Philanthropist Craig Newmark is most famous for founding the classifieds site Craigslist nearly 30 years ago. But he’s recently earned praise in the cybersecurity community for pledging $50 million in early 2022 to support a cyber civil defense initiative through his namesake philanthropy. On the latest episode of WE’RE IN!, hear Craig describe what he means by cyber civil defense and listen to his candid thoughts on everything from quantum computing to the dangers of state-sponsored disinformation campaigns. He also shares insights into the philanthropic strategy driving many of his contributions to the field of cybersecurity and continuing education.
Philanthropist Craig Newmark is most famous for founding the classifieds site Craigslist nearly 30 years ago. But he’s recently earned praise in the cybersecurity community for pledging $50 million in early 2022 to support a cyber civil defense initiative through his namesake philanthropy.
On the latest episode of WE’RE IN!, hear Craig describe what he means by cyber civil defense and listen to his candid thoughts on everything from quantum computing to the dangers of state-sponsored disinformation campaigns. He also shares insights into the philanthropic strategy driving many of his contributions to the field of cybersecurity and continuing education.
----------
Tune in to hear more about:
* Challenges in fostering collaboration across the cybersecurity community, from the White House to organizations like the Aspen Institute’s Cybersecurity Group
* How a “cybersecurity nutrition label” could empower consumers
* Craig’s participation in the Whole Earth 'Lectronic Link, one of the oldest virtual communities
Blake: [00:00:00] So, Craig, thank you so much for joining us on the podcast. Uh, I wanna jump right into it in April, you committed through Craig Newmark philanthropies to donating 50 million to an array of organizations that help Americans face escalating cyber security threats. That is a big chunk of change. Can you share your reasons for doing that and the rationale behind that?
Craig Newmark: Our country is under increasing attack by people who wish us harm. I figure, uh, I can help. Uh, so I should, like I tell people, a nerd's gotta do what a nerd's gotta do.
Blake: love that expression.
Bella: Incredible. Was there, was there a moment that sort of brought you to that mindset though? Like was there a specific moment in time, maybe an event or a particular hack that made you think, oh, I should really care and start doing something about the security threat?
Craig Newmark: It [00:01:00] was just a gradual realization, accelerated a bit by conversations with Kelly, born from, uh, YLI Foundation and their cybersecurity project. Uh, somebody needed to stand up and frankly, uh, cybersecurity is something that I know something about, so I figured I was the.
Blake: What's sort of your experience in the cybersecurity realm?
Craig Newmark: Um, frankly, my thesis work, uh, had a bit to do with security way back in, uh, 1976, and so over the decades I've been, uh, paying intermittent attention to cybersecurity issues, uh, sometimes more than other times. For example, when I helped build home banking for a Bank of America. I was one of a couple people who kept saying, we need to think about this.
My contributions to that project were minor, but uh, I was [00:02:00] persistent.
Blake: Well, since you're, we're going back in time here a little bit to your thesis work and I did wanna, you know, Get a chance. It's not often that, that I get to, you know, talk with an internet pioneer here. And so I really wanted to go back and ask about the well, uh, or the, the whole Earth electronic link. And I guess, you know, that gained notoriety in the eighties and nineties.
Many of our listeners I'm sure are familiar with that. Uh, how did your participation in that internet salon kind of shape your views on these subjects and.
Craig Newmark: Um, yeah, I joined the, well, right around, uh, 30 years ago. And the community spirit was a big deal. The idea that people should help each other out should give each other a break now, and then should even be, uh, one's brother's keeper. Uh, that spirit was very much part of the, well, uh, when I moved to, uh, San Francisco, about a year after I found that spirit alive and well, um, not only at the well, [00:03:00] and I went to a few of the, uh, parties, but I saw it there.
I saw it at the, uh, meetings of the virtual reality Special Interest group. Uh, people could, uh, help each other and everyone got.
Bella: Going back to your commitment through your philanthropic organization to helping, uh, protect against cyber attacks, what areas are most interesting or maybe most frightening to you?
Craig Newmark: Um, of greatest interest is just the need for everyone to pitch in and play a role much like people did during, uh, world War ii. Um, the idea is that we all, if we're any good with computers, should learn how to protect our stuff. Whether it's, uh, wifi and our systems at home or our phones or notebooks when they're on the road.
Uh, everyone should, uh, be able to do that, but it does require additional [00:04:00] education, um, for what I'm calling cyber civil defense. The idea is that at home you should have some idea of what's going on on your network. Um, and overall you should have software running in your systems to tell you if something fishy has happened.
Some of that software exists, some doesn't. But in terms of the people I've helped fund, uh, I've helped build a network, a team of people, uh, focusing on that kind of stuff. For example, uh, consumer reports. They're doing a lot of curation work. That shouldn't be surprising since they've been doing that for 85 years.
Back then, the washing machine was high tech. Now, uh, we have to be concerned with our internet connected devices like our cars and coffee makers and refrigerators.
Blake: I, uh, consumer Reports is such a trusted authority in so many [00:05:00] realms of product reviews, and I remember even, I believe it was, uh, virtual, private networks that they did kind of a deep dive into the value proposition and maybe. Oftentimes some of these cyber tools are misunderstood. I did. I was hoping you could speak a bit to the challenges of building this cyber civil defense, right?
You have so many people who might not be as technically astute or know what to do with like enabling multifactor authentication or setting up password managers or taking some other steps. Uh, how do you get through to those people and and are the organizations you're supporting working on that dilemma?
Craig Newmark: Well, in terms of getting the people to do the job, uh, I'm, uh, working with people who I can see already know how to do it. Consumer reports in particular, but there's also the global, uh, Cyber Alliance. And then there's a bunch of people, bunch of groups who are doing good work, uh, educating people. That includes girls who code, uh, the Girl Scouts, uh, vets in Tech, which [00:06:00] trains, uh, vets and there's, and military spouses for careers in technology.
The idea is that a lot of people are doing a lot of good work already. I guess my job is to help them do that. And maybe to get them to, uh, work with each other. Sometimes that's the hard part. You have to, uh, remind people that, uh, we, uh, succeed when we work together. And that, uh, showing a lot of promise and I think is beginning to work.
Bella: And on that, you know, with this idea of. Organizations that are specifically for getting more folks into cybersecurity. What do you think is holding people back? Like what's holding us back from getting more people into this?
Craig Newmark: Um, a lot of it is getting people the education in basics, so at least they could protect themselves. Um, and then the education, which can [00:07:00] take them from the basics seamlessly into professional level education. So the theme of the teams that I work with are, let's get some education out there and necessary tools for civilians.
Including myself. And that education should lead someone to reflect that, hey, if they're good at, uh, cyber on that level, and if, uh, they're, if they find it an interesting challenge, then they can consider a career in that. So basics. And then for people who are good at it and who, uh, are looking forward to that as a career, then they can proceed.
Blake: I was really amazed to read in a recent, uh, ISC squared report that in 2022, I guess we hit a record number of cybersecurity professionals in the industry worldwide of 4.7 million. And I was just, that number really struck me. I was really impressed by it. But then the report goes on to say that there's still [00:08:00] this shortage of millions of individuals.
I think the number floated with something in the 3.4 million range. how do you scale up addressing this challenge?
Craig Newmark: Um, The way, uh, the people I work with and myself are doing it is by trying to figure out how to provide cybersecurity education again, on civilian and professional levels and to try to make it, uh, self instructional so that people can teach themselves basics. And a lot of people can do that. That's how I relearned, uh, software engineering and new languages over the last 30. Even though I haven't coded anything in the last 20, but the idea is that the kind of people who I think might be good at cyber, um, a lot of that has to be self education. I dunno if that's true. That's just what my gut tells
Bella: I think a lot of the information that I got when I was first getting [00:09:00] into the field was self-taught.
And so I'm, I'm kind of inclined to agree with you that having this information available for folks that are interested in self-teaching is really important, but I also struggle to understand like why that's the route. But I wonder if maybe it's partly because of how quickly this industry changes. Like, I know when I first started getting into cyber security, a lot of the information that I needed to learn was like in almost like forums, right?
Like it wasn't, there wasn't always a lot of like published information about it. It was just sort of having to do research to see who's posting things right now. but as folks that are already in the industry, how do we help create resources and learning opportunities for folks trying to get into the industry?
Craig Newmark: Um, my guess is help the people who are building the material. Again, like the Girl Scouts, the idea is they have, uh, cybersecurity merit badges already, but more work needs to be done. And then we need to take that [00:10:00] education and education from, uh, other places and make it available to everyone that has to be accompanied by, uh, the software people. Some of it may not exist. And finally, there may be a big need to create, uh, teaching environments, for example, um, in the transition from civilian to possibly professional level education. We need to, uh, make it easy for people to work with others to build a network and defend. And then, uh, conversely to work with a team to, uh, attack networks.
So those two together would be graduation exercises, maybe at civilian and professional, uh, levels. The deal is we all need our home systems to be, uh, periodically, uh, pen test. Um, because that's a big [00:11:00] deal for, uh, everyone to some extent. It's a much bigger deal, of course, for people who may wind up being targeted one way or the.
Blake: Pen testing is music to our ears here at, uh, at cyac. We, we do, uh, we do know a thing or two about that, I will say. And, uh, it is important ultimately, but both postures are right, and even this notion of defense and getting the word out to as many people as possible. I love this idea of a cybersecurity nutrition label.
I, I, what do you mean by that?
Craig Newmark: Well, what I mean is what the uh, white House is talking about. in that a product with a cybersecurity nutrition label is basically a product which has been tested in good faith to be reasonably secure against, uh, malicious hacking. For example, uh, you want your car to be tested so that you have confidence that a hacker won't, steer it in the wrong place when you're on the freeway or maybe driving along a cliffside road.[00:12:00]
Uh, you want some confidence that your, uh, coffee maker won to engage in a, uh, distributed, uh, denial surface. You want some confidence too that the, uh, that your coffee maker won't try to poison you. And since uh, people like me have, uh, unintentional bio weapons development going on in the back of our refrigerators, we, uh, want our refrigerators to be relatively safe from hacking.
And most of all, of course, we don't want all the refrigerators, coffee makers and other appliances. We don't want them networking, networking together, achieving sentence, and then harboring ill will towards us. It would call itself Skynet. And the next thing you know, it's gonna send Arnold Schwarzenegger back in time to uh, kill someone who would otherwise prevent the rise of the machines.
Blake: as I should be about that last statement, [00:13:00] it's really the shrimp that I just remembered in the back of the refrigerator that has me more worried at the moment from your earlier comments about, uh, needing to stay on top of these things. Uh, but, uh, actually, you, you, you talk about, you know, all these devices and, and connected.
Uh, uh, technologies. I remember one of the most striking examples, actually, Andy Greenberg over at Wired, uh, demonstrated that live hack of, I believe it was a Jeep Cherokee, if I'm not mistaken, not to pick on particular brand, uh, where as he's driving these elite hackers were able to break into the car and grind it to a halt on the freeway and kill the engine.
And it just, it blew my mind to witness that and, and see kind of where we're headed as a society. Uh, so. Yeah. And now these conversations are happening, as you mentioned, at the highest levels in the White House. Really. Are you part of those conversations or have you been monitoring with interest?
Craig Newmark: Uh, what I'm doing is funding the people who are doing the actual work, who are going to the White House. For example, the people I've [00:14:00] consumer reports, we are, uh, talking about it pretty actively, Um, the deal is, it's for real.
Uh, the consumer reports people are really good at this kind of stuff. They'll be working with n and other people who are really good at this stuff, and I'm working with the Aspen Cybersecurity Group to make it happen. The idea is that I can. Provide the resources needed for people who do good work, to do more good work and to do it, um, collaborating in partnership with other groups to do the, uh, work.
My job is to provide those resources to bug people into working together, and then to remind them over and over to be, uh, working with each other. And that seems to be a thing which is already, uh, you know, somewhat successful.
Blake: Yeah. I was gonna [00:15:00] ask, are you, are we any closer to the, uh, this notion of a, of a cyber civil defense since you made the announcement of this 50 million pledge? I.
Craig Newmark: Um, I wanna think so. I see people working together that, uh, normally might not. This collaboration is much harder than it sounds. So people are working together. Uh, We'll be working with a lot of different groups, even sisa and the part of the White House, uh, national Security Council that does, uh, cyber The deal is that people wanna work with each other and maybe they just, uh, need someone, uh, bugging them to do it.
As I also, I like to refer to, uh, the way that, uh, what, what Batman would say. Uh, maybe I'm not the nerd you want, but I'm the nerd you.
Blake: I, I did wanna flip back to Craigslist for a second and just, you [00:16:00] know, as you were spinning that up and, and as Craigslist was starting up, I, I understand, you know, this is with the caveat to listeners that, you know, I understand you haven't had an active role there in many years, but I, I'm curious, were you faced with any big cybersecurity challenges getting such a huge network built
Craig Newmark: Well, when it was just me, or maybe in our first year when I was still foolishly acting as ceo, um, I would tell people, Hey, uh, think about cybersecurity. I would ask specific questions, for example, regarding firewalling and subjects, which I barely understood, like a SQL injection. Uh, I would, uh, from the beginning I would talk to system administrators.
About making sure things were, uh, patched properly because that was true. For example, when Craigslist ran as a, a guest on someone's servers, it was true when we were running [00:17:00] on a machine which was administered. Uh, you know, as for people who are doing, uh, us a favor. And then into the actual real days of Craigslist.
Um, I did turn down the co role after probably, uh, less than a year of doing so. Uh, people helped me understand how much as a manager I suck, and how much there was a real need to get someone else in that. Uh, I did then go into full-time and pretty intense customer service. Did that for about 15 years, which can take a lot outta you.
Blake: I can imagine. you know, stepping back for a second and thinking about. The scope of your, uh, the work of your philanthropy and the donations that you've committed to making, uh, it's hard not to, not to think of this word, uh, legacy. Looking at it from the outside, what would you want that to be?
Either from Craigslist or a combination of your giving? How are you thinking [00:18:00] about your legacy in, in, in cybersecurity? I guess? We'll, we'll, we'll start there.
Craig Newmark: I'm, uh, not really thinking about my legacy, not in those terms. I do think ahead, my planning horizon is a couple hundred years, although that really illustrates that I read too much science fiction. Um, but I figure I need to set in motion a number of good activities which will perpetuate themselves. I do like to tell people that, uh, I'm committed to customer service in one form or another, and, you know, I will, uh, continue to do so, but only as long as I live after that.
Um, well, I'd like to say it's over except I'm now working on things including Hologram Craig, but that's for another.
Bella: my goodness.
Bella: Okay, . So I [00:19:00] know you once told Insider that if you could have any job in the world, not your own, that you might have wanted to be a journalist at the top of their profession.
What would you say if you were answering that question right now?
Blake: answering that question.
Craig Newmark: Um, I, I think I would change my mind since journalists get a lot of abuse and I've learned since then how hard the job is. Uh, so if I, uh, had a choice, I might want to be a quantum physicist at the top of their profession. Uh, that's something if I had another century of life, I might wanna be able to do, except that, uh, Oh, physics and the needed math are really hard.
At the end of my freshman year in college, I realized that and decided to, uh, not go into those areas. That's when I decided I would go into, uh, computer sciences. Of course, for, uh, [00:20:00] maybe as long as a year, I thought I would be able to go into artificial intelligence. But then I realized after a while that there was gonna be very few jobs in AI in the, uh, mid to late seventies.
Blake: That's, uh, being a little bit ahead of your time, perhaps. I, I, it's funny you talk about your career trajectory. I, I think I, I come from a journalism background. I, before joining cac, I, uh, worked at, uh, Politico and, and, uh, publication called Any News. And I now run our, um, uh, cyber security publication called readme, uh, which covers a lot of the issues shaping the conversation around, around cyber today.
But I think there's a. There's a reputation among journalists that, okay, maybe we couldn't do the math or couldn't, you know, speak the language of physics to go down that path. But I do still find it so fascinating and I'm a big sci-fi fan myself, you know, honestly as well. Uh, I'm curious, you know, with quantum stuff, It that does have direct relevance to the cybersecurity world.
Have you followed these threats [00:21:00] proliferating about quantum computing? I guess I don't fully claim to understand it, but just making it way easier, I guess, to break encryption protocols. And what's, what's going on with that? Is that something that you're tracking?
Craig Newmark: Well, it's something that I am, I am paying attention to. In theory, a uh, quantum computer with sufficient, uh, qubits could break existing means of encryption, which is why, uh, sisa and others are talking about encryption, uh, algorithms that aren't susceptible to quantum, uh, decry. Uh, that's a big deal right there.
I'm not convinced that quantum computing will ever be quite that developed because of the problems of, uh, I guess it's, uh, de coherence. But I do pay attention to it. If for another reason that to understand a lot of contemporary hard science fiction, you have to know a fair amount about, uh, quantum physics, how networks work, how, uh, [00:22:00] viruses and evolution works, uh, aside from the, uh, more traditional stuff like orbital mechanics.
Bella: I think so one thing, I think it's interesting hearing you say that because I don't know, I'm always fascinated by what cybersecurity things people find, like genuinely worrisome versus what you know, might not really be impactful, at least not impactful for us in our lifetimes, for instance. Um, As someone who like has kind of a lot of experience seeing different cybersecurity threats and thinking about these things, do you have any tips, I guess, for making that distinction?
What is a threat that we should actively be worrying about right now today versus, you know, science fiction
Craig Newmark: That's highly individual. Uh, everyone's, uh, threat matrix is different. Um, the hard part, and the part which people find it hard to start is evaluating the [00:23:00] threats, uh, to one's self, to one's family, uh, business, and so on. The idea is that, The hard part is to get started and then you start to think about details like, well, how many doors and windows does your home have?
Is anyone actually gonna try to get in there? Um, are you worried about, uh, ninjas repelling down from adjacent buildings? Uh, repelling ninjas is not part of my threat matrix. and, uh, I'm, uh, working carefully that, uh, that should never be a
Bella: Do you think that that is like that exercise of understanding your own threat matrix, do you think that that is something that is or is not well understood kind of by the general public?
Craig Newmark: Um, I don't think the need to think about it is generally understood. Um, and the problem is that [00:24:00] a lot of people, uh, overreact to, to possible threats. That's particularly true regarding, uh, street crime these days because there are, uh, corrupt people in politics and media who find it profitable to wildly exaggerate crime in the, uh, in the us right?
These are real problems, but you don't have to live a life of fear. Some people like to live, uh, fearfully as a kind of hobby, and we need to encourage, uh, people, uh, who might indulge in that to avoid, uh, panicking. There are real problems, but, uh, if you are, uh, worried about it all the time, then uh, you've already lost.
Blake: Well, speaking of real problems and fears based here in Washington DC and with my background in journalism, it was with some degree of alarm that I witnessed some of my fellow, uh, countrymen, uh, marching [00:25:00] for reasons that I thought were not founded in, in the reality that I experienced. And that was, uh, certainly around the election issue, around the validity of certain results.
Uh, it's been very eye-opening to. Uh, to me to see that sort of play out and, and to see how deep rooted some disinformation can really be in our society, uh, I know that's, that's been an area of interest for you as well. Can you speak a little bit to that piece?
Craig Newmark: Well, right now our country's adversaries use a disinformation as part of what they call a hybrid warfare to divide us and weaken us as a country. Um, however, dealing with that kind of stuff requires the communication skills that you don't find, uh, with a nerd. And well like, have you met me? Um, and so what I've done is I've helped people who are good at this stuff learn how to deal with the issue.
[00:26:00] Um, people are only beginning to learn the techniques that need, that are needed to, uh, to feed our, uh, country's adversaries. Uh, the techniques include, uh, pre bunking and maybe flooding the zone with facts. Um, but the deal there is that I help the country by supporting the people who could do a good job, and then my role is to stay out of their way, broadly speaking.
Knowing when to get out of the way is a really big deal and a highly desirable skill.
Blake: I should probably avail myself of that option a little more often sometimes. But, uh, but it's very tempting to inject yourself in areas where maybe you shouldn't be . So I, I can certainly respect that decision making on your part to say, Hey, here's where I'm. Here's what I care about. Here's what's, here's what I wanna support.
But, uh, I, I wanted to flip back to sci-fi because it's such an interesting, both personal interest of [00:27:00] mine, uh, but also just in the history of cybersecurity. I mean, you had the first mention of the concept of, of cyber netex, of cyber, you know, technology emerging from a, from a, a sci-fi book. Uh, what's on your bookshelf these days?
What sort of ideas are you encountering?
Craig Newmark: Um, in my, uh, Kindle app on my phone, I have a, uh, collection of books, uh, science fiction, some of which involve, uh, oh, uh, future, uh, politics and, uh, warfare. Uh, Some, which just involve what happens when you try to build an intercellular civilization. And there's a lot of leftover autonomous weapons from, uh, previous wars.
That's what's on my, uh, virtual bookshelf these days. There's also the latest, uh, Ian Rankin, uh, John Reba's novel, part of a series said in Edin. Uh, so I'm reading a lot. I'm reading all the [00:28:00] time. Um, the only downside in a way is that I prefer reading. Uh, eBooks on phone, which means that I don't buy paper anymore and I, I don't have much to add to my bookshelves, which is sad because the place I live in here in Greenwich Village has a perfect library.
And, uh, filling those shelves, uh, has been more of a challenge than it should.
Blake: I hear you there. I've, uh, I've yet to fill up my shelves. I moved somewhat recently and it's been, it's been difficult. Um, so, okay. Quick, uh, fourth wall caveat here. It'll take us, you know, a couple weeks to edit this and get this out. With that said, What's next for Craig Newmark Philanthropies? What's on the horizon for you?
Craig Newmark: Um, more of the same in that I need to find, uh, better ways all the time to help people doing the heavy lifting for our country. [00:29:00] Uh, an evolving focus area for me is journalist protection because it's something I've been working on without focusing that way. For example, I support a couple of pro bono, uh, legal efforts like at, uh, Yale Law.
And partially announced but not fully, is an effort, uh, called Reporters Mutual, which is affordable media insurance for journalists and small news organizations. That's a program growing out of the White House Summit for Democracy, which has turned it over to uh, aid.
Blake: near and dear to my f my heart. That sounds fantastic.
Craig Newmark: Uh, watch the skies or watch my email for
Blake: Got it. Got it.
Blake: Fantastic. Well, we really appreciate your time and I know Bella, I think you had one last question though
Bella: do, I have one
Blake: we always ask our guests,
Bella: This should be an easy one or am I, it'll be either the easiest or hardest question of our day. Um, we ask all of our guests this [00:30:00] question, what is something that we wouldn't know about you just by looking at your LinkedIn profile or your general online social media presence?
Craig Newmark: Um, most of what I'm about is part of my, uh, online presence. I mean, if you looked at my LinkedIn stuff, which is fairly formal, you wouldn't see, for example, that I, uh, support a pigeon rescue. And for that matter, you may see that in the past I participated in, uh, pigeon related photo op. Um, I don't make clear that, uh, in such situations you want the pigeons to be wearing pigeon pants.
That's a thing. And basically they're, uh, diapers for indoor pigeons. And I speak from direct First Sand experience. You want the pigeons to be wearing pigeon pants before they fly on your shoulder.
Bella: like there's a story [00:31:00] there.
Craig Newmark: Yeah. My rationale ultimately is that I do love birds, and I may have a sense of humor.
Blake: I, you know, I thought in, in digging around your online presence a little bit, I saw a suspicious amount about squirrel proofing, so that actually tracks.
Craig Newmark: Yes. Um, squirrel proofing is a, uh, considerable concern, uh, both in, uh, San Francisco and New York. I mean, squirrels are basically rats with good pr.
Blake: I love that. I love that. Well, thank you so much again for, for joining us here and, uh, really appreciate. Also, just on a personal note, your contributions to the cybersecurity community. I think it's, uh, certainly gone. Hasn't gone unrecognized and, uh, it's, it's very important.
Yeah.
Craig Newmark: thanks, but lots more is required. Uh, I just can't stop.
Bella: Well, we're all appreciative of that and it was great to talk to you,[00:32:00]