The Wolf Of All Streets - Ed Felten, Former Deputy CTO of the USA and CEO of OffChain Labs on Contact Tracing And Privacy, Election Hacking and Russia, The Future of Smart Contracts, the Best Use Cases for Blockchain and More
Episode Date: April 21, 2020Ed Felten, Former Chief Technologist of the FTC and Deputy CTO of the USA and Scott Melker discuss contact tracing and its privacy implications, the proper role of government in COVID-19, the post vir...us "new normal," election hacking and why blockchain is not a voting solution, the best use cases for blockchain, the future of smart contracts, what's up with Libra, why the US no longer has the same lead as a technological hub and how crypto can function as money in the future. --- ROUNDLYX RoundlyX allows you to dollar-cost-average into crypto with our spare change "Roundup" investing tool, manage multiple crypto exchange accounts in one dashboard and access curated digital asset content and services. Visit RoundlyX and use promo code "WOLF" to learn more about accumulating your favorite digital assets when making everyday purchases and earn $4 in free Bitcoin. --- VOYAGER This episode is brought to you by Voyager, your new favorite crypto broker. Trade crypto fast and commission-free the easy way. Earn up to 6% interest on top coins with no lockups and no limits. Download the Voyager app and use code “SCOTT25” to get $25 in free Bitcoin when you create your account --- If you enjoyed this conversation, share it with your colleagues & friends, rate, review, and subscribe.This podcast is presented by BlockWorks Group. For exclusive content and events that provide insights into the crypto and blockchain space, visit them at: https://www.blockworksgroup.io
Transcript
Discussion (0)
What's up, everybody? This is your host, Scott Melker, and you're listening to the Wolf of All Streets podcast.
Every week, I'm talking to your favorite personalities from the worlds of Bitcoin, finance, trading, art, music, sports, politics, and basically anyone else with an interesting story to tell.
So sit down, strap in, and get ready, because we're going deep.
Let's go.
I'd like to thank my sponsors, Round the X and Voyager, for making today's episode possible.
We'll hear much more about them later on in the episode.
This podcast is powered by BlockWorks Group, the only events and podcast production company I trust.
For access to the premier digital asset conferences and in-depth podcast content, visit them at blockworksgroup.io.
I promise you will not be disappointed.
Today's guest is a professor of
computer science and public affairs at Princeton University, where he's the director of their
Center for Information Technology Policy. He's a former chief technologist for the Federal Trade
Commission and was a deputy U.S. chief technology officer during the Obama administration. Yes,
you heard that right. He was the deputy CTO of the entire United States of America. He has a
seemingly endless laundry list of accomplishments from early work on the MP3
to exposing weaknesses in voting machines, all of which have led him to his new venture,
Off-Chain Labs, which I think we'll all find very interesting because it's a company working
to make smart contracts cheaper, faster, and more scalable.
He's an expert on blockchain technology and cryptocurrency and the perfect guest to answer
the questions we all have about crypto's place in the new world. I would love to welcome Ed Felton to the show. Thank you
so much for being here. Sure. Thanks for having me on. First, I have to be transparent and say
that I'm your bitter rival as a University of Pennsylvania graduate, but I hope we can
get past it and have a constructive conversation. Sure. So there are a lot of hot button issues
that you're well versed in, but I would like to start with perhaps the most relevant at the moment, which is contact tracing.
Can you discuss the importance of contact tracing in fighting COVID-19 and also its implications for our privacy?
Sure. So right now we're in a mode where the disease is, where COVID is pretty widespread and everyone is, a lot of people are locked down.
So this is working.
The disease will, the curve will bend downward.
The disease will start to recede.
And then we have the difficult problem of how we can start opening things back up so
that people can start going out, start working more.
But we don't just have a resurgence of the disease
and yo-yo back and forth between lockdown and open. So, we need a way to manage it
while we gradually open. And that involves a bunch of different tactics, including a lot of testing.
But one of the important tactics is contact tracing. So, the idea is that if a person
tests positive for the disease,
then everybody who they were in close contact with during a recent time while they were contagious is at risk of the disease. So you want to let those people know, and you want to
advise them in some cases that they should try to self-quarantine if they can do that safely.
So you want to know who, when a person tests
positive, you want to know who was close to them recently. And so one thing to do is the traditional
way is you just ask them, where did you go? Who did you recognize that was there? And then
somebody calls those people on the phone. But people are moving toward augmenting that with
a technology approach. So the idea is everybody
might have an app on their phone, and those apps would figure out who's been near them.
Let's say if you and I are physically near each other for some period of time,
our phones would chatter perhaps over Bluetooth, and they would record the fact that they had an
encounter with some other person,
maybe without knowing who it was. Then if, God forbid, one of us tested positive,
we could consent to upload the information about the encounters we had to some public server.
And that would let other people's phones download those records and compare against what they see.
So if you and I did get near each other and one of us tested positive, the other one would
be able to see, oh, I had an encounter with some person, I don't know who, at the Starbucks
last Tuesday afternoon who has tested positive.
And then, you know, you would know about that.
So, the advantage of doing this with technology instead of the old-fashioned manual
approach is that, first of all, your technology knows exactly when you were there, right? You
might remember it was around 2.30 in the afternoon, but your technology knows exactly when you came in,
exactly when you left. The other thing is that you might remember if you saw somebody you recognized
there, but a lot of people in the
place might be strangers. And after the fact, if somebody just asks you, you don't know who they
are. And technology can help you figure out when two people who are strangers were actually near
each other in the past. So that's one of the things you can do to try to help manage the disease.
But of course, you know, it implicates privacy because people are carrying around these
smartphones which are now chirping out identifiers and so on so i've been spending a lot of time
looking at the pros and cons of these things how well do they work what are the privacy risks and
what can we do to actually sort of manage this well and and what is somewhat the answer to that
because i obviously touched on it, everybody's afraid
of this violation of their privacy, especially in American culture, where we're much more concerned
with those things. It's been somewhat proven by looking at China and South Korea, that they're
much more open to allowing their government that sort of access to their location and to their
data. But Americans are very protective of that. So, you know, how do we reconcile those things?
Well, so in the U.S. and in Europe, if we have apps to do this,
they will probably just notify the individuals that they were exposed
rather than notifying the government.
That's the first thing.
Realistically, that is what has a hope of being adopted here in the U.S. or in Europe,
generally in the West. But that's still useful, of course, to tell you or tell me if we have been
exposed and how many times. Public officials already find out about people who are infected.
There's mandatory reporting, and they will come to you and ask you where you've
been and so on if you should be infected, and you have to answer. So it's really about protecting
the privacy of the people who are not positive for the disease. And also, and by the way, privacy is
not just a nice to have here. Privacy is actually really critical to the system being successful
because any system like this is going to be opt-in, right? Or at least it's going to be
optional that you have the choice of using it or not using it, of turning it on.
And even if you're forced to download a contact tracing app, there are pretty easy ways to evade
using it, like just leaving your phone at home. Of course. If you don't want to, right?
And so for this thing to be effective, people have to actually choose to use it.
And so given that, given that the effectiveness of it depends on adoption,
privacy is not just like a preference or a nice to have.
It's actually one of the keys to making a system successful is making it safe enough for people and communicating clearly enough to them why it's relatively safe that they will adopt it.
And if you do that, then you get enough adoption to make the system actually move the needle in terms of the spread of the disease. That's interesting. And it's always made me wonder when I've been looking at the contact
tracing, how much do they know about where we're moving because of the very fact that we even own
a smartphone or that we have an Alexa in our house and are sharing all of the information with it
anyway? Is there really added risk to simply a contact tracing app that, you know,
accesses our Bluetooth versus even just walking
around with a phone in the first place? Well, there is some. If you walk around with a phone,
there will be probably several companies that know where you go and when. That information
is in the databases, right? But if you go to the Starbucks, let's say, the other customers at the
Starbucks don't get the ability to identify
you or learn anything about you because of the, because of the, of the location services on your
phone. On the other hand, if you and I were to have lunch, let's say, and, you know, we know
who the other person is, and our phones record the fact that we had lunch together.
Then if one of us were to test positive and report that, the other one would know not only that they were exposed, but who it was.
So the privacy risks about these contact tracing apps are really risks about the information that the app might leak to other users of the app. Whereas when we're talking
about the normal risks of around location services, they're about the risk of leaking
information to some big company. And of course, people might also worry about leaking data to
the government in various ways. So it's kind of a different kind of privacy exposure that you bring
in. And that opens you up to various kinds of manipulation and bad behavior that can happen.
There's sort of emerging literature now about what are some of the nasty things that malicious
people might try to do if a system like this is widely deployed?
And what are the things you can do in designing this system to try to protect people against
those risks?
On a wider view, what do you believe the government's role should be in general with regards to COVID-19?
We obviously have the debate whether we should have a national lockdown or whether it should be up to the state governments and the way that that's been handled and should be handled in the future.
How much should the government be involved
in these decisions for us?
Yeah, well, so, I mean, just as a matter of law
and as a matter of tradition,
state governments have the strongest legal rights
to order restrictions on people's movements and behavior.
It's really well established in the law
that a person who has a highly infectious disease
during a time of outbreak can have their movements controlled, right? Those are people who have the
disease. Other people, governments still have pretty broad, state governments in the U.S. still
have pretty broad authority to restrict what they can do. So, I sort of think of the federal role
with respect to things like a lockdown or movement as being
advisory. The state governments have much stronger rights to compel people. But even if the state
says, okay, everybody, go ahead and go where you want, individual people will still also just
govern their own behavior, right? If you and I
don't think it's safe to go out, then we're going to go out less. And we saw this, for example,
in the UK. Before the UK government issued any orders about lockdown or not going out in public,
there was a drastic drop in the number of people who went to sports events and theaters or any
kind of public gathering because members of the public were deciding for themselves that they wanted to limit their exposure. The UK was crazy because
they were, initially, their approach was going to be herd immunity. And I think the cross-messaging
was very confusing, probably, from their government. So that's a really good example.
Yeah, it sort of was. The government said, you know, people just do what you're going to do,
but people themselves were making decisions.
So I think it's not just a matter of what the government says to do.
It's also a matter of whether people feel safe.
And one of the interesting aspects of this particular outbreak is that there's a lot
of information available online to the public about the prevalence of the disease.
There's a lot of information about where people go. You know, Google's publishing information about how many fewer trips people are making to
the supermarket or the pharmacy or public parks than in a state-by-state or county-by-county level.
So, we really have a lot of information, and we're seeing members of the public making decisions for
themselves about how to change their behavior. So it's a really complicated dynamic and not just sort of open or closed and not really just up to
any one level of government. That makes sense. So outside of Zoom, which we're using right now,
and similar things, are there any specific technologies that you're interested in that
you see emerging to help make life in isolation more palatable if it continues like this? Yeah. I mean, we're seeing a bunch of things happen. Some of it is not so much...
Technologies are playing an important role, but some of the stuff is non-technological.
We're seeing changes in social practices, people having social events online and new
kinds of social events. We're seeing entertainment venues that are streaming
various types of content or trying to try new business models. So, we're seeing a lot of
innovation. We're also seeing some social innovation as some sorts of businesses try
to stay open. So, in my area, for example, some of the restaurants have set up programs where you can donate to the restaurant and they will then make meals and deliver them to health care workers and first responders and so on.
And so this is a way to support the people who are on the front lines and taking risks for all of us.
And at the same time, trying to keep your local food ecosystem going.
So, you know, people are innovating in those ways, probably more so than technologically.
But of course, there's a ton of technology work going on to try to change important systems.
So there's a lot of stress on, say, unemployment insurance systems.
And you saw that here in New Jersey, this call to go out for COBOL programmers, right?
COBOL hasn't been a leading computer programming language since maybe the 1960s.
Wow.
And yet the state's unemployment insurance system apparently runs in COBOL.
And so if they need to scale that up, they need to add new functionality
to support the new, you know, stimulus programs and so on that run through those systems.
You're seeing it in things like voting, as well, where states and counties are working to figure
out how they can conduct elections without anybody coming to the polling place or with like way more people voting by mail than
ever before. So lots of tech challenges in government to adapt to these changes, because
we don't know how long we're going to be in this mode where people are trying to minimize their
public contact. It could be it could be two years, not two years locked down in our homes, but maybe two years of things being, say, halfway back to normal.
Restaurants with people sitting 10 feet away and movie theaters with every sixth seat and things like that.
Right. Social distancing and many more restaurants operating in a takeout only or takeout mostly mode. Yeah, public transport being with people spaced out to
say a third of the normal load, many, many more businesses doing work from home if they can.
Yeah, so we're not going to be back to the previous normal probably for quite a long time.
Yeah, I think I definitely expect a new normal for many, many years. And, you know, people who are at risk are still going to remain almost in this state of quarantine and isolation for a very long time.
So a large percentage of the population, even if everybody else tries to go about their business, is going to really be stuck, I think.
Yeah, and I think everyone will be making changes kind of at the margin.
You just hesitate a little bit more to go to that,
you know, crowded party to go to a crowded venue. You'll stay home more, you will take fewer
business trips. You know, I think everyone will adapt until we have widespread vaccination.
I agree.
And that'll happen eventually, but it'll be a while.
Yeah. So you touched on this before.
We constantly hear from the current administration, certainly, about the pervasiveness of voter
fraud, the purported dangers of mail-in voted, and the other supposed issues.
On more than one occasion, you've actually exposed the weaknesses in voting machines
in the past, correct?
So can you first tell us about those experiences and then perhaps share your thoughts on how
difficult it would be to digitize voting and move beyond this arcane system?
Back after the 2000 election, the 2000 presidential election, you know, if if you recall, was an incredibly close election decided by a few hundred votes in Florida.
I'm a Floridian, so I recall it well.
So and after that, there was a push to try to upgrade and improve voting systems after the sort of chaos that happened in Florida with punch card ballots and and so on.
And one of the things that happened was a real push toward more computerization of the voting process itself. And that led to some real risks. One of the hardest things in
elections is how you make sure that the votes that you count are the same votes that the voters cast.
So the traditional way of doing that, if you have paper ballots, is you have a ballot box that sits
on the table in the middle of the room with everybody watching. And at the beginning of the
day, you open up the ballot box, everyone can inspect it and see that it's empty.
And then you just watch and make sure every voter puts one piece of paper in there.
At the end of the day, you lock it up or you dump out those ballots on the table and hand count them
in front of everybody, right? That works really well. But if you were to just like have a, say a tablet,
an iPad on the table with voting software and the voter just pushes,
you know, buttons on the,
just touches the screen with their finger to record their votes.
You have this big problem, which is at the end of election day,
there's some bits in the memory of that iPad that says how the voters
supposedly cast their votes,
but you really don't have a way
of knowing whether that has any relationship to what the voters actually did, right? Because the
one thing we know about computer memory is it's just like really easy to change it.
And software inside that device can do almost anything. So my team in my lab at Princeton played a role early on in that conversation by looking at
real voting machines. We were the first to get in our lab an electronic voting machine that had
actually been used in a real election. It was the same kind of machine that was used at that time by
about 10% of US voters. And we took it
apart. And we sort of, we wrote a whole paper where we talked about what's inside this thing,
how does it work. And we also showed that it was relatively easy to modify it to change votes to
basically steal an election. And then we also showed and we built a voting machine virus that would spread from one voting machine to
another and steal an election. So and but we built one of these in our lab, you know, careful custody
of it. And we would do this demo, which I did on the Fox News and CNN morning shows, and I did in
testimony before Congress, where we held an election between George Washington and Benedict Arnold.
And no matter how the votes were cast, Benedict Arnold would always win.
This is so, I can see you laughing at George Washington versus Benedict Arnold.
But actually, we had this problem in talking about how to do a demo, which is you want to do a demo where everybody knows who's the good guy and who's the bad guy.
Absolutely. And you don't want it to have any, you don't want it to have any resonance with
current day politics. Of course. Right. And so we, you know, we scratched our heads for quite
a while. And then one of the grad students, Ari Feldman, had this brilliant idea of a George
Washington versus Benedict Arnold election.
And so, you know, we would let people vote and then we would count the votes and Benedict
Arnold would have, you know, 60% of the votes no matter what.
And of course, everybody knows they're supposed to vote for George Washington, but there's
like that one guy in every crowd who chooses to vote for Benedict Arnold.
Anyway, we did this to show that, you know, even if the machine seems to be working correctly, even if it passes all the tests in advance of election day, what comes out on the other end is the count of votes might not have any correlation with what the voters did.
And that's the basic problem with electronic voting.
Right.
And because your vote is supposed to be secret, a lot of the precautions that you take with other electronic
systems, like say ATMs, don't really work. You take money out of an ATM, it makes a record
that the bank keeps that it was you and that you took out X number of dollars.
It makes a paper receipt that it gives to you saying what happened. It takes a picture of you.
Right. And there's various checks so that
there's all kinds of cross-checking and there are receipts and so on. With voting, you can't do that.
There can't be a receipt that says how you voted because your vote has to be secret. Right. If you
can get a receipt that says who you voted for, that lets you sell your vote, which we don't want.
It lets you be coerced. Your malicious boss or an abusive spouse or
whatever, imagine a situation where someone might try to coerce you. They can coerce you if you can
get a receipt. So the thing that's great about traditional voting is you go into a booth by
yourself and you vote your conscience and there's no receipt. So if somebody says you
really better have voted for Smith or Jones, then you can say, well, of course I voted the way you
wanted us. If someone tries to pay to vote, you can take their money and just vote how you want.
And so the lack of a receipt is really important. Anyway, so doing this in a purely electronic
system really is something that is beyond the state of the art.
Nobody knows how to do it in a purely electronic system. There has to be in practice some piece
of paper that the voter sees that has a good chain of custody from the voter to election workers,
which can serve as a record. You can still use technology like a scanner to scan the paper ballot,
but there needs to be a chain of custody and you need to have the ability to cross-check
the paper record against the electronic record after the election.
And so there's been a lot of work on that. The good news is that in most places in the US have
moved toward more secure system. And vote by mail is an example of that. If a good vote by mail
system, the voter fills out a paper form, there's a pretty good chain of custody that goes through
the post office, there's a protocol involving people sealing it in an envelope and signing
over the seal, and that signature gets compared against a signature that is in the public record,
and various stuff like that. So vote by mail can be secure if it's managed in
a reasonable way. And of course, many people need vote by mail because even in a normal election,
there are a lot of people who can't physically go to the polls for whatever reason, whether it's
health or business travel, or they have responsibilities to care for somebody else or
whatever it might be. And there are some places in the U.S. that use vote by mail all the time.
Right.
So, you know, if you're holding an election in pandemic land, then you're going to have most people at least voting by mail.
And I think that's a perfectly appropriate thing to do.
It can be done securely.
And it's really the only option. If going to the polls physically, if having everyone go to the polls is risky,
which it probably will be even, you know, in November 2020.
Yeah, I agree. That's interesting, though, to hear that actually the US mail is a preferred
system to anything that we've really developed digital. And you actually hear people constantly
saying that maybe there's a blockchain solution for voting, but it doesn't sound like we're there to anything that we've really developed digital. And you actually hear people constantly saying
that maybe there's a blockchain solution for voting,
but it doesn't sound like we're there yet.
I don't think so, yeah.
So what blockchains, for something like this,
what a blockchain is good at is allowing someone
to commit to what the record of something is.
But the difficult problem in voting
is really the problem of connecting voter intent to the
final record and the sort of chain of custody on whatever physical record there is of the vote.
And blockchain doesn't help with either of those things, really. Blockchain can be helpful as one
piece of a larger protocol, but it doesn't solve the hard part of the problem.
So what is the blockchain best for? I mean, in general, I think the blockchain is being good for a few things. You know,
the traditional use of blockchains before they got tied to cryptocurrencies,
whereas a way of keeping a tamper evident log of something would be like people would commit
publicly to what was in a particular record. And those things would be chained together and they would be hashed so that,
you know, so that you couldn't tamper with the record after the fact.
And so there's a long history going back to like the 1990s of the use of
blockchains for things like notary services. Right.
But now of course, you know, there's two new things.
New thing number one is cryptocurrencies based on blockchains.
That was the Satoshi invention with Bitcoin.
And the idea that you can create these digital currencies and trade them online via a public ledger.
Right. That's a huge change. And it's a new form of money, a new money technology, which, and new money technologies are really rare.
And then, of course, the other thing is smart contracts, right? And so what this lets you do
is it lets you move from sort of if the first phase was that blockchains were ways of storing
records, and the second phase adds on to that currency and exchanges and transfers of value.
The third stage is smart contracts.
And what that means is that you can use a blockchain to make a sort of world, a trustless
computer, right?
One of the biggest fundamental issues we have with trust online is that if people are interacting and engaging in some kind of,
let's say, market activity online, and that's mediated by technology, that technology has to
be on somebody's computer, right? If you're interacting with some company, the records are
kept on their computers and the activity happens on their computer.
And that means you have not much control over what happens.
And you might not have transparency to what's happening.
It could happen instead on your computer, but then the company's in the same position.
They lose a lot of control over what's happening.
They may lose a lot of transparency into the process.
So what we wanted was to have,
what everyone wanted was to have neutral territory, right? To have something which could do
anything that a computer could do in terms of interacting with people and do it in a way that's
trustless so that everyone knows what is happening. Everyone knows what the record is that's kept.
Everyone knows what the software is that's kept. Everyone knows what the
software is that's running and everyone can see it as it goes. Right? That's kind of the trustless
world computer. And smart contracts let you do that. So I view that sort of as stage three of
the blockchain revolution. And it opens up all kinds of new functionalities beyond just keeping records and
giving people money. RoundlyX.com is one of my favorite companies in the entire crypto space.
What they do is they take all your small purchases and they round them up to the nearest dollar and
invest that money into any of 25 crypto assets of your choice. They integrate with your favorite
exchanges so that you can round up into different assets all at the same time. And they do this all without ever holding any of your Bitcoin. This is by far
the best way to dollar cost average into Bitcoin. You'll never even notice that the money has gone
from your account and you'll look up one day and hopefully you'll have made thousands and thousands
of dollars on crypto. Go to roundlyx.com and use the promo code WOLF for $4 of free Bitcoin after making your first roundup or purchase.
That's R-O-U-N-D-L-Y-X.com and code WOLF for $4 of free Bitcoin.
Are you sick of paying ridiculous fees to trade crypto?
It's time you try Voyager.
It's hands down my favorite place to buy and trade crypto, and it's 100% commission free. Voyager gives you easy access to more than 30 top crypto assets
and you can instantly transfer cash
from your bank account
so you never miss a trading opportunity.
Even better, you can now automatically earn interest
on your crypto holdings.
Currently, they're offering 5% interest on Bitcoin
and 6% on USDC.
Yes, you heard that correctly, 6%.
And there are no limits or lockups,
which means your funds always stay liquid. Find out why so many people are making the switch to Voyager.
Visit investvoyager.com or search for Voyager on the iTunes or Google Play store and get $25
in free Bitcoin when you use the promo code SCOTT25. That's investvoyager.com,
promo code SCOTT25 for $25 in free Bitcoin and start trading today.
So that moves into what you're doing now, correct? Off-chain labs, your new company.
I mean, that's what you're doing. You're making smart contracts cheaper, faster,
and more scalable, as you said. Can you talk a bit more about specifically what you're doing?
Yep. So I talked about why this notion of like a trustless world computer is incredibly powerful. But the big problem is
that the ways that people have figured out up till recently to do those things,
to build that world computer is really slow and limited. So Ethereum was the first widely used
system that offers trustless smart contracts. And so Ethereum is like a sort of shared computer that all users
of Ethereum around the world share. And that computer is really limited. So it has about
the computing capacity of maybe a 10th of a laptop that everyone in the world has to share.
Storage on that world computer costs maybe 100,000 times, maybe a million times what it costs on
Amazon Web Services to store data. So it's very limited, very expensive compared to the kind of
things that people want to be able to do with computers, right? And so when I started working
in this space, when our team started working, one of the big challenges was, how can we lower this cost? And how can we raise
the capacity of this world computer? And one of the key ideas there is what we call a layer two
chain. That's a pretty widely used term. The idea is, if a bunch of people want to get together and
have some interaction that's going to be operating in a trustless way via some, let's say, market that is defined by some software.
They want to set up their own market.
They want the rules of that market to be transparent and to be enforced in a trustless way.
One way to do that is to run that on a shared computer, a trustless computer like Ethereum that everyone in the world uses.
But it would be better if just the participants can get together and they can work it out among
themselves. And then that worldwide sort of base layer computer like Ethereum is just there for
the purpose of resolving disputes. Right. And so if you that, and you do that in a clever way, then the participants in
a particular interaction can just talk among themselves, but it can still be trustless in
the sense that if there are a million people involved in this interaction, and you say,
this is what the trustless computer should do next because the rules, you can
enforce those rules against the other 999,999 people by appealing to the layer one to, let's
say, Ethereum.
So it becomes the arbitrator.
It becomes more of the arbitrator than the host.
Right.
It becomes a kind of, all it does is arbitrate disputes.
And you need to do that in such a way, first of all, that the person who's right can always
win the dispute.
Right.
And also so that the cost of resolving that dispute in terms of the layer one resources
you use, those precious million times as expensive as Amazon Web Services services,
you want that cost to be really low.
And so that's basically what our team is focused on.
And so at Offchain Labs, we're building a product that does exactly this.
We're trying to be as compatible as we can with Ethereum.
And the value proposition is you have some computation
that you'd like to run some private market.
You'd like to design some private market. You'd like to design
some new kind of decentralized finance security you'd like to create that is defined by some set
of rules. And you'd like those rules to be enforced trustlessly in a way that's transparent
to everyone who's participating in that market, right? And so what we let you do is write those
rules just as you would on Ethereum Ethereum and then actually run them in a
separate layer two chain, which is whose security is anchored in Ethereum.
So that chain is your own. That chain is your own.
Right. Exactly. Right. So an application developer or a group of people who want to build that chain,
anyone can start their own chain.
You can invite other people onto it.
And any person who's on that chain and participating can see that the rules are enforced correctly and can force the correct enforcement of the rules by appealing to the underlying layer one chain if they have to.
And all of this happens in a transparent way, because we provide the software
that you need to actually do it. So from a user experience point of view, it's almost the same
as if you were just on a layer one application, you were doing something like, you know, trading
things in a market via some, you know, user interface that runs in your browser.
So Ethereum still is the arbitrator at the end of the day. And so Ethereum will then, in your opinion, at least for DeFi or these
sort of things, will remain sort of the core technology for everything.
I think it will. Yeah, yeah. So I think Ethereum is in that position right now.
That might not go on forever. The basic technology we're developing in off-chain labs is agnostic as to
what the underlying layer one is. We're building on top of Ethereum initially because that's where
the users are, that's where most of the DeFi activity is happening. But we are agnostic,
we're sort of an accelerator that could run on top of any layer one chain.
Are there any other layer one chains that you're working with or testing
that you think may be superior to Ethereum?
We're in discussions with some other layer ones.
Don't have any deals to announce,
but certainly it's been part of our roadmap
from the beginning to be able to,
and then to take our Arbitrum technology
and put it on other L1s.
I was hoping we might have something to announce by today,
but we don't.
I think we'll, I'm still hopeful that we'll have
some relationships with layer ones to be announcing soon.
But basically what we want is to have the same user experience
on top of different layer ones,
just as, you know as when you provide software via, say, a web browser on
different, on macOS or on Windows or on Linux, the user gets about the same experience, even
though you're running on different platforms underneath. So interesting. So you touched
earlier, you said when I asked you what blockchain was good for, you talked about cryptocurrency and
money being one of the first. A lot of people don't view cryptocurrency as money, certainly
governments. But do you believe that cryptocurrency or at least digital
currency can be or will be the future of money? I think it will be part of the future of money.
I don't think it's going to take over and be the only place money lives. But I do think we're going to see more currencies
moving on there. We're going to see cryptocurrencies that are backed by national currencies.
In some cases, it will be national governments that issue those. In some cases, there'll be
institutional arrangements that, you know, one crypto dollar will be backed by a dollar in a
vault. There's been a bunch of work to try to make cryptocurrencies whose value is pegged to the value of, say, a dollar.
And there's different ways of doing that, right?
Stable coins.
Yeah.
One way to do that is to actually lock dollars in a vault and sort of have an assurance process that people can be confident that they're actually there. Another way is to introduce a complicated economic mechanism
that you argue should always come to equilibrium at a price of a dollar.
That's what some other stable coins are trying to do.
That's a pretty complicated process.
And I think the jury is still out on how stable those stable coins turn out to be
in turbulent economic times we saw in the
big market movements that happened as the covid pandemic was hitting
that some of the stable coins had had difficulties um nonetheless i think as
uh as crypto as cryptocurrency assets or crypto tokens um become more and more coupled to the mainstream economy,
and as they come to be more and more backed by mainstream economy currencies,
or just become more stable in price, we're going to see this becoming one of the vehicles that people use, first of all,
to move money, but then also to build markets. And this is what smart contracts do, right? They
let you build new kinds of custom markets that can operate trustlessly and new kinds of financial
products that can operate trustlessly. And that's a really powerful force, both in terms of what you can build and also in
terms of potentially democratizing the operation of financial markets. Where does Bitcoin fit into
the picture as sort of the granddaddy of all these cryptocurrencies? I mean, we know obviously that
it's not the fastest and we know that it's technologically not superior to some of the
newer ones. How do you view Bitcoin in that light? Well, Bitcoin has obviously the biggest market cap. It has the most and broadest ownership.
And so if you were to start, if Bitcoin were starting today and trying to enter the market,
I don't think it would have much of a chance, but it kind of is the granddaddy of them all.
It has the biggest market cap. And so there is an attraction to owning Bitcoin for that purpose.
One of the things that people are working on is ways of bridging between different cryptocurrency
chains, ways of moving assets back and forth, or at the very least sort of locking up an
asset on one chain in order to get a token on a different chain that represents that
locked asset.
And so to the extent that becomes the norm, Bitcoin may become a, you know, or Bitcoin or Bitcoin backed currencies may become really important even on other chains.
So Bitcoin is where most of the action is nowadays, I think, for people who are buying crypto and holding cryptocurrency as an investment.
But I think ultimately, from the technology standpoint, the Bitcoin technology is not in
the lead and is not likely to be in the lead. Bitcoin will more and more be a coin, whereas
other chains are platforms for new innovation.
You've actually, I mean, I know that you testified in Microsoft, in the big Microsoft
antitrust case, which sort of leads to Libra and Facebook. So we talked about where Bitcoin fits,
we talked about, you know, Ethereum, where does something like Libra fit into the picture?
Well, I think Libra as a technology in itself and as a particular
sort of institution is in a really complicated state, right? Facebook came in and they wanted to
sort of, they sort of entered with a shock and awe strategy. They came in and said, you know,
we're this huge company, we're putting huge resources behind this. We have all of these
companies and institutions lined up behind it. And there was a backlash against that.
I was a little surprised that Facebook came in, announced what they did when they did.
Because although they had all of these institutions and relationships lined up,
the technology wasn't, was really still pretty early in its development. And so they didn't have a
functional system to roll out that people could use. And then, of course, you know,
there was backlash against that. There was concern about whether this was an attempt to
work around the international currencies, controls system and national economic policy and so on. There's a lot of push
back for that. And some of those big players who were in the Libra coalition got cold feet.
So now we really don't know what's going to happen with Libra. But we can sort of back off and ask,
is something like this, a cryptocurrency created and backed, implemented by some big company,
is that a thing we're likely to see in the future? And I think probably yes.
A company like Facebook has a natural advantage. They have a touchpoint with many consumers.
They have the ability to integrate payments into the sort of flow of people's
interactions. Like the ability to give someone a payment, leave someone a tip,
send someone a birthday present of currency on a social network and have that be
integrated into the happy birthday message you give them or whatever it is.
That ability to integrate the user experience is probably useful.
The having a big company with the sort of brand equity and what, you know, in some degree of
consumer trust that they have, that is designing and standing behind something also pretty valuable.
So it's actually surprising that we haven't seen more of that kind of thing.
Um, you know, there's a different strategy Facebook could have used there.
They could have said, we're doing Facebook coin and it will, um, you could, it'll work
with other currencies and it's going to be optimized for using with Facebook and via
the Facebook app and Facebook user interface.
Um, and that would have been a different kind of approach.
One that doesn't, you know, try to be tied to world currencies and, you know,
and have like big Swiss banks involved in it and so on and so forth.
Yeah, they came out of the gate as if they were going to somewhat replace the US dollar as a reserve currency because they had access to so many people all over the world.
And I think that that obviously scared a lot of people. Also, in context, you know, they were
already in the spotlight for the Russians involvement in the United States election
and all of those things. So I don't know that Facebook is the...
And all that stuff, right. There are actually some interesting technology ideas in Libra.
And another route Facebook could have taken is to say, like,
you know, we're designing an API and a way of thinking about building a cryptocurrency that
is valuable. We're doing research in how to build cryptocurrencies. And we have this product that
builds on that. They could have done that as well. But of course, that was not the path they picked.
So we touched on your involvement in the Microsoft antitrust case and with voting
fraud and all these things. So obviously you have a really innate knowledge of hacking and what
hackers do and how they approach these things. To stop a hacker, do you need to be somewhat of
a benevolent hacker yourself? I've never been able to ask someone this question, but. Yeah,
if you're going to be a white hat person in the computer security space,
it helps to be able to think like the bad guys do to be able to think like attackers.
You know, it's not the entirety of what you need to be able to know and do,
but it's really useful to be able to think in a creative and systematic
way about like what could go wrong, how could people abuse the system. Because if you aren't
able to do that, you're probably going to miss some types of abuse or some types of problems
that might crop up. Now once you know what the problems are and what it is that the bad guys
might be trying to do, then you need to use a different set of tools to figure out how to build a system
that is going to stand up against those attacks.
That's a different skill, but it for sure helps us as a starting point to know, you
know, how might this thing break?
What might go wrong?
And you need to, you know, and you need to be able to think systematically about how
to break stuff in order to do that.
How do you develop that skill set? I mean, I know that you obviously have a long standing history from somewhat the early days of programming and computing from what I've read. But I mean,
how do you develop that hacker mindset and skill set so that you actually get to the point where
you can be on the good side of that fight? Well, so, I mean, it's really by experience.
You know, you learn to figure out what can go wrong by doing the exercise over and over.
And so, for me, it came through research that, you know, my team and I started doing research in failure modes in certain kinds of systems, how certain
kinds of systems could be broken. You know, and, you know, we followed the ethical path,
which meant that we were experimenting in our lab with systems that we owned. So, you know,
we were only stealing from ourselves and breaking into our own systems. But even so, you can really
figure out a lot about certain kinds of settings. So, for example, with voting machines, we figured out how to steal an election between George Washington and Benedict Arnold that we ran ourselves in a way that was the closest simulation we could do to how a real election would work.
But what we obviously, obviously, obviously were not willing to do and didn't do is to try to like actually mess up a real election.
Right.
Right. So there are some kinds of things that you can learn and do in a way that's safe and ethical.
There are other ways. There are other things that, you know, are over the line and that you can't really do. So like there was a story a few years back about people who were,
about a guy who was allegedly messing
with the software control system on an airplane
while he was a passenger on that commercial airplane.
Like, you know, he argued,
and I think he was probably right,
that you can like unplug some connector
that goes to the seat back computer in front of you
and then jack into that thing and then cause various kinds of mischief on the
airplane. And, you know,
that's a thing no one should ever do because it's, you know,
it's just, it's just dangerous. And you, you know,
it's not only objectively dangerous,
but also you just ethically cannot
justify risking other people's lives in that way. So that you're not going to be able to do. If you
want to understand how to mess with an airline flight control system, you know, there are some
kinds of experiments you can do ethically on the ground. And you got to figure out how to do that.
I mean, so that's how
you legitimately learn. Now, that said, there are some people who are excellent practitioners
in this space who initially got their experience by doing illegal things. Some of those are people
who, you know, had served jail time and gone straight. Some of them are people who are just very lucky
that they didn't get caught. And, but people who have, you know, long track records of being on
the good side of these things and not crossing the ethical line, even if they did as teenagers
do illegal things. Now, you know, there are, there are some people who are prominent in the field
who have that background. I am not one of them. Nonetheless, you know, there are some people who are prominent in the field who have that background. I am not one of them.
Nonetheless, you know, we have to acknowledge that.
Many people got interested initially because of the attraction of, like, understanding how to do things that people don't want you to do and so on.
But it's one thing for someone to not want you to do something.
It's another thing for that to be dangerous or illegal or really unethical.
Right. Like voting machine companies really didn't want us to figure out that their machines were flawed and demonstrate that that was the case.
But we had every right to do it. And we did it in a way that was safe and in a way that benefited the public. That makes sense. So I have to ask, what does it mean to be the chief technology
officer of the United States? What does that role look like? Yeah, I was the deputy chief
technology officer. So what that meant is I was on the White House staff and I was in a sort of
senior advisor role to the president and his advisors at President Obama at that time to give advice about what to do about policy issues related to technology.
So, you know, what we on the U.S. CTO team did as a team was a bunch of things.
We did work to try to help the government get better and
smarter about its own use of technology. How can government recruit great tech people into
government service and unleash them to actually solve problems for the American people?
We did work on advising about policy decisions where technology was important.
So this is things like encryption policy and cybersecurity, including things like intelligence agencies and what they do.
And then sort of the third stream was about how to make the United States a better place to learn and do technology.
So this is things like computing education. It's all kinds of policy issues that make it easier to build and run a responsible startup. It is making sure that the best technologists in the world are able to come to the United States and are able to do work here and all kinds of
stuff like that. So it's pretty broad ranging. But one thing I should say is that the USCTO role
and the role of the USCTO office, it's a policy advising role. There's a separate chief information
officer whose job was to make the trains run on time in federal information systems, you know,
make sure that everything that the government does that
involves the use of computers is secure, and that procurement is done well, and all of those things.
So we were in a policy advising role. And I ended up working on a lot of different topics
when I was there related to like things like election security for the 2016 election,
as an example. But I also worked
on stuff like regulation of self-driving cars and other stuff. Well, you said that part of
your role was making it easier for this to be the center hub of technology and programming.
Do you think that that is the case in the United States, certainly in light of how difficult it's
been to somewhat recruit foreigners, I would say, in the past years? I think the U.S. is still in the lead as far as this goes, but our lead is not
as big as it was. I think the environment is not as friendly as it was in the past. And certainly,
when you talk about immigration, the U.S. has benefited hugely over the decades,
over my lifetime and before my lifetime, from being the place where the best and brightest
scientists and engineers from around the world want to come, and a place that welcomes them,
right? And that's why so many immigrants have come here as scientists and engineers and
startup founders. It's why so many students have come to study in the US to study engineering and
science, and many of them then stay and become leaders in our communities. And, you know,
that has been our traditional policy. And I'm afraid that in
recent years, we've really sort of stepped away from that policy in a way that is short run,
and especially long run harmful to us. I'm still hopeful that we will go back to a more welcoming
interaction with folks from around the world. But right now, we have been moving in the wrong
direction. And we really feel it. I feel it as in my role as a professor, when we're trying to
recruit students and have the best students. I feel it in my role as a startup founder.
And I feel it when I'm in a role of giving advice to policymakers about what to do. We are not the universal magnet for
tech talent that we used to be. I think we still have the best tech talent. We're still more of a
magnet than anywhere else is. But, you know, that lead, which was once very large, is now shrinking.
So you're actually having difficulty recruiting the talent that you need now, which was not a problem in the past. You always want more and better talent. Anyone who
says they have all of the top flight talent they could ever want is lying, right? And so we are
still working just as hard as we've always done in, you know, in my academic role, in my, in my corporate role,
um, to recruit people. Um, but the fact is that much of the top talent is going elsewhere, is not available, is, um, and it's harder to attract to the United States.
Um, and, um, so, you know, um, so we don't have the advantage we used to have.
Yeah, that makes sense and seems, uh, I guess somewhat obvious at this point. Um, you know, so we don't have the advantage we used to have. Yeah, it makes sense and seems, I guess, somewhat obvious at this point.
You touched on that role in the White House and your role in the 2016 election.
So I have to ask, how much influence did Russia have?
How much were we in fear of?
I guess it wasn't hacking.
I guess it was more of a misinformation campaign.
And what's your take on that? Were we in fear? I guess it wasn't hacking. I guess it was more of a misinformation campaign.
What's your take on that? We were in fear of hacking, specifically of cyber attacks against the election itself.
On election day morning, I went to work wondering whether there was going to be a big cyber attack against the election. We thought probably not, but we certainly had seen indications that Russian affiliated actors had been
laying groundwork for a cyber attack against the election. As it turned out, that didn't happen,
the direct attack on the election itself. What we had instead was this big disinformation and
hacking campaign, which, you know, I think had a real influence on public opinion. Certainly, the
hacks to get documents and then release those documents had a big impact. The disinformation
and attempts to undermine sort of corrupt public opinion, all the sock puppetry and other kinds of
behavior, I think those had an impact for sure in an election that
was very close. You know, we will never be able to say for sure about the what ifs, but there's
no question it happened and that it had some non-zero influence. The good news was we didn't
have a cyber attack on the vote counting. You know, we could be confident at the end of election
day that the voters got what they wanted. And we were not sure in advance whether that was going
to be the case. I think there's a risk again about the 2020 election that, you know, we are for sure
going to be seeing and already seeing disinformation and other tactics. I think we'll
see more sophisticated forms of
influence operations. And the big fear is that we'll also see a cyber attack that tries to corrupt
the vote counting. I was going to ask, so how do we stop that from happening this year?
Is there anything that we can do or are we at the liberty of those who are trying to influence us?
There are things that can be done to reduce the risk. And I think a lot of those who are trying to influence us? There are things that can be done to reduce the risk.
And I think a lot of those things are happening.
The COVID-19 has thrown a real monkey wrench into everything.
And the plans to secure in-person voting
will turn out to get supplanted by plans
to find more effort on trying to better secure
vote by mail systems. That is something that we can do and that we can manage.
But, you know, it's a, our election system in the U.S. is highly decentralized. It's run by states
and counties and localities. It's run by volunteers who work in the polling places.
And because of that decentralization, there are a million possible, I shouldn't say a million,
there are many possible places where things could go wrong. And, you know, it's all about building
a system that is resilient, not a system that makes no errors, but a system that is resilient,
where we can detect errors, where we can compensate, where we can investigate and figure out what it was the voters were trying
to do in particular times and places. And a lot of steps are being taken to make the system more
resilient. But we won't really find out how successful it was until election day comes.
And we hope that nobody tries a large scale attack against the election itself.
And if they try, you know, we hope that the system proves to be resilient enough.
But we won't really know whether we've achieved that until, you know, that unfortunate day when
it becomes necessary to actually try to recover from a problem. Does all this chaos and uncertainty
from COVID-19
actually make us more susceptible to something like that and make it easier for someone to
exploit our election? It's hard to say. It certainly changes the task. A lot of well-laid
plans and a lot of effort that went to securing in-person elections may turn out to not matter
as much. So we now have a new election security task, which is different
from what we thought we were going to have to deal with. And that is how to secure larger scale
vote by mail operations. Because I think that's where a lot of voters are going to go. Even if
in-person voting is open in a lot of places, I think a lot of voters will choose
to vote by mail. And I think responsible policymakers will allow people the option to vote by mail
in larger numbers.
Are you confident that we have responsible policymakers who are actually going to allow
that? I mean, we just saw in-person voting in Wisconsin during a time when they were
supposed to be sheltering in place. And we can clearly see
that our federal government, at least to some degree, is trying to discourage or even block
mail-in voting in general. So how do we reconcile that? So there are certainly people who are trying
to block in-person voting. There are other people in the federal government who are working hard to
make it available and safe.
That's good to hear.
Well, I mean, certainly one of the things I've learned all through my interactions with
government is that government and the federal government especially is not a unitary entity
that has one opinion, one purpose, and one plan.
It is by design a very fragmented and decentralized entity. Even the executive branch is not a unitary entity in practice.
And so we see different people pulling in different directions.
You know, you talked about what happened in Wisconsin.
I thought that was quite irresponsible to create a situation where there was not flexibility around in-person voting.
I'm sorry, not flexibility around vote by mail to the extent there should have been. And as a
result, many people had to put themselves at risk to vote in person. That should not be happening.
Shouldn't ever happen.
Shouldn't ever happen.
And, you know, certainly it looked like some policymakers were doing that as a tactic.
And I think that's really unconscionable, should not be happening.
You know, the idea that everyone who is allowed to vote, permitted to vote, should be able to vote,
and that that should be permitted in a way that's safe.
That, to me, seems like it should be something that everyone supports, should not be a partisan issue. And I think, you know, people of goodwill, regardless of their partisan position, would agree
to that. Unfortunately, there are some people who fight against that principle. And, you know,
we just need to make a coalition of the people of goodwill to fight
against that. Quick pivot before we go, because this is something personal to me. I recently was
the victim of a SIM swap. I've had people try to hack me multiple times because I'm a public
personality in the cryptocurrency space. Of course, you're a security expert. Are there any just very
basic common sense things that people
can do to protect themselves from hackers? The most important thing is the most important
single thing is to use two factor authentication on your primary email and to use a mode that's not
an SMS or text message, but it's something like a security key. That is a foundation on which you can build
your security, right? Strong passwords and two-factor authentication, especially on primary
email, because your primary email is what gets used to reset or recover passwords on many other
things. If you don't secure that via something that can't be discovered or manipulated remotely, then you're at higher risk.
So that, I think, is the one thing to do.
If you can only do one thing and beyond that, strong passwords and two-factor authentication when it's possible.
If there's one thing you could buy, it's probably a security key.
Yeah, I use a ubi key
a hardware is a great option yeah yeah and i personally use a second phone for two-factor
authorization which is very annoying when i'm outside of my house but you know in the context
of what's happened to me is somewhat necessary yeah but like you say if they get your email and
they get your phone number they're just going to be texting themselves your 2fa codes and you're going to have no idea what's happening and then they'll be in your email and they get your phone number, they're just going to be texting themselves your 2FA codes
and you're going to have no idea what's happening. That's right. And then they'll be in your email
and they'll use that to reset your other accounts. They're off to the races. Yeah. So protect that
primary email. Well, it's really good to know that we have someone like you out there protecting us
from all of these bad actors. Where can everybody find you after this and keep up with what you guys
are doing at Offchain Labs? So Offchain Labs is offchainlabs.com. Easy to find or at off-chain labs on Twitter.
Personally on Twitter, I'm Ed Felten, E-D-F-E-L-T-E-N. And I tweet quite a bit there.
Folks who are interested in COVID and contact tracing technology. I'm giving a public talk on that.
It will be, unfortunately, it's coming up very, very soon.
And so by the time people hear this,
it will probably be in the past,
but a video of that talk will be available.
And you'll be able to find that via the Princeton Center
for Information Technology page.
Or you can find pointers to it in my Twitter.
If you go to the event page, a video of that will be posted. Well, we'll make sure that we link that for
you in the bio. Great.
Well, thank you so much for taking the time. I really appreciate it. Really just a ton of
valuable information. And I hope that everybody keeps up with you. And I look forward to seeing
what Offchain Labs has for us in the future. It's really compelling stuff. Thank you once again.
Thanks. It's been fun.
Let's go.
Hey, everyone.
Thanks for listening.
New episodes go live every Tuesday
at 7 a.m. Eastern Standard Time.
Links to our Apple and Spotify channels
are in the show notes.
You can also follow me on Twitter
at Scott Melker to continue the conversation.
See you next week.