00:00you guys know mark I'm Michael Copeland
00:01I'm a partner with Anderson Horowitz
00:03mark I like to think of mark as the
00:05co-founder of the web you're a
00:06co-founder of a child now and co-founder
00:10of the firm so we want to talk about a
00:13wide variety of things but we want to
00:14focus the conversation on on security
00:16you have this this thesis software eats
00:18the world and as an observer
00:20I'm plummeting the industry we see that
00:22security breaches seem to be increasing
00:25the severity is increasing and the
00:29question is why and I think the answer
00:31is there's more to steal but how do you
00:35bounce the gains of this software it's
00:37the world dynamic with what clearly are
00:40our real risks yes so well the short
00:43I'ma radicalness radical on this topic
00:45so the short answer is we have no choice
00:46but come back and explain why so if you
00:50had told me ten years ago maybe even
00:52five years ago that we would be living
00:53in a time when a the President of the
00:55United States apologizes on the Rose
00:57Garden lawn for a website that doesn't
01:00work that cost six hundred million
01:02dollars the six hundred million dollars
01:04part would not surprise me the fact that
01:05it didn't work maybe would have been
01:06slightly surprising and the president
01:08was apologizing for it to the major
01:10Democratic political candidate is in
01:12serious trouble over a over running her
01:15own email server fairly remarkable thing
01:19if you think about by the way she has
01:21established ID without taking a
01:22political stance in this she has
01:24established there's no problem because
01:25the email server is perfectly secure
01:27because the Secret Service was guarding
01:28it so there may still be some technical
01:32details lost in translation about how
01:33hacking actually happens and then and
01:37then you know third that a major
01:40corporate you know major corporation
01:41making making actually a very funny
01:43movie people haven't seen it the the the
01:45North Korea movie is actually quite
01:46quite entertaining interview the
01:47interview is actually quite entertaining
01:49but that a major major Japanese an
01:51American corporation would be brought to
01:53its knees by hacking from an alleged
01:55nation-state over you know over offenses
01:57to its leader to the point where the
01:59studio had you know has since gotten
02:01gotten forced out I mean we can just go
02:03through you know many many many examples
02:04of this you know it's it's it's an
02:07amazing time you know like all of you I
02:08remember when this you know I remember
02:09when the movie wargames came out right
02:11and it was just like you know okay we
02:12have to worry about the
02:13right hacking out of curiosity but we
02:15don't have to worry about nation-states
02:17and criminals so I you know I think one
02:19interpretation of where we are it's like
02:21we're making these sort of incremental
02:22steps in terms of life we bring the
02:24world more online or we bring in more
02:25software and then we have more security
02:26and then you know sort of the question
02:28gets phrased kind of like you phrased it
02:29which is we kind of have these choices
02:30to make about how connected the world is
02:31going to be and about how much tougher
02:33we're gonna have and some and somehow if
02:34we decided that it was too risky from a
02:36security standpoint we would somehow
02:37stop doing all these things which i
02:40think is just not true
02:41I think the reality the assumption we
02:43have to make is that the basically the
02:46way I think about the world is going
02:47virtual right so we've all lived in the
02:49physical world forever increasingly we
02:51all live in the virtual world and of
02:52course we eat and sleep and breathe in
02:53the real world but all of our you know
02:55communication and business and
02:58information and you know our reputations
03:00and our you know education and
03:02entertainment all these things all the
03:04things that actually kind of make you
03:05know make make life vital an interesting
03:07increasingly are happening online
03:08what another interesting thing about the
03:10world we live in today is people who
03:12notice this the remember the phrase surf
03:13the web like it's just gone right nobody
03:16ever says that anymore and it was weird
03:18where like everybody says surf the web
03:19up until like I don't know 2008 or
03:21something and everybody just stopped
03:22saying it because now that we've got
03:24smart phones we're just on the web all
03:25but I just run the web all the time like
03:26why would we not be on the web it would
03:28just be bizarre right and so the reality
03:31is we're gonna live in a virtual world
03:32we're gonna live in an online world
03:33we're gonna live in a software world
03:35because we're gonna live in that world
03:36that is where you know virtually all of
03:38the value is going to be which means
03:40that therefore it is where virtually all
03:41the attacks are going to be now it's
03:44indisputably true that the computer
03:46industry over the last 50 years was not
03:47built with that in mind right and so
03:50describe will give us some more detail
03:53on that well I don't you know I mean
03:56just be I'll just you know hope maybe
03:57this is a good room for me to confess my
03:59sins you know when we wrote the code for
04:02Netscape I just wanted the code for
04:03mosaic in 1993 I mean I had never I'd
04:04you know I couldn't stop myself I was
04:06like an okay programmer but I had never
04:07heard of the term of the buffer buffer
04:08overflow bug and in fact I she need to
04:11look up I'm actually not sure that the
04:12term even existed at that point was we
04:15using your fault it was my fault it
04:16certainly was not my fault when we when
04:19we invented JavaScript at Netscape 1995
04:21the concept of cross-site scripting was
04:22a complete unknown I don't think the
04:24people who invent its you know the IBM
04:25researcher sort of invent a sequel in
04:27I don't think they had any idea of
04:28sequel injection right all these
04:31concepts you know you know like I said
04:32it's one thing if it's a kid writing a
04:34you know writing a virus as president
04:35Apple twos you know spread through
04:37floppy disks you know it's another thing
04:39to have serious sophisticated
04:40adversaries actually this is the other
04:42thing that I find amazing the NSA you
04:44think about this we live in a world
04:45where number one a a twenty
04:47nine-year-old contractor can walk out of
04:48the NSA with a thumb drive that contains
04:49like the family like everything like
04:51apparently apparently everything I mean
04:53number one that there that there that
04:54porous and then number two even though
04:56they're that bad they're their internal
04:58security the sophistication of the hacks
05:00like the thing that came out this week
05:01about how about hacking iOS is actually
05:03quite impressive like as a taxpayer like
05:04I'm pretty thrilled like you know it
05:08would not have been surprising if a
05:09large government bureaucracy had not
05:10actually been good at their job and this
05:11one seems like they've been quite good
05:13and so it's just like there's there's
05:16just historical we just didn't
05:18anticipate living in this world week and
05:19and and and by the way I would argue the
05:21arrogance required to have assumed that
05:23the technology we were all building was
05:24going to be this important I mean we not
05:26that we weren't we're all called
05:27megalomaniacs anyway but we would have
05:29really been thought if we're out of our
05:30minds and so I think it's just the
05:33nature of the beast I think it's just
05:34the case you know that by and large our
05:36industry is going to build the products
05:38it's going to build the customers are
05:39going to use them the environments are
05:40going to be what they're going to be
05:42there are going to be people responsible
05:44for security who are kind of on the hind
05:46foot a lot of the time I think that
05:48that's the nature of the beast the good
05:50news is and I think you guys are all
05:52examples of this and I think you see
05:53this as the importance of security and
05:55cyber security and organizations has
05:57risen you know maybe maybe to the
05:59ultimate level now I'll just tell you in
06:01in my experience you know working with
06:02big companies the tarp the target hack
06:04has probably had the single biggest
06:05effect where the CEO got fired and you
06:09know and this is one of those things
06:10like you know this is fresh in mind
06:12isn't thinking about how about how to
06:13deal with kids but like if you're
06:14dealing with CEOs like the way to like
06:15establish that somebody's actually
06:16responsible for something is to fire
06:17somebody like when a CEO gets fired
06:20that's a pretty big thing all the other
06:22CEOs right they're like the dogs
06:23watching TV they're all like oh like
06:27we're gonna have to pay attention to
06:28that and then and then and then the
06:31other thing in the target thing that's
06:32worth watching is is the boards of
06:35directors right of major corporations
06:36are under a lot of pressure from
06:38governance from governance groups
06:41on lots of topics already and as a
06:44corporate director right now you kind of
06:45which you really don't want to do is you
06:46don't get sideways with this firm called
06:48ISS which is the firm that advises a lot
06:50of the pension funds and index funds on
06:51how to vote their shares because it's
06:52the fastest way to get booted out as a
06:54director and ISS is now coming down on
06:57the target Board of Directors right for
06:59not being sufficiently worried about
07:00cybersecurity I guarantee you the target
07:02Board of Directors I'm sure are all
07:04stellar like really knowledgeable like
07:06you know REIT former top business
07:08leaders CEOs CFOs I guarantee you they
07:10have no idea what any of this stuff is I
07:12guarantee you they thought that this
07:14stuff was all being handled not just 90
07:16but they thought at the board level what
07:17happens right at these you guys probably
07:18all know this but we have to these
07:19boards this sort of cybersecurity rolls
07:21up to risk which rolls into the Audit
07:23Committee right which is the committee
07:25that deals with accounting topics and
07:26then cybersecurity and then the Audit
07:28Committee does the readout to the full
07:29board and says I don't worry about it
07:30everything's fine right and so it's for
07:33the first time this year you know major
07:35fortune 500 boards of directors are all
07:36of a sudden realizing this is their
07:38thing that they have to deal with CEOs
07:41are now realized this is their thing
07:42that they have to deal with and so you
07:45know the minds you know and arguably
07:48this should have happened five years ago
07:49maybe 10 years ago it certainly needs to
07:51happen now the repercussions of this
07:54change I think are going to be very big
07:55so so your CEO like you say we live in a
07:57virtual world and we as customers and we
08:00as people who work in the world we live
08:02in a virtual world you're saying we
08:04don't have a choice this world is here
08:06but at the end of the day if I'm in
08:08charge of security if I'm a CEO I still
08:10have to do something so how do I move
08:13forward or move through that world and
08:15and how would you describe that yeah
08:18yeah so I should I should really thought
08:21so the reason I don't have a choice is
08:21because there's too much value on the
08:23other side there's too much value to
08:24living in the virtual world I mean it's
08:26like saying I don't know if we're secure
08:28and so I'm gonna keep using taxis right
08:29it's like you know maybe there's a
08:30couple people who will do that most
08:31people won't do that you know I don't
08:34know if you know media people in the
08:37room but like you know executives but um
08:38you know I don't know I don't know if
08:40like New York Times comma secure I think
08:41I'll go back to reading yesterday's news
08:42and the physical people are not going to
08:46go backwards things are too useful like
08:48the the online world smart phones and
08:50iPhones and email and like all these
08:52snapchat all these things are just too
08:54like this is what I think I really
08:56believe is a quality of life in our time
08:57is rising very fast and people are kind
09:00of in a bad mood you know people are in
09:01a bad mood about income levels and all
09:02these other you know economic growth and
09:04all these things but quality of life is
09:05rising very fast because we now have at
09:07our fingertips you know information that
09:08US presidents didn't have you know 20
09:10years ago and so this new world is the
09:14one that we're going to live in is when
09:15their kids are kind of live in it's the
09:16one that we want to live in and so and
09:19so it is going to happen there there is
09:20no stop right and so that you you have
09:24no choice then but to deal with it and
09:26I'm just wondering what the gaps are
09:27then between this phase that were in now
09:30which you've described is it's very much
09:32different than the sort of Netscape days
09:34and everything was locked in a PC you
09:35know in a room someplace as opposed to
09:37like it's connected billions of people
09:40all the time to everything do we need to
09:43have a different mindset even
09:44behaviorally as people and as
09:47corporations yes so a couple things so
09:49you know I think one thing is so I think
09:52from a technology standpoint either
09:54businesses need to either become
09:55first-class at security and like
09:57legitimately first class with like
09:59first-class expertise and first class
10:00funding either that or they need to work
10:03with vendors such as cloud vendors and
10:05satisfiers who are in fact I think
10:07that's actually one of the other really
10:08interesting things happening in the
10:09industry right now in the in the
10:10software industry broadly is that it was
10:14maybe you know five years ago that you
10:16would or even three years ago you would
10:17talk a lot of CIOs and talk to a lot of
10:18buyers of of technology big companies
10:21and they would tell you you know I still
10:22want to run my database and all my
10:23systems on site because I really don't
10:25you know these cloud you know these
10:26cloud things I don't trust these cloud
10:28things because my information is not in
10:29the cloud who knows what's gonna happen
10:30I think it's becoming you know
10:32increasingly I think a lot of sea is
10:34becoming increasingly aware especially a
10:37companies that have it mounted a
10:38first-class effort in staffing and
10:40funding for security that is highly
10:42likely if the cloud vendor is more
10:43secure than they are and it's not only
10:45that it's highly likely that has been
10:46the case for many years and then at some
10:48point they realize it's highly likely
10:50that they should have known that and
10:51didn't and that's you know sort of when
10:53they discover after the fact that you
10:54know the Chinese have been in their
10:55databases for six years which is kind of
10:57you know the great wake-up call and so I
11:00think that there's actually this
11:01inversion happening right now we're one
11:03of the reasons these cloud vendors and
11:04this is you know Google you know Gmail
11:05and box and like all these new guys
11:08you know github that our salesforce.com
11:10that our growing cloud service is so
11:12fast a lot of it is companies finally
11:14saying okay maybe I can't actually
11:15secure all my internal systems maybe I
11:17do have to work on the outside and then
11:19you've got a bunch of companies
11:21including ones represented by folks in
11:22this room that are taking this seriously
11:23and do have first-class efforts and
11:25they're gonna need to continue to work
11:27really hard and fund everything
11:28appropriately and and continue bringing
11:30in the right kind of people but you know
11:31can really do it can really mount their
11:33first-class defense and then I think
11:35about your company somewhere in the
11:36middle you know that are that are that
11:37are that are really gonna struggle
11:38when when things go south who's liable
11:41it's interesting like Apple pay seems to
11:43I still don't know who's like holding
11:44the bag if something goes wrong with
11:45Apple pay but you know Target Home Depot
11:48banks so many for that matter who's
11:51holding the bag in the end do you think
11:52yeah well so apples very deliberately
11:54crafted Apple pay so that they're not
11:56holding the bag there's actually very
11:59clever technique with organization where
12:00it's definitely all somebody else's
12:01fault that's been pre established so
12:05who's holding the bag so I mean so one
12:07is you know the sort of obvious an easy
12:09answer is well that's the subject of
12:11endless litigation so I think that that
12:12will that will become a big issue for a
12:14long time the other interesting thing
12:16about who's gonna hold the bag is that I
12:17think what you see that like I would say
12:19like credit card fraud is a really
12:20interesting example of this which is
12:21sort of everybody ends up holding the
12:23bag right so if you think about how the
12:25consumer economy works with credit cards
12:27both actually increasingly real-world
12:28but also certainly e-commerce right
12:30credit card credit cards what other one
12:32of these things the inventors of the
12:33BankAmericard in part which was the
12:34first credit card the 1950s never
12:36imagined you know Letran number one they
12:38didn't imagine electronic transactions
12:39like they imagined that people would be
12:40filling out the papers you know people
12:41do for a long time and then they
12:43certainly didn't imagine that you would
12:44have the skimmers right or and they
12:46certainly didn't imagine by the way fake
12:47ATM machines which is like one of my
12:49favorite things is when somebody drops
12:50of fake ATM machine in the middle of the
12:52mall and like walks out with like fifty
12:53thousand dollars I think that's like the
12:54coolest thing ever so you know they just
12:57didn't and then of course the credit
12:58card guys definitely didn't envision
13:00e-commerce right because the payment
13:02model where you give your payment
13:03credentials to the merchants right in
13:06order to transact online it's just it's
13:09just obviously lunacy right I mean no
13:10one ever intentionally designed a system
13:11like that and of course we all we all
13:13shop like that today and so then you get
13:16in this weird dance where you've got the
13:17consumer you know who's supposed to pick
13:19their merchants carefully and it's
13:20supposed to secure their Amazon pass
13:21and they never do any of that stuff
13:23you've got the ecommerce sites that are
13:25supposed to secure their databases and
13:27their systems which they almost never do
13:28you've got the banks that are supposed
13:30to secure their systems you got the
13:31transaction processing guys first data
13:33you've got the credit card companies
13:34themselves you've got like five
13:36different entities where when all the
13:38credit card information gets stolen like
13:39you know there's there's there's
13:40different blame to be apportioned in
13:42reality what happens right as we all
13:44hold the bag because what ends up
13:45happening is then credit card fees right
13:46get recalibrated to be the whatever it
13:48is three or four percent the
13:50economy-wide in order to cover all the
13:51fraud right and basically as the
13:53customers broadly we all eat it one of
13:57the things that I think in the new world
13:58is going to be critically important is
13:59having more clearly defined
14:01responsibilities right of who's actually
14:02accountable for what and so this is
14:04something I've said in public that it
14:06receives a little bit of blowback which
14:08is like for example consumers like we
14:10use bad passwords like ought to be held
14:12liable for the consequently consumers at
14:14some point like at some point as an
14:15adult you learn that when you leave your
14:16house at night you lock the door right
14:18consumers at some point are gonna have
14:19to learn how to construct a good
14:20password right and I say that and then
14:22everybody yells at me because they're
14:23like the technology should make that
14:24easy whatever whatever and I'm like like
14:26it's a key like at some point like
14:28adults have to take responsibility
14:29like two-factor authentication right the
14:32idea that two-factor authentication is
14:33still optional and not required on all
14:35these services because everybody's
14:36worried that consumers are going to be
14:37able to like it's just gonna be a part
14:39of life they have to do two-factor
14:40authentication but to do that it can't
14:43be the case where if you screw up and
14:44your information gets out or you get
14:46hacked you know that you know you're not
14:48on the hook and so I think societally
14:50we're gonna have to have more of an
14:51awareness of that person screwed up
14:53there is director I mean it's just just
14:55like firing CEOs nothing actually makes
14:57somebody accountable like actually
14:58standing to lose money over write
15:00disclosure when when a company finds out
15:03that something bad has happened how gets
15:06to know and how soon and how soon as the
15:08government get to know for that matter
15:10yeah yeah so this is another area I
15:12think this will be endless litigation I
15:14think that I think actually this is
15:15gonna be a whole wave of shareholder
15:16litigation that's going to follow from
15:17this because as far as I can there may
15:19be formal there may be illegal
15:20requirements for disclosure but as far
15:22as I can tell they are applied in the
15:23breach if at all across across corporate
15:25America right now and you know we we all
15:28probably know of examples of major
15:29breaches that have never been disclosed
15:31to anybody you know I think and and and
15:34by the way good invalid
15:35right you know for a bank - for a bank
15:38to disclose that it's been hacked
15:39undermines trust in the bank could cause
15:40a run of the bank like you know there's
15:41their bigger implications than just
15:44internal politics on these things
15:46shareholders are gonna demand the right
15:49to know especially the wake of things
15:50like Target shareholders are
15:51increasingly demanding the right to know
15:52but again there's a big question there
15:53is is it in the shareholders best
15:55interest for these companies for
15:56companies to just have to hang all their
15:57dirty laundry out all the time right
15:59because that is that really what the
16:00shareholders want there are lawyers who
16:02are in the business of filing lawsuits
16:04to that effect we can always find a
16:06shareholder so I can imagine some hedge
16:07fund guys who would like to know that
16:09enough to do it yes and the government
16:12Silicon Valley's relationship and I'm
16:14talking about big tech companies in
16:16Silicon Valley right now there's a lot
16:17of tension you know Obama was here at
16:19Stanford for the security conference
16:21which you guys may have gone to I'm not
16:22sure but there was this impression that
16:24he was being sort of held at arm's
16:26length by you know Larry Page and all
16:29these folks that didn't show up
16:30essentially why does that relationship
16:33right now from your perspective and how
16:35does it play out I mean again we're all
16:37moving through this together government
16:38big companies consumers but where is it
16:41today and where does it where do you
16:43think it heads in the near term yeah so
16:45people in the room are you know this
16:46relationships but the relationship
16:48between the government and Silicon
16:49Valley from in terms of all these issues
16:51is at an absolute low point like it's
16:53one of those low points where you can't
16:54imagine it getting any lower although it
16:55probably can somebody somebody wants
16:59some C's Michael Eisner at Disney once
17:01said the great thing the only thing good
17:03about having things go really bad is
17:04that you can't fall off the floor and in
17:07my experience that it's actually usually
17:08not true you usually can so the
17:12relationship between the valley of the
17:13valley companies and Washington is just
17:15absolutely abysmal and and just like out
17:17right I would say outright hostility at
17:19this point complete lack of trust and
17:22then this note the Snowden thing has
17:23just obviously been it just a tremendous
17:25earthquake the thing with the Snowden
17:27thing is and I'm gonna turn out to take
17:29a political stance here but just a
17:30non-partisan stance but just objectively
17:32the thing with the Snowden thing is the
17:33government basically has done nothing as
17:35a consequence of Snowden like it's it's
17:36fairly shot like the administration has
17:38basically done nothing and by the way if
17:40we were at the NSA right now they would
17:41agree with this which is the NSA feels
17:43completely hung out to dry the valley
17:46companies feel completely hung out to
17:47dry the administration's like what
17:49did you know did somebody say something
17:51and so you'll notice there's been
17:54nothing there has been no proposal like
17:55how do we put the you know you can't put
17:57the genie back in the bottle but like
17:58what do we do like what are the new
18:00operating principles what are the
18:01guidelines what are Valley companies
18:02expected to do there's been basic
18:05there's been basically nothing there's
18:06there's been photo ops and all the CEOs
18:08I've talked to who have gone emetic
18:09administration or went to this event
18:11right there's no substance like I
18:13haven't heard one thing reported for any
18:14these conversations where it's like okay
18:15now there's there's a thing to do and so
18:18as a consequence there's just like
18:20there's what feels like kind of
18:21tremendous betray all kind of all-around
18:23tremendous hostility tremendous kind of
18:25feeling that nobody will look out for
18:26anybody's anybody's back and then the
18:29valley companies for whatever else you
18:31may believe feel tremendously exposed in
18:32our businesses because our products are
18:34sold all over the world and there's been
18:36this you know tremendous you know lack
18:38of trust and you know and we whined
18:40about the press coverage because we like
18:41to say things like well all the other
18:42governments were doing it too but you
18:44know there's like that argument didn't
18:45work with my mother when I was eight it
18:47is not all that effective like
18:49complaining about remember that when
18:51your son gives you that argument
18:55practice never does so you know the
18:59valley companies feel very exposed and
19:01then of course these issues are getting
19:02used as cover for you know China is
19:04using these issues we would argue it's
19:05cover for protectionism but whatever you
19:07know American companies are increasingly
19:08getting forced out of China and so it's
19:12it's at a pretty advanced state of
19:13hostility I think from a civil liberties
19:15standpoint arguably this is you may
19:17argue this as a good outcome it the
19:19valley companies now feel much more
19:21emboldened not even so much out of a
19:23sense of like proactive like enthusiasm
19:25but almost out of a sense of like
19:26defensive energy to get much more
19:29determined to do end-to-end encryption
19:30also much more determined to fight the
19:32government in court and there been a
19:34whole series of lawsuits mounted by
19:35companies like Facebook to try to you
19:37know try to push back on the secret
19:39courts or try to bring a lot of that
19:40stuff out into the sunlight but it's a
19:43really it's in terms of the like trust
19:45communication like it's a dark time by
19:47the way this class that kind of again
19:50not part of the story government so then
19:51senior officials came out about six
19:53months ago and with it with a bright
19:56shiny new idea they said I think we
19:57figured out how to do this they said we
19:59and this was not actually NSA this
20:01another branch for kind of representing
20:03they said I know what we'll do we can
20:05stop doing all the surveillance as long
20:07as all the companies that have all the
20:10data can just proactively tell us what
20:11somebody's doing something bad yeah yeah
20:16yeah we really want to be in the crime
20:18business we want to have to turn every
20:20time somebody says something bad about
20:21somebody we want to turn it over to the
20:22feds maybe not do so like it's it's it's
20:26bad like and I guess I just close by
20:27saying on that topic I think that I
20:29think nothing will happen under this as
20:31far as I can tell nothing will happen
20:32under this administration I think
20:34whoever is the next president and
20:35whoever the next set of national
20:37security officials have a big
20:38opportunity on this right or it will go
20:41further sideways and it's hard to say
20:43kind of what happens and how bad I could
20:45get if it keeps going sideways but you
20:46think it could get worse or people could
20:48dig in even deeper yeah well I mean so
20:50this is my argument an argument my
20:52argument Washington is look like if
20:54everything is and you know when one
20:55doesn't know how much Snowden walked out
20:57with like maybe he'll and walked out
20:58with ten percent of the programs or
20:59something but like you know for people
21:00who follow this like the hits keep
21:01coming like we keep learning new things
21:03like all the time and so like I think
21:05the operating principles you've worked
21:06out with everything and so if
21:08everything's gonna just be exposed to
21:10anyway then like what's the obsession
21:11with secrecy like you know at some point
21:14like maybe we need to rethink maybe we
21:15maybe the government needs to rethink
21:17how its operating on these topics and
21:18maybe that's just you know friends of
21:20mine who are kind of more kind of
21:21politically radical on this than I am
21:23basically say this is the world the
21:25basically Snowden is the first of a
21:26there will be a thousand Snowden's and
21:28so basically that argument goes as
21:30follows which is it just so happened
21:32that Snowden was one of 30,000 employees
21:34at the National Security Agency
21:36including all the contractors right and
21:38it just so happened that you know call
21:41it you know five percent you know call
21:42it you know thirty percent of those
21:43employees were under the age of thirty
21:45you know of those you know five percent
21:47we're like politically like radical
21:49civil you know liberties ideologues and
21:51then of those five percent we're so
21:53radical that they actually had an e FF
21:54sticker on their laptop which Snowden
21:56did and you only need one right and so
22:00not only will there be a snowed for the
22:01NSA there will be a Snowden for the
22:03Chinese State Security Agency there'll
22:05be a Snowden for GCHQ there will be a
22:07Snowden for Citibank and and on
22:09basically we'll all have Snowden's and
22:11so in a world where there are Snowden's
22:13kind of in every organization maybe this
22:15kind of thing where we
22:16think we can you know these large
22:17organizations think they can operate
22:18undercover a darkness maybe that's just
22:19not the way it's gonna be and it may
22:21just be that the US government is the
22:23first large organization that really has
22:24to directly confront this this is not
22:26cover of darkness but it's suit
22:27Anonymous Bitcoin how does Bitcoin sort
22:30of fit into your view of where things
22:32need to go and as them as a aid in kind
22:35of securing things in a better way
22:37yeah so first of all I have to be
22:39careful on the topic of Bitcoin because
22:40I can very easily do the full khrushchev
22:42and bang my shoe on the table for six
22:44hours so I'll try to do the short
22:47so Bitcoin emerges at a very interesting
22:50time I think for two reasons one is just
22:52broadly architectural II the idea of the
22:55blockchain and the idea of decentralized
22:57trust for those who haven't looked at
22:59this it's really quite clever the way
23:00the system works in terms of being able
23:02to have people who have not met each
23:03other be able to actually establish and
23:05maintain trust relationships online
23:07through cryptography like I mean I can't
23:10think of a better time for this
23:11technology to emerge I wish it had
23:13emerged 20 years ago you know so that we
23:14could have built it in to the web and we
23:16could have built in the browser and we
23:17could have have everybody using it now
23:18but you know interest in these topics is
23:21sky high so this is a very interesting
23:22time for a new technology like this so
23:25that's sort of the big the big picture
23:26and then tactically payments Bitcoin is
23:29a direct respond before kind of indirect
23:33incentives and indirect accountability
23:35and so one of the things interesting
23:37about Bitcoin is it's as a payment
23:40method as a way to actually represent
23:41value and pay people online
23:43it's a bearer instrument right so it's
23:45like cash or it's like a bearer bond as
23:47opposed to a credit card number and one
23:49of the interesting things is you can you
23:50you I can pass Bitcoin I can send
23:52Bitcoin from myself to somebody I've
23:53never met before and I don't have to
23:55reveal anything about myself right I
23:57don't have to give my credit card number
23:58my payment credentials make anything and
24:01you know public private key cryptography
24:03and like it just works and I'm
24:04completely safe and secure and it
24:06doesn't matter what happens after that
24:07the other person has the value but they
24:09can't they can't they can't blow back on
24:10me and so it's actually been really
24:12funny economists think that this is a
24:14huge step backwards like they think that
24:16the modern economy of credit and debit
24:17and so forth was evolved over time and
24:19having to move back to cash is like a
24:21big step in the wrong direction but I
24:22would argue online because of this
24:24incentives problem you know you want
24:26people to be responsible the target
24:29was itwas a good example like one of the
24:30things about the target hack is I think
24:31they're I don't know for for sure but I
24:33would imagine they're gonna be fighting
24:34for years about who covers the losses on
24:37the target hack when the credit card
24:38database got breached in the case of
24:40Bitcoin if my account gets breached or a
24:43party gets breached and the hackers
24:44steal the Bitcoin there are no other
24:46consequences other than the fact that my
24:47Bitcoin or the targets Bitcoin got
24:49stolen there's there's no ability to use
24:52that information to then go hack
24:53somebody another you know a second time
24:55and so it is a much more direct linkage
24:58of sort of negligence or lack of
25:02attention to detail or lack of awareness
25:03of security coupled with financial
25:05consequences that we just don't have
25:08today but like if we can't even get
25:10people to do two factor authentication
25:12how do we get them to shift in like oh
25:14god it's digital currency that you know
25:17you don't you don't even know how it
25:18works just trust us it does yeah you
25:20know the answer is most people are not
25:21going to use Bitcoin directly most
25:22people are going to use services we
25:23funded a company called coinbase that
25:25makes it you know really easy to use use
25:27Bitcoin basically makes it easy easy to
25:28Bitcoin as PayPal makes it easy to use
25:30dollars and so for anybody who can use
25:32PayPal they can use coinbase
25:33so a lot of people will use commercial
25:35services but Bitcoin itself like from a
25:38technology standpoint normal people may
25:40not understand it but the use cases are
25:42very interesting their architecture is
25:43very generalized so in store sort of
25:45disappears like lots of good technology
25:47does and we just start using it I have a
25:49another question around Internet of
25:51Things you know things are complex
25:55you know you guys deal with endpoints in
25:58the in the numbers of millions but we're
26:01talking billions upon billions first
26:04define Internet of Things for us you
26:06know from your perspective and then how
26:08does that present kind of another
26:09massive layer of complexity or does it
26:11yeah so yeah so I I think the best
26:15assumption is probably trillions I think
26:17the number of things is going to be
26:18number things online is going to get
26:19very big so the way I think about it
26:20this goes back to what I was talking
26:21about about living in the virtual world
26:23is that basically any physical object
26:25any physical item is going to want to
26:28have a chip in it and then any physical
26:30item with the chip in it it's going to
26:31want to be connected online so literally
26:33everything over time gets connected
26:35online there's a to good but there's two
26:38interesting books in this I'd recommend
26:39there's a book I believe the title is
26:42they came out and it's a guy who kind of
26:43goes through this me his kind of
26:44argument it's like we're gonna live in
26:46Harry Potter world right like Harry
26:47Potter like you know he's walking down
26:49the hall at Hogwarts and like the
26:50picture like lights up and starts
26:51talking to him and then he's got his I
26:52don't know he's eating utensil and turns
26:54into a snake and slithered off or
26:55whatever all the different things like
26:57everything basically gets animated like
26:58there is nothing that's just like static
27:00and just sits there like everything is
27:01active and you know and at first you
27:04know that seems like it's pushing things
27:05too far and then you know and then we
27:06see the pitches we see every day we're
27:08literally getting people I mean it's
27:10we're in one of those phases of the
27:11industry where anything that can get
27:12dreamed about is going to get explored
27:15and it's it's going to be a magical
27:17inventive time the security consequences
27:20of this I think are going to be I would
27:22say awesome in both the very terrifying
27:24sense of the word and in a very
27:25inspiring sense of the word
27:27which is I mean look there's there's no
27:29way we can have self-driving cars with
27:30the current level of security of the
27:32average desktop PC like we just like
27:33there's no way we can't do it
27:34self-driving cars very exciting
27:36self-driving cars if every car on the
27:38road of self-driving all cars can go 300
27:39miles an hour right and they could weave
27:41through traffic there would be no more
27:43and and you could basically cut Auto
27:44fatalities to zero right as long as they
27:46don't get hacked right with that with
27:48that slight you know additional kind of
27:50thing and so internet things like if we
27:52weren't already required to take
27:53security more seriously Internet of
27:55Things would definitely trip us over
27:56so here's my theory I think self-driving
27:57cars are actually gonna be I think
27:59they're actually gonna be owned by hedge
28:00funds so the aren t they're not gonna
28:03wanna take responsibility so I think
28:04what's gonna happen is hedge funds are
28:05gonna spend a billion dollars and I
28:06gonna buy a fleet of self-driving cars
28:07and then they're gonna bid them out
28:09through services like uber and lyft to
28:11passengers and so you're gonna be
28:13standing outside you need to ride to get
28:14home you click the button and it like
28:16bids out over a network like uber lyft
28:17to you know whatever cars nearby which
28:20is probably owned by somebody with a big
28:21balance sheet probably a hedge fund and
28:25so and so in a case like that where
28:27something goes wrong you've got the
28:29you've got the driver the passenger
28:31you've got the print of course then
28:32there's a question of whether the person
28:33in the car had any ability to take
28:34control or not right because then did
28:36you know should the person have taken
28:38control should that now that have taken
28:39control then you've got the hedge fund
28:41certainly people will blame the hedge
28:42fund just on general principle and then
28:45you know the rock planning software the
28:48guidance software Google you know the
28:49Google you know the Google the stream of
28:50Google Earth data that's going to be
28:52coming out right right yeah it will be
28:55mr. lawyers will be kept busy for it'll
28:56be fun so final question Silicon Valley
28:59in the economy I mean technology you
29:01have this you know sort of overarching
29:02teasers software it's the world and at
29:05the firm one of our fellows Benedict
29:08Evans says that tech has outgrown tech
29:10is the tech economy is sort of a
29:12separate thing it's just on fire here in
29:14the valley how do you look at Silicon
29:17Valley's economy the technology economy
29:18and as it relates to sort of the rest of
29:21the world bumping along doing its thing
29:24yeah so I'm a much bigger optimist
29:26there's been a lot of negative kind of
29:27you know coverage of the tech industry
29:29kind of being if anything to sort of
29:31ironic actually if for those of us who
29:33lived as many people in the room did
29:34live through the 2000 crash everybody by
29:372003 knew the tech was all stupid and
29:38dead and so they've gone from that to
29:41tech as maybe now too powerful or too
29:42successful with no intermediate steps
29:44anywhere in the middle has been kind of
29:46entertaining to live through I I think
29:48the consequences I think the
29:50consequences for the global economy and
29:51for basically people everywhere much
29:53more positive then people are talking
29:56about right now in in two ways one is
29:59we're giving people incredibly powerful
30:01tools right this is sort of the big
30:03under understated thing I think there's
30:05a site there's still this kind of sense
30:06of like we're giving so the good news is
30:07we're living in a world where smart
30:08phones Android smartphones now are down
30:10to $25 right so India Pakistan you know
30:13whole range of developing world
30:14countries Indonesia you know you go to
30:16the local store and you literally get an
30:17Android smartphone for $25 right and
30:19that is the equivalent of a
30:20supercomputer from 25 years ago you know
30:23that basically everybody in the planet
30:24is gonna is gonna it's gonna have one
30:25right people have smart phones now don't
30:27have to this day running water or
30:28electricity in their homes and I think
30:31there's a view of like oh yeah fine okay
30:33they can make phone calls or they can
30:34watch you know World Cup videos or
30:35whatever but like they you know this is
30:36this is not like for some somehow tool
30:38production I think these are tools in
30:40production right I think I think people
30:41who have smart phones and then over time
30:43tablets and laptops and all the
30:44technologies that come from this I think
30:46are in a position and and if either
30:48position either for themselves or for
30:50kids you know for education and access
30:52to information access to careers
30:54access to work access to banking service
30:57modern banking services financial
30:58services lending ability to take
31:01products to market globally right is
31:03something the ability to get educated is
31:05something that is becoming available to
31:06everybody on the planet in a way that
31:07just hasn't been before
31:09and we're just in this kind of you know
31:10phase right now where the technology is
31:12literally just getting to like we're
31:13just in the face now where the
31:15technology is actually getting to
31:16everybody and so I think 20 30 years out
31:18I think it's gonna be amazing to see
31:20what people are going to do with these
31:21tools when they have them in their hands
31:23and all the kind of second or third
31:24order effects that'll come from that and
31:26then I think it's you know indisputably
31:28true that there is going to be and there
31:31is today you know significant disruption
31:32I mean it's certainly you know nobody's
31:34idea of a good time to be a taxi driver
31:35in the era of listen uber or to be a
31:37small independent bookstore in the era
31:39of Amazon but you know without sounding
31:43callous about it all of these shifts are
31:45the result of consumer choice all these
31:47shifts are the result of consumers
31:48voluntarily deciding to spend their
31:50money one way or another way in kind of
31:52a history of economics is when consumers
31:53have the decision have the free decision
31:55to be able to spend money the way they
31:56want you know really really good things
31:58happen in the economy and so we're gonna
32:00go through a lot of change I think we're
32:02in this period of time where it almost
32:03look I think it looks worse than it is
32:04because we see all the change happening
32:06we don't yet see the payoff because we
32:08don't see what everybody's going to do
32:09with all these new tools but I think we
32:10will and I think over the next five or
32:12ten years I think especially what's
32:14gonna come out of the developing world
32:15it's gonna be phenomenal I'll just give
32:17you one example a good friend of mine
32:19Chris Schroeder who used to work in the
32:21State Department and then ran a big
32:22internet company spent two years in the
32:25Middle East and he has East what highly
32:27networked in throughout Egypt and Syria
32:28and Jordan and all through the Middle
32:30East and it turns out there's a whole
32:32internet startup boom happening in the
32:34Middle East and like this is a fairly
32:35like big deal because like you know
32:37there's lots of other stuff happening
32:38and and there are kids you know busy
32:42working away on app startups you know in
32:44Jordan and it's Syria just just the same
32:46way they were here and in fact the most
32:48inspiring part of this didn't happen
32:51before II wrote the book but he wrote an
32:52essay about this later after he wrote
32:53the book he got one of the very few
32:55passes there's like twenty a year of
32:57American business people who get to go
32:58to Iran it's the State Department
33:01program and he went he spent two weeks
33:02on the ground in Tehran and he said
33:04there is a absolutely vibrant internet
33:06startup scene underground in Tehran and
33:08the kids who are working on these
33:09startups are just like as excited is
33:11going to be they know everything like
33:12they're completely current on every they
33:14know everything that all the guys who
33:15come in our office every day you know no
33:16they're completely current at all of you
33:18know they read all the Paula Graham's
33:19like you know posts they've read all of
33:20ours like it's everything that
33:22everything and they've got their apps
33:24and they got their ideas and like
33:25literally their big issue is they're
33:27under an embargo right it's just they
33:29can't get their stuff to market but they
33:32could not be more excited about it and
33:33so I think you're seeing lots of signs
33:35around the world of sort of a huge
33:36amount of latent energy creativity
33:38economic growth and development that you
33:40know hopefully the world will be stable
33:42enough over the course of the next
33:43couple decades we will really be able to
33:44see that play out thank you so much
33:46right thank you everybody