Although fundamental in most of today’s business operations, the internet came along with its fair share of challenges. The past few years have seen an increase in cybercrime, with hackers targeting individuals, corporations, and governments. According to the latest forecast by Cybercrime Magazine, it is estimated that malicious attacks will be costing the global economy up to $10.5 trillion annually by 2025.
Notably, a good number of these breaches are a result of single points of failure (SPOF), whereby a vulnerability in one part of a system could ultimately affect the entire network if exploited. Though a big challenge, tech innovators are gradually rising to task given the advent of distributed technologies such as blockchain. What if computer systems were decentralized to eliminate the SPOF risk?
To further understand the value proposition of blockchain in cybersecurity, we sought for an interview with David H. Holtzman, a long-time internet innovator and currently an advisor at Naoris Protocol. Here are some of the insights we got from the discussion:
Hi David, thank you for taking time to have this interview. You have made a great impact as an internet innovator over the past three decades, what would you say is your biggest accomplishment and why the pivot to Web 3.0?
In the late 1990s, control of the domain name system transitioned from the US National Science Foundation (NSF) to the Department of Commerce reflecting the growing commercialization of the Internet as evidenced by the huge surge in commercial domain names. At that time, there was strong governmental pressure on Network Solutions (where I was CTO) to create a second generation, fully centralized DNS registration system with a single database containing ownership information for all domain names.
If this architecture had been implemented, it would have been a single point of failure for much of the Internet and what’s worse, a single point of control. Instead, I designed and implemented a system which is still being used today, where the registries are separated from the registrar functions. Doing this created a more decentralized DNS system which limits vulnerability (and internal censorship and external weaponization) to the boundaries of a country instead of the whole Internet. If China filters the Internet that passes through their borders, it doesn’t affect Europe.
Web 3.0 is an idea driven by the same desire to avoid centralized control and authoritative authentication although much of the fear may be of Web 2.0 big tech instead of governments. This subversive idea is made possible by blockchain and will lead to far more interesting digital artifacts in the future than bored monkey NFTs.
Naoris protocol is focused on revolutionizing the approach to cybersecurity through blockchain tech and smart contract infrastructure, how do you plan to add value to this goal with your previous tech expertise?
Santayana said: “Those who cannot remember the past are condemned to repeat it.” I started working with computers over forty years ago and in that time, I’ve seen many recurring patterns in technologies as well as their associated business models. My experience may be invaluable in spotting future problems with blockchain technologies echoing something that happened previously.
For example, the gold rush for ICOs a few years ago was similar to the Dot Com craziness twenty years earlier, and predictably ended in a similar way. The same dichotomies often emerge from the chaos that results whenever a new tech gets hyped such as the perpetual tension between centralized and decentralized systems now playing out with Web 2.0 vs Web 3.0.
Another is the tension between security and privacy. It’s very difficult to have good security without eventually encroaching on someone else’s privacy. Hopefully being aware of these cycles of technology will make me a useful advisor, because in addition to successes, I’ve made many mistakes over the years and the most honest form of wisdom comes from learning from your failures.
Can you shed more light on your interest in cryptography and the blockchain space? Also, how suitable is the Naoris protocol Distributed Proof of Security (dPoSec) consensus for Web 2.0 and Web 3.0 ecosystems?
In the early 1980s, I worked as a linguist and cryptographer for a branch of US intelligence. This led to my fascination with all forms of information shrouding using mathematical techniques, starting with codes and ciphers and leading to an interest in modern encryption. But these days what interests me most is not the nuts and bolts of cryptographic implementations, but the potential for social and governance change that tech like blockchains, built around encryption, can bring about.
As I mentioned in a previous answer, blockchain is inherently subversive and with the addition of smart contracts, it’s a game changer because it diminishes dependency on many government-provided services as well as reducing the overabundance of lawyers in the business world because they’re no longer needed for simple agreements. Many centralized authoritative functions only exist because up until now there haven't been decentralized alternatives.
I hope that eventually the capabilities that blockchain brings (immutability, date/time validation, embedded contracts) will be used for secure, interpersonal transactions where the blockchain itself becomes the validating authority. The design of Naoris’s dPoSec consensus is an elegant approach to applying Web 3.0 benefits such as decentralization to networked systems.
The icing on the cake is Naoris’s ability to “wrap” legacy Web 2.0 systems in such a way that they can also serve as validators in a Naoris network without having to be completely rewritten. This is a cost savings as well as being more convenient.
What is your take on token incentivization and the Decentralized Autonomous governance (DAO) model, is the approach more efficient than the traditionally centralized ecosystems?
It’s too early to tell how efficient DAO will be in the long run, but now that the security issues that plagued The DAO seem less concerning, they seem to work well and in a number of growingly complex situations. Any system based on human voluntary participation requires adequate incentivization otherwise too many of those involved might have other motives, some of which might be nefarious.
Token incentivization makes perfect sense as it aligns all stakeholders goals and interests, a situation that doesn’t exist in “real world” organizations such as corporations where the interests of shareholders are not always aligned with those of directors and officers.
Although they all claim they’re on the same page, they rarely are, because the annual bonus of a CEO is typically tied to performance goals that are not the stock price and in some cases, not even the earnings. This conflict will not happen in a DAO since everyone is equal and their interest is easily quantifiable and transparent because it’s based on their number of tokens.
During your tenure as the CTO of Network Solutions, the number of active domains on the internet shot from half a million to over twenty million. How long do you think it will take for a Web 3.0 cybersec solution like Naoris Protocol to hit mainstream adoption?
Network Solutions surfed the wave of a massive network effect. Prior to the early browsers like Mosaic and Netscape, most non-geeky people had no real use for the internet if they even knew what it was. The advent of browsers (and the underlying http and HTML protocols) made it possible to find interesting content and many people who did so, realized that they too could be a “creator” and publish their interests or business online, which meant they needed a domain name for their website.
And the new content they added influenced other people to go online, and so on, rapidly stimulating demand until the DNS system grew to a few hundred million domain names. This saturation point occurred in a few years.
Network effect plays grow organically and no amount of advertising can change the speed of adoption, no matter what some marketing people claim. I expect that there will be one or maybe two competitive decentralized infosec protocols in the near future in addition to Naoris.
But given Naoris’s early advantage in having a thoroughly well-thought out, and already implemented system, there’s no reason for them not to own the emerging market for distributed proof of security systems, which could be enormous.
You have written a book on using personal cryptography, indicating that today’s internet users face a serious privacy risk; does the shift to distributed systems reduce this risk? If so, how exactly?
I hope so. One of my main worries has always been that of governmental abuse of centralized systems. In the last few years, we’ve seen several examples of countries shutting off or filtering their citizens’ Internet access to block or filter open access to information.
By definition, decentralized systems do not lend themselves to that kind of control. Privacy as commonly thought of, is, as Scott McNeally said many years ago, “dead.” It’s an artificial binary construct that isn’t relevant.
Identity protection and management on the other hand, is more important than ever. I believe that each of us must be the guardians of our own identity. This can only happen if we have the necessary tools.
As an example, encrypted email using PGP has been available since 1991. Yet almost no one has ever used it, because it’s too cumbersome. Even though it’s also based on cryptography, Signal is far better because the “cost” of installation and usage is very low and it just works.
Blockchain based systems are more like Signal than PGP. Wallets are difficult to use, but they’re getting easier. And they’re inherently more privacy secure.
Centralized systems will always require the connivance and forbearance of a benign keeper of the keys. Decentralized systems are truly libertarian and can be as safe or as recklessly open as the community desires.
Lastly, do you see big tech and governments adopting decentralized cybersecurity solutions despite their reluctance to embrace Web 3.0 (decentralized) innovations?
At some point, they’ll have to. Big tech, by and large, is not innovative or disruptive, but conformist (Google is an exception). Governments occasionally innovate, although usually by accident. They are a prime example of the infinite monkey theorem.
But the Web 3.0 horse has already bolted out of the barn. As mission critical, quasi-governmental functions offered by the private sector become commonplace in the Web 3.0 world, their competitors, governments,will conform, because if they don’t, they’ll be isolated and increasingly irrelevant.
A centralized system with a rapidly diminishing group of users is the anti-network effect. With each defection, it gets smaller and less consequential. Thus to maintain relevance, they will jump on board and adopt Web 3.0 technology, the same way many countries are now making plans to release their own stablecoins tied to their national currency.
Conclusion
Following this conversation, it is evident that stakeholders in the tech industry need to adopt better cybersecurity measures. While some Web 2.0 diehards might argue against the value proposition of Web 3.0 infrastructures, the debut of a distributed cybersecurity solution by Naoris proves the underlying potential.
In the near future, it is likely that computer systems will be run by decentralized communities as opposed to the current model where information is normally hosted on a single server.