>> From the Hard Rock Hotel in Las Vegas, it's theCUBE covering HoshoCon 2018. Brought to you by Hosho. >> Okay, welcome back everyone. It's theCUBE live coverage here in Las Vegas for the first annual blockchain security conference. The brightest minds in the industry coming together, it's called HoshoCon, and it's presented by, and sponsored by Hosho. But it's not their event, it's an industry event. And we're here with the co-founder and president, Hartej Sawhney, who is theCUBE alumni. Great to see you. You guys are doing a great event. Thanks for coming on. >> Yeah, it's always good to see you, and I'm so glad theCUBE is here at HoshoCon. >> So you've talked with us many times, but recently in Toronto about this event. This is not your company's event. You guys are putting it together. You're holding it because there's no other conferences that do this, but it's not just you guys. You guys are bringing the industry brains together. >> Yeah, I mean, we see ourselves as being on the intersection of cybersecurity and blockchain. And (coughs) just getting over a cold, but not a lot of conferences are out there that have a open discussion about cyber security in the blockchain industry. And hundreds of millions of dollars are stolen from exchanges. And 10% of all the money in the ICO space has been lost or stolen. And there's simply not enough platforms for this to be discussed. So, we figured we'd start the first conference that solely focuses on being a blockchain security conference. We chose not to have any ICO pitch competition. And it feels like there's more and more typical blockchain conferences out there, but it's important to be home base for anyone who wants to affiliate themselves with cyber security and the blockchain industry. >> And the depth and breadth of security is changing. We are hearing talks with, unfortunately I won't be able to attend the sessions, we're interviewing people all day, but amazing talks. How to hack an exchange, all these new surface areas. I mean, people kind of generally know they're unsecure, but this growth going on. There's new things happening. This is exposing some of the security vulnerabilities. What is the hot topics in the talk tracks here at HoshoCon? >> We have Anand Prakash, who runs a company called AppSecure. He's one of the worlds best white hat hackers. Who has hacked into the likes of Linkedin, Facebook, Google, all the top names. And to have someone walk us through today, Anand Prakash said, "Here's how you hack into a crypto "currency exchange and here's how they actually did it." And to have a white hat hacker walk us through that, it opens up our eye balls as to how easy it actually was for a Japanese exchange to loose 500 million dollars. That's no small sum of money. And this industry is only going to survive if we together as a community come together and evaluate how was it that 500 million dollars got stolen? And how can we as a community of global lovers of bitcoin make sure that this does not happen moving forward? >> On that exchange hack, 500 million dollars in Japan, was that white hat done or was that black hat? >> It was black hat. Unfortunately the money's not been given back. >> So it's not given back. So that's a half a billion dollars? >> It's half a billion dollars stolen, yeah you know. How many industries are worth just about that much? >> Yes, you could feed a couple countries. This is legit, right? Obviously it's like total, you know, wild west if you want to call it. Stage coach robberies they got the mask on. No one knows who it is. This is real, this is absolutely real. What are you guys doing as an industry? What's happening here to prevent this? What are the key, you know hygiene or social, anti-social engineering? What are the key things that are going on that are solving this problem? >> So, every exchange needs to value security and get a penetration test. Every company needs to make sure that somebody at their company is in charge of their in house security practices. Most companies when you ask them, "Who's in charge of security?" They point their finger at the CTO. The CTO is in charge of architecting the software. You need to have somebody full time, in house taking care of the security. Ideally a CISO and if you can afford it, pay someone five to ten thousand dollars a month as a consultant to come in for a couple of months and take care of your in house security. These are basic things that, you know, surprisingly most bitcoin exchanges often times when they're hacked, they're hacked by a basic phishing attack. That one of your employees opened up the wrong email. They opened up a PDF and the hacker gained access to your computer and is now monitoring your keyboard strokes and stole millions of dollars. Or the exchange didn't get an actual penetration test of their exchange. Or exchanges are listing contracts that have not gone through a professional smart contract audit. These things are now, also we're seeing them service in regulation with central governments. And it seems that all the smaller island nations are spearheading the way in terms of writing clarity on regulation. In Malta, Bermuda, Gibraltar, all of them are trying to spearhead the way. I'm much more excited, to be honest, about some of the larger nations bringing clarity on regulation in the next two to three years. We all can't just move to a small island off the coast of Italy that is infamous for actually laundering money in the gaming space. Yes, now they're trying to bring clean clarity doing KYC and AML in Malta and write a actual regulation about security. And if you're domiciled in Malta and you're a exchange then you can only list a token that's been audited. It's wonderful but at the end of the day Malta is also a part of the EU and if the EU changes their mind, things can change Malta. I just feel like it shows the immaturity of the space. If very legitimate companies are all going to flee to small countries like Malta or to islands like Bermuda. Good on those island nations for being so pragmatic and forward thinking and for bringing legal clarity. I mean if I was in an exchange today, arguably yes you have to go to Malta if you want clarity on regulation and you don't want to be in the United States. Right now, Malta is your choice. I'm just personally a little bit much more excited about the next three years where, I make a joke to my co-founder and I say, "The suits are coming." That we look around these conferences and you don't see that many suits but the fortunate 500, many of them are either writing private blockchains, they're evaluating how they're going to leverage blockchain technology in their major businesses and they're going to leverage decentralized applications and tokenization for already running products that have millions of customers, that are already profitable and then when they get tokenized they're going to be up and running right away. So the next two to three years are going to be very interesting. From Hosho's perspective we've taken a big turn towards catering towards more publicly traded large sophisticated companies. We've partnered up with Telefonica. Telefonica is a Fortune 200 company. Its wonderful to be able to leverage that kind of a brand. To deal with major world wide entities that are publicly traded come to Telefonica and evaluate how they can leverage blockchain technology and get one bundled security package that includes Hosho, Rivets, and Telefonica. >> Yeah the Rivets solution is interesting. It's a hardware based solution. So the subscriber of the phone becomes the entity. It's really interesting and I think this points to new paradigms of security, which I want to get to in a second but I want to just unpack what you said about the small country, big country dynamic. Great for the small countries to be opportunistic. To be creative and capture this opportunity. But people want stability. They want clarity on regulations, yes, but also standards, technical standards. >> We can't all just move to the small country of Malta. >> Yeah I'll be in a plane the whole time. >> It just doesn't work. >> Yeah and by the way the game changes too. Whats the implications of say, Malta decides one day, "You know what?" "We're getting out, we're changing things." A company would have to move their domicile again. So it's a moving train, you don't know what you're going to get. It might be stable now but it's not a scalable opportunity. >> Yeah, people have families and they want to stay where they are. Simple as that. We have large countries that have a strong crypto community that's growing and let's see how they pan out. Singapore seems like a likely next candidate. You have Korea. I would argue to say that the worlds first decentralized application that will be massively adopted will be in Korea. Korea is going to be the place where we have the worlds first decentralized application launched with mass adoption, a paradigm shift. The kind of shift where you forgot what it was like before you used Gmail regularly. >> Yeah, total, total infrastructure change. Alright so I got to ask you the hallway conversation question. Obviously you're very popular here. It's you event, you're sponsoring with the community. I see you talking to a lot of people at the VIP dinner last night. What are some of the hallway conversations that you're having? A lot of interesting people here from diverse backgrounds, in security, technology, some policy, some regulatory, some business, and legal, but really bright minds. What's the hallway conversation like? What are you talking about? >> We're talking about how all of us are going to survive crypto winter that we just entered. We've entered a time where fund raising has become extremely difficult. A lot of funds are simply bleeding. They lost a lot of money and they're not cutting checks right now. So the companies that are going to survive and stick around through this crypto winter, they're making a strong statement and they're going to be the ones that are going to stick around. And a lot of them are here at this conference at HoshoCon. And it amazing to have discussions to see what are the problems that fellow founders are facing? Building companies that will survive this crypto winter. Another thing has been just what are we going to do as a community to self-regulate? Are we going to create self-regulatory organizations? Are we going to let another Moody's get created? What is our viewpoint on regulation in the space overall, right? We love Max Keiser. His viewpoint on regulation is very extreme where he believes bitcoin is a self-regulatory technology. And on the other hand we have people saying, "No, we need to quickly move to regulate the space. "Work with central banks, work with central governments, "and write out the regulations." That's been lot of the hallway conversation. And a lot of other ones that have been really intriguing to me has been people talking about what are things that they have done within their company to protect their employees. Because the reality is in the crypto currency space every single employee of a major company in this industry is a target by naturally being in this industry. And this includes you. We are all naturally targets. And it's not about how much bitcoin you have maybe its about how much bitcoin someone thinks you have. And all of a sudden you become a target. And we need to think about things like our physical security. So some of the more interesting conversations I've been having with people have been around, along the lines of what are you doing to protect you and your family in regards to your physical security? On top of that your online presences. >> So ransoms, people getting kidnapped and or extorted. These kinds of physical pressures? >> Yeah, like ShapeShift has a lot of great stories. Michael Perklin from, the CIS of ShapeShift is here. You should totally talk to him and get him on theCUBE. Michael Perklin has a long list of war stories that ShapeShift has been through. Some of them they went through before he was actually hired as a CISO. And ShapeShift would've also not been hacked of millions of dollars if they had brought on a CISO earlier such as Michael Perklin. I believe they had hired him as a consultant. Did not renew the contract, got hacked, and brought him on as CISO. And he was like, "If you had continued working with me "I would of, this would of been avoided." And that's really-- >> It's foolish. >> One other thing I've seen with ShapeShift actually is online you'll notice that all the employees of ShapeShift, their last names are not online. So on the website it says, their chief marketing officers name is Emily, it says "Emily Shape Shift". And their badges at conferences also says "Emily Shape Shift". These are interesting things to learn from other companies that this is what you're doing to protect your employees from them being hacked. It's very interesting for us to all exchange notes-- >> Shoot I'm out there, (mumbles) everywhere pretty much online. >> Well I'm out there as well. We just got to protect ourselves and we got to think about things like our physical security. People feel uncomfortable thinking about their physical security. They think that, "Oh no we're in America, "we'll just call the cops." What about when we travel? What about when you and I are in a village in Thailand hanging out? We are microorganisms and when microorganisms are hungry they'll do what ever it takes to eat. So if they smell abundance, you and I are in trouble. >> Yeah, we got to be careful. And this is something that you really got to worry about because there's been tons of war stories. Now ultimately when you get back down to the wallet, it's one of the things we've been talking a lot this morning on, with Rivets, was on about the notion of how hard it is for mainstream to use tokens. Where's my private key? This has always been the crypto problem, even with private key encryption. >> Yeah, or should we build a multi-sig wallet to store your tokens in a secure manner? People have been asking us for a long time, Crypto funds, ICO's, "How do we store our tokens!" And our problem was that A, we've either hacked into the other wallets that are available and we saw that they're insecure or the UI and UX completely sucks. So we said lets build our own and so we built our own. >> Are you open sourcing that, is that-- >> No, we're going to be, this is going to be a unique multi-sig wallet that we release, it's not. You're open sourcing the actual code of the wallet or else it's not going to be considered legitimate. >> Yeah, it's good, it's a goldmine. >> It's a profitable venture. >> And that's going to be 100% bullet proof? >> It's going to be very secure. >> Let's talk about Meadow Suite. >> So, we came to a point where our engineers needed better tooling to find security vulnerabilities in smart contracts. And what is available, Truffle, is weak and slow. And so we built Meadow Suite. We built in a long list of tools and a full suite of tooling that we believe are going to be used by a long list of people that are building on the Ethereum blockchain. Including a lot of our competitors. And so we've open sourced it and we're excited for people to check out Meadow Suite. It's on GitHub and our engineers have put a lot of time and effort into it. We even have our own logo for it. >> And the goal is to automate things, make it easier? What's the main, main initial goals? >> I would say, long story short, is to find security vulnerabilities in smart contracts and to build tooling around that. And to effectively build and find vulnerabilities in smart contracts. >> So they build it into their development process natively? >> Correct. >> Alright Hartej great to have you on and hey congratulations for putting on this event. I know we've talked about >> Awesome to be here. it in the past, it actually happened. It's the first inaugural one. >> We had this vision and I'm glad it came through. We had a great global events team. Gabriel Shepherd, and Ryan Shewchuk, and Brad Horspool, and Michelle Yon. And like they've put on conference's the size of Southwest by Southwest. And our vision is, look we're not in the events business. And we're a cyber security business at the end of the day. But we found it necessary that there has to be a conference where there's a platform for people to talk about cyber security intersecting with the blockchain industry. There's got to be a platform for someone to get on stage and say, "Hey here's lessons that "we learned from getting hacked" And if this industry is going to survive, this topic needs to survive. And the brands that want to affiliate themselves with blockchain security and that want to be apart of the discussion. This will be a go to conference every single year. We're going to keep doing it and I look forward to having you at every single one, coming. >> It's been great. And you know what's key is having reputable people working together in a community, building an open community, sharing data, sharing best practices, and having candid conversations. >> Yep, it's the only way to get someone as epic as Andreas Antonopoulos to your conference. I mean my co-founder and I have been looking up to Andreas for so long. Watching videos of Andreas. Watching videos of Max Keiser, Stacy Herbert. To have them here is really just truly remarkable and I'm grateful, I'm honored, I'm touched. I'm touched to have you here. I miss David Vellante, I wish he was here. >> He's in San Francisco, he says hi. He was going to fly in tonight but-- >> He texted me. >> He did, okay. >> Hartej it's great to see you. >> Great to see you >> Congratulations. as well. thank you. >> Great event. Okay we're here live with theCUBe coverage for HoshoCon 2018, the first inaugural security conference on blockchain. Industry leaders coming together. The brilliant, bright minds of the industry working out the solutions, trying to pedal faster. Better security, check it out HoshoCon.com. I'm John Furrier stay with us for more coverage after this short break. (techno music)

>> From the Hard Rock Hotel in Las Vegas, it's theCUBE covering HoshoCon 2018. Brought to you by Hosho. >> Over and welcome back to our live coverage here in Las Vegas for HoshoCon. I'm John Furrier host of theCUBE. The first inaugural conference on security in the blockchain security is obviously not new to the blockchain It's number one concern. Crypto is crypto, decentralized networks is what people want. Security is the only thing that matters, if you haven't been hacked, then you should know we're being hacked. This is theCUBE coverage here in Las Vegas for HoshoCon. I'm John Furrier with Steven Sprague CEO of Rivetz, who's a security and an entrepreneur I've known for almost 20 years now he has been at this all through multiple ways of innovation, multiple security paradigm stacks, not new the problem, great time for you, Welcome to theCUBE. >> Thank you for having me. >> So I've known you and knowing your father as well for almost 25 plus years, you have been at this in one form or another with security and the waves are different, I mean there's different the web wave there's different architectures I mean people call it internet 3.0 whatever they're just different evolutionary steps, now is the killer time because we're seeing the most action. You got web, internet, mobile, global, new economics, new money the stakes are higher it's not not just like some isolated box, you got cloud. This is the time to harvest the work you've been doing, give us an overview. >> Absolutely you know I've been at this my whole career, I started down this path in 1990. Doing digital rights management micro transactions and video games and was part of the formation that Trusted Computing group in the 2000s and helped shipped 1.4 billion PCs with hardware security on the motherboard of the PC that still out there today. Started with started Rivets in 2013 to really go after, how do we enable the hardware security and mobile devices? And just about instantaneously ran into the blockchain and at my first Bitcoin conference, which was the Miami Bitcoin conference about a half an hour into it, it dawned on me two things. One, we were talking a lot about crypto but nobody was talking about cybersecurity and there's a gap between those just because we talk crypto all the time doesn't mean that we know what we're doing in cyber and the other one that was true as, oh my God, I've been looking for this for the last 10 years, which is how do we enable the user to own their own keys? And I don't mean like single keys on each device. I mean, the root key that controls all the other keys on all their devices. This is a super interesting space, we're just the very beginning of it in some ways the Bitcoin side the sort of value or or money side is the demo, the real opportunity is, this is the infrastructure that's going to replace how we do normal enterprise computing. >> Yeah. >> And the end of PC computing, we're about to have a new paradigm, blockchain-- >> I agree with you as an infrastructure shift over because the efficiencies that are gained and the disruption around what's not efficient, whether it's venture capital or infrastructure, IoT, whatever the supply chain or the decentralized way is the way to make it efficient, so it's an opportunity. Every entrepreneur that I know that is licking their chops going, wow, I can come in here and and create value. The mainstream adoptions around this complexity around use to your point, and then the fear of being hacked the cybersecurity piece whether it's for money, or a a hostile actor. >> But think of it in a different way. Security, nobody cares about security, nobody buys security, nobody wants security, security is UI. So if I asked you what your favorite multi factor authentication experience, you think like fingerprints and all this kind of stuff, it's not true, the send button is your favorite one, dial the number and push then and it just works. It works everywhere in the world works every time you've taught mom how to use it and the kids how to use it. It's simple, so why, so we would never use like, dial the number and we're going to use AI and big data to determine whether your phone is in the right condition to complete the call. And then a message is going to come up and say, would you please breathe deeply and calm down, because you're clearly agitated, I can't complete your call for you at this time. (laughing) Like, you've never used that phone, so why are we going to use that for the rest of our enterprise? >> I just sent you a pin number on your phone that you can't use before you can make the call. Again, I agree, it should be under the wire. It should be transparent security should be native, always on. >> That's right. >> And that's what you're getting at, okay. In your opinion, where are we in the progress because again, I think this connects the dots for your career, what you've worked on the itch you've been scratching in security because you have the perfect storm, you have full mobility penetration, you have commerce on top of it, and you have full global connectedness those three things alone make a-- >> And we have decentralization, so the thing that's important in blockchain is it's important remember, while the data on a chain is immutable, we know we can seal inside a little envelope a message and sign it and we write it to a chain it never changes. What we don't know is whether the data written to the chain was intended so all the information on all the blockchains is fake news. It's important to understand that we, if we take a blockchain to court try and prove something, all we can prove with the data hasn't changed. I have absolutely no idea whether your private key was written on the bathroom wall or stored in Fort Knox. And so if you try and record something on chain, your defense is always ah somebody stole my private key. Or if I'm trying to defend that you didn't do it on chain, somebody stole his private key, so actually the date on the chain is fake. It's real it was signed by a private key, but we have no knowledge to the quality of the private key and if you told the blockchain community that we got to go get your Windows log files to see whether or not your key was compromised at the time and the windows log files are the way we secure all blockchains. We're not going to get there, so the problem is-- >> That's a roadblock for sure, no doubt. >> Yeah, so the problem is that blockchains, are decentralized therefore, they're censorship proof. All of network security is censorship, therefore, blockchain is network security proof. Oops. So everything we spent in the last trillion dollars in cyber security doesn't work on blockchain Unless I run private chains, all a private chain is running inside the enterprise security while using all Juniper firewalls to secure your chain. That's not what we're talking about, We're talking about a decentralized solution. >> So match the security for pro posture for the architecture that you're working on. >> So we are going to have to do for the first time something that's crazy, we're going to have to do security commerce, which is when we form an instruction 'cause blockchains aren't authentication either, this isn't about logging into a node, getting a web page and filling out a form, no this is about sending an instruction. So, a blockchain instruction, a nuclear launch code, an e-commerce transaction, an IoT instruction like turn the lights on to 50% are all the same thing, it's an instruction based paradigm so it's not only about protecting the key but also the protection of the instruction that tells the system what to do and so in order to do that, the device that creates the instruction has to be a known device. Today we run our whole world, all our critical infrastructure, everything on unknown compute. When you turn this machine on, you didn't check to see it wasn't run by the North Koreans and you can't tell. >> Yeah, they could be in there, they probably are. >> Absolutely, more so than you would want to know. >> So what whereas the answer on this so get to the, cut to the chase here in your opinion, as the people figure out okay, we have all this great hardware that was built for a certain generation, now I'm using it as mission critical in my life, it's integrated to my lifestyle with my watch, my computer, my phone, now my in house Siri, portal, Facebook thing. >> So we need to get away from Apple's embracing of the CompuServe model, where you have a mobile phone that is a terminal, when you log into apps and your identity is based on your login to your phone. We don't actually check to see if the phone is really your phone. And we need to move to the concept of mobile, where it's a device identity network where services are delivered, not based on the username and password, but based on the identity of the device and really, ultimately, we need to get to what looks like an IoT network, which is a device identity network with messaging as the primary protocol. So secure messages sent. Fundamentally, we need to demote the importance of user authentication and promote the importance of device identity, so that I have a known device and a known condition with known controls that is producing the instructions that are sent to the chain. Ideally, you'd like in every chain, a second hash. And that second hash represents a manifest of controls that were in place, so I checked to see I was in the building, I checked to see who's still an employee, I checked to see my devices working properly, I check to see the trust infrastructure in the hardware of my devices working properly, and that gives me a hash I can write that to chain with the same immutable transaction, now I can prove that John's device in this condition with these controls wrote this transaction. >> Authentication powered the last architecture blockchain to your point about being you know, you don't know what's on the data needs to have an identity model for the signatures. >> For the robot. >> For the robot. >> For the robot. So some people like oh my god, but what if I lose my phone and the most important thing is you notice. If I steal your private keys you don't notice I still your phone like I just touch your phone. It makes you feel nervous, >> Yeah. (laughing) It's a very, but that's 100,000 years. >> I know when I leave my phone home I turn around soon as am three feet the driveway I'm like, okay, go back, get the phone. >> And so that's cyber security training it starts when you're 18 months old, when somebody gives you an important object you're not supposed to forget places like heaven forbid you remove the fuzzy rabbit from the three year old, you can lose an arm, right. So that model buying device, the good news is the trusted computing standards of the world have given us embedded hardware security in the chip sets as a standard capability in every ARM processor. Now in every Intel processor, we can turn these capabilities that have been deployed in these devices. We turn them on, provide an effective hardware based wallet for all of crypto. >> How does the hardware wallet work in your vision? Because I think most people generally and me included would say, look I love crypto but I'm busy got my four kids, two are in college, two or in high school and running around you're running around, bottom line is I got my key, my cold storage, I get keys everywhere, I forgot where I put my damn keys where's my key anyway I ended up writing and I post it. Who knows? >> I want to believe your keys are your collection of devices. So we've actually just done a recent relationship with Telefonica we showed two weeks ago, a dual Root of Trust handset, so half of your key is protected by the SIM architecture in your phone, half of your key is protected by the manufactured ARM processor in your, in your handset. So I have two separate routes of trust. I'm not trusting the carrier, I'm not trusting the manufacturer, they have to work in cooperation, the owner owns the keys, then I want to backup those keys. So why not, now that I have multiple routes of trust in my device, they can talk to my other devices, So we think of your household of devices as your key, not your single super phone. So every time I make a new wallet, you're right. You're running around, you didn't think about it, You don't want to write down 12 words, you're out at Starbucks, you shouldn't be writing the 12 words down on the surveillance camera at Starbucks. That would be a bad plan, Instead, you want your device to just communicate out to your other devices. So imagine in the future I lose my phone I can shut it off by calling my carrier and then I want to Make a new phone, maybe I've got to go like push a button in my Tesla push a button on my smart refrigerator. And my wife has to push a button or my girlfriend, or whatever the complications we all have. (laughing) And that's what allows me to recreate, not just my blockchain keys, but my Marriott keys, my car keys, my refrigerator keys, my these keys and we're going to have lots of keys for all this stuff. >> And the hardware is key in your opinion, got to have the hardware. >> Right, the reason why you have hardware is because, we can measure that the hardware hasn't changed so we can have a hardware Root of Trust, something that we know is anchored in silicon, in iron and then, or really in copper, and then from that we can build a stack that says we know this hasn't changed because if it's cast in the ground now we can build up from there each step and know that this measured environment is running properly. >> So people want be concerned, obviously Bloomberg had a story this week about China putting a mod chip on super micro boxes that's hardware. How do you talk to that, because I'm now saying, hey, I love the Root of Trust concept you guys are awesome, great job, but what about being hacked by someone else-- >> Well let's assume hacks continue on in time, I think the ultimate disinfectant in this is identity of the device, so give me a list of where 100% of those computers are. And are they in any critical systems that you have? So you're running DHS, and you've got 1.2 million servers across your network? Can you tell me 100% of the machines, that have that capability on them? Now that you know that model 45 had that. So we have an example for this VIN numbers in cars have been a great example of how we've improved the quality of cars, not that we aren't stupid humans and we build stuff that breaks or doesn't work and people die, we just want to know, that if he dies in his car that I don't want to drive the same car he drove without fixing whatever it is they're broken your car. >> So unique ID for the car, an asset. >> Yeah. And so tracking that, yep, we have it for lots of things. We don't have it for PCs, if you ask the average organization, please give me a list of the software that runs your corporation, they have no idea. >> Yeah, and the same thing with data to the GDPR thing, all these regulations, >> Right, because all, so GDPR is a great example of where now I need to prove I had controls in place in order to show that my data is properly-- >> They didn't know they had a server out there. >> I don't want to audit once a year, I want to check every time I do a transaction, was the person and employee did they have data rest in their machine, did they. So we can use the concepts of GDPR regulation to press this idea that I've provable controls at a transactional level for every instruction that's done. I want to know that I have known compute, if you had to write policy for the federal government, it's only known computers connected to sensitive networks and data. That doesn't require rocket science to understand. It's like, don't hook anonymous unknown computers you picked up out in the parking lot and tie them to the nuclear launch codes, that would be a bad plan. Like, let's start with at least machines we know and that are running software we know and that we've tested them so that we know they're running what we expect and they're working correctly, then let's use them for critical systems. So let's talk about the, and want to just finish up this segment on looking at what you're saying, which is a whole new operating model is coming really fast. The old model that's being operate is run by huge companies, Apple, Amazon, IT departments all around the world, governments, so there's going to be some resistance is going to have to be some change, that change is going to be disruptive. How do you see it playing out, you see people waking up going it's inevitable or you see a train wreck or collision. >> Now I think we have to create a transition. I spent a decade trying to create the train wreck and that didn't work very well, we shipped the technology and every PC. What we've done here is we're making it possible for you measure the integrity of a device in a mobile phone, and then you can hold keys in it. But I can apply policies or rules to those keys and those policies can talk to all of my old external systems. So I can ask all my network security stack, Where is this device, is this person an employee? Is my organization feeling good today, before I let you use the key. >> You bring program ability and state into-- >> Right, it's like you drag along the whole network security stack, and all their API controls and their SIEMs and let's hook Watson up and watch the whole network and apply that as a rule to a case. So now I can sit in Starbucks, and my device checks to see my organization's good, and then logs me into Gmail. I didn't have to tell Gmail to ask whether I was an employee, so I can have a mobile phone that says only log on if you're on the nuclear submarine and it'll work and I don't have to tell GitHub that check to see whether he's on a nuclear submarine. They just have to know that this two factor authentication is external, what's making that possible is that two factor authentication and all the services is fundamentally device registration, and as we mature that as the industry matures, those standards it provides the vehicle for all the services to incorporate a device component to the authentication strategy and then we can engage the robot to make that device smarter. >> Robot being the machine. >> Our device. >> Great to have you on, give the quick plug, what's going on Rivets real give us a quick. >> So Rivets is a fun company going after building these tools, we have a great partnership with Telefonica, we're extending it to other carriers as well. And our mission here is to bring the next billion people the blockchain by giving them a hardware based wallet for crypto, for IoT, for cloud in 100% of the mobile devices that are shipped and use the carriers as a mechanism to deliver that to us. >> You bring value that carries you also help the users make that usability peace secure. If you can pull that off, man I'd have a parade on Main Street for you. We need that. >> We desperately need this. We are so ready for our digital life to become simpler and safer for the user, And really for the services, it allows them to have more valuable data. So it's the combination of those two things, it's a win both for the consumer and for the services. >> Well, let's hope it can be a seamless transition rather than a train wreck collision. I'm John Furrier we here at talking security at Hoshocon, the inaugural blockchain secure, the first blockchain security conference am here with Steven Sprague CEO Rivets, hot, hot company in the space with many, many years experience. Time is ripe, right now the time is perfect for you. Congratulations. >> Thank you. >> Thanks for coming on, we're back with more after this short break. (electronic music)

>> Live from Toronto Canada, it's The Cube, covering Global Cloud and Blockchain Summit 2018, brought to you by The Cube. >> Hello, everyone welcome back to The Cube's live coverage here in Toronto for the first Global Cloud and Blockchain Summit in conjunction with the Blockchain futurist happening this week it's run. I'm John Fourier, my cohost Dave Vellante, we're here with Cube alumni, Bradley Rotter, pioneer Blockchain investor, seasoned pro was there in the early days as an investor in hedge funds, continuing to understand the impacts of cryptocurrency, and its impact for investors, and long on many of the crypto. Made some great predictions on The Cube last time at Polycon in the Bahamas. Bradley, great to see you, welcome back. >> Thank you, good to see both of you. >> Good to have you back. >> So I want to just get this out there because you have an interesting background, you're in the cutting edge, on the front lines, but you also have a history. You were early before the hedge fund craze, as a pioneer than. >> Yeah. >> Talk about that and than how it connects to today, and see if you see some similarities, talk about that. >> I actually had begun trading commodity futures contracts when I was 15. I grew up on a farm in Iowa, which is a small state in the Midwest. >> I've heard of it. >> And I was in charge of >> Was it a test market? (laughing) >> I was in charge of hedging our one corn contract so I learned learned the mechanisms of the market. It was great experience. I traded commodities all the way through college. I got to go to West Point as undergrad. And I raced back to Chicago as soon as I could to go to the University of Chicago because that's where commodities were trading. So I'd go to night school at night at the University of Chicago and listen to Nobel laureates talk about the official market theory and during the day I was trading on the floor of the the Chicago Board of Trade and the Chicago Mercantile Exchange. Grown men yelling, kicking, screaming, shoving and spitting, it was fabulous. (laughing) >> Sounds like Blockchain today. (laughing) >> So is that what the dynamic is, obviously we've seen the revolution, certainly of capital formation, capital deployment, efficiency, liquidity all those things are happening, how does that connect today? What's your vision of today's market? Obviously lost thirty billion dollars in value over the past 24 hours as of today and we've taken a little bit of a haircut, significant haircut, since you came on The Cube, and you actually were first to predict around February, was a February? >> February, yeah. >> You kind of called the market at that time, so props to that, >> Yup. >> Hope you're on the right >> Thank you. >> side of those shorts >> Thank you. >> But what's going on? What is happening in the capital markets, liquidity, why are the prices dropping? What's the shift? So just a recap, at the time in February, you said look I'm on short term bear, on Bitcoin, and may be other crypto because all the money that's been made. the people who made it didn't think they had to pay taxes. And now they're realizing, and you were right on. You said up and up through sort of tax season it's going to be soft and then it's going to come back and it's exactly what happened. Now it's flipped again, so your thoughts? >> So my epiphany was I woke up in the middle of the night and said oh my God, I've been to this rodeo before. I was trading utility tokens twenty years ago when they were called something else, IRUs, do you remember that term? IRU was the indefeasible right to use a strand of fiber, and as the internet started kicking off people were crazy about laying bandwidth. Firms like Global Crossing we're laying cable all over the ocean floors and they laid too much cable and the cable became dark, the fiber became dark, and firms like Global Crossing, Enron, Enron went under really as a result of that miss allocation. And so it occurred to me these utility tokens now are very similar in characteristic except to produce a utility token you don't have to rent a boat and lay cable on the ocean floor in order to produce one of these utility tokens, that everybody's buying, I mean it takes literally minutes to produce a token. So in a nutshell it's too many damn tokens. It was like the peak of the internet, which we were all involved in. It occurred to me then in January of 2000 the market was demanding internet shares and the market was really good at producing internet shares, too many of them, and it went down. So I think we're in a similar situation with cryptocurrency, the Wall Street did come in, there were a hundred plus hedge funds of all shapes and sizes scrambling and buying crypto in the fall of last year. It's kind of like Napoleon's reason for attacking Russia, seemed like a good idea at the time. (laughing) And so we're now in a corrective phase but literally there's been too many tokens. There are so many tokens that we as humans can't even deal with that. >> And the outlook, what's the outlook for you? I mean, I'll see there's some systemic things going to be flushed out, but you long on certain areas? What do you what do you see as a bright light at the end of the tunnel or sort right in front of you? What's happening from a market that you're excited about? >> At a macro scale I think it's apparent that the internet deserves its own currency, of course it does and there will be an internet currency. The trick is which currency shall that be? Bitcoin was was a brilliant construct, the the inventor of Bitcoin should get a Nobel Prize, and I hope she does. (laughing) >> 'Cause Satoshi is female, everyone knows that. (laughing) >> I got that from you actually. (laughing) But it may not be Bitcoin and that's why we have to be a little sanguine here. You know, people got a little bit too optimistic, Bitcoin's going to a hundred grand, no it's going to five hundred grand. I mean, those are all red flags based on my experience of trading on the floor and investing in hedge funds. Bitcoin, I think I'm disappointed in Bitcoins adoption, you know it's still very difficult to use Bitcoin and I was hoping by now that that would be a different scenario but it really isn't. Very few people use Bitcoin in their daily lives. I do, I've been paying my son his allowance for years in Bitcoin. Son of a bitch is rich now. (laughing) >> Damn, so on terms of like the long game, you seeing the developers adopted a theory and that was classic, you know the decentralized applications. We're here at a Cloud Blockchain kind of convergence conference where developers mattered on the Cloud. You saw a great developer, stakeholders with Amazon, Cloud native, certainly there's a lot of developers trying to make things easier, faster, smarter, with crypto. >> Yup. >> So, but all at the same time it's hard for developers. Hearing things like EOS coming on, trying to get developers. So there's a race for developer adoption, this is a major factor in some of the success and price drops too. Your thoughts on, you know the impact, has that changed anything? I mean, the Ethereum at the lowest it's been all year. >> Yup. Yeah well, that was that was fairly predictable and I've talked about that at number of talks I've given. There's only one thing that all of these ICOs have had in common, they're long Ethereum. They own Ethereum, and many of those projects, even out the the few ICO projects that I've selectively been advising I begged them to do once they raised their money in Ethereum is to convert it into cash. I said you're not in the Ethereum business, you're in whatever business that you're in. Many of them ported on to that stake, again caught up in the excitement about the the potential price appreciation but they lost track of what business they were really in. They were speculating in Ethereum. Yeah, I said they might as well been speculating in Apple stock. >> They could have done better then Ethereum. >> Much better. >> Too much supply, too many damn tokens, and they're easy to make. That's the issue. >> Yeah. >> And you've got lots of people making them. When one of the first guys I met in this space was Vitalik Buterin, he was 18 at the time and I remember meeting him I thought, this is one of the smartest guys I've ever met. It was a really fun meeting. I remember when the meeting ended and I walked away I was about 35 feet away and he LinkedIn with me. Which I thought was cute. >> That's awesome, talk about what you're investing-- >> But, now there's probably a thousand Vitalik Buterin's in the space. Many of them are at this conference. >> And a lot of people have plans. >> Super smart, great ideas, and boom, token. >> And they're producing new tokens. They're all better improved, they're borrowing the best attributes of each but we've got too many damn tokens. It's hard for us humans to be able to keep track of that. It's almost like requiring a complicated new browser download for every website you went to. We just can't do that. >> Is the analog, you remember the dot com days, you referred to it earlier, there was quality, and the quality lasted, sustained, you know, the Amazon's, the eBay's, the PayPal's, etc, are there analogs in this market, in your view, can you sniff out the sort of quality? >> There are definitely analogs, I think, but I think one of the greatest metrics that we can we can look at is that utility token being utilized? Not many of them are being utilized. I was giving a talk last month, 350 people in the audience, and I said show of hands, how many people have used a utility token this year? One hand went up. I go, Ethereum? Ethereum. Will we be using utility tokens in the future? Of course we will but it's going to have to get a whole lot easier for us humans to be able to deal with them, and understand them, and not lose them, that's the big issue. This is just as much a cybersecurity play as it is a digital currency play. >> Elaborate on that, that thought, why is more cyber security playing? >> Well, I've had an extensive background in cyber security as an investor, my mantra since 9/11 has been to invest in catalyze companies that impact the security of the homeland. A wide variety of security plays but primarily, cyber security. It occurred to me that the most valuable data in the world used to be in the Pentagon. That's no longer the case. Two reasons basically, one, the data has already been stolen. (laughing) Not funny. Two, if you steal the plans for the next generation F39 Joint Strike Force fighter, good for you, there's only two buyers. (laughing) The most valuable data in the world today, as we sit here, is a Bitcoin private key, and they're coming for them. Prominent Bitcoin holders are being hunted, kidnapped, extorted, I mean it's a rather extraordinary thing. So the cybersecurity aspect of if all of our assets are going to be digitized you better damn well keep those keys secure and so that's why I've been focused on the cybersecurity aspect. Rivets, one of the ICOs that I invested in is developing software that turns on the power of the hardware TPM, trusted execution environment, that's already on your phone. It's a place to hold keys in hardware. So that becomes fundamentally important in holding your keys. >> I mean certainly we heard stories about kidnapping that private key, I mean still how do you protect that? That's a good question, that's a really interesting question. Is it like consensus, do you have multiple people involved, do you get beaten up until you hand over your private key? >> It's been happening. It's been happening. >> What about the security token versus utility tokens? A lot of tokens now, so there's yeah, too many tokens on the utility side, but now there's a surge towards security tokens, and Greg Bettinger wrote this morning that the market has changed over and the investor side's looking more and more like traditional in structures and companies, raising money. So security token has been a, I think relief for some people in the US for sure around investing in structures they understand. Is that a real dynamic or is that going to sustain itself? How do you see security tokens? >> And we heard in the panel this morning, you were in there, where they were predicting the future of the valuation of the security tokens by the end of the year doubling, tripling, what ever it was, but what are your thoughts? >> I think security tokens are going to be the next big thing, they have so many advantages to what we now regard as share certificates. My most exciting project is that I'm heavily involved in is a project called the Entanglement Institute. That's going to, in the process of issuing security infrastructure tokens, so our idea is a public-private partnership with the US government to build the first mega quantum computing center in Newport, Rhode Island. Now the private part of the public-private partnership by the issuance of tokens you have tremendous advantages to the way securities are issued now, transparency, liquidity. Infrastructure investments are not very liquid, and if they were made more liquid more people would buy them. It occurred to me it would have been a really good idea if grandpa would have invested in the Hoover Dam. Didn't have the chance. We think that there's a substantial demand of US citizens that would love to invest in our own country and would do so if it were more liquid, if it was more transparent, if the costs were less of issuing those tokens. >> More efficient, yeah. >> So you see that as a potential way to fund public infrastructure build-outs? >> It will be helpful if infrastructure is financed in the future. >> How do you see the structure on the streets, this comes up all the time, there's different answers to this. There's not like there's one, we've seen multiple but I'm putting a security token, what am i securing against, cash flow, equity, right to convert to utility tokens? So we're starting to see a variety of mechanisms, 'cause you have to investor a security outcome. >> Yeah, so as an investor, what do you look for? >> Well, I think it's almost limitless of what these smart securities, you know can be capable of, for example one of the things that were that we're talking with various parts of the government is thinking about the tax credit. The tax credit that have been talked about at the Trump administration, that could be really changed on its head if you were able to use smart securities, if you will. Who says that the tax credit for a certain project has to be the same as all other projects? The president has promised a 1.5 trillion dollar infrastructure investment program and so far he's only 1.5 trillion away from the goal. It hasn't started yet. Wilbur Ross when, in the transition team, I had seen the white paper that he had written, was suggesting an 82% tax credit for infrastructure investment. I'm going 82%, oh my God, I've never. It's an unfathomable number. If it were 82% it would be the strongest fiscal stimulus of your lifetime and it's a crazy number, it's too big. And then I started thinking about it, maybe an 82% tax credit is warranted for a critical infrastructure as important as quantum computing or cyber security. >> Cyber security. >> Exactly, very good point, and maybe the tax credit is 15% for another bridge over the Mississippi River. We already got those. So a smart infrastructure token would allow the Larry Kudlow to turn the dial and allow economic incentive to differ based on the importance of the project. >> The value of the project. >> That is a big idea. >> That is a big idea. >> That is what we're working on. >> That is a big idea, that is a smart contract, smart securities that have allocations, and efficiencies, and incentives that aren't perverse or generic. >> It aligns with the value of the society he needs, right. Talk about quantum computing more, the potential, why quantum, what attracted you to quantum? What do you see as the future of quantum computing? >> You know, you don't you don't have to own very much Bitcoin before what wakes you up in the middle of the night is quantum computing. It's a hundred million times faster than computing as we know it today. The reason that I'm involved in this project, I believe it's a matter of national security that we form a national initiative to gain quantum supremacy, or I call it data supremacy. And right now we're lagging, the Chinese have focused on this acutely and are actually ahead, I believe of the United States. And it's going to take a national initiative, it's going to take a Manhattan Project, and that's that's really what Entanglement Institute is, is a current day Manhattan Project partnering with government and three-letter agencies, private industry, we have to hunt as a pack and focus on this or we're going to be left behind. >> And that's where that's based out of. >> Newport, Rhode Island. >> And so you got some DC presence in there too? >> Yes lots of DC presence, this is being called Quantum summer in Washington DC. Many are crediting the Entanglement Institute for that because they've been up and down the halls of Congress and DOD and other-- >> Love to introduce you to Bob Picciano, Cube alumni who heads up quantum computing for IBM, would be a great connection. They're doing trying to work their, great chips to building, open that up. Bradley thanks for coming on and sharing your perspective. Always great to see you, impeccable vision, you've got a great vision. I love the big ideas, smart securities, it's coming, that is, I think very clear. >> Thank you for sharing. >> Thank you. The Cube coverage here live in Toronto. The Cube, I'm John Furrier, Dave Vellante, more live coverage, day one of three days of wall-to-wall coverage of the Blockchain futurist conference. This is the first global Cloud Blockchain Summit here kicking off the whole week. Stay with us for more after this short break.