As a part of my series about “Big Ideas That Might Change The World In The Next Few Years” I had the pleasure of interviewing Wes Kussmaul of The Authenticity Institute. In 1981 Wes founded Delphi Internet Services Corp., a global social network which, in 1993, was sold to Rupert Murdoch’s News Corp. His book Quiet Enjoyment, about solving online accountability problems through measurably reliable identities, led to a relationship with the ITU’s World e-Trust Initiative and to the chartering of the City of Osmio, a global identity certification authority, at ITU headquarters in Geneva. Wes is the founder of The Authenticity Institute, which develops an identity-based PKI platform called The Authenticity Infrastructure, which is licensed by Reliable Identities, Inc. and other “Authenticity Enterprises.” Their word for “PKI Done Right” is Authenticity™.
Thank you so much for joining us! Can you tell us a story about what brought you to this specific career path?
Probably because I come from a family of inventor-entrepreneurs, I always looked forward to the time when I could launch my own startup. After six years in software development and a couple years in sales, I had accumulated the magnificent sum of $10,000 to fund my dream.
Even back then, that was not enough to even get into trouble with; for the purpose, ten grand was as good as zero. I started day trading in volatile stocks, and by early 1981 I had enough to get into trouble with.
My girlfriend at the time announced that she was tired of being dragged into my ruminations about which of my two ideas I should persue:
- a drafting system built on the Tektronix graphical desktop computer
- or a personal computer plus modem system with access to an online encyclopedia
“I don’t know what that CAD stuff is about. All I know is, it doesn’t sound like fun,” she announced. “Now that computerized encyclopedia, that sounds like fun. You should do that.”
Her logic was pretty hard to dismiss. Later that year, with the help of my MIT friend Phil Macneil, we had created the Kussmaul Encyclopedia, the world’s first computerized encyclopedia.
Bonus Fun Story:
As a starting corpus of text for the encyclopedia, I licensed the content of the Cadillac Modern Encyclopedia from its publisher, a gentleman in his eighties named Max.
Max entered into the deal with some trepidation. “Wes, I’m happy to let you use the text, but I don’t think this is going to work. Computers only deal with numbers, not letters.”
“Max,” I responded, “You’d be amazed at what the latest computers can do. I think we’ll be able to figure this out.”
Can you share the most interesting story that happened to you since you began your career?
In 1981 I quit my job at Tektronix and created the Kussmaul Encyclopedia, the world’s first commercially available computerized encyclopedia. For about the price of Britannica, you got a personal computer, some software, plus access to our online encyclopedia, whose articles were updated continuously via a United Press news feed.
The encyclopedia lost money, but fortunately, we had added social features to the package. By 1982 we discovered that social media could be financially sustainable by itself if we stopped supplying the computer to access it. So we changed the name from Kussmaul Encyclopedia to Delphi. The author Michael Wolff credits Delphi with being a significant factor in the popularization of the Internet.
Now, back then, social media had integrity. No Silicon Valley megalomaniac was spying on you, creating a database about who you communicated with, your purchase habits, your political affiliations — your whole digital self.
Most importantly, with Delphi, you had Accountable Anonymity. You could have up to six usernames, give them to family members or use them for different personas. Nobody will know your name or gender or age or anything about you unless you told them — OR if someone got a court order because you defrauded them or otherwise injured them or broke the law. Our system lets you assert your identity without disclosing your identity.
Think about your car’s license plate. Anyone can see it, making you accountable for what happens on public roadways. But no one gets to know the identity of the driver or owner unless there’s been an accident. With Delphi, your username made you accountable, but you remained anonymous.
Then when the Web came along in the nineties, anyone could invent an identity, be anyone and do anything.
I remember a conversation with Kip Bryan, our VP of Engineering — we were asking each other “How can this work? Where is the accountability?”
The answer was given a few years later by the headline of the cover story of MIT Technology Review: “The Internet Is Broken,” which presented the sad list: malware, phishing attacks, breaches, fraud, facilitation of human trafficking, and on and on.
We sold Delphi to Rupert Murdoch’s News America Corporation in 1993. I retained a license to some of the technology and built a second business, providing a private label social media platform to magazine publishers and others. Five years later we merged it with another company and sold the combined business to NTT Verio.
Suddenly I found myself with time on my hands. I started pestering friends and family with my question about accountability.
Talking with my daughter about that, Sara asked, “Isn’t that the problem that PKI is supposed to fix?” I said yes, PKI was supposed to fix accountability — and then rattled off the reasons why it didn’t. (Ask me about our video and the ten reasons why PKI failed to gain traction as a platform.)
Well, for months afterward I thought about my answer. I came to realize the problem wasn’t with PKI but with the way it’s been deployed.
PKI is a fantastic technology which, if done right, fixes all sorts of problems. But doing PKI right means doing a lot of things differently. It means stepping way back. It’s not plug ’n’ play.
So now I had my answer to what to do with all that time on my hands. I started writing a book about how to fix the Internet using PKI done right. Quiet Enjoyment was published in 2004, with the second edition coming ten years later. As I was writing the first edition, I was introduced to some people at the International Telecommunication Union, a UN agency, who were actually building a world PKI that resembled what I was advocating.
It was called the World e-Trust Initiative. I was appointed to the High-Level Experts Group of the ITU’s Global Cybersecurity Agenda to pursue a joint effort, but a short time later for political reasons the ITU pulled the plug on the World e-Trust Initiative. At the ITU’s Geneva headquarters on March 7, 2005, the project was handed off to me, as the founder of a new certification authority that takes the form of an online municipality. It’s called the City of Osmio. I got to actually build PKI Done Right, as described in my books.
A simple question from my daughter was the catalyst for it all.
Can you tell us about your “Big Idea That Might Change The World”?
This idea will change the world. It is the only solution to the worsening problems — breaches, phishing attacks, malware, ransomware, human trafficking, etc., etc. — that beset the world’s information infrastructure, i.e., the Internet and phone networks.
The Internet used to be characterized as an information highway, and the name still fits. It was and is an outdoor public transport system. Typically we use a highway to take us from one indoor space to another indoor space. Building to building. So where are the online buildings?
In fact, we are keeping our files, holding our meetings, and letting our kids hang out by the side of a busy digital roadway. We’re living and working in cardboard boxes on busy street corners.
The alarming thing is that the perfect construction material for online buildings was invented decades ago. It’s PKI, public key infrastructure. PKI has been deployed in incomplete bits and pieces throughout our information infrastructure, but for a set of really bizarre reasons, it has never been deployed in its completeness.
PKI Done Right starts with Accountable Anonymity, which works like your car’s license plate. Anyone can see it, making you accountable for what happens on public roadways. But no one gets to know the identity of the driver or owner except when some event, e.g., an accident, compels the disclosure to those affected.
Your digital Identity Certificate acts like your license plate, letting you assert your identity without disclosing your identity. In any space where access is via identity certificate, you can have pervasive accountability with privacy.
Digital signatures are part of PKI, and when PKI is done right, they are ubiquitous, establishing a trail of accountable anonymity everywhere. One example of PKI being deployed in incomplete bits and pieces is blockchain. Blockchain uses digital signatures, but signatures of whom? Blockchain worsens the problem by facilitating untraceable transactions among the perpetrators of all the problems mentioned above. (We are working with a UK group that is using identity certificates for something called Accountable Blockchain.)
Some identity certificates are accompanied by other certifications, such as professional license certificates. In our physical world, the occupancy permit on a building is what lets us use to enter the building without thinking about whether it’s safe. In most jurisdictions, an occupancy permit, with the signatures of a professionally licensed architect, contractor, and building inspector, is what makes a building habitable.
In precisely the same way, a digital building made from PKI construction materials must carry an occupancy permit with the digital signatures of a professionally licensed architect, contractor, and building inspector, for it to be habitable.
A properly designed digital identity certificate carries with it a signed assessment of its own reliability. How well do we know that it represents the person whom it claims to represent? How is it stored? How well protected is it from use by impostors in case it is lost or stolen? How securely is the cryptographic private key protected? All of these things are immediately known to any relying party, whether a person or a program running on a server — without disclosing the identity of its holder.
One type of PKI-based digital building is the personal office, where personally identifiable information is kept very secure — both technically and legally. Your information is turned into your own private intellectual property, available to others only if you issue them a license to have it, and just for the purposes spelled out in the permit.
How do you think this will change the world?
A social network, a company’s internal network, a subscription-based file sharing service, or just about the online facility, can be built such that it has earned an occupancy permit, i.e., it has been developed with PKI did right. In any such space, breaches, phishing attacks, malware, ransomware, human trafficking, etc., etc. will all be eliminated. Period.
Meanwhile, facilities that are protected using security technology will continue to suffer worsening security problems. Almost all security technology assumes that it is possible to determine the intentions and character of the sender of a stream of bits. Isn’t that like asking the lobby receptionist in your office building to determine the intentions and integrity of everyone who walks through the door, identifying “bad guys” versus “good guys”? Instead, you ask the receptionist to get some ID, establishing who’s accountable for what happens while the visitor is in the building.
Our existing facilities are outdoor spaces. A secure outdoor space takes the form of a commando outpost, whose purpose is to assist in claiming territory from an enemy rather than serving as space where things get done. That’s what an office building is for. The commando outpost presents a more exciting image than an office building, making it easier to market to emotion-driven decision makers. But the effectiveness of online buildings is causing a shift toward more thoughtful decisions.
Keeping “Black Mirror” and the “Law of Unintended Consequences” in mind, can you see any potential drawbacks about this idea that people should think more deeply about?
Blockchain has got everyone excited about one of the elements of PKI, that is, digital signatures. But digital signatures without accountability simply facilitates crime. We’re in for some disastrous consequences if the world overlooks the essential nature of accountability.
What do you need to lead this idea to widespread adoption?
The essential fact of adoption is summed up in the expression “Everyone wants accountability from others, and everyone wants privacy for themselves.” Thus, Accountability cannot be sold to individuals. Instead, it will require partnerships with operators of sharing economy sites, dating sites, audience aggregators willing to launch new special-interest social networks, and participants in vertical industries such as critical infrastructure, insurance, business banking, retail banking, healthcare, etc.
Such a diverse agenda can only be addressed via what we call “Hatsopoulosophy” after the brothers who built the Thermo Electron network of independently owned and universally profitable companies, all based on one platform of intellectual properties and core competencies.
What are your “5 Things I Wish Someone Told Me Before I Started” and why? (Please share a story or example for each.)
1. Venture capitalists say they want disruptive technologies and disruptive business models.
What they mean is that they hate disruptive technologies and disruptive business models.
2. If what you’re attempting can be judged by a proven business model then it had better be a local business filling in some territorial vacancy. If it’s not local and it purports to be new, it better be new.
3. People have been in the habit of expecting an ongoing technological revolution to solve problems, but that’s changing. People are starting to realize that the methods needed to solve today’s problems were conceived in centuries past, implemented in today’s technology.
4. Be relentless in audience targeting. Know your audience’s pains. All successful businesses are drug dealers — they have found a way to take away the pain. (Solving a problem is insufficient. Only problems that rise to the level of a pain evokes enough emotion to make your customer pay attention.)
The future of work is a common theme. What can one do to “future proof” their career?
Qualify for a professional license. In Latin law countries a notary can be paid tens of thousands of dollars just for signing a big company’s documentation. You will see this kind of thing all over the place in the future. Put your professional license on the line by attesting to something and get paid handsomely for easy work.
Based on the future trends in your industry, if you had a million dollars, what would you invest in?
Any of about a hundred Authenticity Enterprise business plans, led by management that is in and of the market served.
Which principles or philosophies have guided your life? Your career?
Can you share with our readers what you think are the most important “success habits” or “success mindsets”?
Just keep at it. Persist. Keep listening and learning for new information that will help get you to the next stage.
Some very well known VCs read this column. If you had 60 seconds to make a pitch to a VC, what would you say?
I wouldn’t pitch to a VC for reasons noted above. I was lucky with Delphi’s VC. He didn’t understand our business, but he was straightforward and didn’t play games with classes of stock, etc. Can’t expect that to happen often.
How can our readers follow you on social media?
LinkedIn: Wes Kussmaul
Thank you so much for joining us. This was very inspirational.