A

Foreign what's up, everybody? Welcome to this week's episode of Hidden Forces with me, Dimitri Kofinas. In today's episode, I share part of my recent conversation with Bruce Schneier, a renowned American cryptographer, computer security professional and privacy specialist on the subject of CyberSecurity and the NSA. I also share with you part of my video interview with Leemon Baird, the inventor of hashgraph, which will be made available in full on the Hidden Forces YouTube channel, as well as through our website@hiddenforcespod.com later this week. But I want to start the show today talking about privacy, specifically about a landmark case before the Supreme Court that could have huge effects on our expectations of privacy for generations to come, and something that was mentioned in my recent interview with Jeffrey Rosen, president of the National Constitution center on the Future of Privacy, Personhood and Freedom in the Digital Age. The case under consideration is Carpenter versus The United States, and it involves Timothy Carpenter, an armed robber whose movements in public were tracked for127 days by permission of a subpoena issued by the government for the geolocational records from his cell phones that made it possible to see which cell towers he was near over that period and used this data to conclude that he had indeed committed a series of burglaries allowing them to indict and convict him of armed robbery. He and his lawyers objected that the search was invalid because a subpoena that was issued under a federal law called the Stored Communications act wasn't issued according to the standards required by a valid judicial warrant. And as a result, he claimed that the search violated his rights under the Fourth Amendment, which states that the right of the people to be secure in their persons, houses, papers and effects against unreasonable searches and seizures shall not be violated, and no warrants shall issue but upon probable cause supported by oath or affirmation, and particularly describing the place to be searched and the persons or things to be seized. End quote. What's most significant about this case, and why I bring it up today, is that it requires the Supreme Court to scrutinize one of the most basic tenets of surveillance law, what lawyers call the third party doctrine, which is a legal theory that holds that people who voluntarily give information to third parties, such as banks, phone companies, Internet service providers and email servers, have no reasonable expectation of privacy. Under this doctrine, when the government is investigating a criminal suspect, it can obtain information from the third party without a warrant. The doctrine has its origin in a series of court cases, most notably Smith v. Maryland, 1979, in which the court ruled that the police did not need a warrant to obtain a list of numbers that called a certain phone number using a pen register technology. That allowed the government to reconstruct the numbers dialed by suspect Michael Smith from his home because Smith had voluntarily given those numbers over to a third party, namely the telephone company. Since the information obtained also appeared on a monthly phone bill, the Court reasoned at the time that the government was simply requesting information that Smith and anyone else with a telephone line would have consented to hand over anyway. Carpenter is the Supreme Court's second exploration of the intersection of cell phone technology and and the Fourth Amendment. In a 2014 case called Reilly v. California, the Court unanimously ruled that police must obtain a warrant to search the information on the cell phone of a person who has been arrested. In an illustrative opinion, Chief Justice Roberts wrote that cell phones are such a pervasive and insistent part of daily life that the proverbial visitor from Mars might well conclude that they were an important feature of of human anatomy. Another way to think about this case is that it is about the application of the Fourth Amendment in ubiquitous surveillance in public places. The question before the Court and before you, the audience, is do you believe that reconstructing someone's movements in public for 127 days by subpoenaing his geolocational records from his cell phone violates his Fourth Amendment rights? This isn't a debate about whether or not there should be any limits on the government's access to our data, but rather which institutions of government should put limitations on that access. Is it the legislature or is it the courts? Should it be statutory law that puts limits, or should it be the Fourth Amendment? If you haven't heard episode 24 with Jeffrey Rosen, I encourage you to do so. He's a top authority on constitutional law, and the National Constitution center is a highly respected nonpartisan institution, something we desperately need in today's politically polarizing times. I also want to quote Jeffrey, who wrote an article for the Atlantic after attending Wednesday's Supreme Court hearing in which he stated, quote, it was encouraging to see two Justices with very different perspectives. Justices Sonia Sotomayor and Neil Gorsuch make passionate arguments for why allowing these kinds of mass searches of our digital effects would be as invasive and unreasonable as the hated general warrants that helped spark the American Revolution. It's possible, therefore, that Carpenter versus The United States may continue a welcome recent trend. Liberal and conservative justices on the Court, by broad bipartisan margins, are insisting on translating the Fourth Amendment to the Constitution into the digital age. Now, before we get to our next story and my interview with Bruce Schneier, I want to say something quickly about a related story dealing with the recent proposals to to roll back regulations on net neutrality put forward by FCC Chairman Ajit Pai. If you're concerned about free speech in the digital age, you should be concerned about net neutrality. It's something that affects all of us. And I think rolling back those regulations makes an already compromised, informationally poor landscape that much more imperfect. Moving on to our next story and my interview with Bruce. The number of cyber attacks that we've learned about in recent years, to say nothing about the number of attacks that have occurred, of which we know nothing, seem to grow noticeably by the day. The most recent talked about attack was the Equifax hack, which is estimated to have affected 143 million Americans. But it isn't the most significant by any stretch. Something that hasn't gotten anywhere near enough attention is the Shadow Brokers attack perpetrated against the NSA itself, an attack that the intelligence community has labeled as more damaging than the Snowden leaks. Because unlike with Snowden, this attack didn't only result in the theft of plans and information from the nsa, but actually involved the theft of malware and vulnerabilities that can and have been used in other attacks. This obviously raises a ton of issues, but one particular question relevant to this hack that I posed directly to Bruce deals with something called the Vulnerabilities Equity Policy Process, or vep, which was formalized under the Obama administration, a recognition by the government that, that we, and by we, I mean our intelligence and cyber warfare agencies and outfits that we don't own the vulnerabilities we discover and that they are not exclusively ours to exploit. That the same vulnerabilities that the NSA uncovers, zero day exploits, meaning that the software vendor is unaware of their existence, are just as useful to us as they are to our enemies because we all use the same software. NSA is a shorthand term for these types of vulnerabilities. They refer to them as nobus or Nobody but us. To quote former NSA chief Michael look at a vulnerability through a different lens. If even with the vulnerability, it requires a substantial computational power or substantial other attributes, and you have to make the judgment who else can do this? If there's a vulnerability here that weakens encryption, but you still need 4 acres of crate computers in the basement in order to work it, you kind of think no bus. And that's a vulnerability we're not ethically or legally compelled to try to patch. It's one that ethically and legally we can try to exploit in order to keep Americans safe. End quote. Now, the new cybersecurity coordinator, Rob Joyce, who took over for Michael Daniel under Obama, has put forward proposals for changes to vep. I asked Bruce for his thoughts, and if these changes are, on balance, good for transparency and public accountability. I'll come in with my thoughts after this clip from Bruce, but here's his answer.

B

All computers are vulnerable, and there are threats and there are attacks. One of the reasons that all computers are vulnerable is that they're full of vulnerabilities, meaning they're full of bugs, they're full of mistakes. This isn't something that happens because programmers are sloppy. It's sort of inherent in the complexity of the systems we're building. We don't know how to design secure software. As a fundamental limitation of our scientific knowledge, any major piece of software will have thousands of bugs. And the fact that they work at all is sort of a miracle and shows how good we are at designing resilient systems. But there are thousands of bugs. And you know this sort of intuitively, you know how often a lot of the apps on your phone crash? Those are all examples of bugs. So some bugs are also security vulnerabilities. By this I mean an attacker can use them to break into a system. And this is a common way for attackers all up and down the chain break into systems, from loan hackers to governments, ours and theirs. Now, here's the interesting question that this vulnerability equities process posits. If you find a vulnerability, what should you do with it? Now, as me, I have a few options. I can call the company and say, hey, I found a vulnerability in your software. You need to fix it. Now, if I'm a researcher, I often do that and also publish my vulnerability because I want an academic paper. I publish it in conjunction with the fix because I don't want to endanger people. So there's this dialogue. I will engage with Microsoft or Apple, whoever the company is. Sometimes there are bug bounty programs. Sometimes companies will pay me a bounty for finding vulnerabilities. I read today that a vulnerability was found in the Facebook software and the people who found it got a bounty. I could also sell it. I can sell it on the black market. Turns out criminals buy this stuff. And if you go onto the dark web, you can sell a vulnerability and make actually more money than you could selling it to the company. You could also sell it or become a cyberarms manufacturer. There are companies that find vulnerabilities and sell them to governments, to the U.S. government, to other governments you know, you might think of as friendly and to governments that we kind of don't want to have these weapons. Government of Kazakhstan, of Sudan, of Nigeria, countries, we're not too crazy about them having attack capabilities. And that's the ecosystem. So now the question is, when the US government finds a vulnerability, what should they do with it? They have two basic options. They can use it for defense, they can inform the company and get it fixed, or they can use it for attack. They don't tell the company, they keep it in their pocket and they use it to attack whoever the bad guys are. Now here's the interesting dilemma. If you keep the vulnerability in your pocket and use it for attack, you are also vulnerable. If you give it to the company and fix it to make your computer more secure, you're also making the bad guys computers more secure because we're all using the same stuff. Anything you do for you affects everybody. So there is this process you talked about, some of the documents that are made public. It's actually a secret process. What's been made public are some broad outlines. We actually know very little about the details, details of this process by which the US Government goes through primarily the NSA to decide when they discover a vulnerability, should they fix it and improve security or should they use it keeping everyone insecure. And that's the vep.

A

So that's vep. And my two cents on this is that we all need to pay close attention to to how our government exploits and uses vulnerabilities in our software and what sort of leeway we are willing to give the NSA and other intelligence agencies as more and more of our lives unfold online through mediated experiences that rely on the integrity of porous software. And this is an imperative that's only going to grow in importance in the months and years to come. Another interesting topic I covered with Bruce and for which I'm going to release a short excerpt here is the subject of regulation. The recent hack of Equifax exposed yet again the glaring incompetence of large corporations in dealing with security and the threats posed by hackers criminally motivated as well as nation state backed. And further heightened the debate in Congress and among the policymaking community about how to regulate and incentivize companies so that they can better deal with this rapidly emerging threat. Bruce recently testified before Congress about the very serious and urgent threat posed by insecure IoT devices. We're talking about billions of dumb devices that have very little or no security protection. Many of these devices, like Internet cameras, actually have hard coded passwords that can't be changed and have already been enlisted in major attacks like the Mirai botnet attack that Josh Korman and I discussed in episode eight, which I would highly recommend you listen to. Again, I asked Bruce specifically for his thoughts on the Internet of Things Cybersecurity improvement Act of 2017. And if he thinks we need a special department dedicated to overseeing cybersecurity, similar to the National Transportation Safety Board, for example, here is that back and forth. How important do you think it is.

C

That the government step up to the plate and build a sort of a NTSB for cybersecurity and really regulate around all of this?

A

I mean, I know you were in Congress recently for that with the, the.

C

IoT Cybersecurity Improvement Act.

A

How significant do you think this is and do you have hope that this.

C

Can happen without relying on some critical.

A

Event or some loss of life?

B

So you mentioned the ntsb. I'm not sure why. I'm not convinced that's the right metaphor to use. But let's stay general.

A

Yeah, sure. Or if you want to give a.

C

Better one, I mean, you're much more qualified to do so.

A

I just kind of threw that out.

C

There as an example. But this idea of creating an agency.

A

That would look over this.

B

Yeah, I think the odds of the US government in 2017, 18, 19, or creating a new government agency are pretty much exactly zero. Not that I don't think it's a good idea. But you know, we're not. I mean, even assuming we had a functional government, there's still this widespread mistrust of government. That's a big question. But certainly, I mean, looking at all the threats. And so we've meandered a bit. We started out talking about the Internet of things and the threats of the small, where the small can be things like cars, but they're still individual. And then we move to the threats of the large critical infrastructure. We talk about hospitals, nuclear power plants, the energy grid writ large. We can talk about transportation networks, we can talk about communications networks and the same vulnerabilities. So when you look at both of those, you suddenly realize that the market is just not equipped to handle the threat. And I'm not sure it should be. When you go to the store and buy a thermostat, defending yourself from the government of North Korea really shouldn't be on your feature list. It's something you kind of expect the Government to take care of. I'm going to buy my appliances. And attacks from foreign countries are someone else's problem. And that just makes a lot of sense. And it's kind of similar with our infrastructure. We don't really build our power plants to withstand foreign invasion. We assume that the army will take care of that before the enemy army gets to the power plant. It's the Internet that throws all that in disarray. So we sort of have this world where market solutions are just not equipped to deal with the current threats. And when you have that pervasive market failure, your only real answer is to call in government now. Exactly how is almost a separate conversation.

A

How do you mean it's a separate conversation?

C

What do you mean by that?

B

Well, whether you want regulation or whether you want liabilities or whether you want a new agency or some kind of testing authority or. You mentioned the ntsb. Some kind of forensic analog. I mean, you can talk about the nitty gritty of how you want policy to work. I'm not a politician. Depending on your politics, you're likely to pick one over the other. Do you want tax incentives? Do you want to throw people in jail? Carrots are sticks. But that's really separate from the realization that there is a market failure. And then government needs to step in in some way to change the incentive structure.

A

That's a great point. The incentive structure. Take the case of Equifax. They're not the only company that has.

C

Done a poor job of securing customer data.

A

On top of that, you can make great efforts to secure data. You can still get hacked. But in this case, it seems that they've shown a lot of incompetence in.

C

Terms of how they handled their data.

A

There's an argument to be made, and I think you've made it before, which is that these companies are not incentivized to make the types of investments that are required. And that's where you need government to step in and kind of reincentivize the market.

B

Yeah, Equifax is an interesting example. They are very much critical infrastructure. Credit bureaus are critical in the way we do modern banking. Modern banking can't work without them. They collect our data. In effect, they are a surveillance company. They collect data about us, make assessments of our creditworthiness and also our interests, because they sell lots of other types of data besides the credit ratings, and then they sell that data to third parties. Think about what their incentives are. I'm not their customer. I might not even know who they are. They have no incentive to secure my data.

C

You're saying you're the product, not the customer?

B

I am. That data about me is the product sold to their customers, which are banks and marketers and companies and sort of everyone who wants to know stuff about me to either learn about my. Either predict my future behavior or to influence my future behavior. So we are all their product. If we expect companies like Equifax or data brokers in general to protect our data, we need to pass a law. There's no other possible way they will secure their customers data because they don't want to lose their customers. The customers are the banks, not us. It's actually why if you ever try to go to Equifax customer service, you can't find it. They actually have great customer service, but you're not their customer.

C

Similarly with Facebook.

B

Similarly with Facebook. But Facebook is a little different because while we're their product, they need us to remain engaged. Equifax couldn't care less if we were engaged or not. It's even worse. So we need some government intervention here to incent Equifax not to do such a lousy job with security. And the details of that story are embarrassing. And I will spare you, but they did a really lousy job.

C

Well, I think they also ended up redirecting customers to.

B

Oh, the robustness of the failure is probably its own episode.

A

So I guess, I mean, that brings me back to my point before, which is, okay, you said it's a separate.

C

Conversation really, to think about how the government should respond.

A

But after 9 11, we got the Department of Homeland Security as a result of a crisis, and you could argue.

C

We could have done a much better job had we sort of addressed the threat prior to 9 11.

A

And that threat, to me, seemed far more reasonable and less severe than this one. This one is also nonlinear, right? I mean, it's hard to think about.

B

It's also abstract, which makes it hard. And so the sort of point you're making is that, like, nothing motivates the government like fear. You mentioned 911 attacks. A few months later, a stereotypically small government Republican administration creates a massive bureaucracy, kind of out of peace parts, with no real debate, no real discussion, no real opposition. And so the wonder is, could there be a similar episode in cybersecurity that could result in the same sort of outcome? I mean, yes, it's certainly possible. My worry is that the cyber threats are a lot more abstract. I mean, maybe I'm gonna make this up, right? You know, someone hacks into all the cars and all of the brakes stop working. Or I guess more likely it'll be one particular make and model year of a car and all the brakes stop working and thousands of people die. I mean that's. It's kind of science fiction. Y but it's not stupid science fiction.

A

Well, we had another thought experiment we.

C

Did on this show around scrambling blood.

A

Records at hospitals on the morning of operations.

B

Yeah, I mean that sounds pretty horrific, but I think crashing cars is simpler.

C

Yeah, it paints a bigger visual.

B

Right, It's a bigger visual. Now what would happen? I mean, would there be demands for Congress to do something or would they do something drastic? Maybe. We've been seeing lots of critical attacks. Right. But you know, there's always a reason why we don't act. Attacks against the power grid. Well, they happen in the Ukraine, not here. The ones that happened here didn't do damage. Hospitals, the. They've been isolated. 911 services being disabled, only here and there. I thought that the wholesale theft of the security clearance information of every American with a clearance by China would spur.

C

That was OPA government act.

B

That was the OPM hack, would spur government into action. That didn't. We're not seeing a result from Equifax. Do we really need massive loss of life and property? I kind of hope not. That feels a bit too late. But maybe.

A

Are you also suggesting. Cuz it kind of sounds like you're saying this, that maybe there's. Because certainly there's been a noticeable level of this placid sort of response by.

C

The public in general, this sort of.

A

Glazing over of the eyes. Do you think that we might actually have an event like the type you're describing and it still won't be enough?

B

I have no idea. I mean.

A

Right. You're not a.

B

Predicting the response of the American public is not a game I want to play because I have no idea. Maybe some of the worry is that let's say a disaster happens and the public rises up and demands something must be done. Congress looks around, says here's something, therefore we must do it. That something will happen quick and not well thought out and wouldn't solve the problem, would do more damage. So I want to talk about this now. One of the reasons I spent a lot of time giving talks about government regulation, the Internet and what it might look like is that now we have the luxury of thinking about it because there isn't a crisis, there isn't a demand. And I think it's important to have those conversations now. And not in, you know, the 30 minutes, the two days after this catastrophic event and throw something together.

A

So that's a great point. Right. And it's not just the case with Homeland Security. It's not just the case with the.

C

Tsa, which has been really a grand.

A

Disappointment for many reasons that we could.

C

Go into, but we don't have to.

A

But of course, there's a more sort of significant and dangerous and pernicious threat posed by NSA mass surveillance. Now, I know you've been involved in this space for a long time, and.

C

I know about your role in terms of helping pars through the Snow Snowden leaks. Do you think that we could have.

A

Had a better process, I mean, a significantly better process in terms of dealing with that trade off between privacy and security with the nsa, if we had done this more properly beforehand instead of kind of rushing into it in this sort of fear response? And do you think about that in very specific terms going forward?

B

You know, when I think about the NSA and capabilities, I think the, the way it falls short in public policy is that the debates never happen in public, that a lot of what the NSA does is in secret. I mean, we understand that who they spy on should be secret. But outlines of capabilities and programs and the way we go about espionage and surveillance on the world stage is a matter of national interest and should be debated in public. And I think one of the ancillary lessons of Snowden is that a lot more of it could have happened in public. I mean, Snowden forced all the information to the public eye. And you know, in the years later, the NSA looked around and said, you know, that wasn't that bad. You know, we didn't get our head handed to us. And the more we do in public, the more there's public buy in into what we're doing. And that feels important in a democracy. There was just too much secrecy. And to some extent there still is. We talked about the vulnerability equities process. That is a process that is primarily done in secret. And a lot more can be made public. And now because of all of this secrecy and all this, the Stone documents you mentioned, the shadow brokers, all this forced exposure, there's a lot of mistrust between the public and the government. We don't actually trust what the government's doing, the government's doing in our name, let alone the governments that we don't like are doing right. Russia, China, Saudi Arabia, other countries, even the governments we like, we don't trust. And that's corrosive. And the more we can talk about these things in public, the better we'll be.

A

So for me, the most important aspect of my conversation with Bruce and what I want you all to take away from it, is that we need to think very seriously as a society and as a nation about what compromises we're willing to make in the name of security and where we draw the line when it comes to what is sacred. What is a compromise that would make the added security meaningless because our lives would have been made less valuable by what we're being asked to give up? VET brings some level of transparency to what is a very dangerous privilege exercised by our government, and it behooves all of us to pay very close attention to what the NSA and other intelligence communities are doing in the name of security, especially if and when there's an escalation, either in the proverbial war on terror or a more conventional war, which is no longer just a theoretical possibility considering the very serious threat posed by this isolated country, North Korea, and its very alarming most recent ICBM test. So just something to look out for that is on topic with what we've already been discussing on a number of our previous episodes, but most notably on episode eight with Josh Korman, which again I highly recommend you listen to, even if you already heard it the first time. Now the last story I want to get to, which will also incorporate part of my second unreleased episode with Lehman Baird and is Bitcoin. Unless you've been living under a rock, you know that Bitcoin's been on a tear in 2017. It started the year at just under 1000 bucks and last week it broke above 11,000. Ethereum's ether currency also reached an all time high on the same day of $515. This is all happening as Wall street and regulators are gearing up to make Bitcoin derivatives trading possible on major US Exchanges. The Chicago Mercantile Exchange announced last week that it has self certified the initial listing of its Bitcoin futures contract to launch Monday, Dec. 18, 2017, less than three weeks from today. The CBOE has already released early specifications for its planned Bitcoin futures product, which is still pending regulatory approval but could launch as early as this year. And NASDAQ announced last week that it plans to launch a futures contract based on Bitcoin in 2018. So that's three exchange operators that plan to launch US derivatives contracts linked to Bitcoin. This is huge for such a small and burgeoning market and it's going to mean huge profits for otherwise volatility starved traders and speculators who are just chomping at the bit to get into this market and trade around that volatility and ride that momentum. Introducing futures contracts, options and derivatives will allow investors to make leveraged long short bets, which means that the volatility we are seeing in Bitcoin is only going to rise. It also means that we're going to see a lot of new money flood into this market, which could be really positive for anyone looking to hold onto Bitcoin for the medium term. Also, the regulatory component here is super bullish because it legitimizes an asset class that many people haven't been willing to touch exactly because there's been so regulatory uncertainty around it. That said, I'm still very skeptical about Bitcoin. Those of you who heard my first interview with Lehman Baird, the inventor of Hashgraph, know what my concerns are around Bitcoin and any other blockchain based protocol. I think that there are huge limitations to scale that limit Bitcoin to a narrow set of use cases that could potentially be serviced by superior, yet to be proven distributed ledger technology that isn't burdened by the massive throughput limitations, inordinate energy demands and inadequate security architecture of blockchain. Could that be hashgraph? Maybe. Which brings me to my most recent interview with Lehman, which happened two weeks ago at our offices in New York City. It was our second interview together, and my third show covering Hashgraph, if you count the audio released from our live event in New York City from mid October. Lehman is a very impressive guy, and it's easy to understand why everyone who meets him finds it hard to walk away without feeling like you've just met someone who's about to change the world. I was hoping that we could talk about the work that he and his team of engineers have been doing to build a public ledger based off of Hashgraph. But my sense is that they have a long way to go and it's a very uncertain path. Creating a public ledger with the security standards and throughput potential of a permissioned network is not a straightforward process, and I think that they're still figuring a bunch of stuff out. That said, we danced around the subject quite a bit, and we also spent a good deal of time addressing some of the latest concerns raised by the Blockchain and Hashgraph communities, including comparisons between Hashgraph and iota. I tried not to repeat much of what we covered in our first interview with or on the live panel, so I would highly recommend that anyone who has not heard those two previous shows. Listen to them before watching the full episode with Lehman that I'll be posting to our website later this week. The clip that you're about to hear runs for about 20 minutes, and it's one of my favorite parts of the interview. It addresses a series of questions that are very important to me, dealing with goals and values. Specifically, I asked Kliman what type of future he envisions in the event that he or anyone else is actually able to solve the problem of scalability in distributed consensus. The vision Lehman paid is very compelling, and it speaks to why I'm so disinterested in blockchain technology and in Bitcoin. I think the opportunity for distributed consensus is about so much more than cryptocurrencies or smart contracts. It gets to the heart of the of what we've spent so much time covering on this show. How do we manage to maintain our autonomy, agency, and freedom in a world increasingly mediated by layers of technology? This is the question that DLT promises to solve, and it's a very exciting prospect indeed. Here's that part of my conversation.

D

So what we want to be able to do, and I think a child born 20 years from now is just going to take for granted that you can do this at any moment. You can wave your hand, you can create a world of your own. You don't have to pay anybody, you don't have to get permission, you don't have to think about which server is going to be holding it. You just wave your hands and you have a world of your own. And you can put information there. You can build things, you can draw things, you can build 3D objects, you can have information stored, you can type in stuff, you can record stuff, and it will all be there, and it's just all magically there. And you can invite a friend, and now the two of you have a shared world and you can see the same things. You can build things together. You can see each other. Of course VR would play into this. Of course games would play into this, of course social media would play into this. All these things would be part of it. But they don't even think about that. They're just gonna say, I don't even know what social media is. I don't know what servers are. I just know that I wanted a shared world and I wanted to invite my friend. And now the two of us are in the shared world. This is it.

C

It's a remarkable vision that you're laying out. I'm interrupting for a minute, but just what you're really saying is because the data layer is now a protocol, you're able to write this software that can do things that you couldn't do before because you distribute all of that computation and storage out to the network.

D

Yes. And it becomes invisible. That's the goal. What you end up with is you don't think about the network or about how you're going to transfer money and what servers are going to store your files and who is in control right now. There's always the admins that can control everything in a game or whatever, or. No, what you have is you just have rules enforced. You take it for granted. And if you want a world where there's a dictator, you could have one. But if you want a world where there's democracy, you can have that. It's entirely up to whatever you want. And you can invite a friend, or you can invite a thousand friends and all of you together then get to share all this data. And you all know that the rules are enforced. You know that there is fairness. If there's some kind of matching markets, you know that the markets are fair. You can just start up your own stock market. You don't have to say, I think I feel like having a stock market. You just wave your hand and you create a shared world and you have a stock market of your own that you created.

C

You know, I'm interrupting you again, Leemon, because you're getting me very excited. Right. Because you're also making me think and imagine. Right. Which is helpful for me to go back in time and go back to the early 90s, and we talked about this before, and you mentioned it yourself, which is that it's not just about the culture that exists, but it's about the way in which the technology alters the culture.

A

Yes.

C

In the way we. Those two things interplay with each other.

D

Yes.

C

The Internet, the capacity to communicate across the world with anyone and to now do video chat, it hasn't only just had an effect on our businesses and our capacity to change our economy, but it's also had an impact on our culture deeply.

A

Right.

C

And if we can create, if you or anyone else can create a scalable solution for this, for what we're describing here.

D

Right.

C

We're potentially talking about a future in which culture is dramatically different from what it is today as a result of our capacity to create these. Spontaneously create these communities that are secure and that can work and operate without needing to have it hosted on Amazon servers. Right.

D

Right. And because you don't have to host it On a server, you don't have to pay or you don't have to watch ads. They don't have to spy on you to make the ads. Correct. So you don't have to have an entire industry based on spying on consumers. This is the future.

C

Well, I'm thinking, for example, I mean, a classic sort of limitation is in social networking. People are very frustrated with the ad model and with Facebook and many of these social networks. Glaringly obvious case, for example, would be the capacity to create social communities. I mean, that's kind of what you're talking about.

D

Exactly, of course, but it's doing it the right way because you don't have to have a trusted third party running a server that's expensive, that needs to pay for it. With ads, you don't have to have somebody spying on you. These shared worlds will take privacy for granted that only what I publish is visible. It's only visible to those people in the world. And there's no corporation spying on me, so they can give me better ads because there's no ads. And if you want to set up a world that has ads, fine. You can set up a shared world that has ads, that's fine. But the market controls. If people want to go to these free shared worlds that don't have ads, then they'll probably do that. So you're gonna have to make your ads interesting enough to draw people in on purpose. Totally changes the nature of what social media are. It changes the nature of how we view what cyberspace is, what the Internet is. That's what we're talking about. And I didn't even finish. Not only do I want us to be able to have these shared worlds, they have to connect to each other. We have a million shared worlds. But just without thinking about it, you wave your hand and part of your world is a part of Wikipedia. It appears like it's part of your world, even though it's actually over there in a different shared world. And when it changes, the changes propagate to yours invisibly. Or you just wave your hand and create a stock market, but people are going to buy, or an auction house, ebay, but people are going to be buying and selling using real money. What's the real money? Oh, it's a cryptocurrency that's managed in some other shared world, but you just invisibly link them together. Everybody is linked invisibly. And you don't have to think about it. This is what we're talking about. And under the hood, there's Constantly checking digital signatures and hashes and everything to make sure you're never lured into a false one. This is the vision for the future. This is where we have to get to now. It's a different vision than what motivates other people. Everyone has their own vision of what motivates them. And of course, this will incorporate everything else. We will have a cryptocurrency in this vision. We will have distributed autonomous organizations, we will have smart contracts, all that stuff. But that's not the vision.

C

That's just part of it. I mean, you're talking about an entirely new social organization for a digital society.

D

Exactly. And so it just changes the whole nature of what you view. And I think kids born 20 years from now won't even imagine a world where that isn't the case. But it's bigger than that.

C

So what's exciting for me is maybe it would help also to describe what the dystopia vision would be. If we have the current technology and we move towards an increasingly technological future, what would that look like?

D

Yes. So dystopian almost certainly involves a lack of privacy. Perhaps we have lack of privacy because everything is on servers. The only way the servers can be paid for is with advertising. The only way advertising works is if people are spying on me and using really sophisticated AI to model my psychological state. To know everything there is is to know about me. That's companies. Maybe the government's doing the same thing at the same time. That would be dystopian. Hypothetically speaking, that might happen someday.

C

Have you seen Black Mirror?

D

One of my absolute favorite shows.

C

Really?

D

Oh, yes. It's incredibly scary because it's real. Yeah, right.

A

So you've seen it?

C

It wasn't too scary for you to watch.

A

I had to stop.

D

Oh, horrifying. Yes.

C

Have you been able to watch each and every one?

D

Absolutely. Oh, yeah.

C

You're a glutton for punishment.

D

He probably says something bad about me, and of course they're exaggerating. All art is, you know, to some degree, a caricature, but the underlying ideas that they're portraying are, of course, real. And in fact, I said it gets bigger. I can go more about the dystopia, but let me just say something about the dystopia we're in at the moment. I was talking about the spying culture that's part of our dystopia, the lack of privacy. And it all is driven by the servers. It's driven by the economic model of servers. If you could get rid of that with ledgers, Then you get rid of that. I mean, it actually changes things. But there is another thing that we're seeing right now that I think will change. It will probably change with the rise of VR and some other things anyway, but I don't think that's sufficient. I think you actually need the shared worlds I was describing to change it. And since you want to talk about culture, I have read some fantastic sociological, anthropological things recently about what's been going on in our culture right now. The effect of this device, which of course is what Black Mirror is all about, but the effect of this device on the nature of our culture. And the studies that I've been reading have been about millennials and younger on kids, but it's not because they're young. It's just because they're the early adopters of really living your life on this thing. But, you know, the average adult even looks at this thousands of times a day. The result, though, one study that I was reading said that there's also of things that they track and that they change gradually over time and that in all the last hundred years, they've only seen one point in time where it all suddenly changed, where the culture changed abruptly. And that was when cell phones came out, smartphones came out, and that in every respect, people are isolated, less socially connected because of social stuff.

C

On that device, they're alone together. To quote Sherry Turkle.

D

It's true. The scientific data actually take a pretty compelling case. And they even have some interesting studies that get into causality here, which is usually the problem with sociological studies is that it's purely observational. But they actually do things where you do controlled experiments where you see causality. The more you're using and interacting with people through your phone, the more lonely you feel and the more depressed you feel. And current kids don't want to get a driver's license. I don't know. When I was a kid, that was what every 15 and 16 year old wants more than anything in the world. Now they don't even want it. They only get it when they're forced to get it. And I've seen this in my nephews. Why? Because I want to sit in my bedroom and just stare at my cell phone or at my computer. I don't want to go anywhere in the car. Why would I want to use a car? This is different. Now, that isn't necessarily bad. What is bad is that there's some evidence that cyberbullying exceeds the amount that you have in person. Bullying, when people are actually next to Each other.

C

Oh, absolutely.

D

And there's reasons for it and there's anonymity reasons. There's also, I can't tell where you're putting your attention when we're through a group. We're never in a group. We're always a whole bunch of one to ones at the same time. And I can be gossiping without you behind your back while I'm talking to you.

C

This is very fascinating that you think about these things. I didn't know how deeply you thought about them. But there's. Of course you're not experiencing someone in person. You're not getting that tactile feedback and you're getting them intermediated through layers of technology that's translating all of those signals as best as the computer can and certainly not good enough to give you an experience of empathic learning.

D

Yes. So some of that will get fixed. We'll have haptic interfaces, we'll have better VR interfaces. We'll have avatars in VR that come from cameras that are actually looking at your eyes. There's all sorts of cool things that we can do that will make it more and more like being with a person. But you know what? Social interaction isn't just being with a person. It's also being with a person where it's inconvenient for me to suddenly go a million miles away and do something else and come back a millisecond later. So you have fewer distractions when I'm actually with you in person. But when I'm facebooking with you or I'm texting you, I can be doing a million other things at once. And you're actually not getting a big fraction of my brain at this moment. And even if you could see me, you might not notice that I'm doing the same thing actually right now. What's the big thing that people do in person? We all get together in a party and what do we all do? We sit there and stare at our phones. This is the old joke, but it's actually true. So the problem is that we're alone together. We're connecting through social media through a cell phone, maybe in person, or maybe we're sitting together in person, but we're actually staring at our cell phones, talking to other people at the same time, very distracted, never giving any person a very large fraction of our brain. There is the problem that we have a low resolution picture of each other or no picture of each other, and that we can't touch each other. Those are going to be fixed. Better VR goggles, better Haptic interfaces. Those are going to be fixed. It'll be more like being there. But the problem is that right now we are seeing real sociologists are seeing and anthropologists are seeing that we can be in the same room and not be together. Because I'm on my phone texting to a million other people and you're on your phone texting to a different million people. What you need is to get to where you have a shared world that has a set of people in it and everyone sees everyone else in that space set and that you notice when somebody is being distracted by people outside the set. I think the real problem isn't that the one to one connection is bad. It's that we're only getting one to one connections through our technology. We're not getting the click connection in graph theory terms, where we're all seeing each other and we all know that we're all seeing each other and we all know that we all know that we're all seeing each other. This is something you get in a small group of kids hanging out together in the past that is now being undermined by our current connection technologies.

C

That's very fascinating. How would you solve that with dlt?

D

That's what you have to do. The only way to solve it is either ban all cell phones. I'm not in favor of that one. Or we need to be able to create shared worlds. So it's not just a way that I can call you through super VR goggles and see you and see your face, which helps. But we have to be able to have several of us in a virtual environment that are all next to each other, all seeing each other, and all interacting with each other as a group so that we aren't tempted to be constantly interacting with other people elsewhere. So we're going to have to have shared worlds that are compelling enough that we all want to be interacting with the shared world and with each other. Now it sounds like I'm talking about VR. And of course VR is useful if you want to use that, but it doesn't have to be VR, but it has to be something that is engaging enough that we're all involved in it.

C

So just to draw a clear demarcation here, yes, there's the interface component, which is the way that we interface with.

D

Each other, which isn't the important part.

C

Right.

D

And then there's the shared world part. For example, video game players right now play these video games in these really poorly drawn worlds. And they have very bad avatars and they have really bad Connections. They don't even have cameras on each other, but they all wear mics on their face and they talk. And I'm not a gamer, but I've talked to gamers and what they do is they end up talking about the game, the strategy of how they're going to go shoot people, but then they go off and talk about everything else in life and they are like traditional teenagers hanging out.

C

Yeah, that's 100% correct.

D

And that is the one bright spot in what we were just discussing. This is the place where they're using something, and it's not called social media, it's called gaming. But they're using something that is a different kind of hanging out together because they had something compelling enough, a shared world that was compelling enough to draw them in. And honestly, that shared world is really primitive. There's not a lot of information, there's not a lot you can do. And it's not very good graphics. And yet that's enough to tie them to each other. And while they're playing, they are not texting to friends. Outside of that clique, you have that small group of kids that are actually talking to each other. I keep saying kids, they're adult gamers. Absolutely.

C

So to be clear though, what you're really saying, the opportunity is that you can do in the future, that you hope for, in a future where we can distribute this out to the network. It's so that you can do this spontaneously, securely and amongst yourselves. You don't need to rely on anyone else. That's the key here, right?

D

This is the key. So why do ledgers enable this? It allows us to do it securely. Nobody is spying on us. It allows us to do it for free. It allows us to do it spontaneously, anytime we want. It will help when we're all walking around wearing sunglasses that are also AR VR goggles, which is coming not as fast as I'd like, but five years from now, maybe. But all those things will help. But the real thing that you need is the shared world itself. And that's the ledger. You've got to have the ledger. It's got to not have a server because servers require money, money requires. Or advertising, which requires spying. There's a lot of problems with the server. You got to have this shared world, it's got to be compelling, it's got to be something you have control over. You have to have. Now we talk about shared gaming. There's this thing called griefing. So we said that. That social media undermines socialness. Well, the problem in many forms of gaming is griefing undermines the gaming. Well, how would you stop that? Well, if you had a set of rules that are enforced that prevent people from hurting other people in certain ways that actually start to reflect the property rights and rules of the real world, that actually starts to help you from. For those who don't know, griefing is vandalizing other people's things in, like Minecraft, where you're building something. And that means that we need a set of rules. Minecraft is inherently set up so that one kid is the dictator. I think he can actually make other kids be dictators as well. But any dictator can destroy anything in the universe. That's not a good shared world. That is not the right way to build a shared world. The right way to build a shared world is everyone's equal.

C

This is very fascinating, Leeman. We could have done an entire conversation just on this. And I want to rephrase what you're saying to see if I'm getting it correctly and also to really communicate to the audience. Yeah, we live autonomously to some degree or another. And there have been transformations of the individual in society over centuries, particularly in the West. The east and Eastern traditions have been less individual in that regard. But if we're just talking about Western societies and values, we've seen this remarkable transformation of the individual in society since the Protestant Reformation onwards. And that has created these individuals. And all of us are individuals. And if these values are important to us, particularly in the United States with the Constitution of the Bill of Rights and the right to privacy, the right to self, autonomy, liberty, these are very important values to us. And if we want to maintain them and hold them in the future, then finding a way to have control over our data and the way that we share information and how we create worlds.

A

And where the power resides in the.

C

System, because there's the experience of the technology. And that's not something that DLT is about. It's about. We're talking about VR, we're talking about data processing, analytics, everything. But then where does all that data reside?

A

Where does it get processed?

C

That's what we're talking about here with distributed ledger technology. And that is so essential and important for freedom and autonomy and privacy and security, all those things. Yes.

D

So let's talk about this. Do ledgers allow us to have strong privacy, strong autonomy, controlling your own destiny? Is this a possibility? Yes. So here's what you do. You have things like sovereign identity. I would like to be able to go through life and be able to Convince people that I have the authority to do certain things. I took an Uber here and I paid with my credit card. I had to convince the Uber driver that I have a valid, ready credit card. But of course, there's an intermediary that had to know everything about me, including my credit card number, in order to do that. So I gave up some privacy and actually even some control. Right? There's more people now that have my credit card number that could actually be spending illegally. I'm trusting them not to, but they have control of my life. But in exchange, I got a ride here. Hey, I like that. I am the world's biggest fan of Uber, but I'm an even bigger fan of disintermediation. So I think that what we need to do is be able to have control of your own things, but then to be able to selectively release things. So I would like to be able to give you the information that I need to do various things. If I need to prove to you that I'm over 21, I want to be able to prove to you that I'm over 21 without showing you my driver's license with my address and my full name and everything else about me. I want to control just what I give you. And ledgers are critical to that. Wait, why would ledgers be critical to that? Why can't I just have a digital form of my driver's license that was signed by the DMV that I have on my phone? And when I go to you and I want to prove that I'm over 21, I somehow do a zero knowledge proof or something. Why can't I just do that? Why do I need a ledger? Do you know why I need a ledger? I need a ledger for revocation. If I want to prove to you that I have a valid driver's license, then I have to somehow prove to you that the DMV didn't just revoke it 10 minutes ago or yesterday. The only way to do that is with a shared ledger that gives us shared information or a shared server that we all trust. But if we don't want to have to trust one server, then we need ledgers. So ledgers enable revocation services which enable sovereign identity, which allows me to take control of the information in my life and control who has it. Similar thing for medical records, I would like to be able to have medical records that easily can go from doctor to doctor when I switch doctors. I want to be able to have everybody has it, but I want to have complete control myself. Over who has what. And I want to be able to control all those things, and I want to be able to have information out there about if I'm in an accident, you can access these things. Ledgers can be storing information like that. When you get it. If I get an accident, what do I want? My. What do I want to have happen? So we can have ledgers involved in that. We can have ledgers involved in privacy in the sense that if we're using shared worlds and all my data is stored in this ledger, then only people in the ledger have it, and it has protections on being changed and being sent out to other people in various ways. By the way, you asked earlier, why would you ever want permissioned ledgers? Why not just use public ledgers? Yeah, because permissioned ledgers help me keep my data where I want it to be. When I want it to go out, I can send it out. When I want it to not go out, I can make it not go out. And when I want to delete it, I can at least guarantee that the. The software running the ledger deleted it. I can never prove that someone didn't make a copy, but I can at least prove that.

C

This is interesting. Another way to think about this is that you're empowering the nodes of the network. If we're the nodes of this emergent network that is coming into being. Leemon, I really enjoyed talking to you. It was great having you here in person. I hope we can do this again as the future progresses and as Hashgraph continues to move forward. In particular, if you have some major successes, it would be great to have you here and sort of discuss those.

D

That'd be great. I've really enjoyed it and I'd be happy to come back again. Thank you very much.

C

Thank you for being on Hidden Forces.

D

Thank you.

A

And that's it for today, everyone. Today's episode was produced by me and edited by Stylianos Nicolaou. Sound engineering was Ignacio Lecumberi. For more episodes, you can check out our website at hiddenforcespod. Com, join the conversation through Facebook, Twitter and Instagram @HiddenForcesPod, or send me an email at dk@hiddenforcespod.com. thanks for listening. We'll see you next week.