Ten years after the Snowden Revelations – Steal that Book!
What did the Snowden revelations mean for the geek?
I like that question. I had expected the width. I didn't expect the depth, e.g., the spyware catalog. That they had subverted even the tiniest device, that was the big surprise to me. But suddenly the public became conscious. We always said security doesn't get interesting or sells until there's a disaster. Well, Snowden provided it. He made our culture security conscious. You could finally make arguments based on security after his revelations. The second big vector is Apple. They need to get great credit. Certainly, they're doing it to sell their shiny gadgets. But they found a way to market security. The public is now security conscious. So I think that's the big thing Snowden did for us.
There are people saying that, he did something good, but he didn't do it the right way. That he's a villain…
Yeah, yeah, yeah. I don't like the way you eat your peas. What's interesting is what we learned, not what kind of color shirt he was wearing. Though, I have to say I feel less about Assange and even less about Jake Applebaum. I suspect the people who complaine about Snowden really don't like the fact that he took the cover off an ugly thing.
While we got some more technical security now, we lose on the legal side. Governments pushing against what they describe as "going dark". What is your take on that?
I don't think we're going to fix politicians. Certainly not at the IETF.
You were involved in the Cryptec Project, one answer the IETF tried to give after Snowden. Do you see that succeed?
That answer depends on what purpose you thought it was meant to serve. Some people wanted to make and sell an HSM (Hardware Security Module, to perform crypto operations for systems). From my point of view and from the view of the core engineers, Rob Austein and others, it was to develop a technically sound piece of crypto hardware from which people can steal the designs, subsystems, algorithms, etc.
Stealing in the open-source sense…
Yes. That was our interpretation of what we were asked to do by Russ Housley and Jari Arkko: An open-source HSM implementation that is cryptographically strong. In that regard, we've been successful, I think. We certainly were not successful in making a HSM you could buy from the shelf.
Could that project in some way also be exemplary with regard to developing secure technology chains? Stemming the trend that we are dependent on technology, that we don't know how it's built?
Mostly, but we don't know how the FPGA and other underlying chips are built. Unless you're manufacturing your own chips.
Did Cryptec point in that direction, too?
We certainly tried to get some assurance of our software chain. I will give two examples. Let me refer to two thoughts, one in Ken Thompson’s paper Trusting Trust, where he shows that compilers can be sabotaged in ways that you cannot see, and they will produce code with very intentional spy holes, here intended to mean logins without credentials. The second thought is from David Wheeler, who showed how to prevent that with a compilation technique where you take two different compilers and use them to cross-compile each other in a certain way. We tried to use that to prevent compiler sabotage but lacked the time to really do this part. The other technique we used was social. We had FPGA code developers working together looking over each other's shoulders from Moscow, Stockholm and the US. To get some feeling for our caution, I would point out that we turned down an Israeli volunteer. Also, there's a company, funny enough, here in Portland called Galois which does a lot of U.S. government contracting on crypto. Galois offered to help and we said, great, why don't we start by you analyzing our stuff instead of contributing new things. We didn't get a reply to that (laughs). Those are two examples of approaches we were trying to use.
(Laughs) That is interesting. And does the Cryptec design get stolen?
Yes. Very much. The joke on “stolen” by the way comes from the Chicago Convention. A guy by the name of Jerry Rubin wrote a book about anarchist political action, and the title of the book was Steal This Book!
Connecting the world
You ran a number of ccTLD of developing countries, what were the main hurdles to bring these countries onto the network?
The big hurdle is isolation. I can find money. I can find teachers. I can find circuits. Back in the early days, the U.S. government would pay Sprint to connect anybody. Steve Goldstein from the NSF sent me to Kenya because the new president of the World Mathematical Association was there, and he needed email. So I went there and helped people who wanted to be an ISP, I trained and got them equipment, and Steve had Sprint run a circuit in for free. All this can be done. The problem is when you don’t have the network, when you are isolated, it is very hard to figure out how to do this little thing here, and you don't know which direction to go in next. You have no experience, and you have no communication with people who do. Possibly the poorest country in the world is Guinea. They have the misfortune of having a lot of bauxite. I am running their ccTLD in cooperation with somebody who's in the country, and I have been trying for years to get engineers in the country. Finally, the government just assigned two of their engineers, but they didn't know what to do. Certainly there is a question of whether you want the government to play a strong role or not. That's another part of the equation. But they needed to learn how to set this stuff up and that helped them to finally become part of the community. They can ask questions and find people who are walking the same road. This is finally happening.
This is happening right now. Are you still managing ccTLDs for developing countries? How many?
Yes, this is happening right now. I still run the ccTLDs for Guinea and Liberia because they're very poor countries. Also Lebanon. At some point, I ran about 20. Nigeria, KSA, Kenya, and more.
There's a legend going around that you run it from your basement, true?
Oh, no. Because of all the pro bono work, Cisco gives us routers, Juniper gives me routers, Google gives us two racks and Dallas and Equinix gives us a rack in Ashburn. Somebody else gives us a rack up in Seattle at low cost. A cabal of people you know, such as Rob Austein, Hans Kuhn, Joe Clark etc. help run and coordinate this. We have these three pops plus some stuff in Iceland and some stuff in Tokyo. Sprint and NTT give us bandwidth.
Sprint has been doing this since the beginning…
When NSFnet broke up, the NSF said Sprint will handle international connectivity. AT&T will handle information, in other words, databases, which they never did. And MCI will handle the US academic networks. So Sprint was supposed to do the international lines. I know the sprinters from way back and of course I know the NTT folk because NTT bought Verio so it used to be my network. So they are generous in return. But back to Guinea, it is really getting them out of the shell so they become part of the community. We founded AFNOG (African Network Operators Group) for that purpose. We went to AFNOG in Abuja, Nigeria, and somebody I cannot name came up to me and Miriam (RIPE Chair) and said, If I give you a little pot of money, can you help to bring networkers from developing countries to RIPE. Afrinic, APNIC. And to this day Miriam and I still administer this so-called Abha Ahuja Fund. I explain this to underline that he most important thing is information flow and allowing people to become part of the culture that supports them. What I learned early on from Jose Soriano, who taught me much about colonialism, if I ask you a question, do not take my question to ask the expert and bring the answer back to me. Introduce me to the expert instead.
Connect the people…
Right. It suits me. You know, I'm not earning any money this way, and I've never taken a penny out of the NSF grants or developing country work. I am infinitely lazy. So that philosophy to empowering people works great for me. I know I don't have to run back and forth and luckily, there are a fair number of experts who are generous with their time.
Was the transition of the ccTLDs to local managers always smooth?
It might not have gone ideally the way I might have liked it. But there was no acrimony. My goal always was getting rid of it. I don't enjoy doing it now, and I'm not paid to do it. Two other points I learned during this efforts. First, beware of northerners bearing initiatives. George Sadowsky got to organize the so-called publicly funded Leland Initiative. It was supposed to bring networks up in African countries. The problem was it's top-down. And so the Leland initiative empowered ten telcos in African countries and thereby killed the indigenous networks in those countries. George was well meaning and meanwhile acknowledges the error. Read my techno-colonialism rant on all that. The last thing I've got is that governments and parties want control. There is a need to have the stewardship of stakeholders in all those developments. But beware, the fact that we've identified the stakeholders and got them all in the room does not necessarily solve the problem – see ICANN’s rather adversarial system. It's the leadership and the culture of cooperation and stewardship that's needed, not just having all the stakeholders in the room.
From a geek’s point of view: what governments could and could not do
You underline you are a geek, but what would be your recommendation to governments on how to make the net better?
Citizens are realizing that we have a right to privacy. Thank you, Edward Snowden. Thank you, Apple. While the world is realizing this, at the same time we see that the governments seem unable to keep secrets. Thank you. Snowden, Discord, etc. So the idea that the government can be trusted to keep the citizen secrets is clearly not credible. Citizens now realize this as well. And, by the way, governments also can't really trust each other. The wonderful case of Crypto AG. Wasn’t that amazing? Decades of that poison! So there's the Snowden leaks, the recent discord leaks. Back doors inside crypto devices – it brings up the question, if the government can’t keep my secrets and can’t be trusted to keep end-2-end-security from breakage, people should start to think what can be done about it. Where I am not sure things can be done is the problem of network fragmentation. I do not think we can stop the great Chinese firewall. We can’t prevent China from trying to talk about a different IP protocol. I don't know if there are lessons to be learned from it and if that's going to be successful. But the government's also been hit by bitcoin and cryptocurrency coming out of nowhere. The problem isn't the ledger. The ledger is good and the governments like the ledger because they can trace the crooks. The problem, aside from the crooks, is the proof of work part of the particular algorithms they're using. Skip the proof of work. The ledger is good. The proof of work is killing the planet. Finally, consolidation. Consolidation is happening and monopolies are forming, and I think that the EU allowed Microsoft to merge with Activision decision was not a good signal. That's kind of the end of my rant.
You reference an article about AI, is it something the governments should address?
They've let the companies get big enough that I don't think they're going to stop them. Note that large language models are not AI. The main issue is, will we grant them agency? Stringing syntax together and coming up with plausible sounding garbage – because essentially scanning the internet for Intelligence is not a winning operation because the Internet is not very intelligent – is not the problem. The problem is believing in it, and also it burns a massive amount of energy. So danger is not inherent in that new technology. It's inherent in our reaction to it. I just don't know that the government can do anything about it.
Raising critical minds, that will not believe what they are fed by are language models?
Our government, and I believe most of yours, is not very good at education and informing the public. And the classic example for this generation is, of course, COVID-19 and how we're still getting screwed-up signals around it. So. I would love it if they could be informative and educational to the public about AI and cryptocurrency. I just don't have much faith in governments doing so.
Randy, thank you very much for the interview.
(bme)
Zur Startseite
Forrester To Recognize Return On Integration Honorees And Program Of The Year Award Winners At Its B2B Summit North America 2023
At B2B Summit, attendees will hear from award winners about how they tackled their most pressing challenges to drive growth
CAMBRIDGE, Mass., June 05, 2023--(BUSINESS WIRE)--Forrester (Nasdaq: FORR) will recognize Cart.com, Cisco, and IBM as this year’s B2B Return On Integration (ROI) Honors winners at its B2B Summit North America, held June 5–7, 2023, in Austin, Texas, and digitally. These organizations are being showcased for aligning marketing, sales, and product functions to fast-track growth by maximizing customer value. Additionally, Forrester will celebrate B2B Program Of The Year (POY) Award winners for outstanding achievements within specific functions of marketing, sales, and product.
B2B Summit North America is the premier event for B2B marketing, sales, and product leaders to explore new ideas, pragmatic frameworks, and compelling data to fuel their customer-obsessed growth engines. At the event, honorees will present how they have grown revenue, accelerated time to market, and launched better-integrated global campaigns — all through deliberate cross-functional alignment.
ROI Honors winners include:
Cart.com, the leading provider of comprehensive e-commerce solutions for retailers, gained alignment across the organization to define its go-to-market strategy. Using Forrester’s audience and campaign frameworks, the firm identified the overlap between ideal customer profiles, coordinated campaign messaging, and channel planning. As a result, the firm exceeded its revenue, gross margin, cash flow, and EBITDA goals. Join this keynote session to learn how Cart.com leveraged strategic go-to-market methodologies to focus its acquisition efforts and dramatically improve pipeline attainment.
"Our teams were trying to solve individual customer acquisition goals through disparate targeting, messaging, and technology solutions," said Katherine Chambers, VP of revenue marketing at Cart.com. "Aside from the challenges and confusion that these efforts created in the market, we were unable to effectively measure the impact of our efforts or understand where to further invest resources. To address these challenges, we worked with Forrester to create a companywide marketing framework focused on targeting and acquiring customers and redefined how we go to market as a company."
Continuar leyendo la historia
Cisco is the worldwide leader in IT, and as it transforms its business for the digital era, its growing partner ecosystem accounts for more than 90% of Cisco’s annual revenue. With partners being so critical to Cisco’s success, it recognized the importance of enabling partner sellers as one of the fastest ways to drive revenue and bookings growth. To make this a reality, the company brought together its partner marketing, product, sales training, and sales enablement teams to develop and implement nurture journeys to help partners sell more effectively in focused product areas. In this keynote session, learn how Cisco enabled its partner ecosystem to achieve these goals, thereby expanding partner profitability and loyalty.
"We used Forrester’s frameworks to design hyper-personalized journeys to accelerate partner seller enablement in close collaboration with our sales and product teams," said JoAnn Tillman, leader of partner engagement strategy at Cisco. "The integrations and cross-functional alignment that these programs established, in combination with measurable impact to bookings, set the stage for a transformational shift to a holistic persona-based enablement strategy that will drive revenue growth — both for our partners and for Cisco."
IBM, a leading provider of global hybrid cloud and AI and consulting expertise, simplified and redesigned its go-to-market strategy to better meet client needs and execute on its growth agenda. The marketing operations team focused on three key initiatives to measure and prioritize marketing contributions: relaunching campaigns to focus on products that matter most to clients, revising the management system to measure what matters most for growth, and refining the campaign operating model to prioritize efforts that deliver results. During its keynote session, IBM will share how the team contributed to growth by shifting toward client centricity and accelerating value to clients.
"Our growth strategy is part of a cultural shift toward total client centricity to accelerate value to our clients," said Cindy Matos, VP of transformation and governance for IBM. "A campaign planning workshop with Forrester set the foundation for audience segmentation, buying group needs identification, and building plans-on-a-page. We also operationalized the Forrester Campaign Framework and relevant cascading models to support shared and interlocked processes. As a result, we are committed to executing with speed, focus, and consistency, and our growth is accelerating."
These POY winners will also share their success stories on stage at B2B Summit:
LinkedIn — B2B Marketing Executives Award Winner. LinkedIn will share how it aligned internal marketing, sales, product, engineering, and senior leadership to fuel a customer-obsessed growth engine.
Unum — Marketing Operations Award Winner. Unum will outline an investigation of buying groups and multiple touches to measure marketing contribution based on improved close ratio and deal size results.
Reltio — Demand & Account-Based Marketing Award Winner. Reltio will describe how it transitioned its go-to-market teams from lead-centric to opportunity-based processes, leading to improved pipeline quality and velocity.
Keysight — Portfolio Marketing Award Winner. Keysight will discuss how it transformed its go-to-market approach from product-focused to a digitally-savvy, buyer-centric approach.
VMware — Partner Ecosystem Marketing Award Winner. VMware will share the steps it took to revolutionize its partner program.
Sprout Social — Sales Award Winner. Sprout will discuss the organization’s innovative approach to driving scalable growth and improvements in sales talent.
Bayer — Product Management Award Winner. Bayer will outline how it implemented a rigorous upskilling program to improve product management competencies, leading to improvements in its targeted objectives and key results.
"Our Return On Integration Honors winners and Program Of The Year Award winners are proof points that companies can overcome their toughest challenges through cross-functional integration and alignment," said Cristina De Martini, VP and research director at Forrester. "These organizations are investing in revenue-building efforts by focusing on providing value to their buyers and customers. We look forward to having them share their success stories at this year’s B2B Summit."
Resources:
About Forrester
Forrester (Nasdaq: FORR) is one of the most influential research and advisory firms in the world. We help leaders across technology, customer experience, digital, marketing, sales, and product functions use customer obsession to accelerate growth. Through Forrester’s proprietary research, consulting, and events, leaders from around the globe are empowered to be bold at work — to navigate change and put their customers at the center of their leadership, strategy, and operations. Our unique insights are grounded in annual surveys of more than 700,000 consumers, business leaders, and technology leaders worldwide; rigorous and objective research methodologies, including Forrester Wave™ evaluations; 100 million real-time feedback votes; and the shared wisdom of our clients. To learn more, visit Forrester.com.
View source version on businesswire.com: https://www.businesswire.com/news/home/20230605005156/en/
Contacts
Ira KantorForrester Researchikantor@forrester.com
|
