Dr. Evil’s Milk Run

Following is a guest post from my friend Eliot Peper. I met Eliot several years ago when he approached me about his first book. I loved his writing and FG Press went on to publish Eliot’s first two books – Uncommon Stock: Version 1.0 and Uncommon Stock: Power Play.

Eliot’s third book, Uncommon Stock: Exit Strategy came out recently and the topic is particularly timely. Enjoy some deeper thoughts of his on why. Oh – and grab Eliot’s books – they are awesome.

Our institutions are failing to protect us. In fact, they’re not even trying. That wasn’t what I set out to discover when I started drafting my first novel. I just wanted to write a page-turner about tech startups with enough real grit to make readers think (true fans may remember that I noted my original inspiration right here in a previous guest post). To research the book, I interviewed federal special agents, financial service executives, money laundering investigators, cybersecurity experts, investors, and technologists in order to deepen the story’s verisimilitude.

The novel turned into a trilogy and along the way I discovered how fact can be far more disturbing than fiction (a point of frustration for novelists). Every day, our government officials, bankers, and corporate leaders are betraying our trust through shortsightedness and technical ignorance.

The now-infamous breach of The Office of Personnel Management by state-sponsored Chinese hackers shocked the nation. Detailed background files on more than twenty-two million Americans were stolen. The pilfered data included medical history, social security numbers, and sensitive personal information on senior officials within The Department of Defense, The Federal Bureau of Investigation, and even The Central Intelligence Agency. The national security implications are staggering.

The emperor may have no clothes but he doesn’t stand alone. Every year, hundreds of millions of dollars are spirited away from major financial institutions. The United Nations estimates that organized crime brings in $2 trillion a year in profits and the black market makes up 15–20% of global GDP.

How do cartel bosses, arms dealers, and human traffickers stash their cash? By working with corrupt insiders, exploiting legal loopholes, lobbying crooked politicians, and taking advantage of the same kinds of technical weaknesses that made the OPM hack possible. They are only able to get away with it because banks and regulators turn a blind eye or, more often, don’t even know when it’s happening.

Large organizations like government agencies and international financial institutions started incorporating software into their operations decades ago. Ever since, they have consistently chosen to pile new updates on top of old code rather than rebuild systems from the ground up. Why? In the short run, it’s cheaper and easier to address the symptom instead of the cause. Now, that shortsightedness is catching up with them.

All of this is just what we know about already. It takes a median of 229 days for data breaches to even be discovered. That’s a long time for criminals to be inside our systems, building new backdoors for future exploitation. Worse, institutions are loath to report breaches even when they are uncovered for fear that our trust in them will degrade even further.

The software powering the digital infrastructure of our institutions is a mess of half-measures, lost source code, and mind-boggling integrations. It’s like a vault built out of swiss cheese, a house resting on a matchstick foundation, or the plot of a telenovela. You can choose your own metaphor, but every hole is a VIP ticket for society’s antagonists.

And that’s not all. In a study released earlier this month, The Government Accounting Office found that many federal examiners in charge of bank information security audits have little or no IT training. They also discovered that regulators are not even doing comparative analysis on system-wide deficiencies, limiting their scope to individual banks. Worse, the National Credit Union Administration lacks the authority to examine third party service providers to credit unions, leaving large segments of their systems beyond the jurisdiction of examiners. It’s painfully ironic that at a time when the NSA terrifies us with its digital omnipotence, so many government agencies can’t get their act together for legitimate enforcement. Our watchdogs are asleep on their feet.

Whether their endgames are espionage or financial malfeasance, we’re making it too damn easy for bad guys to do their dirty work. I was only trying to make my books feel real but now reality is forcing me to suspend disbelief. It makes for great plot twists, but verisimilitude isn’t worth this level of vulnerability.

These are big problems. Big problems always represent big opportunities for creative founders. Mattermark just released their first report on the hottest cybersecurity startups. But we need fixes that are even more fundamental than security. We must rebuild the technical infrastructure and human governance systems that shape our institutions. That change might come from an extraordinarily dedicated internal leader or it might emerge from a garage in Boulder.

We need hackers, makers, artists, and independent thinkers. We need to play smarter and think long-term. We need to call our leaders to action. We need to educate ourselves and build a future in which we can thrive, not fight to survive.  

Participate in the Context.IO App Challenge

Dealing with email is something I have become an expert in out of necessity. While it’s out of control, it’s a chore that is wired into my work in a deep way that, regardless of the explosion of real time communication channels, will likely continue to be the least common denominator for communication for the next 100 years.

That is one of the reasons why I’m interested in seeing the projects that come out of the Context.IO App Challenge, a long-format online hackathon that I’ll be judging in a few weeks along with David Cohen, Fred Wilson, Matt Blumberg and Josh Baer.

Context.IO is a product of Return Path, where I’ve been on the board since 2000. It’s an API that developers can use to build applications that integrate their users’ email data (contacts, files, messages, threads, receipts, and rule-based notifications). We’re expecting to see a healthy mix of inbox management tools along with apps that deliver value in other ways outside the inbox. A few of my favorites that have been built in the past using Context.IO are Mailtime, Paribus or Airhelp.

A common question is if projects from a hackathon can become a successful business. Not all ideas will be winners and it depends on the goals of the event and participants. There is certainly a higher chance with an online hackathon like this one where you have months to build something amazing instead of 24-48 hours. One of our portfolio companies, WootMath,  won a similar App Challenge back in 2013.

In some ways, the judging criteria we’ll all be working from are basic questions any founder should ask themselves:

  • Quality of Idea: Is the idea creative and original?
  • Implementation of Idea: Was the idea well executed by the developer?
  • Potential Impact: Does the application solve a specific problem or paint point for its users?
  • Market Readiness: Is the application market ready?

I’m looking forward to seeing what gets built.

The Beginning of the End or the End of the Beginning

I was in a conversation last week with a friend who asked “do you think this is the beginning of the end?” We were discussing something totally wacky that had just happened that clearly could be viewed as an indicator that we have crested the peak of this economic cycle. Then, earlier today, I was on the phone with one of my favorite lawyers and he made a joke about a deal I’m doing as harkening back to the late 1990s. He asked if I thought it was an indication of the top of the cycle. We had a good chuckle (probably PTSD gallows humor from 15 years ago) and I suggested that they slow down the hiring of the associates at their law firm so they wouldn’t have to lay off so many in the inevitable downtown.

Somewhere in between these two conversations I told someone that I thought this was actually the “end of the beginning.” And, tonight at a wonderful dinner, I made the statement to the friend that we were having dinner with that I thought the next 30 years were going to be incredible.

I think we are at the end of the beginning of a dramatic shift in how our species deals with existence. Depending on who you believe, we are either 30 years from the singularity (Kurzweil) or only 15 years away (Vinge). The new science fiction coming out is doing a remarkable job of helping us set a context for the different aspects of what we’ll need to deal with. Some of it will be just as off as Philip K. Dick can be while some will be just as accurate as Philip K. Dick can be. If you are a fan of Philip K. Dick, like I am, you know exactly what I mean. And if you aren’t, I suggest you start with Do Androids Dream of Electric Sheep?

Humans have serious issues with exponential curves as we want to make everything a line. But a lot of the stuff around us is happening exponentially and we don’t realize it. As a result, we’ve dramatically underestimated the impact of technology on – well – everything. And, since so much of it is exponential, it compounds at an incomprehensible pace. When we look outside at concrete, steel, and glass going up slowly, it lulls us into a sense of normalcy.

The machines want us to feel this way.

Think about it for a brief moment. Suspend disbelief. Wind the clock forward 100 years. Do you think, as a species, we will still be struggling with the things that vex us today? Will we still be arguing about the same stuff? Will physical instantiation of things have the same meaning? We will still be eating Cocoa Puffs?

We are at the end of the beginning. It’s going to get wild. Buckle up.

The Startup Therapist

My long time friend Jeff Hyman has started a new business called Startup Therapist. In addition to a different hair style and some great content, he has an interview up with me.

I was a seed investor in Jeff’s first company, Career Central. It was the very first investment I did at Mobius (via Softbank – prior to us raising our first fund) and it was doing great until the Internet bubble collapsed and no one was hiring anyone. We kept in touch over the years and I was an early customer and big supporter of Retrofit, Jeff’s most recent company.

Jeff’s awesome. We’ve learned a lot together over the years. I expect he’ll be helping a lot of founders for the days to come.

Carpool.VC Interview

Jonathon Triest and Brett deMarrais of Ludlow Ventures are doing a fun video podcast series called Carpool.VC. As Jonathan and Brett drive to work, they do a podcast interview. It’s hilarious, fun, and informative.

I did it early (6am California Time) on Tuesday. In it, you’ll learn my spirit animal, doppelganger, how Jonathon and I met (I’m now an investor in Ludlow Ventures), and a bunch of other random things. I also agreed to sponsor the episode for $1.70.