A (2:24)

Yes.

B (2:25)

Oh yeah, definitely. Looking forward to it. Well, let's dig into to your stuff, you know, your, you know, everything Rachel just said you have such a broad background here. I'm, I'm really looking forward to this discussion. If you could start out like, maybe tell us like what, what have you seen in the evolution of, of all of this technology and telecom policy since you've been involved for so long, how have things evolved? What are the current challenges?

C (2:55)

So now that everything's AI, I actually bought a new set of golf clubs and they kept said on the top of them they were AI enabled. I had no idea how that worked. But you know, everybody's in on it including Callaway. So I like it to me is a little bit of a redoubt A lot of us who've been in the space for a long time. I was advent of the Internet 2001. I stepped in and was trying. I understood the Internet commerce clause because of a previous job very well. And so I was hired by a lovely company VeriSign that runs.com and.net, and at the time still had.org and trying to explain to regulators, legislators how this Internet thing was going to work across then just the state borders which were actually having that state issue again with AI and then eventually to international waters and spent a tremendous amount of time with the Internet Governance Society. Internet Governance Forum was created during all this. I've been to over 50 Internet communications on assigning these numbers known as ICANN meetings that were early in on this. So a lot of this for me is having just an adjacent discussion to discussions I've had in the past. I was just invited to go to the House of Representatives in Arizona and they said would I come in and talk about AI and elections? And I said sure, yeah, you know, sent some draft testimony in and then they came back with a question and said can you just explain how we need to protect everyone in Arizona against artificial intelligence? Is one of the. You know, I was like well that's a broader topic, but why not? I'll try tackling that for you. So I have that to look forward to on November 14th. So it's. It's really just like, you know, we've. I love technology and I'm a huge advocate of saying that you need to regulate towards an outcome, not the tech because you as soon as you put something hard in the tech. We were just talking about the challenges of the government making a decision like you have to use a certain platform for something. And a lot of times those are arbitrary decisions. Somebody has made a decision, they had no idea how long that was going to stay in place. And now we're all loopholing around it and it's similar. Where are we in the stage of AI? We're dealing with people that are fear mongering which is really unnecessary because most of it has not actually been applied. There's so many cool things that it's doing. I do see the challenge when I think about, like, you mentioned your daughters in school and like, how do you teach them the discipline of having ethics around AI? You should use it as a tool. Everyone should be using AI to the extent they're using it as a tool. It is not a replacement for a lot of the things that we're doing, but it's understanding the different iterations of the technology that's being used and the tools that are being handed to you. So we have a lot of really interesting nuanced policy discussions ahead of us.

A (5:35)

We're at an interesting time. You mentioned AI, you mentioned regulation. I was reading an article on the AI website and it was talking.

C (5:43)

There's an AI website?

A (5:48)

Yeah, no. Aei.org sorry, AI.org is.

C (5:51)

Thank you. I was like, there's a secret AI website. Damn.

A (5:54)

It was. And you know, the author was talking about, you know, in the global leaderboard of technology, 20 of the 25 world's most valuable companies are in the US and then Europe has one entry and then it.

C (6:07)

I wrote that blog. There you go.

A (6:09)

Yeah, exactly. And it cites a quote from a German bank. Right. This, like, you know, Europe is a global pioneer in regulating AI. Meanwhile, other regions are world leaders in the development and profitable application of AI, which is really interesting. So how do you balance innovation, regulation and maintaining digital trust? Like, how does that come about?

C (6:34)

Yeah, Rachel, that's a really good question. As somebody who spent a lot of time reading regulatory stuff. The Draggy report, which I think came out now two years ago, is Mario Draghi was this economist, did a lot of work in Italy and he came out with a report that said we need to change our banking system in Europe to help us have a better chance of being in the technology space. That isn't a native immediate thought for a lot of people. What does banking have to do with tech innovation? His point is they are still working in a very old school way of financing where our VC capital, a lot of the things that really came out of Silicon Valley, which have been emulated in many other areas are a real, you know, let's. We're willing to take risk. We're willing to see the end goal of where you're going with this. And you know, it's the 1 out of 10 hit. But they have, they're in a financial situation where that one can be the unicorn and they can absorb the cost of the others that may not come along as quickly. The European system's not designed for that. And I know that seems like a weird answer sometimes to people who are like, what does that have to do with technology? It means that they're not able to fund some of these amazing ideas that they might have in Europe. But what they end up doing is they come to the United States and that's good for us, but that's not good for this idea of wanting this balance, especially as we're having all these trade conversations right now and wanting to have a. We call it kind of the ally stack. You know, there's this idea of having, you know, an American first network operation stack. But we know that we really need to broaden that to bring in others. And when people think of Europe, we know about, you know, asml, that is, you know, the lithograph that we have to at that, the lithography machines that are making the designs that make the chips. And you know, they have a lovely agreement that that was going to be the one place to do it, which is starting to unravel. People think of Nokia, but not for the reasons that they used to. They think they still make phones, they don't. And so you're like, where, okay, SAP software, you know, like, where am I bringing Europe into the loop? And it's not that I want to not have European partners. I realize, you know, the digital sovereignty is really big right now. People want to feel like they have some homegrown stake in the. But we need to help them build that homegrown stake. It's just not there in a lot of cases.

A (8:51)

Just a side note, John knows that I love these tangential questions too when it comes to regulation as well. I guess coming back to the United States, one of the interesting things, the state by state approach versus the federal regulation approach. How do you see a way forward there as well? I mean it's.

C (9:14)

I would say things are not that different in the digital world than they are in the analog world. So if there's already a law in place and it's about consumer rights or consumer harms, that law applies.

A (9:24)

Right?

C (9:25)

We don't need brand new laws for artificial intelligence. And most of the things that I look at when you unbraid them, you're like, that's already illegal. And that's true of so many things you say. I don't need a second law that says because this was come across on my mobile device, that it can just apply to my mobile. No, if it's wrong, it's wrong. My colleague over at R Street, Adam Theor, writes about this and is really my go to person, he spends a tremendous amount of time on it and it's just reinforcing. Like we have very good solid laws. And let's look at where the delta is. Where are we concerned that there's going to be things that might come through the loop? Because the old analogy written, the language that was written during analog times may not feel like it ports into a digital environment and a digital economy. So let's address that. And that can be also, as you know, there's no real rule of order anymore around here, I feel like, but that you used to do that in different types of language that would be more amenable and move forward. So it didn't have to be hardened in stone. And everybody in the legal area is trying to go back and put their imprint onto something that really wasn't designed for a digital era. So looking at things again is helpful. But I think we also need to really recognize that a lot of these things that are consumer driven are already on the books and we should honor that.

B (10:42)

So, I mean, that makes a lot of sense. I mean, you know, a lot of these things are very core and well understood. But you know what, what things make these challenges like so persistent overall are these technical or policy issues that are, that are kind of continuing to make it an issue?

C (10:59)

Well, there's a couple things. One thing is the Internet itself made things work very fast. And then we put a bunch of devices in people's hands and made it work faster. And because, you know, we still are having Moore's Law, things keep working better and faster. And I always say that just makes the human existence even more a mirror into what we look at as, you know, let's take social media, for example. I deal with a lot of the challenges right now where we have a lot of people wanting to do very specific things on child online safety. There are so many tools that I wrote. I mean, I just got tired of people telling me, well, they should do this, they should do that. I go, they did. And this goes to this conversation we were having before we were recording. It's the toggle button. There's a toggle in there somewhere that says move this. I don't want to see that. Block this now. It takes a little educating yourself sometimes. So I wrote a report which I plan on doing a new one in January. I'll do an update of all the different ways that you can use parental guidance or something if you are concerned about something you do not want to see or you don't want to be Available to. And it doesn't necessarily always say it has to be underage. It's just like, I just don't want to see this. Now we're seeing a lot of the states want to do things that are very direct to being age appropriate. The problem there is you have to gather more information to know less information. And as we know about data, once you gather it, you, you've got it. And you can say that I'm going to disaggregate it and it's going to dissolve itself. And I hope that the honorable organizations that say that do that. But most of them don't. And most third party aggregators sell all that information. So we're really picking, you know, and what a honey pot, right, that you're designed for all these. You know, the challenge ultimately with children's data is it's really clean. And so it gets onto the dark web and they're able to use it to, you know, create credit card profiles. You know, you find out when you apply for college that you have a home loan. You know, when did I get a home loan?

A (12:49)

Exactly.

C (12:50)

Because all this information gets used. I mean, I run across it. I didn't. Last week I was looking up something in DC on my residence and it had eight working email addresses for me with a percentage of how well they worked. And two of them absolutely were not mine. They were something that somebody had made up and they had a 40% operating fee. It would work. And I was like, this isn't a DC public thing. I just looked up on the Internet. So you get in this real kind of imbalance of like, well, you know, I believe in data privacy. I don't. Privacy is a challenge for me. I think privacy is a feeling and it's hard to regulate privacy. The thought of it, data protection, I am all for. So I get all these people getting angry about information, especially the AI and how fast it's going to come along. I'm like, let's just stop for a second. What did I just look up in a public, you know, area in a D.C. all I had to do was ask the question and it showed up. That has nothing to do with artificial intelligence. That has to do with, you know, what information should be available when. And then I have to go back because I'm old enough. I'm like, there was the white pages, right? You know, we used to, they used to just drop them on your front doorstep. And we haven't really corrected our whole thought process about what information should be available, when and where. And which is why I ultimately land on the fact that we're really ready for a national data protection privacy bill. I think we needed to figure out Europe right now is really been dragging us to the directions of which they find interesting, but they're also very, they're not very even in how they apply it. And then we have California on the other side, which is doing a similar situation where it's becoming our de facto data protection bill. So it's really time to really think all these things through.

A (14:30)

I agree. I don't know, John, the last time you googled yourself, but just for grindsies from time to time and I was kind of astounded. I mean, it's my name, my phone number, my date of birth, my address, my age. And I'm like, wait a minute, y'.

C (14:46)

All.

A (14:49)

I don't want this information out there. And why is it free and publicly available? I mean, that was what was astounding to me because I never put my actual birth date when I register for anything. I mean, does anybody really.

C (15:02)

Well, now we have the challenge of that information being available every time you have to fill out a form or something. I mean, I've had to deal with, I'm dealing with a lot of my mom's banking situations with my parents get older and how easy it is to get access to things is you're like, where is there not a barrier to this? But then a person brought me to a second thing is I'm. I can't put Two factor authentication on her phone. She'll never be able to figure that out. So now I'm trying to figure out how do I, how do I manage that from my end, but not, not take away her dignity in, you know, managing that. So I, you know, and I can't get a parallel phone because they're worried about me being a scammer, you know. So I've got to figure. I'm still figuring all that stuff out. But then it brings you to. Then I was thinking about Two Factor authentication and Advent now that we're hearing about, you know, all these agentic AI uses and I'm like, well, what's going to happen when all the agents. I want to plan a trip to Scotland over let's, I don't know, New Year's, let's say. And I'm going to give all these agents this information and it's supposed to be my password and my, you know, what am I going to do about the two factor auth. I don't, I really don't know. I mean like, am I going to have to just disable it while these agents do this? And then I'm going to have a group of agents according to the like, you know, OpenAI on ChatGPT, you know, they're going to use bookings.com and a bunch of people that say I use them as the, you know, the platform on this do. Is it just the lowest common denominator of what all those agents do? I mean, I'm very curious. I mean part of me is I'm very permissive and I'll run, you know, not walk to figure this stuff out. But at the same time I think it's going to, we need to think this through not only from the technical perspective but all those other layers of the data protection and privacy. Sure. That we have consumers in mind when we do that.

A (16:38)

Is that the trade off though? Shane? I mean ultimately it's, you know, hey, we want life to be easy so let's just let them have everything, all our information, they have it anyway. I mean it's, you know, I think of like, you know, generations that have grown up with social media and their whole life is out there. I mean just everything like where they live and their dog's name and all of these things and it's. Is it too late to pull things back? I guess is what I'm asking.

C (17:04)

Shane they have a totally different attitude about it when they go out at night. You know, I have lots of cute 30 something friends that I chat with all the time and they all just put themselves on their find my on Friday night so they can find each other at bars. And I'm like, if you thought that through and do you make sure you turn that off at a certain point? And they don't seem to, that doesn't matter to them. But there's other things they'll be like really hardened on that they think is like some idiot move. And when I think through it, I'm trying to explain them like there's a 1978 regulation that says, you know, like just stop. So yeah, there's, there is a bit of that, you know, where they are very permissive on giving out their information. And we have to think about that as we're building these rules because they're going to be like, sure and we have to make sure that that isn't just again another like honeypot of like all kinds of data they can scrape up and somebody's doing bad things with your information.

A (17:54)

Absolutely.

B (17:57)

So I want to talk about another attribute of this, you know you kind of brought it up a little bit in our pre chat on encryption. So like I remember the old days when the whole clipper chip thing was, was the, the event of the day. You know, what, what are your opinions now for what level of encryption should be mandatory? Or, and, and what's your opinion on, on you know, government backdoors in encryption strategies?

C (18:25)

The idea of a government backdoor is insane once you build a backdoor for anything. And I know England really, the UK wanted this and was, you know, trying to do this through this dark order with Apple that they couldn't make public until somebody else made it public and it got out. There's no such thing as a backdoor. Just for one thing, once it's there, all the bad guys are just going to hammer on it until they can open it. So that just alone is just an idiotic idea. But luckily we are not seeing it being replicated. I was mentioning that this lovely gentleman, Jeff Green, who used to be at CISA was the one who was saying during the, I think it was salt typhoon that what do you do when all of your information, you just found out this was really directly to government officials who were finding out that all this information had been scraped by using a government mandated portal that the carriers had. And China just hyped up all this information about them and they're like, what do we do? And they're like encryption. You need to encrypt your data because even if they have it at that point, at least right now, you can't actually see what those messages are. And almost all of our messenger services have that. So the idea that the UK was trying to do is say, well, just take that off in the uk it doesn't work that way. And a lot of times the one reason why people were using certain ones like Signal, Apple messenger was one they were going after. But Signal is really big because of that. Both WhatsApp and I know WhatsApp is encrypted and I believe that Facebook messenger as well as is encrypted. They're trying to, I was just talking to them, how are they going to manage that with their AI? And they're really making sure that encryption continues to be a priority because they just want people to feel safe when they're using this information. I imagine 99% of the stuff that people say in messages is really not that relevant to other people. But there are times when it is a matter of safety or security or just that information was meant to be private and not shared. So we need to really think about that. So I have very strong feelings about encryption, John.

B (20:26)

So do I. I think we're on the same page here.

A (20:28)

That's right.

C (20:28)

Good.

A (20:29)

Encryption is your friend. That's right. I think that's what you said. Encryption is your. And I hate to do this, everyone, but we're going to pause today's discussion right here and pick back up next week. Thanks for joining us this week. And as always, don't forget to smash that subscription button. And we'll see you next week. Until next time, stay safe. Thanks for joining us on the to the Point Cybersecurity Podcast, brought to you by forcepoint. For more information and show notes from today's episode, please visit forcepoint.com podcast and don't forget to subscribe and leave a review on Apple Podcasts or your favorite listening platform.