On with Kara Swisher - Sorry, Donald. Jen Easterly Plans To Make Elections Boring Again.
Episode Date: June 12, 2023Donald Trump signed the Cybersecurity & Infrastructure Security Agency into existence in 2018 with the mandate to protect America’s infrastructure from threats digital and physical. Trump also made ...CISA a household name when he fired the department’s head in 2020 for noting that, no, the election was not stolen. Today, we hear from Jen Easterly, the woman who now runs CISA and has the job of preventing another SolarWinds or Colonial Pipeline attack as well as preventing foreign and domestic attacks in an election environment that has become highly politicized. Her goal? Make elections boring again. BTW, do you have any burning questions on career, love or life where you’d like Kara or Nayeema’s advice? Call 1-888-KARA-PLZ and leave us a voicemail. Questions? Comments? Email us at on@voxmedia.com or find us on Instagram. We’re @karaswisher and @nayeemaraza. Learn more about your ad choices. Visit podcastchoices.com/adchoices
Transcript
Discussion (0)
Do you feel like your leads never lead anywhere?
And you're making content that no one sees,
and it takes forever to build a campaign?
Well, that's why we built HubSpot.
It's an AI-powered customer platform that builds campaigns for you,
tells you which leads are worth knowing,
and makes writing blogs, creating videos, and posting on social a breeze.
So now, it's easier than ever to be a marketer.
Get started at HubSpot.com slash marketers.
Support for this show comes from Constant Contact.
If you struggle just to get your customers to notice you,
Constant Contact has what you need to grab their attention.
Constant Contact's award-winning marketing platform
offers all the automation, integration,
and reporting tools that get your marketing running seamlessly, all backed by their expert
live customer support. It's time to get going and growing with Constant Contact today. Ready,
set, grow. Go to ConstantContact.ca and start your free trial today. Go to ConstantContact.ca for your free trial.
ConstantContact.ca
Hi, everyone from New York Magazine and the Vox Media Podcast Network.
This is that hot new summer band, Jack Smith and the Indictments.
Just kidding.
This is On with Kara Swisher, and I'm Kara Swisher.
And I'm Naeem Areza.
And Jack Smith, of course, is the special counsel appointed by Merrick Garland to investigate these documents that Donald Trump had taken from the White House.
And just yesterday, not Jack Smith, but Donald Trump announced that
charges have been filed. Donald Trump has responded via Truth Social that he's an innocent man. These
are politically motivated charges. And everyone from Kevin McCarthy to Jim Jordan to Elise
Stefanik, all your favorites, basically, are decrying that this is a dark or sad day for
America. Well, they have to, don't they? They have to do this.
But Bill Barr, who was his attorney general,
said this is not that.
He said he shouldn't have taken the documents.
And most people who take these documents end up in jail
in the way that he's done it.
Lots of people by accident take them and all kinds of things,
and they get various and sundry things.
But most people who do this end up in jail.
So in this case, I'm going with Bill Barr,
although that's an unusual thing for me to do. I think that's what you should call your next lawyer. But he's a lawyer in this case, I'm going with Bill Barr, although that's an unusual thing for me to do.
I think that's what you should call your next bill, Barr.
But he's a lawyer. He knows.
I'm going with Bill Barr.
Yeah, he knows. He knows what this is.
He took these documents and then he tried to hide them.
And then he lied about hiding them.
And so it's the same bullshit from him.
We're going to see two things.
Trump supporters are going to want to equalize Trump and Biden's documents.
But the issue with Trump, of course, is that the volume of documents that he took and importantly, the refusal to comply and give them
back when requested versus Biden volunteered his. Yeah. And same thing with Mike Pence,
who was cleared of doing the same thing. And it's just a matter of intent and how you behave and
you compel other people to lie. And we'll just see when the indictment is unsealed, which it will be
pretty soon, we'll see what he did. And I'm sure he did all kinds of things trying to hold onto the documents and get people to help him lie about holding onto the
documents. And the other thing they're going to want to make it seem is they're going to try to
make this, as Trump loves to say, a banana republic, right? That the government is the
steep state or political opponents are out to get him. And this happens in Pakistan, for example,
you're seeing fabricated charges against the former prime minister, Imran Khan.
He's had an attack on his life, which he says is an assassination attempt by political opponents.
But this is not that.
This is just nonsense.
He did something wrong, and they're prosecuting for it.
Yeah, this has been outsourced to a special counsel, Jack Smith, who has a long career across the DOJ and The Hague, investigating people from both parties.
And so, of course, Trump is flipping the script.
Yeah, he was.
But it's nonsense. He likes to break the law law and he thinks it's hysterical to do so.
And then he gets hysterical when he does so. Yeah. And he seized on the opportunity to come out ahead of this announcement. Jack Smith hadn't even let the Secret Service or the
marshals know. They were all scrambling to kind of figure out how to do it.
Is all press good press for him? He seems to think so.
I don't know. I think people are tired of this, ultimately.
I think he has his base that always, no matter what he does, no matter how many times he takes a shit on the Constitution, they like it.
And then I think everyone else is tired of it.
It's not even a smoke, there's fire kind of thing with this guy.
There's just fire.
And he likes to burn everything down, including laws.
And people can say whatever they want, but let's just take it to court just
like they did his election lies, and he'll lose. And that's what's going to happen here. He lost
in the sexual assault case. He just loses because courts of law behave differently than Donald Trump
does. The question is, will he lose the election? Obviously, he did in 2020. Obviously, 2022 was a
referendum. But I was really worried the other day. I listened to an episode of The Daily where they were kind of going over the suddenly crowded GOP primary.
And Shane Goldmacher said something like, the most important thing you have to look for in evaluating these candidates, like most things in the Republican Party over the last eight years, is how they define themselves relating to Donald Trump.
Yeah, of course.
Of course.
He's really mutated that party.
And we'll see.
We'll see if they want to keep losing.
People are sick of him, but he's so powerful. He's a And we'll see. We'll see if they want to keep losing.
People are sick of him, but he's so powerful.
He's a loser.
He's a three, one, two.
And he lost the midterms, three-time loser.
So I'm enjoying Chris Christie in the race because he's pointing this out rather well.
I love Chris Christie.
You love him.
Yeah, I don't love him.
I think he's, you know, he really was too tight
with Donald Trump.
He did bridge gate, but I love what he's doing right now.
And I think he's just spouting the facts. And he was a very good prosecutor. And obviously, you can see how well
spoken he is. And a friend of mine worked for him and didn't much love his politics, but certainly
had great respect for his legal qualities. I think he's funny. I think I just gave him $5.
Did you? Yeah.
You're making political donations?
I just $5. It was like just to get him on the debate stage.
I noticed you shared his announcement on Twitter. And I thought that was odd. I'm like, oh, I didn't know. I want
him to be on the debate stage. That's all. It's $5. So you can question my fairness. I want to
see him on the debate stage. And if everyone gives a bunch of money, he'll be on the debate.
It's how they decide who's going to get on. He needs, what, 40,000 individual donors. Yep.
Kara Swisher's one of them. Five bucks.
Chris Christie, let's go. Anyways, these charges will make the 2024 elections even more of a
spectacle, which is probably exactly what Donald Trump wants. And it demands that it be airtight
in terms of election security and claims of fraud. And that's why we thought it was very important to
have on this guest today, Jen Easterly, the director of the Cybersecurity and Infrastructure
Security Agency, also known as CISA. And this agency exists under Homeland Security. It's primarily responsible for helping
organizations prepare for, respond to, mitigate the impact of cyber attacks on everything from
ordinary citizens and critical infrastructure, like pipelines and power grids, to securing our
election infrastructure, which is through Chris Krebs how this really became a known entity to
the public. Yeah, I knew her predecessor, Chris Krebs, and I talked to him not infrequently,
who was fired by Donald Trump for simply saying the election was not stolen.
Fired by tweet.
Yeah. And so, you know, I'm very interested in this role. It's a new government agency. It's
designed to help state and local officials and across the country with these cyber attacks,
not just election. That's been the focus, obviously, because of the Krebs firing.
But infrastructure, I've talked about this on Pivot, on lots of places, is the challenges we
face as we become this incredible surface area of attack for the Chinese, for the Russians,
for all kinds of malicious hackers, and including domestic hackers.
So Easterly has a very tough job because she's got to get all these,
hers is a voluntary organization, she's got to get all these secretaries of state and all these
local election officials, including in states where there's high amounts of election denial,
on board with her tech. I would encourage listeners to listen for how she's going to
thread that needle of addressing the conspiracies, but also playing nice effectively with all the
partners that she needs to keep the door open for. Yeah, she has to work with these people.
These election deniers are still there, whether it's Kerry Lake or Donald Trump
across the country. And so one of the things that's important is to make sure we have
another relatively calm election, which someone pointed out to me, and I think it's correct,
that hasn't happened since Bush-Gore.
That's when it really started to go off the rails, this idea of whether elections were secure or not.
But even if you don't believe this, the constant chatter about our elections makes you not believe
in your institutions, which brings you back to Donald Trump. He wants to burn it all down and
make you feel like it's all a con or you're being cheated and stuff like that. And so it's important
to talk to officials like this. And these are public officials across the country who are doing their best to make sure
elections and other critical infrastructure is intact. Yeah. And of course, part of the challenge
is that the reality of foreign threats kind of obfuscates or creates a cloud and cover under
which conspiracists can claim that elections have been stolen. And so there's this very wacky
incentive structure.
The more the government shares and is transparent about foreign interference and threats against
U.S. democratic infrastructure, the more kind of conspiracists can point to things. And we've seen
this especially in the Twitter files. Yeah, that Twitter files was such a largely a load of shit.
And Twitter's own lawyers in a recent case have contradicted every bit of the allegations
made by Elon Musk. Yeah, this stuff is often conspiracies, strongman arguments, but we are
in a politically contentious moment and that makes Easter leaves work even more important.
By the way, do you remember who Trump appointed as a cybersecurity advisor once upon a time?
I don't know, his grandmother? Even worse, Giuliani.
Oh, right. Oh, that guy. Oh, good guy. His grandmother. I was correct.
I correctly identified it.
Oh, honestly, that guy.
Just like, whatever.
Anyways, let's take a quick break and we'll be back, not with Giuliani, but with Director
Easterly of CISA. Fox Creative.
This is advertiser content from Zelle.
When you picture an online scammer, what do you see?
For the longest time, we have these images of somebody sitting crouched over their computer
with a hoodie on, just kind of typing away in the middle of the night.
And honestly, that's not what it is anymore.
That's Ian Mitchell, a banker turned fraud fighter.
These days, online scams look more like crime syndicates than individual con artists.
And they're making bank.
Last year, scammers made off with more than $10 billion.
Last year, scammers made off with more than $10 billion.
It's mind-blowing to see the kind of infrastructure that's been built to facilitate scamming at scale.
There are hundreds, if not thousands, of scam centers all around the world.
These are very savvy business people.
These are organized criminal rings.
And so once we understand the magnitude of this problem, we can protect people better.
One challenge that fraud fighters like Ian face is that scam victims sometimes feel too ashamed to discuss what happened to them.
But Ian says one of our best defenses is simple.
We need to talk to each other. We need to have those awkward conversations around what do you do if you have text messages you don't recognize?
What do you do if you start getting asked to send information that's more sensitive?
Even my own father fell victim to a, thank goodness, a smaller dollar scam, but he fell
victim and we have these conversations all the time. So we are all at risk and we all need to
work together to protect each other. Learn more about how to protect yourself at vox.com slash Zelle.
And when using digital payment platforms, remember to only send money to people you know and trust.
Support for this show comes from Grammarly. 88% of the work week is spent communicating,
typing, talking, and going back and forth on topics until everyone is on the same page.
talking, and going back and forth on topics until everyone is on the same page.
It's time for a change.
It's time for Grammarly.
Grammarly's AI ensures your team gets their points across the first time,
eliminating misunderstandings and streamlining collaboration.
It goes beyond basic grammar to help tailor writing to specific audiences,
whether that means adding an executive summary, fine-tuninguning tone or cutting out jargon in just one click plus it surfaces relevant information as employees type
so they don't waste time digging through documents four out of five professionals say Grammarly's AI
boosts buy-in and moves work forward it It integrates seamlessly with over 500,000 apps and websites.
It's implemented in just days and it's IT approved.
Join the 70,000 teams and 30 million people
who trust Grammarly to elevate their communication.
Visit grammarly.com slash enterprise to learn more.
Grammarly, enterprise ready AI.
It is on. to learn more. Grammarly. Enterprise Ready AI. Jen, it's great to finally have you on the show. I've been wanting to talk to you for a long time,
but I don't know if everyone fully understands what your job is. So before we start, explain
what you do and what you run. Yeah, so thanks. It's awesome to be here. So it's CISA, the Cybersecurity and Infrastructure Security Agency.
Balls off the tongue.
Yes, right.
That's why we call it CISA.
Yeah.
Many people know it because of my predecessor, Chris Krebs.
Right, because he was fired.
Because he was fired, as you well know, in 2020.
So it's the newest agency in the federal government,
stood up in November of 2018,
essentially to be America's cyber defense agency.
So the whole idea is reduce risk to the cyber and physical infrastructure that Americans rely on every hour of every day. And that's the decision that was made in the Trump administration to actually stand this thing up and to focus very heavily on our role in cybersecurity and also serving as the national coordinator
for critical infrastructure,
security, and resilience.
You know, at the end of the day,
we're not an intel collector.
We don't carry badges.
We're not law enforcement.
We're not a regulator.
We're not a military.
We are a voluntary agency,
which is why our ability to create trusted partnerships,
which as you appreciate can be super hard,
is so important to our success and kind of be at the middle of being able to coordinate everything that people need to keep themselves safe in cyber, which is, you know, is quite a bit. Yes, and we'll get to infrastructure in a second because that's sort of a lot of the concern.
But it did become famous last election when Chris Krebs was fired after he called the 2020 election
the most secure in American history.
And then he was fired via tweet.
He talked about this.
Elections aren't all you do, but it's, of course, a big thing now.
It's become so partisan.
It's, of course, being used by Donald Trump as a cudgel in his election efforts.
Talk about our election infrastructure, because this is like the sort of third rail now for
some reason.
Yeah, I mean, you're right, and it's unfortunate.
What I'd love to do is to make elections boring again.
So in 2017, the secretary at that time before the changeover, Jay Johnson, designated election infrastructure as critical infrastructure,
which meant that CISA would serve as what's called the Sector Risk Management
Agency, meaning that we work with state and local election officials who are responsible.
Who are responsible.
Who are responsible.
We obviously are not for everything that they need to ensure secure elections.
And the irony of this whole thing is when that designation came out, state and local
election officials were super unhappy.
And to Chris, his credit and his team, they developed these fabulous partnerships with secretaries of state of all parties. This is not a partisan sport.
And really robust, great relationships that, frankly, I inherited.
And I think the most important thing that people should know is we are a nonpartisan agency.
Even in a place where
things get really politicized, we have to ensure that we can work with Republican secretaries of
state and Democratic secretaries of state so they can take advantage of all of the free services we
have for cybersecurity, physical security, insider security, and foreign influence and
disinformation. Which you will give them information on and they can choose to use it or not, correct?
Yeah, I mean, the threat landscape arguably
has become a lot more complicated even since 2020, right?
We were very worried about cyber,
a lot done to raise the bar on cyber security
at the state and local level.
Now we're worried, unfortunately,
about physical security threats,
which I think is pretty freaking outrageous.
Yes, I watched Succession.
Go ahead.
Right?
I saw that.
You were probably like, oh, good God.
For people who don't know, on one of the final episodes of Succession, there was a fire and it ruined the ballots.
And it was not quite clear whether it was a terrorist attack or a domestic terrorist attack or not. You think about what foreign adversaries can do to take advantage of the uncertainty around
whether something bad that happens is intentional or malicious or just something that happens
at the end of the day.
So it's cyber threats, it's physical threats, it's insider threats and foreign influence.
And the physical threats are these threats against election officials.
Yeah, it's crazy.
And that is something you help with?
Well, we do a couple of things.
So we are in the, what I call like left of a boom.
So we are helping to build resilience.
So we do physical security assessments.
We advise on best practices for facility security.
But it's really, what they rely on is the state and local law enforcement to help with things like that.
And then the FBI and justice has a task force.
But at the end of the day, we are trying to help them understand the things that they
need to do to keep themselves safe.
So like training we did called the Power of Hello and de-escalation training so that they
can be prepared to deal with threats at polling places.
And these are physical threats against families or-
Yeah, I mean, at their home, you've heard all the horrible stories.
But, you know, to be clear, like, I thought...
So 2022, I thought, went incredibly well.
And that's all off the back of state and local election officials who kicked ass and were
fantastic.
But I was super worried that there was going to be an active shooter at a polling place.
I was super worried about a ransomware attack.
And, you know,
off the back of this great work, we were able to, they were able to keep these secure and safe.
Last week, Chris Krebs said he expects Russia, China, Iran, maybe even domestic groups like
militias to try to meddle in the elections. What's the biggest foreign threat right now
to our election? How are you trying to counter? I worry a lot about that as well.
You know, we can't, we have to plan for the worst and frankly hope for the best. And, you know,
in the military, they teach you to plan against the most probable course of action and the most dangerous ones. So you think about cyber threats, physical threats, insider threats, and then
foreign influence disinformation. I think if you look at the nexus of some of the AI capabilities
that we're now seeing, I think that there are many things that could happen with AI-generated scripts
and chatbots that could make the information environment that much more difficult. So I worry
a lot about that. I mean, Jeff Hinton talked about this, right?
Yeah.
The godfather of AI, that there's going to be flooding the internet, even more so, with fake text and photos and videos.
So the average person can't tell what's real anymore.
Who would you say is most, you're seeing problems most with?
Well, right now, we're not, you know, we're obviously continuing to monitor the environment.
But we're not seeing specific problems focused on the elections.
But, you know, quite frankly, I think we will.
We're doing everything we can to be proactive and prepare for it.
You know, we expect our foreign adversaries to look for ways to undermine our democracy.
I mean, look at Chinese doctrine, okay? They have a specific thing
in their doctrine called cognitive domain operations, what the military would call
psychological warfare. So they're specifically looking to be able to influence the American
people. It's part of their doctrine. So I expect that we may see things like that, and that will
make things even more complicated. Problematic, right. And one of the things they have is they have a huge landscape in this country.
They have a huge surface area, I guess.
Let me use a military.
You have a lot of surface area to attack, including social media companies, which have
played a big role.
And I know the Biden administration has focused on them a lot.
They're a private company, distribute information.
They run political ads on their platforms.
And there are private companies that distribute information.
They run political ads on their platforms.
And in the election denier, post-COVID, Elon, Twitter era, everything has become completely contentious and even more so.
How do you work with social media companies now?
Because it seems like they are starting to take the brakes off again.
Yeah.
So we don't actually work with social media companies.
At all?
No.
Do you think you should be? No, I don't actually work with social media companies. At all? No, no.
Do you think you should be?
No, I don't think so. The FBI works with them.
Yeah, the FBI works with them.
You know, I think as the director, I need to ensure that we of us dealing with social media platforms is worth any benefit, quite frankly.
And, you know, as you know better than anyone, these platforms make their own decisions.
And I want to be very pure on what it is that we are doing. And we're doing it. I want to emphasize the reason that we focus on foreign-influenced disinformation
is because we hear from state and local election officials
that it is a major concern of theirs.
And we feel obligated to be helpful.
But I don't want to be seen in any way as telling social media companies
what they should be doing.
It's entirely up to them.
You know, Matt Taibbi did the Twitter files, full of factual errors, actually. But
it is true that CISA partners with organizations that flag tweets to Twitter.
Oftentimes, Twitter took them down. Sometimes they didn't. What do you say about people who
are uncomfortable with government doing that, partnering to try to change this stuff. So thanks for asking, just to be very clear. So this was in 2018, 2020. There were,
I think, 200 pieces of information that came from state and local election officials
that went to the election infrastructure information sharing and analysis center.
They sent them to CISA.
We sent them to Twitter saying, you know, this is information that comes from state and local.
You know, do with it what you will.
Right.
You know, this is not, we're not telling you to do anything with it.
So that was done in 2018, 2020.
200 piece of information.
And I made a decision not to do that.
So we are not doing that.
State and local election officials can give them to the platform themselves.
And I think that's the right place for us to be.
Does that give conspiracies too much power?
I mean, we weren't playing a significant role, first of all. It was a small amount. 200. And we were essentially in the middle
of a process where they can send things directly. I mean, the other thing that I took a really hard
look at, it's not like I'm going to, you know, back the fuck down because conspiracy theorists,
right? I'm a combat veteran. But like, I took a look at measures of effectiveness.
I'm a combat veteran.
But I took a look at measures of effectiveness.
Is some of these things actually having an impact?
And at the end of the day, I did not see huge measures of effectiveness in saying, yeah, this is really making a difference in terms of that specific disinformation.
And so that's one reason why I want to make sure we are not communicating with these companies. Yeah. And we are seen by everybody as we are here to help.
And, you know, by the way, like just as an aside, if you look at the brief that was filed by
Twitter's lawyers, they made it very clear that nothing in the Twitter files said that the
information was being used by Twitter to censor anything.
Right.
There was no, specifically the government, there was no coercion, no censorship.
No, I wasn't much impressed with the TwitterFiles.
But where are we for 2024?
Yeah, good question.
So we've started already.
We met with secretaries of state, state election directors in January.
We met with secretaries of state, state election directors in January.
We want to get out to local election officials and ensure that, you know, whatever resources we have, they can take advantage of. So now our field forces are going out there to do cybersecurity assessments, to do physical security assessments, and to ensure that resources are available.
So we're getting—
How do you fend off the people who—the ones who are convinced that this is being taken?
I mean, they attack the Capitol.
You know, I mean, these people, they have beliefs.
Like, at the end of the day, we are not going to convince certain people of the integrity of processes at the ballot box.
of processes at the ballot box.
I mean, we want to be really certain that as much as possible,
those people will listen to the federal government
and listen to the advice
and the advisories we're putting out
that we are preventing, frankly, our adversaries
that I'm most worried about.
And our mission is not about protected speech.
We need to be very, very clear on that.
But we need to also recognize that China,
that Russia and Iran,
we've seen these foreign adversaries
use influence operations
to undermine American confidence.
Well, yeah, we're aware of that.
But, you know, more than 80% of Republicans
and independents who call themselves
very conservative think this election was stolen.
They do now.
It's worked, however it got there.
Eight Republican-led states have pulled out of the Electronic Registration Information Center.
There's a conspiracy theory that it's a George Soros-backed liberal operation. It's obviously
not true. It's a bipartisan effort to maintain voter rolls. What does that say about the state
of elections if you're trying to do this, if they actually believe the election wasn't stolen? Well, I mean, I'll tell you, in my experience over the last two years, working with state
election directors, with secretaries of state, generally, they don't take a partisan view toward
it. They actually want the American people to have confidence in the integrity and security
of their elections when they go to the ballot box. And by the way, just to emphasize, I have talked to Republican secretaries of state,
Democratic secretaries of state. They're all concerned about disinformation. This is not
a party issue. Even if they believe the election was stolen.
They're as concerned about disinformation. They do everything they can to look at this as not a partisan issue.
I mean, keeping elections safe and secure and resilient are about safeguarding the fabric of our democracy.
And my experience with state and local election officials is they agree with that, notwithstanding the rest of the political zeitgeist. In Alabama, Indiana, South Dakota, Wyoming, Florida, secretaries of state are outright election deniers, or if you used to say President
Biden won at the local level, it might be even worse. In Pennsylvania, 18 candidates who spread
election misinformation are likely to win their races in November and are positioned to oversee
how their counties run elections. That's not your job, but how do you fight that,
and how do you interface
with these officials? I've interfaced with all those officials, actually. And where we come out
on this is, first of all, we have to make sure that at the state and local level, that those
election officials feel like they can avail themselves of our capabilities.
Right. I got it.
So physical security assessments, cybersecurity assessments,
and that's the most important thing.
That's our core mission.
Right.
Okay.
But if they don't believe you, or imagine you're a George Soros bat.
We have not had any issues with people saying,
I'm not going to avail myself of your resources because I think you're part of whatever, right?
And by the way, I'm an independent, so I've been in the Bush administration.
So just to bring your audience out there.
So I have not come across that.
And we work very hard to be seen as nonpartisan, which is increasingly difficult because of the specter of disinformation and misinformation.
You mentioned earlier you're independent.
As you said, you went to West Point.
You served in the NSA under Condoleezza Rice.
You were confirmed unanimously by the Senate.
So your commitment to the country is obviously clear.
Thank you.
And yet I wouldn't be shocked if people started personalizing tax against you as part of the deep state in this day.
Are you prepared for this? I mean, you're not Lena Kahn, but...
I mean, there will always be, you know, haters going to hate.
I hate a lot.
I have enjoyed, you know, a good amount of support. Certainly, I think, as you know very
well, you have to have a thick skin in any sort of public position. To me,
what's most important is my family. And so to make sure that my family is safe and secure is
number one, as it was, I think, for Chris as well. But what I would want people to know is,
at the end of the day, somebody who puts on a uniform and spends 21 years in the U.S. Army and combat zones all over the world,
it's not about ego. It's not about money. It's about protecting and defending the
Constitution of the United States of America from all enemies, foreign and domestic.
Were you surprised when they attacked Chris?
For example, I mean, they seem to attack anybody.
Yeah, I think it got really, really difficult.
So does that make you want to keep a lower profile or a higher one?
Last December, there was a scathing article about you published in the cyber industry news site CyberScoop.
Reporters spoke to 32 insiders, and they essentially said you've been too much focused on promoting your personal brand,
and that's distracted you from articulating a clear vision within the agency.
Do you worry about that?
Yeah.
you from articulating a clear vision within the agency. Do you worry about that? Yeah. I mean, that article, I think it quoted Jim Langevin, who came back on top. And so I'm sort of dismissive of
that one piece. But I think for the core point, you know, it's not about me, right? It's like
Ted Lasso. It's not the Lasso way it's never about me it's about you know the
richmond way it's the sisa way now sisa is a new agency that's been through a lot of stuff right
got our director fired um we had a pandemic you know we had an entire reorganization what i want
to do is be able to attract the best talent and then hold on to that talent as long as we can
so i get out there and
I talk about culture and I talk about mission and I talk about operations and I talk about what it's
like to work at CISA. And like, to be honest, Kara, notwithstanding what that article said,
over the last two years, we've hired 1,105 people. So that's a lot for a government agency.
Right. So I think we're doing pretty well. And I think, I guess the last thing
I'd say is, look, nobody's banging
on Nate Fick for getting out around the world and meeting with foreign partners. Right.
But you know, when a woman who has a tattoo and a nose
piercing and likes to wear the clothes that she likes to wear,
goes out there and is dealing with tech people, you know, it attracts, I think, attention.
Right.
There's an element of sexism involved, too, I think.
Oh, you think?
Yeah, I do.
You think that?
I think that.
What do you think?
Yes.
Yes.
Okay.
We'll be back in a minute.
Support for this show comes from Indeed.
If you need to hire, you may need Indeed.
Indeed is a matching and hiring platform with over 350 million global monthly visitors, according to
Indeed data, and a matching engine that helps you find quality candidates fast. Listeners of this
show can get a $75 sponsored job credit to get your jobs more visibility at indeed.com slash podcast.
Just go to indeed.com slash podcast right now and say you heard about Indeed on this podcast. Indeed.com
slash podcast. Terms and conditions apply. Need to hire? You need Indeed.
Thumbtack presents the ins and outs of caring for your home.
Out. Procrastination. Putting it off. Kicking the can down the road.
In. Plans and guides that make it
easy to get home projects done. Out, carpet in the bathroom. Like, why? In, knowing what to do,
when to do it, and who to hire. Start caring for your home with confidence. Download Thumbtack today.
Elections aren't the only critical infrastructure that you have to protect.
This happens every couple of years.
We have pipelines, government networks, millions of cell phones.
What keeps you up at night?
I mean, you know, I think we both read This Is How They Tell Me The World Ends.
Oh, yeah.
Nicole's fabulous.
Nicole's Pearl Roth's book.
After I read that, everything kept me up at night.
So what are you most nervous about?
I mean, look, so whatever, 35 years, counterterrorism, intel, cybersecurity.
As you might expect, I don't sleep very much as it is.
very much as it is. So I think what has been worrying me a lot lately, to be honest,
is what we're seeing with these incredible developments on artificial intelligence.
And I see it through the lens, right, of counterterrorism. You know, I believe in the power of technology. But I think it's a leader's job to be able to leverage the power of imagination and to avoid the failure of imagination.
And I think there's not enough of a healthy debate about how these tools can be used by very bad people who will operate them with impunity.
So I worry a lot about that.
And I look at it through the lens of, quite frankly, the short history of information technology is the history of unsafe technology. What do you think about like 1983 TCP,
IP? So you have, it was never meant for security, right? It was Dan Kaminsky, the internet was meant
to move pictures of cats, very good at moving pictures of cats. But you have internet with
viruses, you have software full of vulnerabilities, right? So you force the user to patch them.
You have social media that is full of disinformation and, quite frankly, separately causing real mental health issues that I worry about as I'm a mom.
And now we're hurtling in the world of AI.
So it's interesting.
I want to get to AI in a second, but you didn't mention, for example, the Colonial Pipeline cyber attack in 2021 or SolarWinds attack, which was one of the biggest cybersecurity attacks.
Where are we with those, the Colonial Pipeline and the SolarWinds?
Explain each of them for people who didn't understand and what the fallout. of a company that provides essentially, just to think of it as like sort of it provides software to a lot of different companies to help manage their networks.
Right.
And in December of 2020, it was revealed that there was Russian infiltration of SolarWind
that gave them a foothold in a variety of networks.
They're in the glue, essentially.
Yeah, inside the networks.
So essentially, this became a pretty big deal because this was during the transition.
In some ways, it hopefully helped set the agenda for this administration to put cybersecurity
as make it a top priority.
So actually, in some ways, it's never helpful to have a cyber incident,
but that helps set the agenda.
So Russian intrusions, essentially for espionage, it was getting into the supply chain, as you
said, so to have those impacts to steal data.
Then, as you mentioned, we had colonial pipelines.
So that was a ransomware attack by a Russian-affiliated cyber threat actor that essentially got into the information technology.
So think about part of your business in the Colonial Pipeline.
It did not get into the part of the pipeline that actually controls the flow of gasoline.
But there was a uncertainty. And so they shut that down.
And then, of course, you know, the gas was limited to the eastern seaboard. It caused a bit of a
panic. So these events, as well as others, there was Chinese exploitation of Microsoft Exchange
servers. There was the Kaseya hack. There was JBS Foods. So there was a series of events that occurred in 2021
that, again, really got the sense of urgency about what we needed to do to improve cybersecurity.
And it's interesting because it's a software supply chain attack, which I think people are
going to go, oh, what? Like, it's not like a hack that you think of a virus steal my credit card
kind of thing. But the increase has been massive over the last three years, according to a recent study. How do you even think about protecting ourselves when this
software, which is the glue of network, I don't know how else to explain it, it's glue, and they're
in the glue, and they're hiding in the glue. And these are attacks from the private sector
vulnerability, because we rely so much on the private sector, but it has implications for the
whole nation. How do you deal with that across multiple
industries then? Is it even possible because of the landscape we have?
I mean, I think you say the critical thing here. So a lot of what's common is the software.
You know, famously, software is eating the world. And like, frankly, we're all getting
food poisoning from it. So the issue goes back to the fact that we have normalized this acceptance of software that comes full of holes, full of flaws, full of vulnerabilities.
Right?
And so we've accepted it.
We've normalized it, which is why we think the only approach to sustainable cybersecurity, to getting ahead of these complex, dynamic, increasingly sophisticated cyber threats
is to move up the chain so that the software that we buy is much more secure. Secure by design,
secure by default. But you can't make them, right? You don't have an ability, a stick to make them
do it because they spend their own money to beef up cybersecurity. Why should they? Yeah. So a few things, right?
First of all, I have to assume that businesses care about the safety and security.
I want to assume that.
Please don't.
Care about the safety and security of their customers.
They do not.
What has...
Maybe one guy.
So let's assume they care about their customers and the safety of their customers.
At the end of the day, what has been missing is a clear signal. Consumers actually don't know what
to ask for. They're like, okay, I'm going to sign this user agreement. I'll just press approve
because I can't turn my phone on. And essentially what that is saying is you accept all liability
for everything that will go wrong for this device. So we've been forced in a
place where the users have all the security placed upon us, and we just assume that that's normal.
So part of what we're trying to do is to move the Overton window so now you have not this
normalization of software that's unsafe, but actually software that's created secure by
design, secure by default. This is what you call, let me just say, you wrote in Foreign Affairs magazine,
and the quote is, under this new model, cybersecurity would ultimately be
the responsibility of every CEO and every board.
How do we get here?
Because I haven't seen them concerned about safety of anything so far.
Okay, first of all, it's not easy.
Their own yachts, they're very concerned about their own security.
Okay, so 1965, Ralph Nader wrote the book, Unsafe at Any Speed.
Yes.
It was until 1983 that we got seatbelt legislation, right?
I don't think we have that long to wait to move us from unsafe at any CPU speed to a place where technology products are, in fact, safe.
So what are we trying to do?
Well, we're working with technology companies to ensure that they understand what we think safe products are, what is secure by design, meaning tested, developed, such that you reduce the number of vulnerabilities and flaws that can be exploited by malicious threat actors.
So now we can actually move to safer code.
There are things that we can do.
So that's one thing.
oh, there are things that we can do.
So that's one thing.
And we're calling for radical transparency so that we understand what's your roadmap to memory safe?
What's your roadmap to enterprise
multi-factor authentication?
What's your roadmap to going passwordless
so I don't have to teach my 90-year-old mom
how to enable multi-factor, two-factor authentication?
So that's a piece of it.
And by the way, we're having very good conversations
with the tech companies on this.
So I'm not saying this
is going to happen next year. Sure. But I think we can start to nudge if we show what the clear
market signal is from the producers to the consumers. And we continue to use our platform
to get there. And it's got to be a global platform. And the product that we put out in April,
we had six countries with us on it, the FBI, NSA. And again, we're working with industry
on this, who I think gets it. But it's hard because there's never been any regulation of
technology. No, never, never been it. And also going back to SolarWinds, CISA has said the
federal government has managed to evict the Russian hackers out of American markets. Others
say perhaps not. I'm not sure we can be sure that we booted them out at all.
You know, they were in these vulnerable systems, and they could be hiding there for as long as they need to.
Yeah, I agree with you.
I mean, we live in a world where the products that we have are not secure by design or secure by default.
And quite frankly, it is super hard to prevent bad things from happening. What we need to do is to
assume that disruptions will occur and then build the processes and the networks so that we prepare
for those disruptions. We have to be able to do that so that we can reduce risk to the American
people. Are these Russians out of the networks? Did you just say that they are not? We did everything we could to ensure that these networks were remediated, but nation-state actors can burrow in to spaces and can be very difficult to find.
So can I say with 100% certainty that there's not nation-state actors lurking in our infrastructure?
No, which is why, again, we need state for software. We need CEOs and boards that treat corporate cyber responsibility as a matter of good governance.
And that we all recognize, like, this ain't something the government's going to solve
or that industry can solve.
We have to work together in what we call persistent operational collaboration.
You know, I've always felt there was the distrust between government and technology
companies came from the Snowden revolutions.
You know, at the time I covered them.
And they were surprised, I have to say.
And I was surprised they were surprised.
They were like, can you believe this?
I'm like, uh-huh.
Yeah, I can.
I remember them feeling betrayed, many of them.
I always thought they were naive, actually, at the time, which was interesting.
actually, which was interesting. By the way, so 10 years on, which is interesting from Snowden,
I think the landscape has changed markedly. I think that even just over the last couple of years, some of it because of these high profile hacks like SolarWinds and Colonial Pipeline,
I have seen industry and government come together in a pretty productive way. You remember Log4J?
That was the software vulnerability in December of 2021.
Pretty catastrophic vulnerability.
That was a place where industry came together, government, fantastic researchers to enable us to really urgently mitigate threats from this software vulnerability.
And I think even the Russia campaign, our Shields Up campaign, where we work with industry
to help them mitigate threats from Russia.
Well, there's certainly none denial anymore.
But one of the things is actual citizens and Americans understanding the threat.
It's very hard because they have accepted all these free maps and dating services and everything else, which I call them cheap dates.
But do you think that they understand the vulnerabilities?
Because there are so many points of failure, including individuals.
You've said we can't just PSA our way out of this.
It can't be this is your brain on drugs, this is your brain on cyber.
Should there be a national program to educate citizens?
And what should they be listening to
in order to understand it
besides getting hacked someday?
Is that your recommendation?
This is your brains on cyber.
No, you moms,
don't tell people
your social security number
is my PSA,
which recently happened.
Yeah, we're looking at,
we're actually launching
a PSA campaign.
You know, one of the...
Even though you said
you can't PSA your way out of it?
Look, one of the recommendations,
which we're not going to take, was cybersecurity, fuck yeah.
What?
To get people excited about cybersecurity.
But that's not it.
No.
So you can't PSA your way out of the strategic issue, but that doesn't mean explaining good cyber.
It doesn't mean good cyber hygiene goes away.
We obviously have an individual and a business responsibility.
What we're saying is all the responsibility can't be on you and on a small business.
Never should have been.
Exactly.
I mean, technology companies should bear the biggest part of that burden.
And that's what we're saying. So what we're trying to do is what are the very simple steps that people need to do to keep ourselves, our families safe?
And it's not rocket science at the end of the day.
Look, it's four things that people can do that doesn't take a computer science degree.
First and foremost, enable multi-factor authentication.
Yeah, that just trips off the tongue.
I know.
I know.
It's terrible.
We create these words.
That's why I like the—do you like music? More than a feeling?
Not much, but go ahead.
All right, fine. It's like more than a feeling, more than a password.
Okay.
So it's a whole idea. It's just more than a password, right?
Yeah.
But the good news is actually a lot of companies are going passwordless. So you won't have to, you know, you can do a thumbprint or your face recognition. So you don't have to remember all of those different passwords, but you can get a password keeper, which makes things easier. You update your software,
which we'll hopefully have to do less of if software producers produce better software.
The whole phishing email thing, you need to have people be aware of malicious links.
Those are the basics. I think most people fail at them almost constantly, unfortunately.
You made an analogy about cyber threats from Russia and China.
As you said, Russia is the hurricane and China is climate change.
Can you explain what you meant by that?
I mean, we worry all the time.
Russia's talented in terms of their cyber capabilities,
but the real formidable adversary,
the ones putting the most resources and capabilities into this, is China.
And we put out a cybersecurity advisory,
I think it was last week or the week before,
that talked about Chinese intrusions into critical infrastructure
and what companies and businesses need to do to look for those
intrusions.
Essentially, it was a technique called living off the land, which is using the processes
that are native to your computer to actually hijack them so that you can burrow in there.
And it could be burrowing in for espionage, but some of the targets we're seeing are not about espionage, but about potentially disrupting and destroying our critical infrastructure.
You know, there's a document that comes out every year that very few people read, but it's incredibly important.
It's the Intel Community's Annual Threat Assessment.
Everybody should go to the part on China cyber where it says that in the event of a conflict, which we know
is potential given what's happening in Taiwan and the straits there, China is almost certainly going
to launch aggressive cyber operations against our critical infrastructure, pipelines, rail
transportation, to delay military deployment and to induce societal panic. And if you saw the
reaction to colonial pipeline or the reaction to the high-altitude balloon,
you see that inducing societal panic ain't going to be that difficult.
And we need to be prepared for it.
So speaking of China, TikTok, obviously, you said you support a total ban.
I have asked this of senators, several senators.
Do you approve that TikTok is a threat to national security?
You kind of have to show your cards on that, from my perspective.
Or do you support based on a theoretical threat that any Chinese-based social media company
that's wildly popular in this country is there for surveillance and propaganda? I think I believe
that myself, but do you need to prove it? No, I mean, I don't think you need to prove it. Certainly, we have a lot of evidence of the threat from, and just to be very clear, I am not worried about TikTok as a cybersecurity threat. I'm worried about the massive amount of data that will be available to the Chinese government because of the ways their laws are structured and that data can be used for all kinds of purposes to include
targeted influence operations, right? And so that is one reason why TikTok is not on government
devices. And I know there's discussions about potential bans. I think it would be very difficult
in practice to make those bans work. But by the way, when you talk about TikTok, you have to talk about the enshitification
of TikTok because that's such a great word in Cory Doctorow's article, which basically
says platforms will die, but even though they won't be of value to customers anymore, people
will be addicted and they'll use them.
So the things I worry about TikTok is the same thing in social media, is just the effect
it's having on our kids and people generally.
And I worry, frankly, that this becomes the shiny object.
TikTok is a very tactical issue.
We need to be focused much more broadly on Chinese technology that can be used to give them a foothold for disruption and destruction.
That's where the focus needs to be.
I agree. It's a shiny object.
I agree.
But let's move on to something bigger, AI.
You've said AI is the most powerful technology of the century,
and you worry about the incentives to maximize profit to build better AI.
What are your biggest AI, as you said, related cybersecurity concerns?
You mentioned the ability to flood the zone with information, confusion.
Anything else that's important from your perspective?
Well, we've talked about technology, product safety.
AI is just another flavor of that.
And I don't think looking at the Internet, looking at software, looking at social media,
we should expect that AI is going to be safe as it is designed.
So just sort of that as a thesis, right?
Let's just assume.
Yes, they're in a mad rush.
Right, right.
For profits.
And, you know, there is a bunch of different things to be concerned about.
I would start with the uncertainty.
What do we know about these capabilities and how they can be used both for good but also for evil.
I mean, you have to look at that lens.
I think it's irresponsible to only say AI can save the world and do all these great things
and not to imagine that they can also be used by terrorists, by rogue nations to do a whole range of bad things.
Although many of them have talked about the end of civilization.
The people that are making it are worried.
And obviously you mentioned Jeff Hinton,
but even Sam Altman put out a statement saying this is very problematic for humanity.
But Marc Andreessen, a very famous guy who was part of the Netscape browser,
an important technology leader,
just published a long post where he says AI will save the world.
He says that the, quote,
public conversation about AI is presently shot through with hysterical fear and paranoia. What's your response?
I will respond first, as usual. Yes, please, you respond first.
Mark is thinking of Mark, and Mark never does anything wrong, and he's moved on from Facebook.
And let me just read this quote. The greatest risk of AI is that China wins global dominance and that we, the United States and the West, do not.
I recently had Tristan Harris on.
He thinks the AI arms race will actually foster AI adoption by China.
So tell me what your thoughts are.
Let me just hit three points here. So let's go back to your point about some of the industry executives saying that they're
worried, right? At the end of the day, we've heard a bunch of perplexing things. First, we've heard
cases being made to include Congress and the need for regulation. We've also heard that government
doesn't know how to do this. Industry has to regulate. But at the end of the day, you know,
that makes no sense because businesses are built to maximize profits for shareholders. They're not
built for security. So I really don't get that. We've heard issues with the EU AI Act so that
people want to pull out of Europe and then there was a reversal on that. But the EU AI Act, the
schema in there is not too different from the AI risk management framework that was
put out by Commerce's NIST, National Institute for Science and Technology. And so I think the
only difference is that the EUAI Act has teeth. So I don't totally understand that. And then you
alluded to this statement, 22 words, right? Mitigating the risk of extinction from AI needs to be a global priority on the scale of societal risks like pandemics and nuclear war.
22 words that I think to be somewhat uncharitable is an exquisite exercise in risk transference.
Here are my 22 words.
And what are we going to do about it?
I mean, if you actually think it can lead to the extinction of humanity,
maybe we could come together in self-regulation.
Maybe we could pause.
Maybe we could slow down and don't put all the burden on governments
to put regulation in place but say, I don't like that regulation.
We're going to keep on just hurtling forward as Marc Andreessen would want us to do
without really thinking about the implications of that.
So just sort of one piece.
The second, I think people feel like any regulation can crush innovation at the end of the day.
Sure, that's their argument.
And so, but we've seen like emission standards lead to electric cars.
We've seen accessibility have the cut-curbed effect where you can use accessibility for a bunch of different things.
You've seen financial regulation lead to fraud detection and to secure payments, right?
So regulation done the right way can spur innovation.
Sure can.
You can accept that.
And the last thing, China, right?
There's a lot of fear-mongering going on on China.
And I just think we need to step back and have a more reasoned conversation about this. There was a really good piece in Foreign Affairs from Helen Toner from Georgetown's Center for Security and Emerging Technology and two of our colleagues basically talked about, you know, China is actually not hurtling into this space. Their LLMs are less advanced than ours. They're actually fast followers. So if we
slow down a little bit, they'll need to slow down. Also, their macroeconomic conditions, investment,
what they have going on with semiconductors, they're actually behind. And frankly,
that may become more behind. And what they're ahead on is regulation. And they are putting
very strict rules in place that govern how you test, how you develop, and how you generate content so it aligns with socialist core values.
And frankly, it's not a model that lends itself to large language models which scrape the web for data.
You know, the trope is you can't count to 10 in Chinese AI capabilities because it includes 8-9 in the year of Tiananmen Square.
Yeah.
So I think this is a bit overblown that if we don't race ahead.
No, no, I do.
I think technologists are hysterical about how China is going to beat us
and then not hysterical enough about the threats.
I think we need to have a much more reasoned debate about this.
Mark, stop being hysterical about China.
Let me ask, regulation, what would you like to see?
What about AI?
I mean, I think, you know, the EU is way ahead, as they've been ahead in many things, to include
privacy regulation. I think if people have a lot of concerns with the EU AI Act, I think there
should be some discussion about maybe how you can take what is good about that. This would be a really good
opportunity for us to actually have a conversation with China. Maybe we think about, you know,
air is going to be the most powerful capability. It's also going to be the most powerful weapon.
And governments need to figure out how we are going to control the capabilities that can be
weaponized. At least on killer robots. At least killer robots, we can agree. Maybe we can agree on that. Maybe we cannot. I'm not a fan of killer robots. I know,
but maybe. There are things we can agree on. We've agreed on many others. The problem is like we've
become such a short-term society. Part of that is just the technology itself. But, you know,
I'm reading this great book by a classmate of mine from Oxford. It's called The Good Ancestor.
And essentially the argument is we need to look at what is going to be inherited by seven
generations from now. What are we creating? What's the earth we're creating? What's the
capabilities that we're creating? And stop thinking about, you know, the next week, the next quarter,
the next election. It's really hard to do, but quite frankly, we need to do it or else we're
not going to leave the world we want to leave for our kids and our grandkids.
We're leaving them a lot of plastic.
One-use plastic.
That's what we're leaving them.
Okay, last question.
If you could wave a magic wand and fix one cyber threat, what's the most consequential thing you do?
Increase cybersecurity for all power generation companies?
Eliminate Russian hackers?
Pause AI?
Pick one.
I would.
I know you hate the word, and I do too.
So we should call it something different.
Okay.
I know you hate the word, and I do too, so we should call it something different.
No, I think we should enable multi-factor authentication in all of our systems.
Anything that holds sensitive data, we should enable multi-factor authentication at enterprises because at the end of the day, the studies show that is the thing that drives down risk.
Lock doors.
Better than anything.
Yeah, it's locking the doors and double bolting them.
So it's like a technical answer,
which people are not going to love,
but quite frankly, it's the best thing we can do.
All right, everybody, multi-factor authentication.
And I would take anyone who comes up with a better thing to call it.
I wonder if Marc Andreessen does multi-factor authentication.
I'm sure he does.
Probably has one of his books.
I would hope so.
Please multi-factor authenticate me or something like that. Anyway, thank you so much. My pleasure.
Multi-factor authentication is so sexy. I know. They should add it to a dating apps,
you know, like I'm looking for a man with multi-factor authentication. Yeah,
yeah, I guess. I tell you a lot about a looking for a man with multi-factor authentication. Yeah, yeah, I guess.
I tell you a lot about a person.
I have everything multi-factor authenticated, but I cannot get my mom to use it or anyone who's even slightly.
I mean, it's hard for people who are smart about it to use these things.
But she's right.
But honestly, can they not come up with something better?
There shouldn't be one guy in your office who clicks on a stupid link, a phishing link, and then you're all fucked.
who clicks on a stupid link, a phishing link, and then you're all fucked.
So as we discussed before the interview, we were super curious how Easterly was going to thread that needle of questioning around the election deniers, secretaries of state, and kind of
ensuring that they have access to CISA services and they play nice with CISA. And she played a
very bipartisan and buttoned up. Yeah, they're great.
She had to. She had to. I mean, I think on the field,
it's a little more complex. We hear from the noisiest people.
We have to listen endlessly to that, you know, that yammering Carrie Lake.
To the eight states.
Yeah, exactly.
And I think in most states, most people, the people who are loudest get the most attention.
And in practice, they tend to be, once you get near them, they tend to be a lot more cooperative.
But she definitely didn't want to, like, slap around the election deniers very much. Irrespective of what
they do, her job is to kind of ensure there's this open door for states to benefit from the
infrastructure, from the security that they're providing and to not isolate them. There's
probably something to be learned from that. Sure is. That's why I'd never be an election official.
The most interesting thing for me, though, was when she mentioned that they don't work with social media companies. It's not even worth the
look of suppression. Yeah, that makes sense, actually, for that particular agency. There's
other agencies, you know, in Congress dealing with the social media companies. But I think it's best
if she looks as nonpartisan as possible. She really is the personification that having worked
for Condoleezza Rice, who very few people can argue isn't conservative and Republican, et cetera, to the Biden administration.
So she's really got to look like I'm here to help you do a better job.
And let's let the chips fall where they may in terms of the election.
But I'm here to make sure they're secure.
And I think that's probably the best thing.
And not even look like, but be like.
I found that kind of concerning.
I asked you to push back on that.
It doesn't give the conspiracists too much power in some way. I like that she pushed back with the kind of
shade to Twitter's attorneys. And I really appreciated her. I'm not going to back the
fuck down because of conspiracy theorists. I'm a combat veteran. Yeah, exactly. I love when she
pulls out the... I can use an AK-47, so just be careful. I know how to take a man down with one
touch, that kind of thing. I mean, obviously there how to take a man down with one touch.
You know, that kind of thing.
I mean, obviously, there's not much you can do in this country.
But in countries like Brazil, you see they are able to come out and the government's able to come out and block extremist content on both ends.
Yeah, it would be nice if 90 days before the election, all the social media companies would shut the fuck up.
They should do that like they do in other countries.
Or in France, you only have like three weeks of campaigning.
I mean, not just the social media companies, the airwaves, everything. Like, can we just reduce the pork
barrel of our politics a little bit? That would be nice. No, we cannot. No. You said something
very interesting I wanted to pick up on. You said the distrust between government and tech companies
you've always thought comes from the Snowden revelations. Say more. Look, tech companies
and government have worked together for decades and decades and decades and decades. Like, it's
not, this is not a new fresh relationship.
And so there's always been a cooperative thing.
And then, of course, subpoenas to get certain information.
And as more information has grown online, that's where the subpoenas come from.
We all understand that.
But I think with Snowden, I was there and covered it for Recode.
And they were very surprised the extent of what the government was doing um in terms of
spying and i was surprised they were not everybody of course but i think a lot of them were were very
much we're helping you and you're doing this you're spying on us too and uh and the manner
in which they spied and um you know i thought i just remember it being, them being very exercised and distrustful of government during that period.
And they cooperate today behind the scenes in ways we probably don't, we'd be surprised about.
And they're also, I mean, the government's a huge customer for them.
Yes, that's true.
So their skepticism is interesting.
I always thought it was something uniquely American, not endemic to the tech sector.
The tech sector was a little bit of an outlier in the collaboration.
But something around the creation of this country, like people, most of us have come here as immigrants, maybe persecuted by a government.
And there is a distrust of government and a kind of make your own mentality that leads to that distrust.
Well, I don't know, maybe.
distrust. Well, I don't know. Maybe. Right now, there's more of a prevalence. The Elon Musk crowd sort of hates government, even as they benefit from it extensively, whether it's Palantir or
space stuff or whatever. But they always manage to put up deep state kind of ideas around the
government. Well, it serves people. It serves capitalists to undermine and neuter government.
I mean, that's one of the things. Well, they've done a great job.
Oh, yeah. That's the thing.
100%.
But you guys, you and Jen had kind of flipped skepticism. She had more bullishness about
private companies wanting to protect the privacy and security. You said they only
care about securing their yachts.
Yes, that's correct.
And you were more bullish about the AI founders, and you cut them some slack for recognizing the
dangers up to extinction, which she kind of replied, what will they do about it? I tend to agree with her on that.
Yes, that's true. But the original inner people, it was all diamonds and roses and daffodils,
and it never was, this could kill humanity. And I get that it could be just a flex or virtue
signaling or whatever, but no one ever said it publicly. And so I get that they could try to
neuter some of these efforts.
But I think everyone's aware that this time we have to get it right.
As two of your favorite words.
What?
Low bar.
Low bar, that's true.
All right, well, let's do a test before we leave.
Okay, all right.
What are the four things she had wanted people to do?
Oh, God.
Two-factor authentication, multi-factor, whatever.
It's two-factor, really.
Oh, change your password or get a password manager.
I guess don't click on stupid things, you idiots.
Yeah, beware of malicious phishing.
And I don't know the fourth one.
Update your software.
Update your software.
Which you just did.
Yeah, I did.
I did, indeed.
So that's good tech advice from Jen Easterly.
And we, speaking of advice, are doing a special advice episode of On.
So if you want our tips on anything, career, tech, relationships, fashion.
Just Aztec stuff. That would be good for me.
Anyway, the number is 1-888-CARA-PLEASE, PLZ.
And we will talk about anything you want.
We like to do these shows and we love to hear from our listeners at all times and always with great questions. So again, call 1-888-KARA-PLEASE-PLZ.
All right. Want to read us out?
Yes. Today's show was produced by Naima Raza, Blake Nishik, Christian Castro-Rossell,
Megan Burney, and Megan Cunane. Special thanks to Andrea Lopez Cruzado. Our engineers are Fernando Arruda and Rick Kwan.
Our theme music is by Trackademics.
If you're already following the show,
you get a star in the SysA PSA.
If not, you have to be Mark Andreessen's minion.
Go wherever you listen to podcasts,
search for On with Kara Swisher and hit follow.
Thanks for listening to On with Kara Swisher
from New York Magazine,
the Vox Media Podcast Network, and us. We'll be back on Thursday with more.
Food insecurity still affects millions of individuals around the globe,
and Nestle, a global leader in nutrition, health, and wellness,
understands the importance of working together to create lasting change.
Nestle's partnerships extend beyond just financial support.
From building urban hoop houses to producing custom seasoning for food banks, Nestle and their partners actively engage with local communities, listening to their needs, and working together to find innovative solutions.
Nestle is committed to helping support thriving, resilient communities today and for generations to come.
Together, we can help to build stronger, healthier communities.
Learn more at Nestle.com.
Autograph Collection Hotels
offer over 300 independent hotels around the world, each exactly like nothing else.
Hand-selected for their inherent craft, each hotel tells its own unique story through distinctive design and immersive experiences,
from medieval falconry to volcanic wine tasting.
Autograph Collection is part of the Marriott Bonvoy portfolio of over 30 hotel brands around the world.
Find the unforgettable at AutographCollection.com.