Marc Goodman: Cyber Security, Transhumanism, & Future Crimes – #203
By: Dave Asprey
March 17, 2015
Why you should listen
Marc comes on Bulletproof Radio to discuss transhumanism, the dangers of technology, cyber security precautions you can take to protect yourself from cyber threats and cyber crime, and the story behind The Silk Road. Enjoy the show!
Marc Goodman is the founder of the Future Crimes Institute and currently serves as the Chair for Policy, Law and Ethics at the Silicon Valley’s Singularity University. Over the past 20 years, Marc has worked with Interpol, the United Nations’ Counterterrorism Task Force, NATO, and the US Government as a global strategist and consultant about the impact of technology on security, business, and international affairs. He has also worked as a police officer and undercover investigator, and has been published in business and technology publications such as The Economist, the Harvard Business Review, and Forbes, and been featured on a myriad of news networks, including CNN, ABC, NBC, BBC, and Fox News.
What You Will Hear
- 0:14 – Cool Fact of the Day!
- 1:08 – Welcome Marc Goodman
- 3:58 – The danger of technology
- 7:48 – Transhumanism
- 11:35 – Avoiding the mistakes of the past
- 17:29 – Cyber crime
- 22:47 – Protecting ourselves from cyber threats
- 27:59 – Cyber security precautions
- 39:42 – The Silk Road
- 46:42 – Making the world a better place
- 52:20 – Crowd sourcing security
- 53:45 – Top three recommendations for kicking more ass and being Bulletproof!
Questions for the podcast?
Leave your questions and responses in the comments section below. If you want your question to be featured on the next Q&A episode, submit it in the Podcast Question form!
Dave: Hi everyone, it’s Dave Asprey with Bulletproof Radio. Today’s cool fact of the day is that it might sound like science fiction, but it’s true that scientists are now able to make direct brain to brain connections between people. They’ve even found a way to transmit brain signals over the internet to control movement of the recipient’s hand. That sounds sexy, but in all honestly, it’s not that big of a deal. If you wanted to do this at home, and you want to do it stupidly, you could get a really simple EEG headset like a Muse, or Melon, or one of the other ones like that. Then you could hook it up to an electrical stimulation device on the other end, and every time you had a spike in brainwaves, you could shock someone else, and it would make them move.
Even though it sounds really sex honestly, we could’ve probably done this over Skype in 2002, if anyone really wanted to. Of all the people I know who might do that, Maneesh Sethi, my friend who runs Pavlok, would probably do that, because he makes a wrist bond that will shock to help you change your habits. Hey, that’s just kind of cool.
Today’s guest on the show is the founder of the Future Crimes Institute, and he’s the chair for Policy, Law, and Ethics, as Silicon Valley’s Singularity University. You all probably don’t know this about me, but I’m actually an adjunct faculty member at Singularity University amongst all the other weird things that I do for fun. Marc has, over the past 20 years, worked with Interpol, the UN Counter-Terrorism Task Force NATO. He’s been a street police officer, an undercover guy, a counter-terrorism guy, and he’s worked with a lot of cabinet ministers and heads of governments. He’s pretty much an expert on what’s coming down the pipeline.
I wanted to talk to him today on the show to get his view on what’s happening not just with biohacking, but with the overall technology landscape and how it’s working to affect us. You may have seen him on CNN or ABC. This guy is Harvard trained and basically very top of his field with quite an unusual background. Marc and I met at Peter Diamandis’s event in Beverly Hills and got to hand out a little bit there.
I was just fascinated by the conversations we had, and said, “All right. I got to get this guy on the show, because he just know stuff that you don’t normally here.” He’s also fused this cybercrime technology with futurism, with biology, so you’re going to learn some interesting stuff today, things you probably wouldn’t even have thought off. It’s just going to be a fun interview. I’ve been looking forward to this all week. Marc, welcome to the show.
Marc: Hey. Thanks Dave, it’s my pleasure to be here.
Dave: Now. We’re in one of those weird conversations where we can talk intelligently about artificial intelligence, big data, crypto currency, synthetic biology, robotics, and digital manufacturing, and bring all that back to biology and human performance. No one else I’ve had on the show has ever come close to all this. Our job in the interview today is to make sure that people are listening to this in their cars. Don’t get lost, because you and I are going to easily be able to geek out on some of those stuff. I’m asking you when I’m asking questions that are the wrong question, help bring me back in, because I know that I’ll be wanting to geek out on this, because we share a background in computer security.
The people who have been listening to bullet proof radio for a while also probably don’t know that 1 year ago, I left my job in Silicon Valley where I was Vice President of Cloud Security for one of the largest computer security companies in the world. I’m very fresh from that industry and I’ve spend most of my career thinking about this, which is why the risk of us geeking out on crypto currencies is probably bigger than you would expect. We’re going to keep this largely about the future of human performance and how all this technologies that you talk about singularity, how they’re coming together. I think that’s going to be an enlightening fascinating thing. Let’s just jump in there.
Dave: Biohacking, this idea of controlling our human body is entirely dependent on technology. You’re making a pretty clear point that technology itself is maybe dangerous. Does that make biohacking dangerous?
Marc: The point that I make is that not the technology itself is actually dangerous, but there’s a flip side, and it can be dangerous. I’ve just written this book called future crimes where I talk about a lot of these matters. The point that I try to make very clearly is technology is awesome. It can definitely be used for good. As you mentioned, we both know Peter Diamandis. He’s written a book called Abundance, another one called Bold. There he talks about using technology for human good, will bring 2 billion people out of poverty in the next decade as a result of technology, access to clean water, more food, a radical life extension, a reduce in mortality. I’m very pro technology.
The challenges is … You’ve worked in Silicon Valley yourself, and you’ve worked in security, Dave. You know that there’s a lot of techno utopians out there. There’s an ominous flip side to all of this technology. Those are the thing that I cover in Future Crimes. Fore very positive use of technology, it can also be turned another way. Fire was the first technology, right? It could go ahead and keep you warm at night, it could help you cook your food, but you could also use it to burn down the village next door to yours. I think we need to consider both the yin and the yang of technology.
Dave: It’s funny that you brought up fire, because I was about to say “Yeah, fire is the oldest technology, and that could be one that either cooks you or cooks your meal, and it’s question of how it’s applied.” Like you, I’m pro technology, because if we’re going to master this bag of meat that we walk around in, then it’s going to use technology. We can either use it intelligently or we can do things that provides short-term convenience, but long term harm to our health and our performance, and even the amount of time we’ll live. Technology applied intelligently seems like something humans have done since the very first spark was struck from flint, or lightning, or something else.
Marc: Absolutely. The only slight challenge today is the rate of change of technology. For how many millennia did man live with fire before they came up with things like the wheel, and then the printing press, and eventually steam powered engine, electricity? What we’re seeing is this inventions though are coming much more rapidly and much more quickly, thanks to Moore’s Law. The fact is with Moore’s Law we’re seeing this price performance change where computer processing power is doubling every 18 to 24 months, which means that we’re leaving in exponential times, which means that we’ll have exponential good, and potentially exponential evil. We’re just at that knee of the curve.
Most people throughout history, humanity has thought linearly. We were sitting out there on the plains of Serengeti. We would look at the lion in a few hundred meters away, and we would make judgments about that. Now, in exponential times, the human mind is having a bit of a hard time adapting. To put that in perspective, what’s the difference between exponential and linear thinking. Linearly, if I were to take 30 steps, I’d get across the room, maybe to the door, but if I take 30 steps exponentially, doubling the distance that I travel every step, I actually get from here to the moon. That’s the difference between exponential and linear, and that applies definitely for humanity’s good, but it also applies to humanity’s detriment.
That’s why in Future Crimes when I’ve talked about some of these hacking incidents, it’s not just one person being robbed or 10 people being hacked, it’s 100 million people, as we saw with the Target hack, the Sony PlayStation hack, et cetera. It’s a crime that’s scaling, and it’s scaling exponentially.
Dave: I really like the whole transhuman perspective, which is that we can fuse humans and technology. Frankly, we’ve already done it. This little iPhone device here is already fused into your brain. You don’t think the way you used to think. Yeah, are you wearing Google Glasses right now? I can’t tell.
Marc: These are regular glasses. These makes us cyborg, right?
Dave: They do. In fact shoes are another major technology that change the way we interact with our plant. All of these are subtle technologies, but they’re changing linearly. You’re a computer security guy and so am I. I have transhumanist friends are like, “Oh my God, I can’t wait. I’m going to get something implanted.” I’ve been working on stick-on technologies from 2003 that do things to or monitor the human body. There’s no way anything is going into my body unless I can look at the firmware code, and I can look at all of the other code there, and I know it has appropriate security stuff in it. That means nothing is getting inserted to my body unless it’s an artificial heart because I’m going to die without it, in which case it can and has been hacked.
Marc: Absolutely. A long those lines, when you talk about that, Peter Diamandis famously on stage went ahead and got an RFID chip implanted in his hand, just to see what it would do. There’s guys in the UK that have been doing this for years. Using the RFID chip in their hand to unlock doors and identify themselves in the security system. As you point out, we have a problem in that. Sometimes, we need these technologies to stay alive. There are 300,000 implantable medical devices installed in the United States alone every year that connect to the internet, that in one way or another, through Bluetooth, RFID, or other technologies, or online.
Either a 60,000 pacemakers in the United States that connect through the internet, which means your pacemaker has the equivalent of an IP address, so it can talk to the rest of the internet. The good news is your doctor can go ahead and detect an arrhythmia and use the defibrillator to shock your heart. The bad news is when your heart is an IP address, then it’s also subjected to denial service attacks, malware, and other types of problems. By the way, that punk kid, 17 year old, in his mom’s basement next door, now has access to your heart too. What that means is that now for the first time in human history, the human body itself is subject to cyber-attacks, and we’re completely unprepared for that.
Dave: We are unprepared for that. If you look at the history of PC security, I go back to 1990 when I started college. There was no password on my … To think I was running Windows 3.0 before Windows 3.1. It was earlier in the days. I’m like, “How do I keep people from coming on my computer and breaking stuff.” There actually wasn’t really a way to do that.
Marc: Some might argue there’s still not a way to do that.
Dave: Exactly. They’re still not secure. Then you get to the internet. The problem is probably even worse there. I’ve spent so much time there. We have the opportunity right now, but if history tells us anything, we probably won’t take the opportunity. This sounds crazy, but I hypothesize that there will actually be a market for medical firewalls. There has to be one. Medical antivirus software that isn’t provide by your artificial whatever, artificial limb manufacturer, but someone else is going to make something to make sure that it’s safe, so you don’t walk around smacking yourself in the head over and over with your electric arm.
That’s a really scary view of the world. I just don’t see how we’re going to prevent that. Do you think that we’re going to avoid the mistake of deploying technology that we’ve made throughout history as we go forward?
Marc: Not at the pace we’re going now, not at the rate that we’re going now. I see, unfortunately, that we keep on making the same errors. First, we went ahead and we connect … We got computer, and computers got viruses before they were connected to the internet. We had viruses when they were free standing, and they were passed by what they were calling sneaker nets. You would take a 5 1/4 inch floppy disk, if anybody remembers those, put it in a computer and you would get a virus. Then we had viruses spread via modems, and now via high speed internet. Yet, we took all of these new devices, smart devices, mobile phones, tablets, and the like, and we’re shocked, shocked to that somehow malware is coming on to them. The entire thing was entirely predictable.
When you take this out to the next step, we’ve been talking about implantable medical devices in the book Future Crimes. I’ve talked about wearables, implantables, ingestibles being hackable. You just gave a great example of your own arm hitting you in the head. I interviewed for the book, a friend of mine called Bertolt Meyer, who was born without a left arm, and had a replacement bionic limb. It’s one of the most advanced bionic hands in the world. I asked him one day. I said, “Tell me Bertolt, how do you go ahead and control your hand.” He said, “Well, neurostimulation and the like.” I said, “What if you need to fix something.” He’s like, “Oh, I have an app on my iPhone.” I was like, “Oh my God.”
I said, “Can I see your iPhone for second?” It turns out that his bionic arm communicates with the service module via an app on his iPhone and Bluetooth. He handed me his phone. I looked at the app, and I started pushing buttons on his phone, and his hand started moving. I was now in control of his bionic arm. Of course, I didn’t need to have his phone because it use Bluetooth technology, a wireless protocol that’s eminently hackable, has been hacked dozens and dozens of times. I could just hack his arm myself.
I definitely think … We talked about some of the downsides, and I’m sure we’ll get into the risk. From a business and entrepreneur’s perspective, there will be tremendous opportunities. We had this Symantecs, and the McAfees, and the Trend Micros in the past. There will be all new versions of all of those for the internet of things, and billions and billions of new devices were about to connect and put online.
Dave: It’s all going to use technologies that are foreign to most people, artificial intelligence, machine learning, event correlation, stuff that we started to run the internet. The scaling internet was a lot of work. Google’s first servers where the company where I made $6 million when I was 26, that I lost when I was 28. Watching and building, I’ve personally were talking more than a hundred sites have scaled just dramatically like that. I look at that, and that’s nothing. It’s almost meaningless compared to what you’re doing when you went and have a billion smartphones all taking at the same time to your application.
Marc: Yeah. Sorry. This is something I mentioned in Future Crimes, is that people look around the technology that we have in our lives today, and they think, “Wow, we’re so technologically advanced. I’ve got computers, and smartphones, and iPads.” What they don’t realize, most folks, is that we are at the first minutes of the first hour of the first days of the internet revolution. This will be a little that stuff you were talking about. Today, the internet uses a protocol to communicate, to route our traffic, the same you punch in a phone number to the 212 area code that you connect to New York. The internet has its own internet communication system, and it’s called internet protocol version 4. That can tolerate about 4.5 billion simultaneous connections on the net.
Many years ago, we ran out of space with IPv4, which means that we have to upgrade to a new protocol, called internet protocol version 6. It’s like New York City’s area code being split between 212, 917, 347. What people don’t understand about internet protocol version 6 is that allows us to grow from 4.5 billion simultaneous connections to 78 octillion. I didn’t know what the hell an octillion was. I had to look it up. It turns out it’s 78 billion billion billion simultaneous connections that will become possible in just the next few years. To put that metaphorically in ways that people can understand, that means that today’s internet is metaphorically the size of a golf ball, tomorrow’s will be the size of the sun. That’s how big our internet is going to grow, which means that every physical object in our world pets, plates, cars, elevators, electric pumps, they’re all going online.
Marc Andreessen famously said, “Software is leading the world.” Every physical object will have an IP address. We’ll be connected via RFID, Bluetooth, near field communication. We can’t even protect the stuff what we have today. Cisco has predicted that we’re going to add 50 billion new devices to the internet by 2020. Intel is even more optimist. They said we’re going to add 200 billion devices to the internet. There’s only about 6, 7, 8 billion people on the planet around these times. That means it’s going to be many, many more objects online than there are people, and it’s all going to be hackable. My joke about the internet of things is that the internet of things is just the internet of things to be hacked. It’s more crap for hackers to hack.
Dave: I used to have a teacher that said, “My other machine is your Linux Box.” If you’re in computers that is basically … It’s like my other computer is your computer. It’s actually like that. With all these devices out there, when you think about it, you’re probably saying, “My phone is probably safe”, but actually it probably isn’t that safe. If you’re saying, “My PC is not safe”, it probably isn’t. This is something that we just live with all the time. Here’s the fact, stuff still works. Your bank account is still there. Most of the time, if it goes away, you’ll probably get it back unless you’re a small business in the US, in which case, you’re pretty much out of business.
It gets to be weirder and weirder though as you start thinking about an eye ball implant. If you get malware in your eye that shows ads all the time, and you can’t turn it off, and it’s in your eye, and you can’t just take it out with a fork. What’s going to happen? I don’t want stuff in my eyes for that reason.
Marc: By the way, we’ll see. I can tell you exactly what’s going to happen. It depends on what level eye ball package you got from the factory. If you get the bronze level, then you have to see the ads. If you buy the platinum package, you can turn off the ads. AT&T is doing this right now with their giga speed internet. If you go ahead and pay $30 more a month, AT&T won’t monitor all of the traffic leaving your machine. Okay. Well, 30 bucks is a lot of money for your own privacy. If you want privacy, you have to 30 bucks more. If not, AT&T will be snooping on all of your traffic.
You brought up a really great point, Dave, which is the idea of, well, our computers probably are hacked and our cell phones probably are hacked, and it seems to work okay. The challenge with the cyber threat, and this is why it’s so hard for most people to grasp, even government officials, folks that work in law enforcement, other types of security, is that it’s mostly an invisible threat, at least it has been up until now. If your car is stolen out of your garage when you wake up in the morning. You go there and you see no car, you know that you have ha problem.
The challenge with the cyber threat when bad guys whether they be hackers, hacktivist, foreign government, terrorist, whatever it may be, when they’re breaking into your electronic devices, you don’t see them there. The threat is invisible, so it’s easy to ignore. The way that I try to liken it, and this may resonate well with you Dave, it’s like microbes. 200 years ago, people had no concept of bacteria and viruses, fungi that they could make you sick because they were invisible. Then we had microscopes. We could see these things and draw a conclusion. We don’t have really great microscopes for the cyber threats that we see today. Therefore, most people are already hacked.
The FBI director, Mueller, famously said, “There’s only 2 types of computers, or there’s only 2 types of companies, those that know they’ve been hacked, and those that have been hacked and don’t know it yet.”
Dave: Yeah. I stand by that as well, having spent a lot of time in that field, and you do as well. You go say, “Oh no. Time for alarm. I’m going to unplug my computer and …”
Marc: Don’t use the internet, way too dangerous, unplug. That’s a joke obviously.
Dave: It gets a little bit scarier. Okay. Let’s say someone can see your nudie picture or whatever your most concerned about. Maybe they got your banking info, they probably won’t use it, even if they did, and if so, we have fraud protection and artificial intelligence, algorithms to help with that. It functions exactly like your immune system. When you look at a billion devices that are all even half-assed program to work with each other, it’s the same thing as, “Look, here’s a stimulus. Here’s an immune response.” Unfortunately, sometimes your immune response kills you. What we want to do is build this system of devices that doesn’t have an immune response so extreme that it messes with us.
If you’re sitting in your car listening to this, okay, this is all cook sci-fi stuff, but why do I care about? Why do I care about the stuff? Let’s talk about what happens with 3D printed food. If people haven’t heard about 3D printed food, by the way, I wouldn’t go to where it’s called food. I’m not eating that crap. I’ll say that as you guys have read the Bulletproof Diet Book, and if not, you need to go buy and read it. I don’t think that we are anywhere close in the next 40 years of printing food that is the biological equivalent of what comes out of the soil. I’m not sure we’re ever be able to do that.
That said, a lot of the stuff that comes out of our soil is barely food anyway, because of the way we treated our soil Maybe I’m a bit of perfectionist there. Let’s say that you’re printing your food or more likely printing your supplements or your drugs, we will get there much faster to print a single molecule with chem printers. You want a specific type of smart drug. If somebody jacks that system, and they just happen to add a little bit of extra cyanide to that, you can die. What if it’s something in your air filter? There are things that are going to change the environment around you that you’re not aware of that, “Oh, let’s talk about electric drive cars, cars that drive themselves.” Hack one of those and send your enemy into a bridge or off a bridge at 70 miles an hour.
This stuff is going to happen. This is why we all can pay attention to it, but what action do we take? Marc, that’s my question for you. Okay. The world is scarier, it’s getting scarier. What do I do about this, other than live in a cave?
Marc: Don’t live in a cave. I think that you can enjoy all the bounty, the technology has to offer. To some of the examples that you talked about, whether it be hacking 3D printers or various ventilation systems, unfortunately, we are going to have that problem, because it’s all online. If you think about the stocks net attack that took place in Iran against their so-called peaceful nuclear power plant with government with a government, believe widely to be the United States, is able to insert a virus into their industrial control systems that sabotaged so they couldn’t refine uranium to make nuclear weapons. When everything is online, everything is hackable.
What I said in Future Crimes is that our threat surface area is growing. There are certain more places to attack you, because more things are going online. To your specific point, there are lots of things that we can do. The last 2 chapters of Future Crimes are focused on solutions. There are tactical solutions of things that we can do as a society from a technology perspective, a public policy perspective, a legal perspective, and then individual perspective. Then chapter 18 broadly aspirational, some of the great things that we can do to solve this problem. I’ll talk at the social level first, and then we can talk about individually what people can do to protect themselves.
As overwhelming as this may seem, I always like to remind people, President Kennedy in the 1960 boldly said, “By the end of this decade, we will put a man on the moon”, and we did that. Just a few millennia ago, we were apes basically, and then we evolved to the point where we could put man on the moon. That’s crazy. If we could put a man on the moon, surely we can solve our cyber security threats. The point is it’s going to take intention. It’s going to take grand thinking. In Future Crimes I call for a Manhattan project for cyber security. President Obama was commenting recently on the Sony hack. He said, “I’m going to unveil some really big plans in my State of the Union Address.”
I listened very intently to what he said. The State of the Union Address was 6,600 words of which 108 were on cyber security of 6,600. What he called for was better information sharing, and enhanced penalties for identity thieves. If you think that taking an identify thief and locking them up for 6 years versus 2 years is going to solve the fundamental technological problem of our techno insecurity, you’re badly missing the boat. I wrote in op-ed. This is not partisan. I’m not picking on the president. I know he’s got a lot of things on his plate. What I wrote in the book is saying that enhanced penalties for identity thieves will solve the cyber security threat is like putting on sun screen and saying it’ll protect you from a nuclear meltdown. It’s totally inadequate to the scale and scope of the problem.
Dave: It’s a good thing we have jurisdiction over people in Nigeria, because only Americans are identity thieves. It’s a global problem, and you cannot fix it with law and penalties.
Marc: Exactly. I say in the book, “We’ll never arrest our way out of this problem.” One of the things I call for, and you mentioned it yourself, is an immune system response. There’s so much that we can learn from the field of epidemiology, applying principles of public health to the cyber threat. Because the cop in Victoria can’t arrest somebody in New York, and cop in New York can’t arrest somebody in Moscow due to international law, we’ll never solve the problem by arresting people or passing laws. It might make some differences at the margin, but we need a more fundamental public health approach that call for the creation of a World Health Organization for cyber or a CDC for cyber as one of the many steps that we can take along those lines.
Dave: What is … I would be certainly that … What will happen is that we’ll map out what we know about human and biological immunity. What’s cool is there’s cellular level things that happened without any interaction from your central nervous system, or your gut, or your brain. There’s basically multiple levels of your immune system stack. Most computer security today, there might be a little thing here, but we try to centralize everything, so we can look at it. It doesn’t work as you scale bigger and bigger. Just like if everything in your immune system had to go up to your brain to look at it, you could never do it. We will evolve.
Actually, I believe that human is very well evolved, and just all animals are. We will evolve a big internet of things that works almost identically to the way our immune systems work, which work pretty well most of the time. Let’s talk though, you’re driving in your car, you’re singing, you’re doing all right. Now, I’m a little more concerned about this. I didn’t really pay much attention. What is the action that I can take now that is going to either make me safer and make me perform better. I’m aware of a new threat, you just raised my cortisol levels, my heart rate variability is off a little bit. I’m not feeling calm anymore, but I’m not feeling empowered either. What’s the personal step you can take now?
Marc: The next great news about Future Crimes is in addition to those last 2 chapters at the end, I actually have included an appendix, some very definite steps that people can take, just to put your audience at east if they’re feeling those higher cortisol levels. What I would say, “Look, there’s no such thing as perfect security.” You can get up in the morning, think everything straight, and step out in front of a bus. We never know what’s going to happen. We cannot be paralyzed by fear, but we do need to be informed. We know how security works in the physical world. You leave your house, you lock your front door. You take basic steps to protect yourself, but we don’t really understand what those steps look like in cyber space.
I tell the story in Future Crimes of a BMW. If you take a BMW and park it in a dangerous part of town where there’s no light, the key is in the ignition, the engine on, the windows down, and $5,000 cash on the dashboard, you shouldn’t be surprised when your car is stolen. Conversely, you can take a beautiful BMW, park it in a great neighborhood, well lighted, put a club on the steering wheel, use LoJack to locate it, and you’ve taken every possible step you can to protect your car, and somebody can still come by with a tow truck and take it. There’s no such thing as perfect security, which should give people solace. We’re not looking for perfect security. All I’m trying to do is teach people the equivalent of how to lock their front doors, and how not to leave their keys in their cars in cyber space.
These are the 6 tips that I tell people. I’ve created something called the Update Protocol, U-P-D-A-T-E. Each letter of the word “update” stands for a step that they can take. I’m happy to go through that if you like.
Dave: Yeah. Let’s do it pretty fast.
Marc: U is update your software. We’ve all seen those pop-ups that say, “Oh, your browser needs to be updates. Your phone software needs to be updates.” That’s a very polite way of saying, “Your phone was full of security bugs that we’ve just discovered, and now we need to plug those until the next time when we discover more security bugs.” Don’t do that manually, you can set on your phone, on your browser, on your OS for your computer, all of that to take place automatically set that to happen, and you’ll cut your threats. By the way, I should say with the update protocol, this has been tested by the Australian Ministry of Defense. If you follow this 6 simple steps, you can reduce your cyber threat risk level by 85%, which is really great.
P is for password. We all hate passwords. We know that they such. They have to be 50 digits long, upper-case, lower-case, very hard to manage. I tell everybody and recommend that they use a password manager, or password wallet. Simple, can come up with great passwords, you never have to worry about remember them, just the master password. I recommend 3 or 4 companies. Believe it or not, organized crime groups have actually created their own password managers in the avid sport of trying to trick you, so that your passwords go to them. Use ones from Dashlane, 1Password, the number 1 password, KeePass, and LastPass. Those will help protect you. By the way, if you use a password on your iPhone or your latest version of Android, it automatically encrypts all your data, which is great.
D is for download. U-P-D. Watch what you download and where you download. If you’re downloading stuff from torrent sites, if you’re using third party folks to go ahead and give you free versions of Microsoft Office, you shouldn’t be surprised if they’re riddled with bugs and infect you. Download from sites that you know and are well vetted.
A, this is a tip that I see very few folks talk about, and I think it’s key. A stands for administrator. Don’t run your own box in admin mode. Let me explain what I mean by that. When you get a brand new laptop and take it home, whether it be form Microsoft and Apple, and turn it on, you create a user account. That user account, by necessity, needs, if you just have one account, to be able to control all the functions on your computer, even at the very low technical levels. That’s called administrator mode. If you’re running your computer in administrator mode, you’re logged in, you’re surfing the internet, doing all that fun stuff, if you click on the wrong link or click on the wrong document to open up and download attachment, then you will have malware, viruses, trojans and the like execute on your machine.
Those trojans and viruses can run, because you’re logged in as admin. They have full permission to do whatever it is they want. Instead, I tell people to use their day-to-day computer in a user mode. Switch the account permission and make yourself a user. This way if you’re cruising the internet and accidentally opened a download that’s infected, that wants to infect your machine, the system files, it will prompt you to enter your system administrator password. If that PDF you got from your sister in law is asking for admin permission to open a PDF< that’s your clue that there’s malware in it. Okay.
U-P-D-A-T, turn off your computer. We leave our computers on 24/7. If you just turned off your computer or at least turned off the Wi-Fi for the 8 hours that you slept every day, you’d cut your risk by 33%. The same is true for your mobile devices. Most people walk around with their Wi-Fi on, their Bluetooth on, near field communication. All these ports that needn’t be open, GPS. Turn on those services when you need them, because each additional service that you keep up and running is a way for bad guys to get into your device and hack you.
U-P-D-A-T-E. The last E is for encryption. You can go ahead and encrypt your hard drive, full disk encryption. What does that mean? Basically, use this big map to scramble all of the data on your computer so they cannot be read by unauthorized third party. In Mac, it’s called FileVault, and on the Windows side, it’s called Bitdefender. They’re built in for free. Use them, that will protect your data at rest. The same for your data in transit. If you’re sitting in an airport lounge, at Starbucks, any public Wi-Fi place, such as a University, I can see everybody else’s traffic on the network. That means I can see what you’re surfing, I can see your iTunes account, your playlist, et cetera.
Use a VPN, a virtual private network. There are lots of companies out there that you can use. That will protect your traffic as it transits the internet. If you follow that update protocol, you will reduce your cyber risk by 85%.
Dave: What’s your favorite proxy software that people should think about for Windows and for Mac?
Marc: I use several of them, but one that I like quite a bit is called WITopia. That’s a very good one that you can use. There are other ones that come out form F-Secure, which you can use. Symantec Norton, they make them as well. Again, the trick is to make sure you’re doing it from qualified vendor that you know and trust, and you’re downloading it from a page you know and trust.
Dave: Awesome. None of these are necessarily human performance, except if your computer is hacked and things like that happen, it does mess up. At least a month, I’ve had lots fiends with identity theft problems, and it’s a problem. Let’s shift gears a bit. Let’s talk about The Silk Road Trial.
Dave: Why should people listening to this are predominantly interested, and how can I feel better, perform better, think better, thinks like that? Why does The Silk Road Trial matter to them, and just walk us through what is Silk Road, why should people care? Some people don’t know what Silk Road is.
Marc: Sure. I just want to go back to human performance, because I might suggest boldly, if I can add. This is all tied to human performance in a lot of different ways. In the book Future Crimes, I talked about hacking wearables, I talked about the privacy implication bits. Some people’s sexual histories have leaked out as a result of what they were logging on their fitbit account. There’s lots of privacy issues. It’s human performance. If you have a particular medical condition, we just have the hack of Anthem Blue Cross, 80 million unencrypted patient records leaked on to the internet, because it did not encrypt that data.
I think there is a connection between human performance and how this is going to affect your life in that regard.
Dave: There’s also a bigger and maybe more interesting thing. The more this data is leaked, the more you realized that everyone else is probably as screwed up as you are. We all spend an enormous amount of time creating psychological firewalls. I’m not going to think about that. Maybe 10 or so years ago, I used to have modafinil in my LinkedIn profile. I just put the word there which is a really powerful smart drug that I was taking that no one was really talking about. I put yoga and meditation there too.
People now will do that a lot, but back then, it was only strictly for business. People, some of them would just look at me and not really know what it was. Other people be like, “Oh, you’re using it too?” It’s like having a venereal disease or something like that. No one talks about it, but then when you get it out there, like we do with AIDS awareness, it happens. I think when 80 million medical records are leaked, or when you figured out things like 50 Shades of Grey. Why is that some crazy box-office success and all? Probably because people do a lot of stuff that they don’t tell other people.
As this tac comes out there, their privacy is eroding. When privacy erodes, we’ll actually know more about actual human behavior versus reported human behavior. What you tell your doctor and what you actually do may not actually match. Eventually we’ll know more about this data of the human condition than we ever did, potentially through these security flaws. That’s funny.
Marc: Yeah. That’s certainly the up side. Tim Cook just the other day at Apple gave a very impassioned speech for privacy. He was actually at the cyber summit with President Obama. They were talking. The FBI has said to Apple, “We don’t like the encryption that you’re using on your iPhone. It’s too strong, so please give us the secret keys.” Apple basically said, “No, we’re not going to do that.” Tim Cook said, “Hey, as a gay man who grew up in Alabama, I can tell you that there are consequences of lax of privacy.” In certain regimes, in certain countries, if you’re the wrong religion or the wrong sexual orientation or the wrong political party, then there actually can be threat against your life as a result of it.
While there are definitely upshots to increased openness and sharing of information, there can be downsize under the wrong circumstances.
Dave: This is exactly why I’ve created online profiles for me, on every bizarre site I can think of, and why I do Google search craze for random works, because I’m trying to figure out which ones are real. I’m kidding. There is something to be sad around creating dirty data about yourself. I might have put my wrong birth date out there thousands of times. If you want to find my actual birthdays, it’s probably a little bit more work than it should be, which also reduces my threat footprint.
Marc: I have a friend who changes his Facebook birthday monthly. He’s constantly getting happy birthday wishes from all of his friends. Eventually theyre like, “Wait a minute, wasn’t it your birthday last month too?” Yeah, he changes it once a month.
Dave: That’s awesome. You even gone so far back in the day, not really for security, but I’ve changed my race. There’s actually forums you can fill out at your university. You go to the office I decided to change my race today, and they have to have a form for that. You can be a different race every month if you want, which is funny actually. Spreading a little bit of dirty data about yourself is quite intriguing in this world where we don’t have as much privacy. Let’s –
Marc: Silk Road.
Dave: Let’s talk more about Silk Road. First, what was Silk Road, or what is Silk Road, and why should people listening to this care about both what they did and what happened to them?
Marc: The Silk Road was considered to be the world’s largest online drug market place. It operated with what was called the deep web or the dark web, which means that it wasn’t a part of the surface web, the Google part of the web. Most people think, “Oh, I’m on the internet. I can see everything because I have access to Google, and Facebook, and Amazon, Angry Birds, and all that stuff. I’m on the internet.” What they don’t realize is that there’s only playing on the surface web. The deep web is actually 500 times larger than the surface web.
What do I mean by deep web? I mean those parts of the internet that you cannot access either without a secret password or code, or some specialize software. Companies like LexisNexis. All of those data that they have behind firewalls are not Googlable per se. The surface internet, the bits that we know about is only 19 terabytes, but it turns out the deep web is estimated, according to a study in nature, to be 7,500 terabytes. To put that in further perspective, when you Google something, Google is only searching … They only index 16%. Google only indexes 16% of the surface web and 0% of the deep web. That means if you’re looking for something on Google, you’re actually only searching for .03% of the available information on our planet.
People need to understand the difference between the 2. There are lots of good, completely legitimate things in the deep web. To access other parts of it, you require specialize software, and the most common type is called TOR, which is stands for The Onion Router. It’s free. You can download it online. It was actually created by the US government, the Department of the Navy Research for the following reason. For democracy and human rights activist overseas, living in countries like Iran, Syria, China. In order to help them get access to the true worldwide web, and subvert national firewalls. The navy created this software, the onion router or TOR, so that people could bypass that.
As this is often the case, criminals find use for good and interesting tools. While much of the traffic that takes place on TOR today is completely legitimate, there is a very large subsection of it that’s criminal in nature, particularly in what are called TOR hidden services. This is the dark web, not just the deep web, but the dark web. In here, you can buy any type of narcotic you want, fire arms, child pornography, fake passports, driver’s license, credit cards, Facebook log-ins, explosives, whatever you want. In the Future Crimes, I have 2 or 3 chapters dedicated to the dark web and showing what’s available for sale there.
Back to the Silk Road. The Silk Road, I would have said was allegedly created by a guy called Ross Ulbricht. Now Mr. Ulbricht has been convicted of this crime. He ran, according to the federal government, and now having been convicted of this crime, a drug marketplace known as the Silk Road, which is a play on the original Silk Road. He was a libertarian, 27 year old kid, grew up in Texas. He was an Eagle Scout. He had a masters, I believe it was in physics from Carnegie Mellon University, looked like a great kid, but he have this side business.
The government alleged at his trial that $1.2 billion of drug and other elicit sales took place on the Silk Road in just 2 and a half years. Because they use an eBay style system, where the house got a cut of everything that was sold on this site, it was alleged that his personal take was $110 million, which is a great start up, for all you entrepreneurs out there. Go ahead launch a company 2 and a half years later, walk away with over 100 million bucks, sounds like a great exit, except for the life imprisonment part. That part is not so good. That’s some of the challenges that he faces. Not only was he accused of selling drugs, which depending on how you feel about drugs is, good or bad.
The bigger challenge is that he had several employees and several system administrators. One of the system administrators was accused of stealing money from Ross Ulbricht who used that pen name Dread Pirate Roberts. That’s what he called himself on this site. When he found out that one of his employees was stealing, one of the other things you could get on the Silk Road was a hitman. You could hire the services of the hitman, pay him bitcoin, and they would take care of the deed for you. Ross Ulbricht has been convicted of hiring a hitman, paying him $40,000 in bitcoin up front to carry out the hit, and then he demanded proof of the dead body after the fact.
He paid in bitcoin, 40,000 bucks, contracted with the hitman. The hitman killed the system administrator, sent back photographs of the hit, and then Ross Ulbricht sent the additional $40,000 in bitcoin. What was fascinating about that is the conversation that Ulbricht had with the hitman. He said, “I really didn’t want to kill this guy, but he stole from me. I had no choice.” Then he complained, “The problem with people today is that they just don’t have any integrity.” He hired a hitman to kill his employee and complained about the employee’s integrity. What Ross didn’t know and ultimately lead to his downfall is that, that hitman actually was an undercover FBI agent.
By the time all of this was going down, the FBI was on to him the used some technical means to get access to what he was doing. That cop, the person that he thought was a hitman was an undercover agent. How did they get the photos of the dead employee? The FBI knocked on the employee’s door and said, “Hi, your boss has just put out a contract hit on you. May we come in?” Of course they let him in, and they actually called a makeup artist from Hollywood that put blood and guts all over the place to fake the photo, that’s what they sent to Ross Ulbricht to convince him that the hit had taken place.
Dave: Something to note here, this guy was doing a billion dollars in illegal transactions. He might’ve had a few little bits of security there. Look who walks through his security measures to look at the private communications that he was having over the dark web, using conceivably every kind of encryption you can find. That’s why you should probably know that your system isn’t very secure. If they do that to him, they could do it to you. There’s a broader question here. Having spent a lot of time in tech, and in personal development, and things like that, building a world where people don’t want to kill you and steal your staff is the best defense you can ever have.
In other words, don’t make a lot of enemies, don’t be a target. If we can do things that help people move out of that, “I have to kill my employees mode”, and if it’s something as simple as feed them properly, or give them access to neurofeedback technology that lets them see when their brains is doing this. We could do things like turn down the instance of terrorism. There are some countries where there aren’t huge numbers of terrorist attacks, because, really, who hates Canadians? Stuff like that. There are policy level things and there’s also very individual things you can do that also lower your threat for … whether it’s from a societal perspective or just form a personal perspective.
One perspective is I put thorn bushes around my windows. I got bars on the doors, unpickable locks, and an alarm system, and guns, and all that kind of stuff. The other perspective is “All my neighbors love me, and they all watch out for me, because I’m good to them and they’re good to me. We have an in tacked community.” Both of those are very good threat defense strategies. I feel like the whole firewall perspective, the whole national security perspective, all of that, even down to personal security has come down to this me versus the world thing, but it’s actually a little bit more complex than that. That’s a certain behaviors you can take, that invisibly lower your risk, and they’re different than you update style behaviors.
Is there a technology angle to help create a world where people just want to blow each other up less?
Marc: Right. First, let me echo your sentiments. I would love that world. I think it would be awesome if we could drive towards that. You’re right, there’s some really fascinating research going on in neuroscience. David Eagleman was one of the gentlemen who was kind enough to offer a review and blurb of Future Crimes talks about that. I would encourage people to check out his work, because he’s thinking about the relationship between neuroscience and crime.
Dave: That’s David Eagleman. Everyone, he’s written 10 books. He and I talk once a month, a great guy, I’ll definitely check on for sure.
Marc: He’s awesome. Just a great human being too. I recommend checking him out. Yes, there may be less terrorism in Canada, but you also have shootings at parliament in Ottawa too. There is no place that’s immune from this. I think what you’re getting at is what are fundamental cause of crime. That is an area of research, which is beyond my own expertise. I don’t focus on that. Some people alleged that it’s poverty. If we solve poverty, then people wouldn’t steal. I don’t think it’s quite that simple for whatever the reason then, human psychology.
There are people who face the profound psychological problems, serial killers and people like that. That’s not just because of poverty. There’s domestic violence, which is not just because of poverty. There is substance abuse and addiction, which is not just due to poverty. I think making the world a happier place is awesome. Countries like Bhutan talk about a gross happiness index or something, which I think is –
Dave: Gross national happiness.
Marc: Yeah, gross national happiness, which I think is a wonderful metric. We should absolutely be doing that. I too, don’t want to live in a world where we’re leaving in the security state, going through TSA airport anywhere in the United States. Even in the UK, I would point out, it’s really unpleasant, signs everywhere. If you see something, say something. You see police officers walking around with automatic weapons, it’s very different from the life and lifestyle that I think most of us would aspire to. I fully support that, and I think we could use technologies to get towards that happier place.
Dave: Here’s just a short little UK security story. I was there. I used to commute to Cambridge in England from the west coast in the US, every month, for a while. I had a lot of time out there. One time, I just said I’d take the tube across London. I am sensitive to environmental mold, because it’s grown in my house. The tube there is super moldy. I walked down this water drenched subway tunnel. I started seeing colors. I didn’t quite know what was going on, but I was feeling like my reality narrowed to windows. It was like having brain inflammation, now that I understand what’s going on.
I was like, “Okay, I need to get out of this place.” I’m wearing my backpack. I look like a tourist, but I’m also a 6’4″ fit guy. I’m like “Okay.” I’m holding my breath, because I don’t want to breathe. Then I heard this voice floating out of nowhere, “With the gentleman charging the escalators. Please stop, because if you run then that means there might be a bomb and you might have a mass panic.” I’m just … I’m holding my breath and I’m running, because I don’t want to breathe anymore of this crap. I was really unwell from that.
The only thought that I had enough mental energy for was, “How would you charge an escalator? Is this a credit card transaction?” I was holding my breath. I was out of oxygen, and I got out of there. The fact that there were people watching me on camera, jog up an escalator and that they went on the overhead. That means everyone there is getting stared at by someone going, “Is that guy dangerous? Is that guy dangerous? Is that guy dangerous?” Maybe that makes you feel safe, but I would like to be in more of world where you just feel safe, because we know if there’s someone doing something bad, everyone near them is going to look at them, and either shame them or smack them. That’s crowd based.
Marc: That’s another thing I mention in Future Crimes, by the way, is the whole concept of crowd sourcing our security. Right now, we don’t gate both personal and even national security to the government. There’s a tremendous opportunity to use the power of crowd sourcing for good, where individuals are working together to protect their community. I cite examples of individual Mexican citizens, going up against the narcos down there, using crowd sourcing techniques, open source crowd mapping like on Google Maps to do incredible good stuff as well.
Dave: I think we’re going to see a lot more of that on the more positive side of what all these connectivesness means, who have better data, and that means you can take actions on the data, even if it’s a small action. A billion small actions can equal some really big stuff, even if it’s not quite apparent how it really came about. On that note, we’re coming up on the end of the show, Marc. Your Future Crimes book is very thought provoking. I agree with the vast majority of the things that you put in it, because they make sense and they match my background as a technologist and a future focus person.
There’s a question that maybe isn’t as Future Crimes oriented. Given all the things that you’ve learned in your career, which is pretty interesting between the law enforcement and Harvard education, just the things you’ve seen, and the world leaders you’ve worked\ with. What are the 3 most important recommendations you have for people who want to perform better at whatever it is they do?
Marc: That’s a great question. I guess the things that I’ve learned over the years would be present. It’s so easy to get lost in either the past or the future, so just be present in what’s going on around you. I would say be aware. It’s amazing to me how many people. You talked about a crazy scene in the tube, a moment or two ago. How many people are rushing off, reading their iPhone, crossing traffic in Manhattan, and things like that. Maintain situational awareness of what’s going on with you.
Then the third thing I would say is listen to yourself. If you can calm your body and your mind for a moment, get the feedback from your own body, because it will tell you things. That back ache that you have, that headache that you have, there may be something on there. That sensitive fear that you have. Human beings are actually quite good at subtly detecting fear and danger. Listen to those voices. I think those 3 things would be the tips that I would offer.
Dave: Beautiful. Well, thank you for offering those. Your book is called Future Crimes. Can you tell everyone URLs where they should go to learn more about your work?
Marc: Sure. Absolutely. You can find Future Crimes on Amazon, Barnes & Noble and the like. I’ll be happy to share a link with your audience. They can also go to FutureCrimes.com where they’ll see the book. There’s also a really cool film style trailer that the publisher created about the book. I personally am on MarcGoodman.net people can find me there if they want to get in touch for any reason. Twitter, I should say on Twitter, I’m @futurecrimes.
Dave: Awesome. Marc, you’ve done a great amount of thinking, and you’ve presented I’d say a very balanced view of the future where technology is absolutely going to do things for us that most people have not thought about, and you’ve done that thinking. You’ve also looked at the positive and the negative without going too far in either directions. I appreciate that about your work. Thanks for coming in Bulletproof Radio.
Marc: Thank you, Dave. It was a pleasure to be here.
Dave: If you enjoyed today’s episode, I would appreciate if you went and you check out Marc’s work. Just go out there and look at Future Crimes and see if it’s a kind of thing that’s interesting to you. Maybe you’ll learn something. I’d also appreciate it if you went out and you check out the Bulletproof diet book, because I’m still working on sales. I’m working on the next book and then the book after that.
When people buy more Bulletproof copies in the first few months, it helps me go to the publishers and say, “Hey guys, we need to make this next book really rock.” I would appreciate it if you supported this podcast but going out and checking out the work guest like Marc Goodman, as well as supporting my work. Thank you so much for listening. Have an awesome day.
One of the things that makes you most bulletproof is the ability to focus. I don’t mean focus for a minute or a few seconds. I mean focus for as much time as you need to focus to get the job done. For that, I’ve trained myself using the upgraded focus brain trainer. The video game on your computer shows you when more blood is in front of your brain or less blood is in the front of your brain. By teaching yourself to consciously move blood to the front of you brain, you can teach yourself to focus on effortlessly for long periods of time. I’ve used this technology extensively myself, and I used it with some of my executive coaching clients, in order to help high-performance people become even more higher performance. It’s called the Upgraded Focus Brain Trainer, and it’s available on upgradedself.com.