
When researching for this article, I was surprised that 97% of developers do not pay any fees to Google Play. What are some other things that people get wrong about Google?
Many people don’t realize the many ways developers benefit from Google Play and that the core DNA of Android is open. From the minute that developers get a creative idea, they have every tool they need to build the app, understand the security policies, launch the app and gain a global audience.
Another common misconception is that apps must be downloaded from a single location. But there are alternative app stores that are available on Android — and developers can distribute their apps through a website, meaning their creativity is not constrained. Developers have choices about where to distribute.
Most importantly, I truly want people to get to know the developers and the value that they’re finding on Play. You can read their amazing stories on our We Are Play site. Take a few minutes and download their apps to see firsthand how they can help you change your own life.
The cloud engineering startup, which counts its namesake infrastructure-as-a-code tool as its flagship technology, has plans to build a whole set of tools for developers who want to work on the cloud.
“[L]ong-term, we’re a cloud engineering platform, and we’re solving for so much more of the space of what these enterprises have to build internally,” said Joe Duffy, Pulumi’s co-founder and CEO.
Donna Goodison (@dgoodison) is Protocol’s senior reporter focusing on enterprise infrastructure technology, from the ‘Big 3’ cloud computing providers to data centers. She previously covered the public cloud at CRN after 15 years as a business reporter for the Boston Herald. Based in Massachusetts, she also has worked as a Boston Globe freelancer, business reporter at the Boston Business Journal and real estate reporter at Banker & Tradesman after toiling at weekly newspapers.
Pulumi CEO and co-founder Joe Duffy’s vision for his open-source cloud engineering startup is to offer developers and infrastructure teams the tools they need to “make the most out of the cloud.”
With its universal infrastructure-as-code software tool as its flagship technology, the company – which marked its fifth year in March – is approaching 1,000 commercial customers and growing rapidly, according to Duffy, a Microsoft veteran who ran the cloud provider’s developer strategy and managed its programming languages teams.
“The cloud is really transforming everything about how we build software, enabling new capabilities,” Duffy said. “What we’re really trying to do is break down the silos and enable developers, infrastructure teams and security experts to just collaborate and build cloud-powered software. Software is changing everything about modern business.”
Duffy talked to Protocol about Pulimi’s start and where it’s headed — including plans for an initial public offering — as well as its competition with HashiCorp’s Terraform and why the company uses AWS as its internal cloud provider.

The interview has been edited and condensed for clarity.
Pulumi has been in business for five-plus years now. How’s it going and can you give any metrics to support that?
In short, it’s going really well. We just hit our five-year anniversary in March this year. We came from a developer heritage, and our bet was the future is really all about empowering developers and bringing software engineering to infrastructure teams. What we found was, frankly, what folks are using in this space is not very good. People thought about giving care and love to developers in a fundamentally different way than infrastructure teams.
So we sort of made the big bet, and it took a while to build the initial platform. It took about a year to build the first version. We open-sourced it. We didn’t even launch the commercial edition for another year after that, so really we’ve been in market commercially for three years. Within the last year, things have really just picked up steam — really, the last six months even. I think the market has really changed in sort of the way that we’ve predicted. Honestly, COVID actually accelerated this. You see a lot more people accelerating their cloud efforts. The idea that developers should be in the driver’s seat has picked up steam as well. They’re the people building business value, and the more you can empower them with guardrails — hence, security is important — the faster the business can go, and we see that’s part of the dialogue for every enterprise we work with.
We’re open source first, and so we always think about the open-source community. In terms of metrics … [we’re in the] ballpark [of] 100,000 community members and coming up on almost cracking the 1,000-commercial-customer mark. That’s growing very rapidly. I think we’re kind of where HashiCorp was three, four years ago, but growing much faster than they are these days, so I think we’ll catch up pretty soon. I feel very fortunate, especially in this current macroeconomic climate, that things are going so well.

You compete against HashiCorp’s Terraform. What’s your argument for going with Pulumi over Terraform?
There are two things we find. One is really just the level of productivity is much greater with Pulumi. Atlassian is a customer of ours, and they said, “Hey, we can get twice as much done now with Pulumi than we could before.” Mercedes-Benz, Snowflake, they moved from Terraform to Pulumi and found similar results. Snowflake’s story was, on their road to IPO they had to ship their data cloud platform, and I think they had some intense deadlines set by the board. Based on their past experience in Terraform, they said, “Hey, we just can’t get it done in time with Terraform. We’re going to pick Pulumi, and by picking Pulumi, we can empower our entire team.”
Often we find that Terraform silos are formed. There’s “Oh, those five people over there in the corner know Terraform, but nobody else does.” Pulumi allows you to use your favorite language — any great programming language like JavaScript or Python or Go, Java. It meets people where they are rather than you having to learn a proprietary language like with Terraform. So that’s the first: It’s productivity, it’s familiarity.
The second is scalability. We often find with increasingly complex cloud architectures, there’s a lot more moving pieces. That’s exactly the sort of problem that we invented these great programming languages to solve — it’s just in a different domain. Over the last 30 years, we built these great programming languages and tools and ecosystems around them to solve these problems for application development. What we’re finding is now those same challenges are emerging in infrastructure management, and so we were able to apply those same techniques. And again, because Terraform [has] a proprietary language that doesn’t handle a lot of these things, it’s sort of a siloed ecosystem, and it doesn’t scale. Those are the two things we hear the most from customers.
Do you see a lot of customers making that switch from Terraform, or do you have more customers that just start with Pulumi?

It’s a mix. Terraform had a multiyear head start on us, and so there’s definitely a lot of Terraform in the market. In some sense, those folks have already felt the pain of those two things that I just mentioned, and so it’s a lot easier for them to see “Oh, infrastructure as code is important to me, and yet this thing I’m using didn’t satisfy my needs.” Pulumi clearly solves that, so it’s an easier path for them. I’d say it’s about half and half: Fifty percent are coming from Terraform or another [infrastructure-as-code] tool.
But one thing has changed since we started: We now hear infrastructure as code is “table stakes.” We hear from people, “Oh, I’m going to cloud, so I need infrastructure as code.” What that means is literally anybody who’s doing anything in the cloud is a potential customer, and so there’s a lot of greenfield opportunity as well.
“[L]ong-term, we’re a cloud engineering platform, and we’re solving for so much more of the space of what these enterprises have to build internally.”
Within larger enterprises, I think our biggest competitor is actually homegrown. A lot of folks, especially on the journey to multicloud, have had to build a lot of custom internal tools and platforms — not because they wanted to, but because they had to. And so really long-term, Pulumi’s not really competing with Terraform; long-term, we’re a cloud engineering platform, and we’re solving for so much more of the space of what these enterprises have to build internally. It just so happens infrastructure as code is our flagship technology. It’s where we started, it’s where we are today. But over time, we’ll grow into more of a management suite for the entire enterprise, and that’s where homegrown actually becomes much more of the challenge. But today, purely on infrastructure as code, definitely Terraform is the current market standard.
Can you expand on where you want to go in the future?
I can use sort of an analogy: GitLab … started with source control management, but to compete against GitHub, they really expanded into being a DevOps platform, and source control management is one piece of that. It’s a very similar thing with Pulumi.

We started with infrastructure as code, but when it comes time to adopt cloud engineering in an organization, it goes well beyond infrastructure as code. You think of policy as code, you think of “How do I empower my developers with self-serve portals.” You think of observability, you think of all the management tasks — so compliance and auditing and security, enforcing best practices. How do we enable the cloud engineering team — that’s developers, infrastructure teams and security experts — to just collaborate in the most seamless way?
What we’re really trying to do is break down the silos and enable developers, infrastructure teams and security experts to just collaborate and build cloud-powered software. And that’s the vision, that’s the future. Infrastructure as code is sort of the first entrée toward that.
You mentioned moving upmarket customerwise. Who are your customers today?
We have offerings all the way from free … to what we call our business-critical tier. We have an enterprise product, and we have a team edition. On the high end, the typical story is we … work with a platform team. A lot of these enterprises are starting to create these platform teams. They basically are responsible for leading the charge for adopting the cloud within the organization. They sort of sit between the infrastructure and operations team and the developers. And their goal is “Hey, figure out how to adopt AWS, Azure, Kubernetes — make the choices on the platforms.”
That includes something like Pulumi. That includes CI/CD systems. They’re trying to turn around and empower developers to be in control of their own destinies, but they want to do that with guardrails in place, so developers don’t do the wrong thing accidentally. Then they turn around and give patterns and practices to the infrastructure team, so things are repeatable.
Our biggest customer – not one I can name unfortunately, but it’s a super exciting partnership – is using us within over 100 teams within the company and close to 10,000 engineers on a daily basis. And really at that scale, what they’re trying to do is tame the chaos of adopting the public cloud. Pulumi can scale to very large-scale complexity in a way that most other kinds of technologies can’t, and so that is a very common story with larger companies like Snowflake, Univision and Mercedes-Benz … DocuSign — folks like that.

We have a strong contingency in the mid-market as well, which is folks who recently IPO-ed or are about to IPO and people for which the cloud is a competitive advantage in a fundamental way.
You mentioned in your blog that when you were exploring starting Pulumi in 2016, the capabilities of the cloud were incredible but far too difficult to use, which held true in 2018, when the company launched. Is that still the case?
I think we’ve definitely made a huge dent in making it easier. My customers were developers when I was at Microsoft, and they really weren’t excited about the cloud. They didn’t want to touch it. They would write their code like the cloud didn’t exist, and they’d throw it over the wall to the infrastructure team, and it was very inefficient.
I thought, why is that? One reason is because I don’t want to go learn some weird, proprietary language; I want to use what’s comfortable to me. I want to use my favorite editor. I want to use all the practices that I know already. So we solved that problem. We’ve really brought the cloud a lot closer to developers and brought great software engineering tools to infrastructure teams, but there’s so much more we can do. The shift to the cloud is really a shift to building distributed applications, and the most innovative companies out there are the ones that have figured this out and have figured out how to do it. What we want to do is bring that to everybody, and we’ve got a great foundation to start from, but so much more to go from here.

Are cloud providers improving on their side?
They are. It’s in their best interest to make it as easy to use as possible. For many large enterprises, they’re still doing multicloud, and I think that’s one thing that really sets us apart even if the cloud providers continue to improve their offerings. We work with folks who still have on-prem, virtual-machine data centers, and Pulumi gives them a consistent model they can standardize on across the team, even for private cloud and hybrid cloud. That’s really special for especially large enterprises.
“The shift to the cloud is really a shift to building distributed applications, and the most innovative companies out there are the ones that have figured this out and have figured out how to do it.”
I understand Pulumi uses mostly AWS internally. You’re a Microsoft veteran. Why AWS?
We’re customers of all the clouds, but most of our service runs on AWS. If you go to Pulumi.com, that is hosted in AWS. My CTO [Luke Hoban] came from Amazon. He was on the EC2 team prior to coming to Pulumi. Amazon’s philosophy resonates with us, which is they give you these powerful building blocks, all these services. It’s up to you to stitch them together. That’s the hard part. But Microsoft — and Google to some extent — try to give you more of a platform-as-a-service-like approach, where they’re more monolithic and chunkier building blocks. We found that, especially with the way Pulumi allows you to program the cloud and stitch things together and compose things, the AWS model really just works perfectly.
What’s next for Pulumi?
There are really three main areas of focus for us. One is just being the market leader for infrastructure as code. We know we’re growing faster than Terraform … but we still know they have a lot more market share. Priority No. 1 is really just infrastructure as code and being the market leader.
The second is doing better with developers. We figured out over time, as we were trying to find the product-market fit that “Oh wow, there’s some really gnarly issues for people that we can solve in the infrastructure management space.” But really we’re still far away from empowering every developer to tap into the cloud — not just infrastructure experts, not just developers who want to do infrastructure as code, but all developers, really allowing them to really embrace these new kinds of distributed cloud architectures. There’s a huge opportunity that’s going to totally reshape the way that developers write code.

The third is really that cloud engineering platform vision … going from infrastructure as code to a complete product suite that solves for this entire space.
You mentioned the economic climate. How is that from a startup’s point of view? Do you have enough funding right now, and is that drying up at all?
It’s changed the dynamics a bit. We don’t worry too much about it. I don’t say that to sound arrogant or anything, but we’ve always focused on business fundamentals. We wanted to build for the long-term. Our dream is to IPO and build a sustainable business that can eventually become profitable. That’s very important to us. But unfortunately, I think a number of folks out there were raising well beyond where they were and maybe not as focused on business fundamentals. We feel good about where we’re at right now. We raised a Series B [funding round] led by NEA about a year and a half ago … and that was a preemptive round. We raised about a year before we thought we’d need to, so we’re still in a very strong position cashwise.
Is there a time frame envisioned for an IPO?
It’s hard to predict the future, but I would say in the three- to five-year ballpark would be sort of where we’re at as a company. You look at other comparable businesses like HashiCorp, GitLab, Datadog, and I think we’re right around where they were three to four, sometimes five years before the IPO. A lot of it depends on the market and how it evolves, but given current growth rates, the opportunity is huge, and we’re still very early in our growth curve within the market.
Donna Goodison (@dgoodison) is Protocol’s senior reporter focusing on enterprise infrastructure technology, from the ‘Big 3’ cloud computing providers to data centers. She previously covered the public cloud at CRN after 15 years as a business reporter for the Boston Herald. Based in Massachusetts, she also has worked as a Boston Globe freelancer, business reporter at the Boston Business Journal and real estate reporter at Banker & Tradesman after toiling at weekly newspapers.
PlanCPills.org uses third-party ad trackers that convey sensitive information about people seeking abortion pills. Doing without them may be “an impossible ask.”
Despite precautions, Plan C is sending some of that very digital evidence it warns about to third parties.
Issie Lapowsky ( @issielapowsky) is Protocol’s chief correspondent, covering the intersection of technology, politics, and national affairs. She also oversees Protocol’s fellowship program. Previously, she was a senior writer at Wired, where she covered the 2016 election and the Facebook beat in its aftermath. Prior to that, Issie worked as a staff writer for Inc. magazine, writing about small business and entrepreneurship. She has also worked as an on-air contributor for CBS News and taught a graduate-level course at New York University’s Center for Publishing on how tech giants have affected publishing.
The team behind PlanCPills.org has clearly thought a lot about how to protect people who come to the site seeking information about where to find abortion pills online. Plan C, which was launched in 2015 by reproductive health experts, directs visitors to a legal helpline and warns them about the relevant laws in their state. It tests online pharmacies before recommending them and offers case studies of people who have been punished for taking abortion pills.
It also links to tools like Signal and Tor that people can use to keep their communications private, and it warns Plan C visitors of the risks of digital evidence being used against them. These resources are critical in the post-Roe reality, during which visits to the site have grown from a little over 54,000 visitors in March to more than 447,000 in May, when the Dobbs decision leaked.
But what those visitors probably don’t know is that, despite its precautions, Plan C is also sending some of that very digital evidence it warns about to third parties.

According to Johnny Lin, founder of the tracker blocking app Lockdown Privacy, Plan C’s site contains trackers that transmit information to Facebook and Google, including visitors’ IP addresses, the URLs they’re browsing — which can contain the state in which they’re seeking abortions — and unique identifiers that are then used to optimize and retarget ads later on. Plan C discloses this, as well as the fact that it may share personal information in response to law enforcement requests, in its privacy policy. But that policy is, as with most privacy policies, buried at the bottom of the site where visitors are unlikely to see or read it.
Since Roe v. Wade was overturned, tech giants including Meta and Google have faced mounting questions about how they plan to protect user data in the wake of the decision. And rightly so. Text messages and Google searches have already been used to prosecute women in the U.S. accused of having abortions illegally. In response to this pressure, Google announced earlier this month that it would begin deleting location data linked to abortion clinics.
But Lin’s findings regarding Plan C suggest that even the most cautious organizations working to enable abortion access in the U.S. may need to rethink seemingly small decisions about how their websites function, the vendors they rely on and the data they collect and share. “My research should not be interpreted as a ham-fisted, ‘Hey, these websites are bad and run by bad people,’” Lin said. “They are just using the off-the-shelf tools that are fairly common. But the issue now that Roe has been overturned is: Do these off-the-shelf tools become more of a liability than a benefit?”
In a statement to Protocol, Plan C co-founder and digital director Amy Merrill said, “We know that digital privacy and security is a serious concern in the U.S. right now, as extremist politicians attempt to pass unjust laws that criminalize access points to safe abortion care. We at Plan C are concerned as well. We are responding to the situation and working with experts to shore up the digital privacy of visitors to our website.”

Especially companies that are more firmly embedded in the abortion access space need to really reevaluate how they’re going to protect user data.
But these findings aren’t unique to the organization. Late last month, Lin made a similar discovery on Planned Parenthood’s site — albeit with even more data being shared. After The Washington Post published Lin’s findings, Planned Parenthood said it would remove marketing trackers from pages related to abortion searches and begin “engaging with Meta/Facebook and other technology companies about how their policies can better protect people seeking abortion care.”
Meanwhile, Hey Jane, a telehealth site that provides abortion pills by mail in six states, also recently removed its user review section as well as Meta’s Pixel tracker from its site as the company determines “how to best mitigate potential risks to our patients and providers,” CEO Kiki Freedman told Protocol.
The truth is the web is blanketed with trackers. Some 75% of websites — including Protocol’s — use them. While privacy experts have expressed concern about third-party tracking for years and companies like Apple are working to limit it, the new abortion restrictions sweeping the country make the stakes of the sometimes squishy data privacy debate abundantly clear.
“The concern is real,” said Daly Barnett, staff technologist at the Electronic Frontier Foundation. “Especially companies that are more firmly embedded in the abortion access space need to really reevaluate how they’re going to protect user data.”
That may be easier said than done for sites like Plan C that are already dealing with a seismic shift in the legal system and don’t have large in-house tech teams to focus on these concerns. Plan C was built with Webflow, a no-code web development tool that Lin warns may not take into account the sensitive nature of its clients’ businesses. “Obviously, the developers of this website have no malicious intent,” Lin said. “But by building websites with no-code tools like Webflow, developers may find that they are not only sacrificing customizability, but also privacy, in exchange for convenience and speed.”

Webflow chief marketing officer Shane Murphy-Reuter said in a statement that Webflow advises customers not to use its services for health data, and that in Plan C’s case, the company isn’t explicitly processing health data: It’s just directing visitors to other sites where they can actually procure pills. Still, Murphy-Reuter said Webflow “makes every effort” to minimize disclosure to law enforcement and government agencies and is updating its policies and controls “to reflect this new horrifying reality in which we all find ourselves.”
While any organization that collects user data in relation to abortion access is vulnerable to legal requests, sharing that data with third parties like Meta and Google can also expand the surface area of risk, said Cynthia Conti-Cook, a civil rights attorney and technology fellow at the Ford Foundation. “Data retention policies and how long that [data] is around is different for different types of organizations,” she said. “And the information can be much more easily accessed through companies like Meta.”
While Meta says it won’t fulfill overly broad legal requests, it does operate a portal for law enforcement. In some cases, both Google and Meta respond to emergency requests from law enforcement, even without a legal order, when they believe there’s a risk of imminent harm or death. Recently, Bloomberg reported that Meta and Apple handed over user data to hackers in response to a forged emergency request.
But while the privacy risk of sharing potentially sensitive data with third parties is clear for an organization like Plan C, so are the costs of opting out of the most basic types of digital marketing. After all, at a time when clinics are shutting down across the country, getting information out through digital ads is crucial. “It is critical for patients to be aware that telemedicine abortion services like Hey Jane exist as other care options are put under extreme strain,” Freedman said. “In fact, only one in four Americans know the abortion pill is a safe, legal, effective option for ending early pregnancies. We’ve found that the best way to reach people seeking out safe abortion care is via the channels they’re already on.”

Suggesting that sites like Hey Jane and Plan C forgo tools that just about every other company and organization uses in their marketing is “an impossible ask,” said Conti-Cook. “What people give up if they don’t have those types of website supports is they give up the ease with which people can find them,” she said.
And yet, web analytics and marketing tools that were routine just a few months ago are now “trip wires” in states where abortion is criminalized, Conti-Cook said.
There are ways that visitors can protect themselves from having their information collected. As Plan C notes in the digital security suggestions on its own site, there are private browsers and VPNs. “We have been advised that the best protection a person can give themselves is to secure their own data privacy and footprint,” Merrill of Plan C said in her statement. “We urge anyone concerned about their digital privacy to take steps directly on their devices to protect themselves.”
But these precautions put a burden on individuals that they shouldn’t have to bear, said Sara Geoghegan, a law fellow at the Electronic Privacy Information Center. “It shouldn’t be any individual person’s responsibility to protect their own data from data abuses,” she said. “But it is the unfortunate reality of our current legal landscape.”

Issie Lapowsky ( @issielapowsky) is Protocol’s chief correspondent, covering the intersection of technology, politics, and national affairs. She also oversees Protocol’s fellowship program. Previously, she was a senior writer at Wired, where she covered the 2016 election and the Facebook beat in its aftermath. Prior to that, Issie worked as a staff writer for Inc. magazine, writing about small business and entrepreneurship. She has also worked as an on-air contributor for CBS News and taught a graduate-level course at New York University’s Center for Publishing on how tech giants have affected publishing.
Over a dozen government leaders and former Uber executives are mentioned in the Uber Files. Here’s how they worked with Uber and where they are today.
Over a dozen government leaders and former Uber executives are mentioned in the Uber Files.
Nat Rubio-Licht is a Los Angeles-based news writer at Protocol. They graduated from Syracuse University with a degree in newspaper and online journalism in May 2020. Prior to joining the team, they worked at the Los Angeles Business Journal as a technology and aerospace reporter.
Sarah (Sarahroach_) writes for Source Code at Protocol. She’s based in Boston and can be reached at sroach@protocol.com
New reports tracing Uber’s history under Travis Kalanick are damning, and not only for the company.
Over a dozen government leaders and former Uber executives are mentioned in the Uber Files, a collection of thousands of documents obtained by The Guardian detailing Uber’s attempts to lobby policymakers and push growth by breaking rules. Former Uber exec Mark MacGann is the whistleblower behind the files and is also partly implicated by them.
MacGann, who founded Moonshot Ventures, told The Guardian, “I am partly responsible.”
The documents mention several high-profile former Uber executives, politicians and organizations. Here’s a look at some of the biggest names implicated in the report, how they were involved with the company’s operations and where they are today. More documents are expected to be released from the Uber Files during the course of the week; this story will be updated as additional information is published.
Uber founder Kalanick, who served as the company’s CEO until he was forced to resign in 2017, appears to have been the brains behind it all. To grow Uber’s empire, he privately lobbied government officials while the company broke laws and taxi regulations in cities around the globe. He also dismissed concerns about driver safety, pushing a growth-at-all-costs business model. Since leaving Uber, Kalanick has turned his attention to CloudKitchens, a ghost kitchen company with locations across the U.S.

MacGann, Uber’s former head of public policy in Europe, the Middle East and Africa, lobbied Emmanuel Macron — currently France’s president, but at the time its Minister of the Economy — to change a police official’s decision to ban an Uber service in Marseille in 2015. Macron responded that he would “look at this personally.” MacGann was the whistleblower who released the trove of 124,000 documents to the press.
Nairi Hourdajian, vice president of marketing and communications at Canaan Partners, speaks at a conference Nairi Hourdajian Photo: Patrick T. Fallon/Bloomberg via Getty Images
Gore-Coty, head of Uber’s operations in Western Europe until 2016, was involved in the company’s “kill switch protocols,” an internal practice to cut off access to the company’s data systems to prevent police from collecting evidence against it. The technique was likely used at least 12 times during raids in Europe and India. Gore-Coty now sits on Uber’s executive team, where, since 2021, he has been the head of Uber Eats.
Hourdajian, Uber’s former head of global communications, bluntly said in a message in 2014 that the company’s efforts to resist shutdowns in Thailand and India were “just fucking illegal.” Hourdajian left Uber in 2016 and is currently VP of communications at Figma.
When Macron was the economy minister of France, he gave Uber direct access to himself and his staff. Macron went far to help Uber, including telling the company he made a “deal” with Uber’s opponents in the French cabinet. MacGann also sought help from Macron in 2015 when a French police official tried to ban one of Uber’s services. “I will look at this personally,” Macron texted MacGann. Macron became president of France in 2017.
While Osborne was the chancellor of the Exchequer, he and several other policymakers met with Uber execs at Davos in 2016. He was described as a “strong advocate” of the company coming out of that meeting. The Guardian found that six U.K. Tory cabinet ministers met with Uber but did not disclose the meetings. Osborne left the government in 2017.

Uber’s meeting with Osborne at Davos also included Israel’s prime minister at the time, Benjamin Netanyahu, and Enda Kenny, then prime minister of Ireland.
Files showed Uber’s attempts to lobby other political leaders, but the impact of those efforts is unclear. After Biden — at the time, as vice president — met with Kalanick, he changed his speech at Davos, according to the files, to say the company gives millions of workers “freedom to work as many hours as they wish, manage their own lives as they wish.”
A photograph of Emmanuel Macron When Macron was the economy minister of France, he gave Uber direct access to himself and his staff. Photo: Sean Gallup/Getty Images
In an effort to grow and spread a positive message about Uber in Germany, the company invited Axel Springer, the owner of the German newspaper Bild, to become a strategic investor in the company. Along with the $5 million investment came proposals to collaborate with Bild. (Disclosure: Axel Springer owns the POLITICO Media Group, Protocol’s parent organization.)
“Having [Bild parent company Axel] Springer [on our] side is very valuable if we are to make progress in Germany,” Uber’s former head of comms, Rachel Whetstone, wrote in a 2015 email. “I believe they will actually do things proactively to help.”
A spokesperson for Axel Springer told The Guardian the investment was “economically insignificant” and that Springer’s editorial divisions work separately from its business side.
The Daily Mail owner Jonathan Harmsworth, Fourth Viscount Rothermere; Ashley Tabor-King, the head of a commercial radio group in Europe; and Italy’s L’Espresso’s Carlo de Benedetti also bought stakes in Uber. Company leaders asked L’Espresso to help connect Kalanick with former Italian Prime Minister Matteo Renzi.
Whetstone, SVP of communications and public policy at Uber until 2017, took part in getting Uber the support of Axel Springer and Bild editor Kai Diekmann. She believed he could help expand the company’s high-level connections and that a partnership with Axel Springer could be beneficial due to Axel Springer’s connection to the taxi industry. She attempted to recruit Diekmann for a top communications job at Uber, but he declined, later becoming the publisher of Bild. Whetstone is now chief communications officer at Netflix.

After his tenure at Axel Springer, Diekmann joined Uber’s advisory board in Germany, where he helped the communications team frame news coverage. Diekmann told The Washington Post there is no conflict of interest between his positions at Axel Springer and Uber, and that his role at Axel Springer was to “advance digitalization at Bild and the company in general.”
Nat Rubio-Licht is a Los Angeles-based news writer at Protocol. They graduated from Syracuse University with a degree in newspaper and online journalism in May 2020. Prior to joining the team, they worked at the Los Angeles Business Journal as a technology and aerospace reporter.
To give you the best possible experience, this site uses cookies. If you continue browsing. you accept our use of cookies. You can review our privacy policy to find out more about the cookies we use.

source

Write A Comment