Navroop Mitter

00:00:03:15 – 00:00:29:18

Hello and welcome back to the Lock and Key Lounge. My name is Navroop Mitter. I’ll be your host for this evening. Tonight I’m joined by Emma Wright and I were just on stage at Lockhart Middle East. We were discussing the distinctions between serenity, infrastructure and data serenity, as well as some of the people technical and legal considerations you would want to take into account if you’re thinking about making your services available around the globe.

Navroop Mitter

00:00:30:00 – 00:00:57:17

But leveraging localized infrastructure, rather than recap the discussion we had at the conference itself. I actually want to take us back. I want to start, with a question that was actually posed to me or something. I was like, you brought up to me sometime back when I was at a conference in, in Iceland. So last May, I was there during Startup Week in Iceland and we had a delegation there from from Norway, from Denmark and from Sweden.

Navroop Mitter

00:00:57:19 – 00:01:31:06

And they brought up this interesting thing. They were becoming rather concerned about using SAS services that were domiciled in the US, because they saw the US potentially becoming a less reliable partner, and as a result, they were seeing that many of their peers and their ecosystems were advocating for either a homegrown new cybersecurity and defense technologies, or be only leveraging technologies that were developed elsewhere in Europe for that to ideally only form close, trusted partners, ideally the Nordics themselves.

Navroop Mitter

00:01:31:08 – 00:01:41:07

So it’s been some time since that discussion, but I’m wondering, what’s the temperature in Europe like? I know you’re based out of the UK. What’s the temperature like in Europe?

Emma Wright

00:01:41:09 – 00:01:44:17

So I think and festival. Thanks for having me on.

Navroop Mitter

00:01:44:18 – 00:01:46:21

Oh absolutely. We forgot the introduction part, right.

Emma Wright

00:01:46:21 – 00:01:47:18

Yeah.

Navroop Mitter

00:01:47:19 – 00:01:50:11

We’re actually eating and this is the first time we’re actually doing so.

Emma Wright

00:01:50:11 – 00:01:51:11

It’s like double.

Navroop Mitter

00:01:51:13 – 00:01:57:18

I am now I’m double parked with Non-alcohol beers. Right. So this is the first time regular reporting episode with food and drink at the table.

Emma Wright

00:01:57:20 – 00:02:03:01

So. But I think if we, if we put it back so.

Emma Wright

00:02:03:03 – 00:02:40:18

You know, typically the early, the early noughties, Europe had Ericsson, it had Nokia, it had its tech champions. They were telcos, but it had these champions. And we as Europeans have found ourselves in the place where we are looking across the Atlantic for most of our tech, most of our underlying operating systems and our social media. And I think where the commission and obviously I can’t speak to the commission, but there has been a sense it’s been bubbling through that.

Emma Wright

00:02:40:18 – 00:02:43:07

In fact.

Emma Wright

00:02:43:09 – 00:03:18:16

That these firms were maybe doing things with data or not offering services in a way that the European Commission that was part of the European lawmaking bodies, that they they weren’t that they didn’t have the services that they wanted. They kept having to turn to the public across the pond, and they didn’t have competitors within Europe. That means that actually, when it came to things like GDPR, we didn’t there were some services that were withdrawn.

Emma Wright

00:03:18:16 – 00:03:43:01

The Americans, you know, the US companies didn’t want to comply with GDPR. But it also meant it was bad for the economy and the tech ecosystem and the growth. And we’re all you know, Europe is still about growth agenda as well. If you think about so GDPR was a game changer that it set the standard for data protection.

Emma Wright

00:03:43:03 – 00:04:15:23

It’s a kind of globally known acronym. However, with recent cyber attacks, finally, there’s been greater focus on resilience, operational resilience. And that doesn’t have to involve personal data if you’re critical mass if you can’t, access your electricity because your smart meter has been hacked or, you know, you can’t fly out the airport because the airport is in some way a system has been hacked or doesn’t have to involve personal data.

Emma Wright

00:04:16:01 – 00:04:52:18

But the functions of everyday life have been seriously impeded and can cause real issues at a local level. So I think that’s definitely the commission has come out openly and said, we want to build European tech champions. Yeah, you got Michel in France on the I think, I think I do think the AI growth has really focused your mind in on this and maybe some of the more difficult behaviors of social media platforms and the connections around those, etc., and kind of disinformation.

Emma Wright

00:04:52:20 – 00:05:15:04

But yes, that that reflects not so much the UK. The UK still very much considers the US a key partner, and you’ll see the investments going back and forth there or coming in to the UK from there. But with Europe there is definitely a focus on building local competition.

Navroop Mitter

00:05:15:06 – 00:05:28:21

So it’s interesting. So you’re saying in the UK Muslim emphasis on this, they’re more than comfortable. Continue to use American drone technologies or developed technologies both for cybersecurity and defense. But mainland Europe is where we’re seeing that shift there.

Emma Wright

00:05:28:23 – 00:06:01:15

So we have I mean it’s a different topic, right? We obviously have the Online Safety Act, which regulates the social media platforms. But if you if you and those that want to follow me on LinkedIn, I did not a couple of months ago on the US, UK Technology Partnership, this is something where actually the UK realizes in many ways it just cannot compete at the scale of how far ahead you are in the, you know, the US market, the capital, etc..

Emma Wright

00:06:01:16 – 00:06:31:19

And so it’s how we find a way of influencing without competing. So if you see like the, the, the amount of information sharing that goes on with AI safety, cybersecurity, defense, that is that. And you know, that’s something that’s been going on for many, many years. And so you won’t find in the UK an open rhetoric around competing with us mainly, I think for most people at large.

Emma Wright

00:06:32:00 – 00:06:33:03

Right. It’s not.

Navroop Mitter

00:06:33:05 – 00:06:33:15

Well.

Emma Wright

00:06:33:15 – 00:06:49:23

But yeah, that’s why we now we absolutely want to build out target systems. And there’s been a focus on AI sovereignty, but that’s about making sure that we can build our own AI ecosystem.

Navroop Mitter

00:06:50:01 – 00:07:12:11

So it’s interesting. That’s not so different from a point I you made to this delegation for the Nordics. It was that reality is you don’t have large enough markets in which you’re going to develop all the different types of solutions that you likely rely on today, because that combination of things needed to be developed in a large enough market where they had all these different use cases and they had enough potential companies to start to develop technologies for them.

Navroop Mitter

00:07:12:11 – 00:07:50:01

Right. If there’s a thousand things to go develop for, if you want to bring them all onshore, you’ve got the capacity to maybe run 50 of those companies. The other 950 still have to come from somewhere, right. And so you’re not able to completely end your reliance on American technologies or American cybersecurity or defensive artists, but there might be a better way of continuing to adopt them or adopting them as a sort of localized fashion, right, so that you could get more comfortable around the fact that they’ll still be operational if and when suddenly something becomes less reliable about either connectivity or some sort of, you know, compelled action in the US that cuts you

Navroop Mitter

00:07:50:01 – 00:07:57:17

off of the service temporarily, that you can still operate them. It doesn’t become an impediment to, you know, your ongoing operations and resilience.

Emma Wright

00:07:57:19 – 00:08:12:11

Yeah. And I think, dare I say, some of that might be to do with the Nordics in their proximity to Russia. I mean, the EU market is larger, I believe, in the US market by numbers.

Emma Wright

00:08:12:13 – 00:08:29:08

But we have the different languages as well. So it’s sort of a sub market around the world. But it’s interesting that they that that’s the kind of sense they don’t feel that they can compete on the kind of at that level, because the market is one of the biggest.

Navroop Mitter

00:08:29:10 – 00:08:47:03

I agree, the EU is a is a very large market. And then go back and look at the exact numbers. But I think when we’re looking at certain categories of cyber spend, the spend in the US to dwarfed all of Europe, I think run collaboration tech. It was the same kind of thing, right? Collaboration tech, which is very foundational how every business operates today.

Navroop Mitter

00:08:47:03 – 00:08:56:21

Right. And I don’t just mean messaging. I mean the file sharing, all the different collaboration tech spend on that in the US was higher than all of Europe combined long.

Emma Wright

00:08:56:21 – 00:09:00:02

So yeah, I know Europe is digitalized for most of them.

Navroop Mitter

00:09:00:02 – 00:09:18:09

But yeah, right. Yeah. And this was probably a few years ago but still, it was just an interesting discussion we were having back and forth and said, well, how could you potentially operate that locally for us so we could be comfortable around those companies? And a lot of that was what we were discussing today. Blackhat or session itself.

Emma Wright

00:09:18:11 – 00:09:56:11

Yeah. I sorry just to jump in there. I think that that actually the, the geopolitics like we said has the world order kind of on it on its side. Trusted partners may be able to be a little bit less trusted. And so people are really looking at the operational decisions, you know, the network information systems, regulation and, and Dora, the digital operational resilient resilience, these really drives that.

Emma Wright

00:09:56:16 – 00:10:20:17

It’s the resilience for for now more so than the personal data. And actually if you look at the digital omnibus that was released last week the EU have set out as an ambition. They want to simplify the GDPR in some ways too. So it’ll be interesting to see where we are with, when we’re out of kilter with everyone else who’s copied the GDPR.

Emma Wright

00:10:20:19 – 00:10:23:15

So we followed it very closely.

Navroop Mitter

00:10:23:17 – 00:10:31:16

As I say, there are a number of countries that are really sort of like really we just got this. Yeah. And now you want to change it all over. I mean, I’m going to be forced to copy you yet again.

Emma Wright

00:10:31:18 – 00:10:32:06

Yeah.

Navroop Mitter

00:10:32:08 – 00:10:33:00

Emma Wright

00:10:33:02 – 00:10:50:20

I was sort of holding off on the UAE act as well. So there are some interesting things coming out, but it’s all very much geared towards making sure that as a, as a European Union, there is resilience.

Navroop Mitter

00:10:50:22 – 00:11:20:07

It has been interesting to see, though, how slow, the adoption or writing into member state law. Things have been around and I ask you as an example, right. Because an AI is to be written into each member states own laws and origins. There’s been significant delays on that front. So while there’s this emphasis on resilience, when I talk to a number of places, I just use the companies really saying, yeah, it’s just another piece of paper.

Navroop Mitter

00:11:20:09 – 00:11:24:01

I already got 40 this on my desk. What makes this one any more important than the others?

Emma Wright

00:11:24:03 – 00:11:54:17

And that’s where we risk getting to with GDPR. I mean, I don’t this to be a conversation about GDPR that all people checking their privacy policies before they take them, the very carefully crafted privacy policies, probably not. They want the service. What they are proposing, is to have one centralized point to breach under the reformed GDPR. So query I have no detail on that.

Emma Wright

00:11:54:17 – 00:12:04:14

So someone please message me if I didn’t see that Furness two or Dora. But whether that’s where it’ll end up heading.

Navroop Mitter

00:12:04:16 – 00:12:06:21

Interesting. I wouldn’t have any.

Emma Wright

00:12:06:21 – 00:12:14:05

Oh wait, we’re a ways away from lawmaking or law amending in Europe.

Navroop Mitter

00:12:14:07 – 00:12:31:20

Coming back for a second. But you said that there were functions that were being provided by American companies who decided they just don’t want to. They just want to comply with GDPR. And as a result, how did they end up losing those customers entirely to the customers? And I’m saying, yeah, we’re going to turn a blind eye to your noncompliance.

Navroop Mitter

00:12:31:20 – 00:12:36:07

And then continue to some services that we desperately need. Or did that create a vacuum that someone else filled.

Emma Wright

00:12:36:07 – 00:12:42:07

With more content providers and people just they just switched off the EU being able to access it.

Navroop Mitter

00:12:42:09 – 00:12:47:15

Got it. Okay. So we’re thinking more like the online publications, The New York Times, folks like that.

Emma Wright

00:12:47:17 – 00:12:56:15

But if you think about what happened with ChatGPT and Italy trying to ban it and stop people access it, and then people just aren’t trusted by a VPN.

Navroop Mitter

00:12:56:17 – 00:13:04:07

Yeah, I imagine the same thing going to happen with the online publication as well.

Emma Wright

00:13:04:09 – 00:13:12:12

I think so, but I don’t know for sure. And, but I think there was that sense around.

Emma Wright

00:13:12:14 – 00:13:44:13

Compliance. What what does compliance mean? I mean, I always find it amazing that, you know how far in we are with GDPR, and the supply chain still gets overlooked and the number of breaches which have come through the ability and actually that’s often the least considered part of GDPR. What happens, what what happens when everything goes to Wall and there’s a breach or an incident?

Emma Wright

00:13:44:15 – 00:13:52:00

Everyone’s got beautiful privacy policy to tell you, but what actually what’s our plan in those situations.

Navroop Mitter

00:13:52:02 – 00:13:53:04

Yeah, I mean that that goes to.

Emma Wright

00:13:53:04 – 00:13:54:03

Something comes into it.

Navroop Mitter

00:13:54:03 – 00:14:15:05

Right to sovereignty comes in. But it’s also where post breach resilience and post breach readiness comes in a lot of what we’ve done is invest in what happens before an incident or a breach. Yeah, very little about the resilience and what comes afterwards when we often talk about right. Everyone’s got a policy that talks about or sort of importations, all sorts of tools to help prevent an issue from occurring.

Navroop Mitter

00:14:15:07 – 00:14:24:23

But if and when it does, and the probability of that happening is basically one at this point. But you know, it’s a certainty it’s going to happen. They don’t know how they’re going to actually operate when under duress. No.

Emma Wright

00:14:24:23 – 00:14:29:19

And they they should all have beautifully drafted breach response policies.

Navroop Mitter

00:14:29:21 – 00:14:46:20

I’m sure they do. What when you run tabletop exercises around them, one of the questions we’ve been asking law firms is for asking their clients, and they actually dig a little deeper on is how will you communicate? Yeah. And oftentimes the responses they get back is some check the box saying, well we have x. What is use Y right.

Navroop Mitter

00:14:46:20 – 00:14:49:10

Or yeah instead of x we’ll be good to go. Right.

Emma Wright

00:14:49:15 – 00:14:52:08

And it gets overlooked time and time again.

Navroop Mitter

00:14:52:10 – 00:15:19:12

One of the things that we’ve started asking law firms to start asking companies is, okay, so you’re going to choose to move to like a signal or what’s up. Yeah. How are you going to maintain control around who’s actually able to be a part of those communications? How are you going to maintain control around whether or not the policies you’ve got for, you know, things like information, life cycles or password policies or anything else are being enforced on these platforms that are really not designed for any of that enforcement in the first place.

Emma Wright

00:15:19:12 – 00:15:45:15

Yeah. I mean, that’s for sure. And in my experience, nine times out of ten we moved to WhatsApp. You know, we have the issues around documenting the comms, accessing the comms to those that want to get really legal. How you privilege. It’s the all the comms privileged people. The do the teams understand what that means?

Navroop Mitter

00:15:45:17 – 00:15:59:13

Can you put up an appropriate notice that tells people this conversation is about X, and as a result, it should be limited to Y to help CERT privilege more easily in the future? Yeah. All the kinds of things you’d expect an enterprise tool to be able to do that your consumer tools just weren’t built for.

Emma Wright

00:15:59:15 – 00:16:08:01

Correct. And then and that’s before they even start, you know, figuring out how they make payroll spending on the circumstances 100%.

Navroop Mitter

00:16:08:03 – 00:16:13:14

Yeah. Oftentimes you actually have to start to converse in order to figure out how you’re going to do those things. Yeah.

Emma Wright

00:16:13:16 – 00:16:29:18

So, so and I think that was what was really valuable about the discussion today, considering where we are in the world or the kingdom of Saudi Arabia. In many ways they have considered this and that, I think need some more depth.

Navroop Mitter

00:16:29:20 – 00:16:31:09

Emma Wright

00:16:31:11 – 00:16:46:05

They’ve recognized some of the, you know, storing data locally is something they want to do. And so it’s it’s like the second wave, we have the first wave of GDPR. Those countries.

Navroop Mitter

00:16:46:07 – 00:16:46:14

It’s.

Emma Wright

00:16:46:16 – 00:17:19:18

Like we have a transfer place. We have a automation of the transfers in place time. And they they have that over here as well. I’m I’m not a Saudi lawyer, but is in the second wave around. Okay. But what does this actually mean. How we instead of us just looking at what the words are like on a paper, on a piece of paper, how do we get all key services up and running in the event we get attacked or a cyber incident all, like you said, the lights go out, we get to all cables we no longer have.

Navroop Mitter

00:17:19:19 – 00:17:36:04

Yeah, you’re no longer allowed on the global internet for whatever reason, whether it’s intentional or unintentional, as the case may be, there are certain core technologies you’re going to have to build to operate in order to keep your own internal economy working, at least for some greater time. And comms has always been central to that of my business.

Emma Wright

00:17:36:06 – 00:17:48:07

Yeah, yeah. But in the same way that many years ago, comms and radio and TV were considered to control the hearts and minds of the people. Right. Which has to be a way of communicating.

Navroop Mitter

00:17:48:08 – 00:18:19:12

Well, since you’ve already segway it into what we were talking about on stage. Now, let’s just jump right into that. Right. Part of what we were doing was laying out a framework of kinds of questions that, you know, companies who are looking at potentially localizing their services and offering a parallel self service to what they normally operate out of the US or some other jurisdiction might want to offer in other countries around the world who have these concerns about whether or not the US is a reliable partner or whether or not you know they are okay using a service that’s based out of France and using the French servers when they really want their

Navroop Mitter

00:18:19:12 – 00:18:43:01

data on the infrastructure to be in, say, Saudi or in Oman or Qatar, wherever the case may be. What kinds of, you know, considerations bubbled up? This is top of or sorry is bubbled up is the most important ones. You want to summarize here. So we can’t do is the whole 40 minute talk forward discussing today that condition considering people technical legal any of the above like what.

Emma Wright

00:18:43:03 – 00:18:45:14

Am I buyer or supplier.

Navroop Mitter

00:18:45:16 – 00:18:56:07

You are supplier in this case. So this is I want to help the companies out who actually want to go maintain access to market for make sure they don’t lose ground in their ability to, you know, sell to a global market.

Emma Wright

00:18:56:09 – 00:19:16:22

Sure. So and I think we’ve said this before, actually the first step is not a legal point. You know, lawyers tend to get drafted in after sales, have done their team, have done their work and sold, and then the lawyers come in and try and pay for the deal. And the amount of times we’ve been told, yeah, that’s not what they said.

Emma Wright

00:19:17:00 – 00:19:44:10

So the key is, is, is what are you selling? Are you selling as a service foreign service, or are you selling a resilient an entirely resilient self? That’s Self-standing solution. Because there are different bits of functionality around the. And the reason I say this is because when the lights go out, for whatever reason.

Emma Wright

00:19:44:12 – 00:20:06:18

Are you still providing a service now? The answer is no. How does that then affect payment? How does that affect your obligations of the customer is really focused on around the service. They can expect service levels that fly. We had a discussion today around whether such occasions would be force majeure.

Emma Wright

00:20:06:20 – 00:20:31:07

Force majeure is a legal term. And you know, during Covid everyone thought virtual force majeure was was, you know, Covid. So within that and then people, it suddenly became something that people reasonably anticipated. So but this is a legal podcast. So we can think about that. But actually what are the obligations as a supplier. You want to fall away or what are the obligations you want to maintain.

Emma Wright

00:20:31:09 – 00:20:55:15

So for instance, if your the cord has been cut, you’re not going to have to support maintain it. You’re going to need someone locally to do it. I’m assuming you’re not nodding at me. No. Two you’re going to want to get paid in some way. Now, we discussed whether you put the, URL in escrow to be able to use the local version at the start.

Emma Wright

00:20:55:15 – 00:21:20:14

So escrow is this kind of middle party that exists and holds something for both parties. And there are trigger that are trigger events that when X happens, the thing held in escrow is released. So you’re going to have to carefully think about your trigger events. I know you said on the in the talk, well I don’t we have to pull it back into the box.

Emma Wright

00:21:20:16 – 00:21:26:16

Does that is that really possible on a replicated system. So all of those or those points.

Navroop Mitter

00:21:26:18 – 00:21:45:02

I would certainly hope as a as a company or even when whatever the issue was that caused the country to go dark, you cut off or resolved that I would be able to take possession of what should have been a domain that we owned and operated back and then we’d be able to reestablish our ability to maintain the service so that we are continuing to fulfill our obligation.

Navroop Mitter

00:21:45:02 – 00:21:53:18

Otherwise. But yeah, it would be an interesting thing to see. How does that work in two directions. Yeah. What are the triggers that setup that go both ways.

Emma Wright

00:21:53:20 – 00:22:00:20

And then you so what you’re saying is put it back into escrow I think I mean, the other thing is how do.

Navroop Mitter

00:22:00:20 – 00:22:02:06

You.

Emma Wright

00:22:02:08 – 00:22:07:04

Keep it secure. How do you patch it for security vulnerabilities.

Navroop Mitter

00:22:07:06 – 00:22:31:07

Yeah. That’s where we’re talking about some of the technical controls. Right. One of the things we’ve worked out with, you know, the places where we’re already deploying the Sovereign Edition is to ensure that, at the very least, we have enough bandwidth for such data that allows us to connect to those systems, to provide patches or to upload things that the local operator can apply for us, or, you know, different capabilities that we can use around administration and maintenance.

Navroop Mitter

00:22:31:09 – 00:22:35:06

For that reason, even if that isn’t enough to run the entire service off of.

Emma Wright

00:22:35:08 – 00:22:44:08

Assuming that the local version or the version in escrow is being maintained, right, you’re gonna have to do a big upgrade.

Navroop Mitter

00:22:44:10 – 00:23:17:09

Yes, there’s a lot of interesting things that have to happen along the way, and a lot of due diligence to make sure that you are staying on top of maintaining the versions that you’ve uploaded over there. As you’re deploying, you also have to deploy it over an escrow. But in this case, we’re talking to us about the code escrow or more so the domain from the infrastructure, and the servers and everything else and everything we’ve deployed, you know, in theory, because we’re actually patching those along the way as we’re doing things for the, for US systems.

Navroop Mitter

00:23:17:11 – 00:23:38:00

We’re going to be doing that for those in parallel. They should be at least as up to date as we are. Now you’re about to start hearing some background noise. Music potentially here, because we’re then joined by a lovely other cello. It is a soloist, right? Yeah. Okay. We’ve got an amazing cellist over here at the restaurant, and so you might hear a little background music.

Navroop Mitter

00:23:38:02 – 00:24:02:16

Yeah, we would be venting. This is on the way. So it’s. It’s unlikely that they will be so far out that it would be a major lift in order to maintain that, unless we’re doing some sort of massive release of a whole new capabilities. Around the time that someone has gone dark, in which case we might just be doing is providing ongoing patches for the existing capability capabilities, rather than giving the new, upgraded functionality that we’re rolling out to the rest of the world a time.

Emma Wright

00:24:02:18 – 00:24:16:13

It’s interesting because we have the two scenarios, right? We had the dark cloud, dark fiber. How do you see that? And then the other scenario, which is essentially a scenario where.

Emma Wright

00:24:16:15 – 00:24:46:21

The enterprise or the country gets sanctioned or you, told you cannot provide services. I think that’s a more complex situation in many ways, because instead of the parties working together to restore a service. Right, that’s neither of your. Oh, I don’t know what the other world is going to be. A far longer term split, likely without any side for either party to exit.

Emma Wright

00:24:46:23 – 00:25:17:15

So but it’s far more difficult because you may even be restricted about providing services in anyway. And that I think that’s a far trickier one to do it 100%. And you see it a lot in financial services, contract payments, contracts where, you know, the provider says in the event of authorization, get to revoke for whatever reason or government tells us to suspend, we will do that.

Emma Wright

00:25:17:17 – 00:25:59:21

And often they say those clauses are non-negotiable and customers were sort of getting themselves comfortable with it. Not all customers, but yeah, okay, fine. Yeah. Of course, if you were told providing you have a policy issue, then it is what it is. We might want some termination payment or whatever. But whereas now in this new geopolitical environment where things seem a little less predictable, people are suddenly thinking about the what ifs and that thing that was highly unlikely, is maybe moved to just unlikely.

Emma Wright

00:25:59:23 – 00:26:04:02

Rather than highly, like, this is never gonna happen. And that is merely going to happen.

Navroop Mitter

00:26:04:04 – 00:26:28:22

And that’s why we submitted the talk to talk your a blackhat release, right? It’s just we think of this as an ongoing dialog as we start to think through some what ifs, new what ifs, crop up customers in different parts of the world who have different geopolitical concerns or threat models, or asking us very different questions around how are we going to maintain operational resilience for the systems that we’re deploying for them, you know, based on what their model is?

Navroop Mitter

00:26:28:22 – 00:26:46:09

And the answers aren’t always exactly the same? Yeah, sometimes they’re very difficult. Sometimes we were hamstrung, even just by the availability of local partners who can actually help us score scale. The skill sets are a big deal depending on where in the world you are. But yeah, I think that’s what made the discussion rather interesting. Right? Is this is an ongoing dialog.

Navroop Mitter

00:26:46:11 – 00:27:07:22

I think, you know, while we were here, we ended up practically changing our understanding of how some of the future essays will get written for some of these sovereign deployments. You know, which is a different answer. When we came up with your firm, you know, almost 18 months ago when we first started this dialog. And so there’s some interesting, you know, evolution in real time, in plain sight happening in front of other people.

Navroop Mitter

00:27:07:23 – 00:27:14:18

I do, and that’s what I liked about today’s dialog is we didn’t go in there and say, we have the answers for you. You’re just questions.

Emma Wright

00:27:14:20 – 00:27:18:17

For the backdrop and the market, the backdrop to the market and the market, about.

Navroop Mitter

00:27:18:18 – 00:27:44:23

100%. I think if I if I were to look at, you know, some of the topics we touched on, right, with the going dark, it was, what are you going to do about DNS or what are you going to do about being able to repoint the clients? Right? Is your solution even architected such that they could be pointed at a new entry if need be, just so they could continue their trek to the service that’s local because of DNS fallen out, do you have some mechanism by which to say, hey, just point to A, B, and C and said in your email to get back up and running?

Navroop Mitter

00:27:45:01 – 00:28:02:20

We also talked about some of the legal considerations, as you mentioned, around, you know, taking control of things back. But if it is that sanctions or compelled action based case, something else we talked about, you know, which I think everyone is still trying to get there, wrap their minds around, is are you allowed to have a canary in the coal mine?

Navroop Mitter

00:28:02:20 – 00:28:21:03

And even if you are and you communicate, you know, upfront what that might be for that? For those users, sorry. Another uses a local operator so they can actually determine what action to take because they’ve just seen you do something that tips off to them that you might be trying to jettison the service in their geographies.

Emma Wright

00:28:21:04 – 00:28:31:07

And I can definitely envisage scenarios, at least in some jurisdictions, where you are not able to be a canary in the coal mine way.

Navroop Mitter

00:28:31:09 – 00:28:52:06

Right? So then the question is, is, is potentially the fallback for both parties to agree in advance of certain actions? Require a you know, almost two hands on keys type solution whereby we are trying to take action X, it actually requires them to be a participant and turn the key simultaneously in order for to go through. So they sort to see us trying to do something.

Navroop Mitter

00:28:52:08 – 00:29:07:05

They automatically interpret that either as potential breach because it was unexpected and we did coordinate with them, or they interpret that as us being compelled to potentially do something, and they still turn out turning their second key.

Emma Wright

00:29:07:07 – 00:29:17:18

And then I have and in a situation where, for instance, you are all with a country, I’m not sure how that will play out.

Navroop Mitter

00:29:17:20 – 00:29:20:21

Absolutely. Agreed. And that’s one of the ones we did not actively consider.

Emma Wright

00:29:20:21 – 00:29:27:20

Right mean definition scenarios where that is not going to work out for the canary in the coal mine.

Navroop Mitter

00:29:27:22 – 00:29:30:19

Right? Yeah, 100%.

Emma Wright

00:29:30:21 – 00:29:31:19

Yeah.

Navroop Mitter

00:29:31:21 – 00:29:44:05

Yeah. You wouldn’t be allowed to actively use a canary at that point. They would also have to be trying to read the tea leaves to figure out what are you trying to do, and then make a decision independently on their own. Yeah. Because you couldn’t have any of those preset canary.

Navroop Mitter

00:29:44:07 – 00:29:47:03

Yeah. I was going to war with one of the countries where we.

Emma Wright

00:29:47:05 – 00:29:48:02

Just might not in the.

Navroop Mitter

00:29:48:07 – 00:29:51:20

I know that wasn’t one of the ones we contemplated. At least the public. We always.

Emma Wright

00:29:51:23 – 00:29:52:15

Know either.

Navroop Mitter

00:29:52:15 – 00:30:10:05

Right. Not what we wanted to contemplate at the moment either. Interesting one to add to the hypothetical list. So we are we’re, we’re giving we will play that one out too. But this what I like about this dialog record board. Right. We’ve been able to evolve these kinds of discussions over time. You know each other, new scenarios, new ideas.

Navroop Mitter

00:30:10:07 – 00:30:26:06

And that’s what I love about this partnership. For those of you who have been longtime users of the podcast and or followers of our text in general, Crawl and Mooring is actually the law firm with whom we published those open source tabletop exercises that we’ve made available to the entire world as part of a Creative Commons license.

Navroop Mitter

00:30:26:06 – 00:30:42:23

So you were able to adapt them to your own needs without having to owe us anything. And, you know, this is one of your predecessors that we worked with on this good old, good old Matt. Well, and he was amazing. We had to get you still through that is still a friend. Is still amazing. Despite him now being at a different firm.

Navroop Mitter

00:30:43:01 – 00:31:00:15

We, we had to arm wrestle him a few times to finally get him and liberals to agree to a Creative Commons license to this IP, because they looked at it as something rather internal and important to them. I think we were being told that we should stop our reporting, given that the cellist is trying to, entertain everyone else.

Navroop Mitter

00:31:00:15 – 00:31:04:06

So with that said, and while I’ve really enjoyed this conversation.

Emma Wright

00:31:04:06 – 00:31:16:08

Likewise, I thank you for having me on this podcast. Absolutely. Finally eating and drinking. Yes. And thank you for giving me the reason to announce Saudi Arabia.

Navroop Mitter

00:31:16:12 – 00:31:30:16

Well, I was just about to thank you for joining us in Saudi Arabia. Right. Because we I called it over last second when that was unable to make it and said, Emma, we really need you to jump in over here in Riyadh. And she said, absolutely, I’m on the next flight and lo and behold, she was actually there.

Navroop Mitter

00:31:30:18 – 00:31:34:16

She stole the show. So, and well, thank you very much.

Emma Wright

00:31:34:18 – 00:31:47:17

You are most welcome and, and really enjoyed the conversation. And let’s carry on talking about the different scenarios and how you can mitigate risk and supply contracts.

Navroop Mitter

00:31:47:19 – 00:32:04:20

Absolutely. And with that said, we’re going to close this episode out. This is an episode of the Lock and Key Lounge. Thank you for bearing with us as we were both chewing through our food and drink your nonalcoholic beers. This is a, you know, me signing off from lockout, but at least we will see you on the next episode.

Navroop Mitter

00:32:04:22 – 00:32:05:07

Cheers.