- Home >
- Resources >
- SecureTalk >
- From Cryptography to Web 3 powered by Blockchain with David Holtzman
From Cryptography to Web 3 powered by Blockchain with David Holtzman
The state of networked computing systems today relies heavily on a networking architecture designed and implemented by people like David Hotlzman, our guest on Secure Talk. But what if our current “world wide web” was just the progenitor of an n-dimension “internet stack”? Does Web 3 offer the opportunity to evolve a seemingly monolithic internet?
In this episode of SecureTalk, host Justin Beals interviews David Holtzman, the brains behind the global domain name registration system and a former NSA analyst. They delve into the history and evolution of the DNS, discussing how it transformed from a single 'host.txt' file to a robust global system impacting millions of domain names. David shares his thoughts on decentralization, the potential of blockchain technology, and the future of cybersecurity in the wake of quantum computing. They also touch on the implications of AI, the cyclical nature of tech fads, and the importance of innovative yet secure solutions in today's rapidly evolving cyber environment. This episode is a must-listen for cybersecurity experts interested in the complex interplay between technology, governance, and security.
View full transcript
Secure Talk - David Holtzman
Justin Beals: Hello, everyone, and welcome back to Secure Talk. I'm your host, Justin Beals, and I'm very excited to have you with us today. We have an exceptional guest, certainly someone, that has been impactful in my computer science career, and I feel really privileged to get a chance to chat with him today. I'm going to introduce today, David Holtzman.
David is the designer of the Global Domain Name Registration System, and he also managed the domain name system from 1997 to 2001. He began his career as a former military code breaker and an NSA analyst, and David served as IBM's chief scientist to their internet information group. He's the author of the book “Privacy Lost”, and he is currently consulting on various blockchain solutions.
David, it's a treat to have you on the podcast today. Thank you for joining us.
David Holtzman: Oh, sure. It's great to be here.
Justin Beals: Excellent. Well, I think that when I was getting a chance to put together this podcast and doing a little research, really one of the aspects of your career that has had a significant impact in my life is the work on the Domain Name System. And I think it was impactful to your career and many of the projects you're working on today. I'm very curious about that story. And how did the project arise for you? How did you ever get engaged in it?
David Holtzman: Well, actually, there's a lot of stories, but I'll give you the history. So, the history of the DNS. It going before that is the DNS was originally a single file called the host txt file, and there were so few domains in the world that if they needed one, they would just call the guy running it, and he would just add the name at the bottom of the list. So that worked, I don't know, almost 20 years. It went to a company called SRI in Menlo Park.
There was a guy named Doug Engelbart, who was also sort of the father of the windowing system and mice and other things, and he ran it. Then, at some point, I think, 1992, 1993, the U. S. government, which, of course, completely owned the Internet up until that point, decided they wanted a couple of companies to run aspects of it. So, they bid for this thing called the PIP, the cooperative agreement, three companies, one, three pieces, General Atomics, IBM, and Network Solutions.
Network Solutions was a small 8A firm in Herndon, Virginia. And the contract, there wasn't a lot of money here because again, not a lot of domain names, right? So it was cost plus. So, around 95 or so, the government asked Network Solutions to start charging for domain names because they were tired of subsidizing them.
They did. People got really pissed off. And the right around then, Andreessen and Mosaic and all these things. Just came together at the same time, and the internet started to really, really take off. Commercially, not just for academics but for business people. Network Solutions had about 60, 70 employees. They had, I don't know, 6, 7 tech people, something like that. So, they, they went out and they hired people. They hired a guy who was the CEO of Cable and Wireless North America to be the CEO. And they hired me to be what turned into the CTO job. So this was 96, 97. By the end of the year, we were up to a million domain names.
But by the time I left four years later, it was 10 million. And I think it's about 360 million right now. One of the interesting things about domain names is what it represent because, initially, it was. Each domain name was like a whole university or, or a whole lab, like Los Alamos was one domain name, IBM was one domain name, and it just represented, it was sort of the, the street guide to the, the network, and then it started becoming more granular, then it started becoming subgroups within the organizations, and then it started becoming offices or small groups, Clusters of people, but until 97, it wasn't 96. It wasn't actually an advertising thing. And, of course, that's what it turned into.
Justin Beals: I certainly feel like the consumer of some of these transitions. You know, when I was working on my bachelor's degree, not in technology, my degree is in theater, but I was using my old Mac SE to connect over IP addresses to the library systems and academic articles and, you know, we really didn't have a lot of domain name use, but then I graduated in 95 and started working in for British Telecom, releasing frame relay technology, like a global frame relay network. And we started selling IP addresses on the backbone that you could start attaching to domain names. And, just three years later, in 97, 98, I was working for Bell South building websites. Or specific domain names. And so we kept right along with you, David, consuming the innovations that were happening.
David Holtzman: Well, I mean, there's a couple of interesting stories here. I mean, not themes that I want to tease out. One of them is like every other great thing. This, there was so much serendipity here.
It's not even funny. There's randomness luck. So, for instance, you probably remember this, but in the early nineties, the government mandated. That no project would use TCP IP, they refused. They would turn down bids if you even suggested that you were going to use TCP IP. And in fact, when I was hired by IBM originally in the early 90s, one of my main jobs was to was to convince large companies to not use TCP IP and instead use SNA and instead of Ethernet use token ring.
That, that didn't go, it didn't go anywhere. They also, at the same time, mandated ADA as the programming language. And that also didn't go anywhere. But, uh, so the message here is the power of lots of consumers is far more important than regulatory stuff. And that'll bring me to a Web 3 discussion at some point.
Justin Beals: Yeah, it's, there's a convenience thing to it, right? As people can build technology on top of technology, you get the opportunity to express that innovation. And then, of course, we latched on to the advertising aspect of the Internet quite quickly, and people started generating presences. Yeah.
David Holtzman: Well, there are other things going on to my original degree was in philosophy, so you have to bear with me a little bit, but the, the Internet, I mean, domain names and those things became an identity token for a long time, and it had never happened before. They were just numbers, you know, because nobody could remember, you know, that bill is, you know, one 28. 5, nobody remembers that. So instead, you just remember that he's, you know, whatever, Los Alamos. org or something like that, but it was just a convenience.
But then it started becoming something else when the commercial internet picked up on it. All of a sudden it was, it was the billboard for a product and that resulted in my four years there. I had to legal, I was involved in a legal defense in 97 lawsuits. I was the, I was deposed, and there, they were stupid, stupid lawsuits looking back on this.
The word skunk works, that was bitterly litigated for years because Lockheed had a thing called skunk works, but there was a comic strip from the fifties called Little Abner, and they had a thing in there, but it was written by Andy Cap and they, had a thing called skunk works. So boom, boom goes to court.
There was also a clash between type of categories of businesses, so, up until then. Apple Music and Apple Computer lived comfortably together. Boom, they both wanted Apple. com, which just got much worse when Steve Jobs came up with the idea for an iPod. So, there are just so many of these things.
There was another one, Scrabble. There was one company that owned the rights to Scrabble in Europe. Another one owned the rights to it in North America. So, the average judge at this point in the U. S. was probably about 80, and none of them knew anything about it. About technology. I mean, anything. And I mean, they, they didn't have phones in their pocket, and most people didn't, but they couldn't even turn a computer on, and I had to explain to them some of what we're talking about here. And, they didn't want to deal with it because, by 97, the economy had boomed because of the beginning of the dot com bubble. And no judge wanted to be the one who punctured that bubble. So they never ruled against us.
Justin Beals: I always find it intriguing, in your experience and mine as well, the flexibility of a liberal arts degree in some of these highly technical spaces, like being able to tell the story, do good research, and develop architectures that have an archetype to them and communicating. I love that you parlayed that philosophy degree disability.
David Holtzman: Well, there's a story with the domain name registration system. If I can go into it for a second, I never actually wrote this about this, but so the government, when the client, the Clinton administration, came in, they were very anti-Monopoly, and it was a guy named Joel Klein at the commerce department. And that's what he did is pursue, you know, potential monopoly or possible monopolist. So they started putting pressure on us, even though we had, we had a legal opinion from a top law firm that we actually own the name. com and we had the contract, and we had everything legally, the government made us disgorge it. We went public around then. And once you become public, then you're subject to shareholders' whims. So, what the Justice Department did is, they would put out these letters of interest or whatever, and every time, saying they were investigating, and every time that happened, our stock would drop ten per cent, and then the shareholders would get on the phone.
So, we made the decision, to divest all of that. And that's where ICANN came from. So, I was in the room for all of that. And they wanted a registration system, and they asked me to design one. And there were two ideas for architectures at the time. There was what's called a fat registry and a thin registry.
So, a fat registry is where you have that's the system we have today where you have registries, and then beneath them, you have registrars; a thin registry is where you only have one. So philosophically, again, this is going to your point. I think I was immediately distrustful of a thin registry where there's only one database for everything because the country that owned that database could turn off another country or an ethnic group or anything they wanted to do. And I felt it was best to have two layers. And so, registrars live within a sovereign nation, and registry is run by an international group. I didn't tell anybody I was doing that. And I did it off the cuff.
Nobody saw any of it until it was done. And I presented it at the Department of Commerce, and they've absolutely hit the roof because that wasn't at all what they wanted because they had made a deal with the International Telecommunications Union, and this is going to cut them out of a lot of power. So, and again, this is going to lead into decentralization, but I, I think I feel very strongly that the internet has become completely weaponized now or potentially weaponized, and the more we decentralize things, the better off we all are
Justin Beals: I'm in agreement with you on the decentralization, and certainly, the early internet felt like that. Like I could build a website with what I wanted, put it out next to anyone else's website. It was not a hierarchy to IBM. com versus Justin Beals.com. You know, they were living in the same network and that was very different than. The way I saw most product produced, like music that had to go through a label, and only a certain studio could develop it, and you had to have infrastructure to get it distributed. Let's talk about this decentralization concept, because I think it's been a theme for you in reading a lot of your material and your background since the early days of DNS.
Can you help us understand how you paint a picture of the future and how important decentralization is for that?
David Holtzman: Well, I should start by pointing out, I mean, I held the highest security clearances you can have in the United States. I worked at NSA for years. I was a CTO for one presidential campaign and a chief security officer for another, and I was an officer of a public company. So I, I was part of the mythical day that always come up in this conversation. So I've been in those rooms and heard things and they did not make me feel better because there's a lot of scheming going on. And if there if there is a PowerPoint that you can, sorry, a point to apply power, somebody will eventually use it.
It's, and I think the only way to deal with that is to not have that point. And when Blockchain came around, I well, not Bitcoin so much, but ether. I was absolutely floored because I saw the potential for disruption. Good disruption, not necessarily bad disruption. The idea that number, number one, it it disintermediates a lot of lawyers.
I don't care for it anyway because so much of what lawyers do is they ratify a contract that you and your friend could have done in a bar over a handshake if you weren't afraid one of you might hire a lawyer and sue the other one years later if it went, because that's what this is about. It's like the old West having a gun or something.
It's all about higher guns. It's like insurance is the same kind of way. So when when you have decentralization systems, it doesn't happen. And then the fact that blockchains immutable means that you don't have to worry about anybody diddling with the data the way, for instance, you do look at what's happening in America in the last couple of years; there is not a single thing I have seen that's not, that's unfavorable to somebody public where they don't claim it's fake. And now they claim it's generated by AI, which is just, people don't believe anything, but if you put it, if you put it on a blockchain, You can at least be sure somebody put it on a blockchain and, and that's a pretty powerful idea.
And what if that thing on the blockchain is provenance for an invention or the first known drawing of a piece of art, you've got everything you need to establish your claim to intellectual property without necessarily going through a whole bunch of legal fees. That's a pretty powerful idea.
Justin Beals: Yeah, I think you're creating an efficiency in that there is no control for that distribution of information, a transparency of the information that it's in the ledger, the shared ledger, you know, from the different groups, um, and some traceability.
So talk to us a little bit about, you know, you were very excited about blockchain. I think that the tech industry has been through some fads over time, or at least we see investor fads happening. You continue, I think, to be very bullish about where blockchain is going. Maybe you can highlight some of the projects that you've been working on and what you're excited about.
David Holtzman: Yeah, I'll do that. I will say, though, that I've been involved in a lot of those ups and downs, like object-oriented programming and that, that kind of stuff. But usually when there's. Usually, there's a hype piece, and that's the first hump. And then all of those guys go broke really publicly. And then one guy goes to jail as the sacrificial goat for everybody else. And then the technology survives and then it goes to the next way. So that's what happened with. .com.
And that seems to be happening with crypto right now. So I was involved with a company originally called Aspire eight years ago, I guess, in Berlin. And they did the art provenance thing I was talking about, sticking it on a blockchain.
It did really well. They grew into another company and another; I was an advisor all the way through. They're now a company called Ocean, which is a pretty major token. So I got to ride that with him and watch, you know, the ICO and everything else.
I'm now with a company called Neoris and I'm their Chief Strategy Officer, and the thing I like about them is they are absolutely decentralized. The CEO and founder is a really brilliant guy. He invented a whole bunch of interesting technologies that have significant applications for the kind of sort of. stuff we're talking about in the future, and he's the company is completely 100 per cent Committed to the belief that web3 is coming whether you like it or not. So and I am, too.
Justin Beals: You know, when I was initially looking at the technology, I thought it was really interesting, you know, for me trying to boil the ocean a little bit.
I saw web3 or blockchain technology as a new style of database, essentially something to your point that had, you know, was trying to deliver on some of the asset features that we might see in a common database, but in a, in a more shared modality, right? Like we've got these shared copies of the ledger, they're negotiating a common,theme or, you know, commonality to the data that's in there. And there is some power to that, but to me, it had nothing to do with currency. It had everything to do with a transparent data, the understanding that data changes over time, and we need to understand how that data has changed, and then on top of that, you built applications. And when anyone says blockchain is crypto, I, it kind of, I'm like, no, no, no. They're completely separate things.
David Holtzman: They are. I, you know, just to wax philosophical again for just a second, please. There is a, there is a long trend in the history of technology where people that build things have no idea at all what it's going to be used for and people.
And what they do is they when they build a product. They build it to look like the thing that it's about to replace. So cars looked like carriages without the horses, you know, printers look like typewriters without the, you know, without the, whatever you call that thing, the plate. And there's a cell phones look like real phones.
And then after time. People, once they start accepting that, they recognize that technology provides a much broader set of features than the thing, the physical thing is replacing what's capable of. I believe we are not really at that point with blockchain yet. And when that happens, I mean, there's a lot of governments interested in blockchain.
I, I'm not an enormous fan of cryptocurrency. I know it's going to stick around. There's not going to be 600 of them. There's going to be like one for every country and, and a couple of generic ones, and that's going to be it. But blockchain is a whole different animal, and I don't think we've even begun to see how it's used.
Justin Beals: I agree with you. I mean, I'm just, I'm interested in tech and, you know, what can be built on top of it less than I am a finance person. I find the crypto thing and an interesting application, but, people might think I'm ridiculous, but more like a toy. That it's not a true like value add on top of what's going on. Obviously there's a perceived value there, but for me, it's, ones and zeros at the end of the day.
David Holtzman: Well, another thing, Naoris, my company's doing is we've developed a post quantum encryption that we're incorporating into everything else we're doing. So I'm sure you've had a guest at some point, talk about, you know, the coming quantum apocalypse.
Yeah. Quantum computers. They're not, I mean, they're real, they're just stupid, but there's going to come a point at some point, you know, during that exponential growth curve, when there is like a fairly significant quantum computer. And it's going to scare everybody for very, very good reasons. I mean, all the military traffic, the diplomatic traffic, the financial wires, all of that stuff is going to go down.
So cryptography is not that, that toyish at this point, it's the, it's part of the, it's the bony disks in the backbone of commerce.
Justin Beals: Yeah, how, I am curious about this concept of quantum encryption without a, a quantum computer to run the math. You know, create the encryption. Can you describe for us how, you know, a large blockchain system can build that encryption in?
David Holtzman: I am not an expert on this subject. I tend to be, I tend to the, I'm not a programmer anymore. I tend to live at the layer. I'm not even an algorithm guy at this point. I tend to live at the layer of, gee, what could we do with this thing you just built, which is kind of what you're saying. I think too. But I know, I know, I know what, what you're talking about, there is a capability, I don't think it's a particularly significant one.
The thing to worry about is the quantum computers, and we can go into that if you want, but they're almost instantaneous in breaking a large encrypted thing. There are algorithms to get around, there's Shure's algorithm and there's some others. We have one, and there's other ones being built, and they're going to have to get put everywhere,, because it also, I hate to say this, because it shoots down everything else I've said, but it also potentially threatens blockchains.
Justin Beals: Well, any, you know, any look, I'm going to use the tool that I know the best, but any common TLS style encryption or SHA hashing methodology is, I think what we feel like is that the CPU power on a quantum computer.
Potentially could crack those quite quickly, just because they're efficient at running through the potential mathematical computation computations to unlock it. And so all the encryption that we have is. You know, at risk, I guess is what we're concerned about.
David Holtzman: Right. But the way you're saying it, it sounds like it's linear. It is not linear. If you look at the curve, you know, any decryption algorithm is, you know, linearly optimal as you invent new strategies, this is like, geometric. So it's it is an entire different function of capability. It's not faster because it's better. It's faster because it's different and a different thing works.
So as a, you know, as an example, I don't know about you, but I was, you know, Just absolutely shocked when chat GPT came out. I mean, I, I knew large language models were around. I kind of thought they were a joke and I thought what, what you were going to get with something that would read the New York times to you every morning with some bad accident or something, but it wasn't. But it wasn't like that at all. I mean, I'm sure you've played with it like everybody else. I mean, you can go in there and I just did this. I'm going to Mexico city on vacation. I said, here's the kind of stuff I want to do. Give me a seven day itinerary. And it actually did with restaurants and it had time to rest. That's pretty impressive.
And that, but from a consumer viewpoint, that's what two years. Yeah. I mean, technology has been under development a long time. But it, the technology adoption tends to be discontinuous and exponential. But when we write history books, we write it as if it's smooth, linear curve. Like first we did this and then we did this and then we did this.And it's not like that at all.
Justin Beals: No, I think historically, even in our own minds, we look for causality about how we got here and we want to find the patterns, whether to guard against repeating or to find an opportunity to repeat. I will say that for me, I worked in natural language processing for quite a while because one of my areas of expertise was in enterprise education technology.
And so we were always quite interested in how do you grade an essay or, you know, can we assess a student more granularly from a lexicon perspective, their ability and grasping of language. So I think I saw the opportunity and we certainly were playing with things like. You could write a phrase or you could write a sentence, but you couldn't piece together a concept for a long time until some of the LLMs came out.
And I said, okay, that is an iteration forward. I'm seeing that. And, and that's really effective. And certainly I've used it a fair bit, but now after using it. I am starting to tell where on the internet it figured out how to mash those two articles together. And I'm constantly reminded that it's doing a prediction of what it thinks the next phrase, word, or sentence should be to create a cohesive conversation. And optimized in that way.
David Holtzman: Right. But that's not dissimilar to how Google searches things or the way it did. So, I was involved with a ton, like most of the big search companies back in the. com bubble. I was on the board of the advisory board of all the Vista and Excite and Lycos and all of the, all these guys, cause I was fascinated with it and everyone, they were all did what's called Boolean, Boolean searching, right? . So, I mean, it was very complicated. Mathematical concepts and it would take like forever to search something. And then Google and some other companies came around. It was a different approach. It was so much faster than all of those search companies other than Yahoo died. And they were never really a search company, and they should have died a long time ago anyway.
So it's kind of that sort of thing. And I, I see LLMs like that. It's, it's a game changer. And I think blockchain's like that, but I don't think blockchain is hacking technology. I think blockchain is the first technology that is hacking governance. And I think that's a whole different, thing here.
The, the, the suits, you know, not to be an us them thing, because I'm a suit too, but some of the time, but the suits generally don't understand this stuff. And they have always felt like technology is something that happens down in the, in the cheap seats of the arena. It doesn't affect them. It does now. And they're not, and they're not prepared for it.
Justin Beals: I'm going to complain along with you, you know, things like a programming language, like when it was called Oak and then Java object oriented programming was a lever for me to deliver, you know, on a vision or a product that we wanted to have in the marketplace.
Technology was it wasn't was fundamental to creating any opportunity. It wasn't just a business application, and certainly I criticize all the time, especially as the Silicon Valley methodology of saying, Hey, we're going to create a company. We're going to throw a bunch of engineers at it, and I need thousands of engineers to go and solve this problem.
As opposed to saying, we need a really creative engineering team that can be small, but mighty in their outcome. And, and build that, that vision on top of more like the piano doesn't play music, but they're writing the sheet music and getting the piano to pull forward what's exceptional.
David Holtzman: There's, there's a book that you probably read.I loved it a long time ago. It was called “The Mythical Man Month”. Oh, yes. It was by Fred Brooks, who is the project manager for the IBM 360 project, going back to the very, very early days of computing. And, and he made a very cogent argument that more than seven people doing a large software project is wasteful.
And he goes into why. And I've seen that a lot. A lot of very big companies have started from very small groups of people that work together. Everybody, you know, you have one guy who makes tools and one guy who does the systems integration, you know, and they just kind of click. Now you have to have a graphic person or maybe a semantic web person or both.You don't, I don't, I think thousands of people is absolutely counterproductive unless you're marketing things.
Justin Beals: Absolutely. It gets in the way that the communication toll on keeping everyone synchronized ,costs more than the engineering talent in a small team. And also now they're boxed in. You know, I'll, I'll use your phrase: The suits are like, no, I wanted to do this. And so they don't, they don't get that freedom to kind of innovate a great product or a great convenience for users.
David Holtzman: Well, now to, to draw a simile to mesh computing. So the advantage and strength of a mesh, which is what Naoris is, is that the more nodes you add, the stronger it gets, not the weaker it gets. Conventional things apply to like the people thing you were talking about. How it kind of chokes of its own weight from the communication. And if you, instead of choking on communication, think about it as security breaches, or security holes, and it makes its point. But, mesh type architectures tend to get stronger and stronger and stronger the more nodes you add. So.
Justin Beals: Yeah. Well, we see that, so I did want to ask you about mesh architectures. I think it's a concept you've been leading. Would you consider, like, consider the Onion Routing Network a style of mesh architecture, for example?
David Holtzman: I used to. The problem was, I think, I think Snowden revealed some of this is that the government took over one or two of the nodes in, in that originally, and it's like everybody's passing stuff around and obfuscating it, except one guy's taking a picture of it, you know, before it goes on. And it kind of exposed the problem when you have a bad actor in that kind of an architecture, it, it can be disturbing, whereas the stuff we're doing and other companies are doing bad actors, the whole technology is, you know, it's the Byzantine general problem.The whole idea is to find the bad actor, blow the whistle on them and get them out of the circle.
Justin Beals: And so, Naoris is using a mesh style architecture on top of Web3. How, how do you think about that particular implementation? What are you guarding against like bad actors? Are there other vulnerabilities that you're protecting against?
David Holtzman: We don't even know. I mean, to be honest, I mean, we've tested for a lot of things. There are people using it. Uh, there's been a lot of interest in the products, mostly governments and large companies and, and small governments too, which is something I didn't expect, but I'm small parts of the U S government, but big parts of small countries because they number one they want the quantum proof. That's really important to them. And the second is they like another approach to cyber security that doesn't require them hiring. You know thousands of people. I mean, I noticed you had just had Bruce Schneier on here recently.
Yeah, and you've had a number. He's he's really great. And there's a lot of other cyber security people, you know cyber security I mean the way he does it that's real but an awful lot of people out there who call themselves cyber security people are kind of not. I mean, they're, they've learned, they've got a Microsoft certification or something, and they're really good at a certain kind of thing, but if it's something they haven't seen before, they're probably not going to catch it. And that's why I think you need to automate it. And I guess my last point on this subject is, I, the future, since you brought up the future, I think the future of, of the cyber security is lightning fast attacks. In parries from AI devices, because this stuff is going to go way too fast for a human being to pull out a keyboard and do one of those hacker things, it's not going to happen.It's going to, it's all going to be automated and it's going to evolve like right then and there it'll mutate. You'll see mutated attacks. I think that's like now or soon now.
Justin Beals: Yeah. You know, to your point, it's, uh, cybersecurity or security in general has been a burgeoning field of employers, you know, we actually, one of the, one of the other episodes we have is talking about how many people have built careers in the security space over the last 20 years, especially with such network information.
I don't consider myself a cyber security expert. I was a CTO. I like building product. You know, you certainly think about the data that you're putting into a system and how, uh, we're storing that data and what gets shared with it. When you think about security issues as a career security person, one of the things I'm curious about, are there aspects that you think are gone?Like privacy? Are you like, yeah, it's. It's evaporated. We shouldn't even consider it anymore. Is it some, do you still hold on to a vision for what that could be?
David Holtzman: Well, there's a famous quote by Scott McNeely. He was the CEO son who said, privacy is dead. Get over it. And this was like 30 years ago. My conclusion in my book, which was written 13, 14 years ago, was that privacy has to be redefined. So the way, I guess we're probably almost in the same generation. I mean, if you go back to when we were all in school, baby boomers and Gen X, privacy was binary. Yeah. Like if somebody knew your birthday and you didn't want them to know it, it's kind of privacy busting. They knew your social security number. It was horrible.
That stuff's out. It's out. And it's out because no matter how many, no matter how many times people write articles about how 97 percent of security breaches are caused by social engineering, As far as I can tell, almost all major security breaches happen because of big data problems with companies like Experian and the Social Security Administration and OPM and Verizon and AT& T.
I mean, we're talking tens or hundreds of millions of people affected with each one of those incidents. So I think it's safe to say. That any information that's factual like that is gone. But the thing I want to protect is inferential stuff. I where, where I get really upset is when governments or corporations use really bad expert systems to anticipate what you're going to do or have done and take actions on you accordingly.
So I would argue the first big thing like that I ever saw was the don't fly list right after 9/11. Yeah. Nobody is, they never published the rules for that thing. And my brother's mother in law is from a South American country. And she used to live in the U S and she has a very common name and she's like 85 or 90 or something. And she got put on that list and she's never been able to come back to the United States. And there's other people like that. The another thing like that is people credit scoring. Most people think credit scores happen with the three credit bureaus. They don't. They happen through inferential processes by causing for your FICO score.
So, you know, you have, uh, fast Isaac's company. So then you have to ask, well, What's in my FICO score? Nobody's going to tell you. So that's the future. The future is a bunch of algorithms that nobody is going to explain to you. They're going to be held like trade secrets. And government doesn't seem to have the experience right now to regulate them if it ever does. That's the privacy I'm afraid of.
Justin Beals: I'm certainly frustrated by the kind of algorithmic reality. I think we saw this with Cambridge Analytica and social media networks, for example. Where it's, I mean, look, our realities are based upon the data we receive. I think it's hard for us to imagine our own humanity in that way.
What we think of as reality is really an amalgamation of the data we're receiving. And if we're spending a lot of time on our phones and social media networks, and that's algorithmically presented by someone that is an actor, you know, whether it's a corporation or, you know, a small group that wants to optimize for certain behaviors from us, then, they've adjusted our re I mean, it's very dystopian when you think about it. But some days I feel like we're here on some level. It's not, not in the future.
David Holtzman: Yeah, well, I agree with that. I, this is, this is absolutely real. And it's, I think, I think companies, marketers are, are shy about. Showing the power of the data they have because it will scare the shit out of everybody.
So when it, whenever they start getting a little bit too knowledgeable and revealing it, people complain to their Congress person. I mean, like Amazon. So I don't know about you. I buy everything on Amazon. I know what the downside of that is. It's so convenient. I don't care if I need a tube of toothpaste, I don't go to the store. I go to Amazon. It's at my door by two o'clock in the afternoon. It doesn't cost me anything for that. Why wouldn't I do that? So I was one of the first Amazon customers. So they've got decades. of consumer data on me. They, you know, they know the prescription drugs I use. They know, you know, if all of a sudden I start using cold sore drugs or herpes drugs, they may be able to make a hypothetical, they may be able to make an inference about me that maybe I don't want them making.
That's the problem. And I don't know how to get around it. I really, I really don't. I, I think consumers have to be very, very aggressive with their data, and I think one of the things we need is I think we need privacy busting tools. This is a little crypto anarchy here, but I think we need privacy busting tools that probably ought to be illegal and will be someday,for consumers to use against people trying to get their data. So there isn't much of that right now.
Justin Beals: I mean, certainly as you know, as I think about] wanting to participate in the digital community, like I have since someone gave me a dial up modem a long, long time ago, I think to your point of decentralization, I've walked away from, you know, social media environments like a Facebook or an Instagram, or at least things like the Fediverse, where I feel like I can pick and choose who I want to have a relationship with on some level. I know that data still gets shared and anyone can scrape a website at the end of the day. But maybe I'm, it's a self perception that there's some choice there that I was able to make.
David Holtzman: But what happens when it's one thing to have a company or the government find out something about you that you'd rather not be revealed, and that was the conventional privacy definition. But the thing I'm talking about is when they make an inference about you that may not actually be correct. And you have the consequence of that anyway. There have been many people that have been falsely accused of child molestation or pedophilia based upon a link on a computer or something. I mean, I'm sure a lot of them are, but they can't all be that way. And I mean, that's the end of, that's probably the end of your personal and professional life.
I mean, if you get tarred with something like that, or if you get, uh, hit with something else that makes you look like a security threat to the United States, It can really give you a bad life.
Justin Beals: And to your point, there's no way to review that data, analyze the veracity of it, and, and perhaps remove something that was inappropriately applied.
You know, I was reading on the, the website for, Naoris a little bit about the concept of trust too. And I think one of the concepts on the platform is that. You'll, you'll be able over web3, over Naoris, be able to look at the security activities of an organization in real time. That seems to be part of the feature set that you guys are looking at.
David Holtzman: Yeah, the resolvers come from outside your own network. So they're less likely to have been compromised. So when you have resolvers that are kind of, you know, like, you know, you use Neoris, I use Neoris, somebody else does. You know, we resolve for each other's networks, our nodes do, which makes the, the idea of co-opting it a lot more difficult.
Justin Beals: Yeah, because we've Both decentralized the storage of the information, but at the same time kind of created a shared source of truth between all of us
David Holtzman: Yeah, and we've done it in a completely decentralized fashion the process that's been that's gone on Is completely transparent like most blockchain based things, you know that the ledger is there You can go back and review it if there's any doubt. And that's a pretty powerful thing.
Justin Beals: David, uh, as, um, I got one more question for you as we're wrapping up here. We talked a little bit about the fad cycle, you know. Crypto coin was very exciting for a little while and web3 in general is a technology to software investors. And I think that's a lot of time what drives this bad ism because they want to hype the value of the thing that they're investing in as much as possible.
And now we've seen, of course, AI, large language models, generative AI. Broadly being the fad that investors want to hype a fair bit. How do you think about the future? Let's, let's look a little farther ahead, maybe the next three to five years about these cycles and web three, where, where's our critical applications coming from perhaps for web3 to bring it back into something that people are interested in investing in the future around?
David Holtzman: That's a really interesting question. I'm I'm not heavily tied into the venture community anymore. I was, when I ran startups and, and I had to go out to Saniel road and try to beg for money, you know, but thankfully I don't need to do that anymore.
I don't see a lot of funded web3 things, and I am helping Naoris. We're not having any problems raising money. So for us, it's more strategic because if we take the wrong money, we won't grow. So that's where we don't need it. So we're a lot more thoughtful about it. I like the fact that web3 is not a fad yet. It's like, I don't know if you've ever, you know, you found a suitcase or a phone cover or a pair of tennis shoes, trainers, something that nobody else has yet, but it's really hip, really cool. And you can kind of glory in that. Until everybody else. I was like that with all birds, when all bird shoes came out, I wanted a very early pair and everybody said, what is that shoe? And I said, Oh, it's really comfortable and it's under a hundred bucks. And then everybody had it and it wasn't quite so cool anymore.
I think web3is like that. Yeah. I think, I think web three is like all birds right now. And at some point it's going to get overhyped like cybersecurity. I mean, I'm, I do something for an or a volunteer work for an organization I belong to and part of my job is vetting people's CVs that claim to be cyber security experts. So I read hundreds of these things and I would say I wouldn't hire 90 percent of them.
Justin Beals: Yeah. Well, David, it's been such a treat to get to meet you. I feel like I have certainly known the products and the technologies that you've built over the years. In a way, some of what you've put together has given me a career.
So I'm, I'm deeply grateful for that to, to build on top of. But I also think that it's something I've loved about probably the, the more anarchy focused technologists, those of us that loved open source loved the decentralization, the leveling of the playing field for bringing creative ideas into a marketplace to see how they would work.
So thank you so much for joining SecureTalk today. I'm excited to continue to see how Naoris grows. And I'm very excited for the applications in blockchain technology, but I keep looking for that one that isn't a hype cycle, but a real fundamental solution. Yeah.
David Holtzman:I understand.
Justin Beals: Yeah. Well, have a great day and thank you so much for joining us, David.
David Holtzman: Thank you. It's a pleasure.
About our guest
David Holtzman is the designer of the global Domain Name Registration system. He also managed the Domain Name System from 1997 to 2001. He began his career as a former military codebreaker and NSA analyst, David served as IBM's Chief Scientist to their Internet Information Group. He is the author of the book “Privacy Lost”. He is currently consulting on various blockchain solutions.
Justin Beals is a serial entrepreneur with expertise in AI, cybersecurity, and governance who is passionate about making arcane cybersecurity standards plain and simple to achieve. He founded Strike Graph in 2020 to eliminate confusion surrounding cybersecurity audit and certification processes by offering an innovative, right-sized solution at a fraction of the time and cost of traditional methods.
Now, as Strike Graph CEO, Justin drives strategic innovation within the company. Based in Seattle, he previously served as the CTO of NextStep and Koru, which won the 2018 Most Impactful Startup award from Wharton People Analytics.
Justin is a board member for the Ada Developers Academy, VALID8 Financial, and Edify Software Consulting. He is the creator of the patented Training, Tracking & Placement System and the author of “Aligning curriculum and evidencing learning effectiveness using semantic mapping of learning assets,” which was published in the International Journal of Emerging Technologies in Learning (iJet). Justin earned a BA from Fort Lewis College.
Other recent episodes
Keep up to date with Strike Graph.
The security landscape is ever changing. Sign up for our newsletter to make sure you stay abreast of the latest regulations and requirements.