The Interview Show

00:00 Adam Curry, John C. Devorah. It's Sunday, July 28, 2013. Time for your Gitmo Nation Media Assassination Episode 534. This is no agenda. And we are coming to you live almost kind of not really on tape because it is the week that we're off but we're bringing you fresh content from somewhere in Europe I'm Adam Curry and from Northern Silicon Valley where I'm on digital tape I'm John C. Dvorak That's right everybody it is Sunday and I'm your half host Adam and I'm your half host John And today is a second of our two shows that we're doing this summer so we can take a little bit of time off although it turns out it's actually It's all our work It's more work than it's worth. We should work to do it this way Yeah, so we have two interviews coming up for you the one that will start off with

00:56 is an interview i did uh... and during the just before the release of daniel suarez's book kill decision it's all about drones uh... and uh... we also touch briefly on his previous work which is uh... demon and freedom tm and uh... i hope you enjoy it and after that we have john's interview with uh... by some uh... intelligence guy what was it again john john dixon is a security expert in also former air force intelligence and so he has some thoughts about the nsa and some of the stuff that goes down interesting interview to say the least uh... good good chat with him alright we kick it off first with my interview uh... originally done that just for the release of the book uh... kill decision it with uh... it's daniel suarez i think probably the most feared man in the military industrial complex will be talking to him here's his book is latest is killed decision daniel suarez joins us from california dad and i can play dan yeah absolutely thanks for having me well no and thank you very much for a not only a sending me this book but for writing it

01:56 I've got to tell you, I'm an aviator. I've been flying airplanes and helicopters. I've taken a great interest, of course, in unmanned aerial vehicles. And once again, very much like your previous books that I've read, Demon and Freedom TM, you've nailed it. You've nailed all the technical aspects, but also, to me, almost not science fiction. It's like, this sounds like it's pretty much – when did you write the book? When was it completed? I was completed, oh, I don't know, six, seven months ago, something like that. So fairly recently. And it probably took me about, I don't know, 13, 12 months to write. Most of that, of course, is research.

02:38 Really, I do this just over the horizon type thing. So, you know when you say really not science fiction, definitely so. I've combined things that if they don't already exist, they will very soon. So let's talk about the story. First of all, a female protagonist, which was a departure at least from Demon of Freedom. It really breaks down the possibility and perhaps the likelihood of unmanned aerial vehicles, i.e. drones, making decisions on their own and the implications of that and what could happen. Now, it's always difficult with a book like this, which has some cool twists and turns and some things that pop up that I thought were very unexpected, and then some wildly outrageous things when it comes to big tankers and all kinds of

03:27 Yes, nutty stuff going on at oil tankers or troop carriers. I can't even tell you i i i i i'm afraid of spoiling parts you wouldn't want to be known so maybe you can synopsize this measure for the other figure that might have been a few days you through the mind but i think that's not reveal anything any spoilers but it is essentially uh... about a situation where the united states has itself come under attack targeted back by autonomous drones origin unknown and it really examines a situation where drones have proliferated to the extent

04:04 They are all over the world and it becomes very difficult to determine who is attacking you. And so a very superior military power, suddenly you get into this power imbalance where there's this nonstop sort of low intensity warfare going on. And I do think this is headed towards us because again, if you can't figure out who's attacking you, it doesn't matter how powerful you are. And that's really the situation the story examines and it's one that I think is coming very soon because you know you look at because of the global economy high-tech manufacturing occurs all over the world now and Those designs because of cyber espionage and cyber war a lot of CAD designs and other top-secret designs are also disappearing off Western networks to the far corners of the world so the combination of those things that very cheap and

04:58 sort of ubiquitous processing power and manufacturing of high-tech all around the world combined with designs that support that type of thing is going to really create a very fractured high-tech military ecosystem. And that's what the story examines, is that high concept of the United States is under attack by drones and we don't know who's sending them. What I really like as kind of a sub-story is the entire, and I watch C-SPAN all the time. I think you can't write that shit, it's so funny sometimes. But we've had a lot of Department of Homeland Security, Department of Defense, a lot of budget conversations in the past six months.

05:40 and in the book itself, a lot of this is about the funding and what is going to instigate funding for more drones and indeed these autonomous drones. Now, I know a little bit about your background. I know you're basically at heart a software engineer, a developer. Some would call that consultant for, you've done a lot for Fortune 1000 companies, but also for Defense, I believe. So when you put something like that in there, is that based on your own experience? Is it just what you think it might be or how it'll work, or are you just dreaming it up?

06:21 Yeah, a little of all of those things. You know, just to be clear, you know, I worked in IT in designing big data systems for companies. So, companies that had, let's say, wanted to do pre-production planning of vast networks of factories and things like that. So, really complex stuff. Did some defense work as well. especially why to carry mediation things like that by the big scam yet well you know it's funny if you take a look at a lot of this stuff i had uh... i had friends and relatives who are like hoarding cigarettes because they were convinced that was going to be the new currency and i have a lot of the problem i'm gonna get a party i don't know what you guys are doing but anyway i digress but uh... basically by i definitely don't take anything top secret see there was a one of the things that people ask me is like how do you do research for this

07:10 Again, because this technology, you look at what is being able to be done with everything from DIY drones to just consumer tech that you can buy. What I typically do with my stories is I'll combine those things and then I'll sort of divine what I think is just around the corner based on what I would do. given these possibilities, the better budget, and also rumors of prototypes that are out there. So that's basically how I assemble what the tech is going to be, the disruptive tech in one of my tech thrillers. And as far as government and private industry and the intersection of international corporate malfeasance and otherwise, those things, I think there's a great record for that already.

07:54 As a tech writer, you stir those all into a pot and you can pretty much come up with a really, first of all, thrilling, lots of action and other things like that. So that's generally how I construct these stories. Now you said something very important. This is indeed a thriller. I mean, these books that you write are thrillers. And it's kind of funny how when I first read Demon and its successor, Freedom TM, You know, the Google glasses had not been announced yet. They were probably already in development. But that was also only a couple years separation and now here it is. And when I was reading Kill Decision,

08:34 The technical aspects were so good. Even in the first, maybe page 30, there's mention of Gorgon Stare, which I don't think anyone knows about. I mean, it's a hot... But that's why I put it there. It's important to me that people know that these things are really accelerating and that they are occurring, really. It's not even like they're secret. It's just that they don't get really very much media attention. It's one of the driving reasons I write these is these are Fast moving, sort of nuanced, complex things that are happening that are changing society with this technology evolving. And I want people to understand it. So I try to write these thrillers and I write them as thrillers so that you're really entertained and intrigued as you go along. But you're also learning basically what all this tech is and how it might change society. That's really one of my goals.

09:20 Top priorities make it entertaining and exciting, but then of course what interests me is the payload that comes along with it. So do you worry about this stuff? Do you worry about the possible future of autonomous drones to such an extent that you say, okay, I have to write this book, it's important that people understand this. I'm packaging it in a thriller, in soft science fiction. but i really need to get that this is why i have my introduction said you know perhaps the most feared man in the military does not have a complex you could also be the year uh... that your promoter of it you could easily be a show for them i don't know uh... i doubt it but uh... but but there's been really sending a message and it to me and arrive loud and clear well i'm glad that and uh... i will say this uh... most feared man in the industrial com military industrial complex i'd i'd tend to think not i'd

10:11 I've, my encounter with military people has been that there's a split. There's a lot of people in the military who have similar concerns to society at large and they sort of get it. I, you know, if I have a theme it's this, that I'm against unaccountable concentrations of power and I don't care whether it's corporate, military, religious, the Girl Scouts, I don't care who it is. And this is one of those brewing unaccountable concentrations of power that I see. The idea of autonomous weapons, I mean it used to be that if you wanted to have a war you had to get buy-in from other human beings to do it. You could still have secret wars but it took a hell of a lot of work. And in the case of Iran-Contra and stuff, things get out because people either get caught or they talk or...

10:56 But if you get into a situation where you don't need people to conduct war, and this is, this could have a corrosive effect on the foundation of democracy is really how I look at it. The idea of being able to automate war, and again, insect intelligence drones really are a done deal. They're working on rat intelligence drones now. The idea of swarming, all of these things. There's something when I was speaking intelligence here comes my cat. Oh No, that's right a swarm of cats my god run for your life Hey Lucy, what's up? Wait? So anyway, uh, hey, what are you doing? I'm talking

11:31 So if she's on camera, I know better than to try to stop her. It wouldn't be the first time a cat has appeared on the show, trust me. This happens all the time. Well, let's face it, 40% of the video online is cats. It's cats, exactly. That's why the internet was built. The cat is sitting there thinking, hey, that's my gig, what are you doing? Get out of the way, human. But in the book that you just mentioned, there is, and I'm trying to think, was it a call back to Roman times? There is a whole passage about how once you can remove the humans from the equation, then you've really got a great war machine. What was that piece again? I can't remember off the top of my head. It was basically the idea of

12:15 Harkening back to the Middle Ages that With the Knights and the sword yeah, would you mind telling us that because that was a piece absolutely? And and it's interesting you bring that up because that was really a pivotal Aspect of the book for me so good for you. Well. I have to admit. I read it. You know horrible things I do here I would do the same It helps to illuminate your reading of the... But basically it is this, that if we take a look at the structure, the distribution of political power in a society, and boy I'm going to sound really wonky. No, no, no, I love this. You're right on my vibe, man, totally. It is this, that if we go back to the Middle Ages and look at the social structure and how power was very much concentrated at the top, there was no middle class and you had all this vast underclass of people who were just subsisting.

13:04 And then you take a look at how conflict was resolved in that society. What you see is that the mounted armored knight was almost invulnerable to pretty much any number of peasants. who had a different and much you know almost no meat in their diet and a different muscular musculature but they also knights had armor and this armor was so expensive that it would cost the equivalent of what a house does now. You had war horses, you had constant training, so it cost a great deal of money to keep a mounted knight available to fight for you and so you had this structure where very few knights could exist but where they were they basically had absolute power and that went straight up through the you know the medieval social hierarchy the way your barons and Dukes and then Kings and so it's a very very narrow period the pyramid at the top and this changes when gunpowder comes into effect

13:55 When you no longer have to have somebody train for six, seven, eight years and have a privileged background and upbringing as a pageant and all that stuff in order to resolve conflicts. You just need to give a guy a gun, maybe a few hours, a day or two of training, and suddenly anybody who has this tube could kill a mounted knight in armor. And that shifts everything. Suddenly over time, successive decades, it's How many people you bring to the battlefield determines who wins, not who you bring. And so suddenly leaders need buy-in from people at large. They need people to cooperate. Like I need all you guys out here with a gun aiming at those guys with a gun. And if I don't do it, they'll do it. We need you to be all that you can be. Yeah. Well, yeah. In an early form, I think it was on a tapestry in those days. Yeah. You can be.

14:46 But no, it was basically this, that if you look at the size of battles from the Battle of Crecy and Augustine Court on to the Battle of the Somme in World War I, you can see battles, Waterloo, they progressively got larger and larger and larger and more people. And logistics started to become a big issue and nationalism rises at around this time. And it's interesting that the concept of real nations as opposed to individual kingdoms and regions starts to come into play. And then parliaments and representative democracy. Basically because leaders could not ignore their people anymore. If they ignored the mass of people, they would get killed. So they had to cede some power. And so in some ways, it is technology and it's weapon technology that made that possible.

15:28 So what we're doing now, what we're seeing is a shift again towards centralization of power because to some extent... I don't want to say a special forces warrior because it's not just them, but the idea of an elite warrior who has access to a data network, to air support, to all of these things and autonomous drones can pretty much defeat any number of people opposing them in a regular manner. So again, we've gone back to almost this mounted knife where if you have access to all of those resources, numbers don't matter. And in many ways it's re-centralizing authority and power. And if we think that the way human beings resolve conflicts,

16:10 Shape society and I do that that's what makes that a big concern to me And it's something that I don't think a lot of people are thinking or talking about It's in particular why I wrote this book on autonomous drones a lot of people think well It's about drones like the Reaper and the predator. No, it isn't those are obsolete platforms right now They're not even making the predator anymore and the idea of remotely controlling a drone to me That's really a limited use thing. I know that sounds funny, but we're using them against largely tribal cultures. If you try to use a remotely piloted drone against a more sophisticated adversary, they'll jam your radio signal. They'll cut it off. We saw what happened with the RQ-170 Sentinel over Iran. I mean, they essentially

16:53 Disconnected us from our drone and and hijacked it and that's the problem with having a drone that is remotely controlled And that's why there's a lot of pressure to push that decision-making onto the drone itself and so this is really what I'm Dramatizing in this book. These that very accelerated push to make the machines make more decisions. I So you of course are not the only smart guy who has figured this out, particularly if you look at the history. And so it does seem that this is indeed, this has got to be a big push, but not just perhaps for drones, although drones make a lot of sense. It's quite easy to operate, but for all types of autonomous warfare robots. Yeah, and cyber war as well. So bots that will go off and do software bots that will go off. You know, the cyber war thing.

17:39 I'm continuously amazed when I hear the generals talk about this. The guy who was a major general in Afghanistan in 2010, he had a whole bunch of cyber warfare going on. But when you hear how uninformed they speak about the technology. They really, these guys, they must have the guys at the bottom knowing what they're doing, but the generals, you know, they really don't understand what the hell they're talking about. They really don't. Quite a few of them don't, but there are those that do. Take my word for it, there are some that get it, and whether they admit that in media or not, there are some that do.

18:21 Intelligence agencies especially do. As a matter of fact, I did an interview with Michael Hayden for an article that I eventually wound up not finishing but it was, I can't remember where it was, it was at a conference. But in that article, or in that interview, he was essentially saying that when Nations around the world were solicited by a magazine or a newspaper on who they were most afraid of on the internet. The United States was listed as number one. Because we have a really robust cyber war and cyber espionage campaign. as has recently come to light and as we've recently admitted. So, you know, a lot of people in the United States especially think of China. And of course, we're, the geopolitical contest has definitely begun there, but the United States is very active in this area. So, it's all of a sudden... What's your feeling about all that? Are you pacifist or, I mean, where do you stand?

19:16 I would definitely say I'm not a pacifist. I'm a realist. I understand that when it comes to nations, geopolitics and the great game that happens and that power is always sought by those who have a will to power and the best way to avoid real trouble is to try to distribute power among a reasonable number of people. And I think our founding fathers had this principle, the idea of checks and balances. And it's really that's what I look at. I don't think in the main we're ever going to make things perfect or even close to it, but that's the best you can do. I think if you have branches of government and individuals who share power, that's best. It's when we start to see this lockstep collusion or secrecy that allows conflicts to occur in secrecy without anybody having

19:59 any knowledge of it, or even the right to know. That's when I think things get dangerous. So am I a pacifist? No. If we were attacked, I'd want us to strike back. But I'm not convinced that's what we're doing now. I am also somewhat concerned that what we're doing now is self-defeating. I mean, I touch upon this a bit in the book through the biologist character, the idea that cooperating organisms succeed better than those that are constantly in Darwinian conflict. This has a lot to do with Alfred Russell's concepts about evolution and natural selection, that many, many organisms don't just kill each other, they cooperate in a symbiotic way with each other, and they thrive for that reason. Except for humans.

20:42 Well, you know, we do cooperate. We do. We kill each other too. We do. But again, it's not all or nothing. It's not a binary equation. But yeah, I'll tell you, we've gotten really good at that. And I do think there is a more mainstream movement to try to get more sustainable, to make things more local and comprehensible. And so I'm an optimist. I'm definitely, you know, I'm not a pacifist. I'm not a hawk. I'm kind of right about in the middle. Like I understand that people are this way, that we're kind of like shaved apes in a way. We're trying to shake off this, you know, we're only recently of the capability technologically to really do serious harm to the entire planet. And we're trying to get our heads wrapped around that. And so I think if more people have their hand on the tiller, we're less likely to go definitively in a bad direction.

21:32 We'll kind of ambulate around for a while, but hopefully we'll work it out. So the real futures view in the book, which you can at this point probably call science fiction, but yeah, for how long, is the fact that when you have autonomy coming into the picture, particularly with the drones, it's no longer which country is the biggest badass, but which company is the biggest badass. Which individual. Or individual. All you need is money, and once you have the money, then you can basically, You could create a war, win it, and no one would know who the hell you are, and you could have anything go the way you want it to go. To me, that was the message. Like, oh wow, we've been just looking at, we have a president who apparently loves to use drones, loves to view the tapes.

22:15 Now we have countries all over the world and on a local level we have in the United States of course police forces and all this will be opened up in 2015. But that's nothing compared to someone who has a big pile of cash with an agenda. They can just get in the game whenever they want. And especially if they either have no history of respect for human rights Or they just definitively do not care. Because at that point it's completely optional. If people were upset about what you're doing and you don't care. Again, it really in some ways empowers authoritarianism. And that's what concerned me. So again, I'm optimistic in the sense that I sort of look at what I do in terms of writing thrillers as looking out for icebergs. Because I like technology. As a matter of fact, I love it. I made my whole career on it.

23:06 It's just that, you know, you want to keep an eye ahead and say, oh, let's turn a little to the right. Let's turn a little to the left. That doesn't mean abandon all, you know, technology. It means just try to think ahead. We've done this in the past. We've invented technologies that caused us problems. And we have tried to deal with them. Nuclear, biological, chemical weapons, they were going to be world killers. Pardon me. They were going to wipe out the human race, but we created international treaties and as imperfect as they are, we're still here. I mean, these are weapons that by all rights really should have wiped us out if we were

23:43 crazy. So I think in Maine we're sort of like a bell curve. Most people just want to get through their day, raise their kids, and that's what's going to save us is the fact that most of us have our heads screwed on at least semi straight. And as long as we can start to build things and get through our day, we'll be fine. It's when you allow just a few people to completely upset everything, and that's why you want to try to avoid these concentrations of power and and lethal autonomy as it's called, the idea of robots making killing decisions, that is definitely one of these centralizing things that I don't think a democracy should ever allow. I don't think we should ever allow machines to make a decision to kill people. Now let me parse that. I don't mean we would never send a machine specifically like a targeted munition to do something. That's different than sending a machine into this area to terrorize it.

24:34 Or to try to maintain order and decide who lives and who dies. That's a very different thing. And you will see that, I think, in authoritarian nations sooner than later or in conflict zones or in narco-trafficking zones. Basically where people are grasping for power and have some money. You're going to see them first. Well, I think, personally I believe that there's going to be an even bigger call for really ace pilots because we're going to have to be up there defending because at a certain point I think a human is still for a long time going to be better than some machine that has performance limitations perhaps.

25:11 Or mental limitations. Oh, now we're getting into brass tacks though, because this is great, because now I'm talking to a pilot. Somebody who... And so, not to be a just devil's advocate, but the thing that concerns me there is what do you as a pilot do against a swarm? where the individual members of that swarm don't give a damn whether they survive or not. Right, well, so of course we already had this kind of, you know, if you look at the Japanese Zeros we had, you know, and suicide bombers, you know, in general that of course is a problem. But I mean, in my head I'm seeing, you know, Independence Day, I'm seeing Star Wars, I'm seeing there's just all this crap coming at you and you just got to spray and pray.

25:49 as many evasive maneuvers as possible. But just from a cost perspective, there's going to be maneuverability issues that just won't... You're not going to be able to pull 20 Gs? No, well, no, I don't think so. Not that pilots are great at that, but it's... Let's just hope it doesn't get to that. I'm available though. Put me in the machine, I'm available. I will say this though, the thing that I think we need to be doing is developing a legal framework. Extend the rules. And a moral framework. And a moral, ethical framework. You're absolutely right. And I always say that it's because what would inspire leaders, international leaders to do this is they are liable to be the prime targets of

26:38 By the way, we've got a drone with your name on it. Right, right. I want to get back to the book for a second because besides the topic etc, your characters are beautifully developed. I think this is the first time you've had a female protagonist. Great job. Well, I had Phillips in Demon. She was one of many protagonists. Right, right. You know, I took some lumps from people who thought I was a misogynist which confused me because I'm absolutely not. Yeah, I know. I thought, well, okay. Well, I like that she had the relationship with her dad, if I can remember correctly. She was quite a talented intelligent. I mean, she was the most brilliant person there was. Of course. Yes. Whatever. But I did like the idea of having

27:22 Someone who had more of a you know well, let's put it this way less of the he-man attitude in it I really wanted that to soften the edge of the story yet throughout the whole thing She's sexy. I mean, I'm just feeling her being really really sexy good And you even put a sex scene in for me, which is my favorite part of any book like yeah, finally we get something done Really? But your writing really is outstanding and I've always been a big fan of writers in other professions, lawyers, we've had several on the show who turned out to be excellent writers of fiction.

27:59 So, you of course know how to write code, which a lot of people think is just some kind of thing you go to school, you learn it and it's like, oh, and here's how it works. No. You can write code just as poorly as a crappy book. You can write yourself into corners. You can approach the problem from many, many directions, none of them necessarily right or wrong. So, when you started writing, Did you approach it from a software perspective? Were there any analogies in that? I'd just love to know your process. So so then we're going back to demon which is a book I wrote between 2002 and 2004 I actually wrote that book as a result of some software I've written hot. So yes, the answer is very much elaborate on this software. Yeah. Sure I'm gonna geek out now nice. I'll establish my geek cred I wrote a software so, you know at the time

28:55 It was after the Y2K remediation thing and the dot-com boom had started easing up. Now, I never really got involved in that. I was always a data guy. But nonetheless, my business slowed down a little at the time and I started thinking, you know, I want to take a little time and do something that would be interesting to me. I wanted to create some software, some custom software. And I was a gamer for a while, you know, everything from video games, D&D and stuff like that. I'd always wanted to automate this weather system that I'd created for my games. So this is a role-playing game, Weather System. But of course I wouldn't just do a simple weather system. I have to do one that has an orbital mechanics module in it and all this stuff. So you could say, hey, you tell me what the size of your world is, what its orbital eccentricity is, its access to...

29:42 And I'll tell you when the sun or suns rise and set wherever you are every day of the year where you know I just went to town on this thing was like the most if you go out on the web you could see people talking about I think it's been bit torrented to it's called weather master right so I write this program and I I get further elaborate with that. I put a polymorphic encryption wrapper around it so that you can try it for 30 days and at that point it re-encrypts itself so you can buy it online. This is like, again, around the year 2000, something like that. And what happened was I got pulled into a project and a couple months later I come back.

30:19 Turned out this thing is selling like 38 countries around the world people are trying and buying it and there's like this money there in this account that I had set up. And I had it set up to pay for the website for some advertising so it's sort of like this automated thing. And I started thinking, wow, if I get hit by a bus, this thing would just keep going. And then I started thinking, wow, what else can you do if you're dead in modern society? And it turns out you can do like 70% of the stuff you normally do every day. Which of course is exactly the core nucleus of the book. That's fantastic. So you could see, so it came from Safra in a very literal way. I was like, wow. And that was really the core of the book, as you said, that you have a designer of a massively parallel online game who creates a program

31:04 He keeps an eye out for the appearance of his own obituary online at which point all sorts of things start taking, start to execute and start to tear the fabric of society apart. So yeah, that's where that came from. And in terms of the plotting and design of a thriller, I guess I do follow a software model only because I try, well, I guess if you write code long enough in a corporate environment, at least one where you have really good quality teams, there's some pressure to make lean, maintainable code. And to some extent, I like to think that carries over into my writing. I try not to...

31:43 have lots of extraneous details. I try to have what I need there and to propel the story forward. And what I'm told is that my stories do propel people forward, so I don't know. I feel I might have succeeded at that. We'll see. But I do follow some of the skills that I picked up in writing clean code, I think, help. Help in that regard and certainly in terms of structure structure is very important to me in a story in terms of pacing Different threads so yeah, I guess my stories are multi-threaded you go multi-threaded. Yeah, so yeah, I would say yes What's your what's your IDE for writing your books? That's right Yeah, what I emacs I this is plug-in no it's a That would have been like you to blow me away if that were true No, I don't

32:32 I'll tell you though if you wrote one if you wrote a plug-in for emacs it would sell like crazy It would be so ridiculous because it's like it's like front-end to notepad essentially But it highlights your colors of your character of course of course there you go look for every right eye anyway I don't even get me started. Yeah, you see I got you thinking didn't I just wasted six months of my time? But you're just a word guy or how'd you do it? I actually have an English literature degree. I don't have a computer science degree so I got involved in computers in the early 90s. 90, 91 something like that. Back in the day when you could do things in a corporation because people didn't take data and the internet especially seriously at all. And so if you started connecting sites and moving data around

33:22 In the unofficial way, but you got things done. You just got more authority and more access and more promotions. And I look at things now. I mean, sure, I later got certifications in all sorts of things. But I laugh now because I wonder since people going for IT jobs, their resumes are scanned automatically looking for keywords and certifications. I mean, I have really great experience building huge systems, but I wonder if I would have been able to easily get my start today. Because again, on paper, when I was starting out, I was an English literature guy who had a real passion for tech, and I always used to mess around with paradox databases and stuff like that, and coding. And I don't know that it's as easy to just dabble around. And some of the most interesting people that I've met in tech in Silicon Valley, very successful people, don't have a straight computer science background. No, bass players.

34:13 Yeah, yeah, well, these musicians, bass players, have mathematical minds. And that type of mathematical mind really serves you in good stead in software design. So is this really your main vocation, writing? Is that what you're doing? You still consult some stuff on the side? Or, I mean, is there enough money in books today still? Can you still make a living off of it? Well, you know what? I'm very fortunate. I had two two-book deals with Dutton that were very good. And, you know, Demon, I think at this point, has been translated into 18 languages. There's a film deal with Paramount, stuff like that. So I've been

34:49 I've been doing pretty well so far. I put the brakes on film deal with Paramount back it up. What are we talking? Sure. Yeah, actually what's funny is Back up the demon again. I couldn't get demon published, but you were self-published right initially Yeah, and of course again I made it a big technology product project because you know I couldn't just self publish it and hand it over to somebody I'm like no I'm gonna typeset it and I'm gonna adjust the kerning. Yes kerning lovely. Yeah, I I did the cover in Photoshop, all that stuff. And being a logistics software guy, I didn't want any middle men between me. So of course I went right to the source, Lightning Source, which is a company that other publishing companies use. Anyway, long story short, I basically made it a technology project and then got the book out there on Amazon. This was probably 2006.

35:40 And then people in it I started reaching out to people tech bloggers and tech journalists who had read for many years and I could demonstrate a knowledge of what they've done and I just said I want to send you this book you can throw it away or use it to level a coffee table whatever you want to do but I just wanted to say thanks and actually by doing that light touch I got a probably 30% of the people writing back and say, hey, yeah, I read it, I really liked it, and they passed it on to others. And eventually it got into Microsoft and Google and all these other companies and started to take off. So the funny part of that is I got a film deal before I even got a publishing contract. Oh, really? I got a phone call from Walter Parks, of course Walter Parks co-wrote War Games. It's like a seminal film for me, one of the reasons I really was interested in tech. So it's funny when you get a phone call from somebody like that because the first thing you say is bullshit. And then finally it was made aware to me that he was actually the guy.

36:36 We started negotiating a film deal and it was at that point that I think I got into Wired Magazine and then good lord, everybody started coming out of the woodwork. I started selling thousands and thousands. I was already selling thousands of copies but I started selling many more and that's how I got the mainstream publishing contract was done. So I got a two book deal there. I wrote Demon and Freedom TM and now I've got a second two book deal. Kill Decision is the first one of that. I've got one more book I'm writing on, working on now. So I'm interested in tech though, I am. I'm interested in getting back involved. I have not consulted in a number of years, probably three or four years now. Well, four years. And I'm interested in games too.

37:19 So can you tell us what the next book will be about? Do you know what it is? I rule that I don't discuss projects I'm working on. I don't know, it's almost superstition. No, that's cool. That's totally cool. It keeps this energy. Like if you start talking about a book, you're like... I'm just, you know. Too much anticipation. So, but on the Paramount deal, I mean, has this been any form of green lights flashing anywhere? I mean, it's been a while now. Is this moving forward? Is Angelina Jolie going to be in it? I don't know. And this is what I discovered now, having gone through this whole Hollywood experience, is that

37:57 Once it goes into Hollywood's large intestine, you just sort of have to wait. Big box, right. And I'm told that there's really only a couple of authors on Earth who have any significant input. One is probably Dan Brown. Oh, God, I can't believe Harry Potter. Harry Potter. Dick DeRouge. I think I've listed all of them right there. That's too often to probably have significant input on what goes on in Hollywood. So no, I don't have any news. I don't know. Well, it would obviously be great for you, but personally, being a real lover of books, I have everything in my mind's eye and you do a great job with your writing in really painting a picture, which is really, really awesome. And I really appreciate all the time you've taken with us today. This for me has been highly anticipated because

38:51 I really, really like your writing and I hope this just does dynamite for you. And you know, it's not just a great book, but it could save the world. So, you know, people, get some consideration here for a kill... There's that. Yeah. For a kill decision. Daniel, thank you again for all your time. I really appreciate it. Oh, this was a lot of fun, Adam. Thank you. Daniel Suarez, there, an interview that I did with him a couple months ago before the release of his book, Kill Decision. And a nice guy. Nice guy. Yeah, it was a good interview too. Thank you. You don't hand out compliments easily. You had high energy. Your energy was higher back in the day. Yeah, well, I was probably high. You were all jacked up. This is long after you stopped smoking. Yeah, I know. And besides, smoking doesn't make you high, it actually makes you low.

41:14 this guy's interesting and i had a good time chatting with him uh... and uh... let's uh... let's play it all right but first i need to program everybody's brain devorah dot org slash and I'm chatting with John Dixon of the Denim Group, and I want to get right into it. First of all, welcome to No Agenda. What do you think of all these revelations about the NSA that have been coming to light? Let's start right there. Well, I wonder how long this is going to play out, first of all. The phrase or cliche that comes to mind is, the hits just keep on coming. And some of the observations that I've had are kind of

41:59 The reality that we assume that, at least for the hosted email providers, that they were probably sharing our information with at least advertisers. And maybe in the back of our heads that we thought that they were sharing with law enforcement. I think it's the confirmation of that and the the specific nature that has been probably gotten a lot of people's attention. And so that's the particulars that have probably kept this as a front page story for some time. Yeah, one of the reasons I wanted to talk to you is because since you're in a community of people who do this sort of work,

42:43 security work at the on the computer. There has to be gossip that goes around and so I'm sure that everyone has talked to each other or I'm in fact even within the company you've probably talked and you probably have some contacts outside the company that are interesting. What kind of gossip is going around about about this whole thing? What is it? What do people think is behind it? Why it even happened? Is there any intrigue you might imagine? I think in one way I'm reacting like other Americans, and another way I have a little bit more background and insight. Being a security professional, I'm also used to be an intelligence officer and dealt in this world, but I can say most of my experience predates the electronic stuff. It's more in the old, what they used to call signals intelligence. So we've got friends and colleagues that are in the security industry and also that work still in those arenas.

43:45 And I'd say there's a couple of observations. And one is, if you remember what happened after September 11th with the September 11th Commission, there was a lot of hand-wringing, a lot of, why did we miss this? And stovepipes of information. So there was a certainly a direct and indirect, I think, consensus that we don't want to miss another event. We don't want to have that happen, another September 11th event. And then how that was interpreted by the different agencies is what we're starting to see right now. What does that mean? Does that mean that we want to give up all of our information, that we want to have our travel restricted? Some of those things played out in public, some of them played out in private. And what I'm hearing is that

44:29 You know Maybe six or seven weeks ago. It's on the heels of the Boston incident that there was a lot like how do we miss this? How do we you know? Why did that happen and then now the pendulum has swung the entire way the other ways? How can we? possibly have permitted this. So I think that's an interesting one. The other thing that is fascinating, I think you pointed out a couple of things about the tech industry, is how long that the telephone companies, the legacy bell companies, the AT&Ts and Verizon, have been very comfortable and have had a long history of working with governments and law enforcement because of wiretaps or for the monitoring side.

45:12 and that the different reactions of companies that are more technology or Silicon Valley based, some pushing back, others not. I think that in the gap between their public pronouncements of privacy and their privacy guarantees and, you know, what's happening in practice. I think that puts them in an uncomfortable position now that that's out in the public domain. And the final thing is, I think you've alluded to it at least one piece, is this competitiveness nature. Okay, think of it this way. It's one thing if it's the NSA that's looking at our hosted email or the intelligence agencies that are in the US.

45:55 You can make the argument that if I've got nothing to worry about, I'm not doing anything wrong, who cares? But a lot of that hosted emails from people that are not non-US citizens, obviously. And if you were a UK company that did hosted exchange for Microsoft, not just Microsoft products, but hosted email. And if you look at the small and medium-sized business world, most of that email is starting to migrate from data centers and companies to the cloud. So that's the part that I think that if you look at hosted exchange, not just email, but like hosted exchange, a lot of companies have that. It's like, okay, what's my implication? What are my expectations of privacy?

46:38 think about the NSA thing. Think if we were British citizens and the roles were reversed, or you're a US citizen and you find out the German intelligence agency is looking at all of our email. You would view that differently, I think. Maybe, maybe not. But I think this is just a fascinating thing that's playing out in a very public way. And the other thing is, is that, you know, One end is illuminating, it's interesting, it's asking us to ask questions of ourselves and what are our expectations, but on the other end, he did give some information to the Russians and Chinese that are absolutely not going to help us. I mean, there's no way that's a good thing. What specifically do you see there that does that?

47:25 Well, first of all, I'm not in the team that's doing the damage assessment project at Fort Meade, but my suspicion is what they call sources and methods of the surveillance. So you have two things, first of all. One is the surveillance side, but he also has put out information about the attack side or the cyber security and the electronic cyber attack side. We have been very public with the Chinese about their efforts in this particular space. And my experience is, and within the security community, is that is a very, very tangible threat. It is, it is,

46:38 think about the NSA thing. Think if we were British citizens and the roles were reversed, or you're a US citizen and you find out the German intelligence agency is looking at all of our email. You would view that differently, I think. Maybe, maybe not. But I think this is just a fascinating thing that's playing out in a very public way. And the other thing is, is that, you know, One end is illuminating, it's interesting, it's asking us to ask questions of ourselves and what are our expectations, but on the other end, he did give some information to the Russians and Chinese that are absolutely not going to help us. I mean, there's no way that's a good thing. What specifically do you see there that does that?

47:25 Well, first of all, I'm not in the team that's doing the damage assessment project at Fort Meade, but my suspicion is what they call sources and methods of the surveillance. So you have two things, first of all. One is the surveillance side, but he also has put out information about the attack side or the cyber security and the electronic cyber attack side. We have been very public with the Chinese about their efforts in this particular space. And my experience is, and within the security community, is that is a very, very tangible threat. It is, it is,

48:09 When you hear the term nation state threat, you can substitute Chinese. They are actively surveilling and attacking not government entities, but also commercial entities. So that happens all the time. What this does is that the charge that the US is doing it too kind of weakens our claims, or at least our protestations that it's happening to us and we're not doing it. So that's an interesting thing, too, is that revelation has come up. We do not know as citizens what the impact has been or will be, but my suspicion is that he's handed this over to governments that are less than friendly to us. So that can't be dismissed either. Well, I've always felt that we have issues with the Chinese insofar as being

49:04 I wouldn't want to use the term hypocrites, but I know the Chinese are not happy about the fact that we call them out for their prison camps and all the rest of it, while we are the country that has the most prisoners per capita and in total. And the same thing with this. So it's like we're kind of asking for trouble if we are always accusing them of stuff that we are also doing. It seems to me that it doesn't bode well for the relationship, which really is an economic one that needs to be... it really shouldn't be too adversarial since they make almost all of our products right now. Yeah. We've done a little about that.

49:44 Yeah, we're so tied together that it's a very interesting dance between us and them right now. But I think part of their, the attractiveness of doing the cyber stuff is they can do things without it coming up to the surface level and it being attributed back to them and vice versa. So, on one level we're friends and we're conducting commerce and we're doing these things, and on the other, below the surface, we're knocking the heck out of each other in the cyber domain. So I think there's some plausible deniability there that allows them to do that. And again, this revelation is making it more of an even playing field.

50:25 Wouldn't we be better off spending our time securing these systems a little better than we've done? The classic argument, absolutely. I mean, like I as a security guy see the products and capabilities that get put, you know, thrust out there on the web or mobile apps and many times they're you know, security is considered, but most of the time not. And I'll give you two great examples of things that scare me. Number one is the smart grid, where there's this headlong rush for all the electrical providers to essentially make their legacy electrical distribution connected to the TCP IP or the internet

51:09 And that's that's one thing and number two is these health information exchanges and insurance exchanges where you have all of this private You know private Health care data that's out out there on us and those are two industries that have health care and the electrical that have been less Rigorous and their security compared to like the financial industry. So you've got these, you know, oh we need to put data on you know, on the web for this, we need to do that. I would still say that always, always features and functionality will outstrip security. And so yes, there's going to have to be some substantial bloody noses before that changes. Well, I know my doctor had to recently upgrade his, in effect, his whole office of doctors.

52:00 they upgraded their system because the government requires now that they have electronic health records and so they've had to retrofit everything and then they have a website that the patients can go to and fool around on and it's so mediocre because I've gone to the website. I mean it's so low-end crap to be honest about it that I can't imagine the security being any good at all Yeah, you might be on to something there. But depending on the size of the clinic and the doctor's background, they have something called HIPAA, and there's another one, a health care regulation called HITECH that's come out, and they're supposed to prescribe ways of doing things

52:50 But there is still, that is issue number five or six or seven in the planning consideration. There are still high profile cases where hospital systems insurers are losing customer data. And if you see something that looks clunky or kludgy like that, it probably doesn't have a sophisticated security back end either. So your intuition probably serves you well, although I can't confirm that. Yeah, well, I'm sure it's a model I've always used, which is the Gestalt model, which is if everything looks like crap and cheap and doesn't look like a professional did it, you have to assume that the whole product is that way from front to bottom. Top to bottom. I would not doubt that.

53:31 So when you see, do you actually look at Chinese attacks and does the Denim Group go out and help companies when they say, I think these guys have been looking at our stuff or something like that, a company for example? We spend most of our time in the up front part where we help companies with the security of their software or building software systems that are resilient to start with. But from time to time we get called and when we do it's usually this time on a Friday afternoon and something is weird. It depends on the target. So if you're a financial institution, you're probably going to be attacked by the Eastern European hacker gangs, because they're looking for money. They're looking to steal money and fraudsters, many of whom are in Belarus or Russia or Ukraine. It's the nation-state threats. Again, the Russians, the Chinas, the Irans of the world

54:29 who are more likely to go against infrastructure. Those are the ones that we get called in from time to time. Here's the challenge. The real good ones, and the nation state guys are really good, are exceptional at covering their tracks. Now they do make mistakes. But they're pretty darn good and pretty sophisticated. So usually what we do is we're able to find out where they originate from or kind of deduce where they come from. At that point, if you say, well, we think it's coming from Ukraine, That's kind of the end of discussion because you either have to turn it over to law enforcement because most of these companies don't have rule of law, excuse me, countries don't have the rule of law or don't have the rule of law in this area. You really have zero capacity to prosecute or to litigate. So it's like, yeah, it started off in this country. Yep, we think it came from there if you can get that far. But the logical outcome is

55:27 It's a loss and we did a project a little bit of a response maybe two years ago for a water system and a real low-level you know kind of utility and one of their wire transfer people had actually downloaded what's called a bot or a you know automated system and it scanned her hard drive found out that she was the payment processor she did all the wire transfers with the utility and they sure enough went out recreated a computer some overseas and then moved 25,000, they tried to move 50, 75,000, a bunch of other money, and they didn't catch it. The internal fraud filters of the bank that was transferring the money said, wait a second, this is fishy. And what the guys were doing is they had had a compromised shell account with another bank in Florida, so they didn't move the money from San Antonio to Belorussia, they moved it from San Antonio to Florida,

56:24 And then it was the second one that they moved it offshore. So that's one of the things that these guys are good at is covering their tracks and doing multiple hops. So we can suspect that it was a nation-state threat. Really, we're less empowered. So one of the things that's interesting, I think one of the outcomes is the FBI wants companies like ours to cooperate and say, you know what, we think that this attack happened from Russia. And there's nothing we can do as a consultant and a company based in South Texas. There's nothing we can do. So their encouragement is, hey, why don't you cooperate? At least let us know what this happens, so maybe at the international level we can prevent or warn others. I see as an outcome for this particular thing less and less cooperation, or suspicion between... Of the NSA thing. The outcome of the NSA thing is just, in general,

57:18 I mean, there is no law that compels Denim Group or General Electric or USAA or name any in San Antonio rack spaces here, any of the big companies. There's nothing that compels me to cooperate. However, there's an incentive because at a certain point we can't do anything. Well, let's at least let the law enforcement know that we had a loss here and then for insurance purposes, we might need to report it. Very few expectations to give anything back, or even resolution. That's going to be harder to do now because it just is going to be harder to do. I think people are going to be more reluctant. That's one of the weird outcomes. I don't know if you followed the debate prior to this in D.C., but it was all about information sharing.

56:24 And then it was the second one that they moved it offshore. So that's one of the things that these guys are good at is covering their tracks and doing multiple hops. So we can suspect that it was a nation-state threat. Really, we're less empowered. So one of the things that's interesting, I think one of the outcomes is the FBI wants companies like ours to cooperate and say, you know what, we think that this attack happened from Russia. And there's nothing we can do as a consultant and a company based in South Texas. There's nothing we can do. So their encouragement is, hey, why don't you cooperate? At least let us know what this happens, so maybe at the international level we can prevent or warn others. I see as an outcome for this particular thing less and less cooperation, or suspicion between... Of the NSA thing. The outcome of the NSA thing is just, in general,

57:18 I mean, there is no law that compels Denim Group or General Electric or USAA or name any in San Antonio rack spaces here, any of the big companies. There's nothing that compels me to cooperate. However, there's an incentive because at a certain point we can't do anything. Well, let's at least let the law enforcement know that we had a loss here and then for insurance purposes, we might need to report it. Very few expectations to give anything back, or even resolution. That's going to be harder to do now because it just is going to be harder to do. I think people are going to be more reluctant. That's one of the weird outcomes. I don't know if you followed the debate prior to this in D.C., but it was all about information sharing.

58:08 Can the FBI and DHS share threat information with industry and then vice versa? Because most of the critical infrastructure in the US is in the private sector, not in public sector. So we're going to see things on our end that in aggregate might be a trend that would be very important to DHS. So we'll see something in San Antonio, you'll see something in the West Coast, something up, you know, guys like us are going to see lots of little pieces or evidence that something might be going on. It is the only way that the VHS or others might see that from a cooperation standpoint, is if we cooperate through sharing, you know, there's groups that do kind of industry sharing with law enforcement. That might be a casualty of this whole process. That would actually make sense because I think, I just wrote a column that ran today

58:57 on PC Magazine that suggests the... if anyone should be annoyed about this NSA problem, it should be the Commerce Department. Yeah, I actually caught that right before and I agree and I think that's this is the second one I would add to this. So after I read your article, I thought a couple things. First of all, we don't know all the other things that are going to happen. Like we're starting to imagine what are the unintended outcomes of this? And I think that's one, the competitive issue. I mentioned it's one thing if Americans are being surveilled by the NSA in North America If you have your hosted exchange in the data center in North America and you're a German company, that's a little different angle, right? And the second thing is industry cooperation in general, security cooperation in general with law enforcement and guys like DHS on legitimate issues around critical infrastructure. Again, most of the critical infrastructure, particularly energy and pipelines and electrical distribution, are in the hands of the private sector.

59:59 DHS can't compel most of these companies to share information on vulnerabilities. So what has happened is that it's very much a one-way – well, the argument has been it's a one-way information sharing. We share with the government. They don't give anything back to us. That'll even be worse now. So I add that as issue number two from this security guy's perspective, and that is an increased distrust or potential distrust between industry and law enforcement and national agencies. And that may happen particularly in the Silicon Valley companies, I think, who have a more

1:00:43 They have more to lose. They have bigger brands to lose. I wrote this piece, and I'll have to share it with you afterwards. We're doing a fun piece for the Black Hat conference coming up in Vegas at the end of this month. I came up with a top 10 things to ask General Alexander if you bump into him at Black Hat. So he's a keynote. He's going out to the keynote, this hacker conference, which is very interesting. And one of the funny questions, it was all in jest here, but one of the questions he came up with was, ask him if NSA can collect data faster than Facebook can give it away.

1:01:24 Yeah, so you have a Facebook is a you know on one end of the spectrum doesn't have a really great reputation for privacy and all that but others have kind of staked out a bit stronger claim for that I think that this this is a Cast a doubt on some of those claims. So the funny thing is though, you know again Americans in the US US companies in a US intelligence agency, people have asked me, if you're not doing anything wrong, what do you have to worry about? It's like, okay, yeah, I get that. That's always been an argument that's really annoyed me because it doesn't really account for the real problem with the loss of privacy, which is blackmail. And in fact, I would have to, one argument is that I don't think there's a person out there that

1:02:10 has absolutely nothing to hide because if you're a human being there's probably something you've got to hide. You want your medical records out there? Do you want insurance companies jacking up your rates because they know that you have high blood pressure? I mean there's a lot of things that you don't really want in the public domain including your body measurements in fact. So that argument has never sat well with me but in fact even if you didn't have anything to hide Do you think it's okay to have a congressman, for example, that's been compromised through some blackmailing system, and they're voting against what is your best interest? Is that okay with you? So you just hit on one thing, and this is the David Petraeus scenario you just threw out, which is, you know, having a relationship with a reporter

1:03:00 FBI investigates that reporter because of perceived harassment. In the course of that investigation, they find out that she's having an affair with David Petraeus. Well, the problem was it was David Petraeus. If she was having an affair with you or I, which wouldn't happen, Who cares? But it's with the director of the Central Intelligence Agency, and it's the issue of leverage. So that instance was one where I see more of those type of things happening, where they trip across this and they find something else. And here's the other thing I would throw out there, is that don't anticipate bureaucracy's ability to make mistakes on data. You know, think of the TSA, you know, watch lists and travel issues and getting Arabic names right. Right, or the fact that Ted Kennedy couldn't get on a plane once. So that is when you have, I think,

1:03:56 This is an important point. I think our ability to collect data has always outstripped our ability to analyze it and put it to work. Always, always, always, always. If you want to draw on another analogy, you look at the US Air Force and the military's ability to collect full motion video with drones out in Afghanistan. They have apparently years worth of video that they've never been able to analyze. their ability to collect it outstrips their ability to analyze it. I think that'll be the case here. The interest in it, and the other one that I like to reference is the Mumbai attacks by the Lashkar-e-Taiba Mujahideen guys in Pakistan. If you've ever seen that HBO video, the documentary Terror in Mumbai,

1:03:00 FBI investigates that reporter because of perceived harassment. In the course of that investigation, they find out that she's having an affair with David Petraeus. Well, the problem was it was David Petraeus. If she was having an affair with you or I, which wouldn't happen, Who cares? But it's with the director of the Central Intelligence Agency, and it's the issue of leverage. So that instance was one where I see more of those type of things happening, where they trip across this and they find something else. And here's the other thing I would throw out there, is that don't anticipate bureaucracy's ability to make mistakes on data. You know, think of the TSA, you know, watch lists and travel issues and getting Arabic names right. Right, or the fact that Ted Kennedy couldn't get on a plane once. So that is when you have, I think,

1:03:56 This is an important point. I think our ability to collect data has always outstripped our ability to analyze it and put it to work. Always, always, always, always. If you want to draw on another analogy, you look at the US Air Force and the military's ability to collect full motion video with drones out in Afghanistan. They have apparently years worth of video that they've never been able to analyze. their ability to collect it outstrips their ability to analyze it. I think that'll be the case here. The interest in it, and the other one that I like to reference is the Mumbai attacks by the Lashkar-e-Taiba Mujahideen guys in Pakistan. If you've ever seen that HBO video, the documentary Terror in Mumbai,

1:04:44 The Indian intelligence actually had the entire operation attack recorded. They had seeded prepaid cell phones in a bunch of marketplaces in Pakistan, hoping that the Mujahideen would get these things, and in fact they did. What happened was they used them, these prepaid and seeded phones, as the means of communication for that attack in Mumbai. Guess what happened? The Indian intelligence didn't figure it out until after the attack. They weren't able to put two and two together and correlate that information until after the attack. So the other side of this is, that's what the intelligence guys are worried about. They're worried about not having access to the data or catching it in time. It's great to find the guys after they've done something, Boston, Mumbai, September 11th. It's another thing

1:05:35 So that's the other bit of the dynamic that is tough, that I struggle with as an ex-intelligence guy. You're asking our people that are trying to do the right thing, they might be efficient or inefficient, to find needles and needle stacks. They're making the haystack bigger. Yeah, they're making the haystack really, really big. And the question that I ask is, what level, what percent level of protection do you want? Do you want a 90% guarantee that we'll never have a terrorist attack or 100%? Because 100% is a completely authoritarian state.

1:06:20 Right, it's called a risk-free society. It's impossible. And here's the other thing. I've said this before, if there is another Boston attack like this next week, this whole story goes away. The pendulum swings back the other way. So I mean, that's the other thing to read I think to realize is that this is this this Discussion will continue to play out and will in perceptions will change depending on current events I mean and yeah, so I am not saying I'm not using that to justify anything the other last point I would make is a guy that was part of this community a long time ago and

1:06:58 We're getting the tip of the iceberg and it's very difficult to make real strong decisions based upon the information that is getting out. Now we have the information that is being leaked out, many times it's not within context. So you're kind of getting the tip of the spear, you don't know, you know, whatever. So that's one thing that I worried about. Back when I was in the, you know, doing that kind of work, you always would wonder if a certain key event would make it in the news, and it never would. Or it would make it in the news, you're like, that's not how it actually happens. So I mean, the chance for distortion both from the leaker and the responders is

1:07:36 off the charts. So I mean that's the other kind of tough thing throughout this discussion, but the general fact that they are that this is happening at the level it is is the big big point and now this is a public domain discussion that will happen in a public way and I think that'll be healthy. I don't think anybody, I I don't know. I'm very interested to see how this plays out as somebody both as a security practitioner, American, and also, you know, ex-former intelligence officer. I can see why some of the, you know, why General, I understand General Alexander's point. It's the breadth and scale that is

1:08:21 that is, you know, very, very amazing. Yeah, it's quite something. Getting back to the smart grid situation, which is something I've always been skeptical of, because it seems to me that your best power grid would be a local one where the guy could throw a switch. by hand, or should, as opposed to something interlinked to the internet, which always seemed like a sketchy... I mean, I like the idea of grids that are not subject to cascade effect collapse, but at the same time, I'm not liking the idea of one giant grid that smart... because these things are always not... I mean, they're not foolproof.

1:09:06 What the allure for the smart grid is and the business reason these guys are doing it, I mean utilities in general, electrical utilities, is they are able to dampen demand during peak times in August, specifically July and August. So if you look at the way you build a electrical network, it has to be for the capacity for peak times, and that's happening now. If you can go in and dampen demand in certain houses or buildings, by essentially remotely lowering the temperature from 72, or excuse me, raising the temperature from 72 to like 77, you essentially save billions of dollars of electrical infrastructure by having to build redundant transformers and redundant lines.

1:09:49 So that's the allure, is to basically make every one of these remote devices in the households, every thermostat, essentially an IP addressable device, because you can, during the 1% or 2% scenario on the network, you can turn down demand for air conditioning. The challenge is now everything's an IP enabled device. It's a computing device. And every capability that you create has an ability to tear down or to exploit that capability. And that's the thing that I worry that the headlong rush to make sure that everything is part of the smart grid is in certain instances is being done with little consideration of security implications. The real problem with the electrical guys too is

1:10:39 Who would care to attack or disrupt them from an attacker standpoint? It's not going to be the Eastern European hacker gangs. It's not going to be, it might be anonymous or the hacktivist gangs. It would most likely be a nation state threat. And I got to sit through an interesting session in DC back in this February, January, February timeframe, where a bunch of industry folks were talking to Representative Mike McCall, who's chairman of the House Well, he's responsible for cybersecurity things as chairman of the House Homeland Security Committee. And one of the attendees was a vice president at the electrical company there around DC. She said, when we get brought down by a nation state threat, who is going to knock on our door? I mean, of the 20 federal agencies that knock on our door, who do we listen to first? NSA, DHS, FBI, NERC, FERC. She just went down this list.

1:11:33 And the point is that if you're a federal, if you're an electrical people around DC or other critical areas, you're planning that this might happen. And if they do happen, it's going to be the Chinese or it's going to be the Iranians or it would be a nation state threat. And when that happens, there's a mismatch between the sophistication of the attackers and their ability to withstand that. And so that's something that has a lot of people concerned. Again, the private sector controls most of that infrastructure, and it's a fairly abstract and maybe distant threat, but when it happens, it'll be those guys, and that'll be real tough.

1:12:12 Yeah, I would say it's nothing to look forward to. In your dealings with some of these agencies that you bump into quite often, I'm guessing, how do you... Because I used to work for a government agency and it was a regional agency and the kind of the rule and what kind of worked the most in terms of our thinking was the regional agency was very, very good. And then when you went to the state version of the same agency, which oversaw everything else, they were kind of dumb.

1:12:48 And then when you took it one layer higher to the feds, they were to the point where they were essentially stupid. And of course this is reflected in a lot of TV dramas and the rest where you have the idiots from the FBI, let's say, interfering with a police investigation in some cop show. What's your experience with the with these agencies, without naming any of them, or you could if you want, I don't care. I would say pockets of excellence, and then pockets of incompetency too. I mean, like you've got, particularly in our area, the cyber security area, there is thin talent across the board. So you'll have some pretty sharp folks. I would say probably like the FBI, I imagine in the FBI San Francisco Bureau, they've got a pretty crack team.

1:13:37 If you go to other places, maybe that's inconsistent. And I have a general rule of thumb, and this is not fair, but a general rule of thumb in Texas that if I'm doing security incidents, I'm not gonna call law enforcement guys with cowboy hats. And that's not fair. But I'm assuming that if you're a county sheriff, that you probably are not a crack forensics guy. That is probably not fair to them, but it's probably true. So what the impact there is we tell our clients, step one, and if you're having an incident, is not to call law enforcement because once you engage them,

1:14:16 They treat this as a big deal, and you have to think and be ready to manage them and interface with them because their goals are different from your goals, and it changes things. They come in and, oh, we've got the FBI. They're trying to find out who did what to whom and prosecute. You're trying to get your network back up and running. Those are not the same goal. So again, widespread talent level, same thing with DOD and DHS guys, there's some super sharp ones that we work with, and then a full spectrum after that. I don't know, that's a nice way of saying it. Yeah, well that's, I would think, would be the litany with anyone who works for the government.

1:15:00 I didn't see like at the local level. I've never I've not experienced that where that the local level they were fantastic And then they were dumber the higher up the food chain they went I've seen some pretty sharp ones well-meaning and and then but just inconsistent because this industry is grown or the demand for the talent has grown and where the amount of people doing it has remained not too much different. Yeah, well I think the difference, I think insofar as my thesis, which is local is smarter, the bigger it gets, the dumber it gets. is I think valid based on specialty type of agencies. So if you had a local cyber terrorist threat operation, which may be actually represented by a small company like yours,

1:15:50 That would be ideal. I don't think you can generalize about, let's say, the health department can't, also can't, which would be a small local health department, which would not really do well with the police either. No, I think in cyber security stuff it's the opposite. I mean, the higher up the food chain you go, the more likely they are going to be real technical and pretty sharp. Like, San Antonio Police Department and the county sheriff probably have one or two guys that are okay. What I would see, and I would confirm with you, is there is a chasm between the private sector and the public sector in general. I mean, most of the real, the hardcore talent is probably working at the banks and the commercial entities. That's, you know, something reflective, somewhat reflective of salaries and ability to keep guys like that happy.

1:16:40 I think if you look at there is a gap between the private and public sector on talent big time and like like if you think about it if you are a Security person who's getting attacked most of time many times? it's the the banks and they they have some of the interesting work to do and so I've seen a you know a for example a The head of Bank of America's group is an ex-Air Force guy. The head of the Sabre and Travelocity security group, ex-Air Force guy. A lot of these guys migrate and end up there because it's interesting work. They're always under attack. And oh, by the way, the conversation's pretty darn good too. Yeah, I would suspect so.

1:17:23 And that's where all the money is and that's where they have to have the talent. Yeah, and they're constantly under attack. So it's not like it's a boring, you know, hey, quit your great government job for a boring, you know, job in the private sector. No, these are pretty dynamic jobs. Is there anything else? What else do you guys work on at the Denim Group? Well, again, we are focusing on the whole area of software security. So it is the issue of helping people build the software right the first time. And so we're always spending time processing. So you're working at the development level? Exactly. At the software development level, both in mobile and in mostly web applications. So like T-Mobile would give you guys a call and you'd help them put together some app or what?

1:18:10 Yeah, mostly big companies like that. So the big companies that are looking to extend their reach out through Android and iOS apps on the mobile side or web applications on the website. So the key, what we try to do is help them do it right the first time to build secure and resilient apps so they don't get this stuff and put it out and just get their teeth kicked in when it's published. And you see all these vulnerability reports and all these things, oh, these guys put this up and they got, that's what we're trying to do is show them how to do it the right way the first time so that they don't go through that process. How secure are these mobile phones? You always hear about, oh, well, you know, they can turn them on remotely.

1:18:50 David Pollack � Wow, that's a great question. Well it depends, none of them are created equally. I would say that The interesting thing is that iPhone and the Apple devices have a closed system. So there's kind of a little bit more of a known in that the handset and the operating system is created by Apple, made by Apple, put out there. So there's a little bit more regimen to that. And they have to go through, apps have to go through some process, not really rigorous, but they have to go through a process to get on in the iTunes store.

1:19:26 The Android side, it's a little bit more wide open. There's a wider spread. There's some secure implementations and then there's some that are pretty wide open. And you've got every device under the sun. The bigger challenge that we see now is, again, how do you understand what the software is doing on your device? Is it actually sending data or location data that you don't know? What is it doing? Is it testing? Yeah, well, in fact, when you load almost any of the Apps on these phones that they essentially ask you to turn on everything. That's by default and that's bad And so so what's happened right now is like I'm not gonna know you're not gonna be able to know Hey is this soft? What does this software doing on my phone? Is it secure? Is it creating a risk for me? Isn't sending data that should be you don't know that so what's happened up to this point is people are trusting the brands and

1:20:13 They say, look, that's an app from Wells Fargo, from Bank of America, or from USAA. I know those guys. They are a trusted brand. I like those guys. I'm assuming that they've done the right thing and have checked the security of this. So that's the proxy up to this point has been the brand more than the actual software. So there's no rating scale, like restaurant rating scale. There's nobody auditing. uh... these apps and you know the the the kind of the joke about the iphone world is that you know apple checks for hand i have said that things to make sure that you know the number one that you don't uh... actually blow up the phone network that you don't put on objectionable material and most importantly you don't compete with apple yes so that's what they're checking for they're not checking whether or not this backdoors there you're scepticisly you know sending data to somewhere offshore and it's not doing any of that stuff it just simply is not

1:21:06 All right, well I think that should wrap it up. I think unless you think there's a question I should have asked. No, no John, I enjoyed it and I said my thoughts on this whole NSA Eric Snowden thing continue to evolve and I just I think there's more a lot more that's going to come out not only in the data that he releases but probably more importantly the unintended consequences and I think your piece on the economic competitiveness one is just one facet of that so I mean, I'm going to continue to write about that and think about it. And like I said, I'll make sure to give you my two cents from Black Hat when we're out there in three weeks. Yeah, I'd be very interested in what happened. Okay, John. Okay, thanks. Have a great weekend. Yeah, same to you, John. Bye. That was John Dixon of the Denim Group, also a security guy that felt like chatting about the NSA with me. And I appreciate that and hope you guys enjoyed that. I enjoyed it. Yeah, I bet you did. In Florence.

1:22:06 I would enjoy anything in Florence. Hey, you should have come in to visit me. I can't believe that you're in Detroit right now. Well, since I'm on tape, digital tape, I'm really not in Detroit, but hopefully I will be. We're gonna be back on Thursday, August 1st. I will be back in Amsterdam, back in the ghetto somewhere three stories up, but we're gonna have a whole bunch of stuff to talk about. Live show. We have like a week's worth of material you're gonna gather throughout Europe. Yeah, I'm gonna have a lot of stuff to talk about. I'll have a lot of you've gone to the and you would have gone to the party by then the party with the elites Oh, yeah, no, no, no, no the party with the ambassador Barbados and all that. No, no, it's gonna be cool It's got we'll have right guys that have narcolepsy and all that kind of thing. Oh

1:22:53 Sounds exciting. Make sure you support us by going to Dvorak.org slash NA. You can get in for an executive producership or associate executive producership or even an episode club membership. We look forward to talking to you then and until then coming to you from somewhere in Europe on my way to the lowlands I'm Adam Curry. And from Northern Silicon Valley I'm John C. Dvorak. I'm glad you remembered. Well We'll talk to you again on Thursday, August 1st, right here on NO Agenda.