Episode 135: Can Distributed Ledger Technology Simplify Privacy Compliance? W/ Zenobia Godschalk

March 29, 2024

John Verry (02:31.498)
Hey there and welcome to yet another episode of the Virtual CSO Podcast.

Zenobia Godschalk (02:51.406)
Okay. Okay, perfect.

John Verry (02:59.094)
with you. As always, your host, John Berry, and with me today, and I hope I get it right, Zenobia Godchalk. Dang, gold star for me today. How are you?

Zenobia Godschalk (03:05.343)
You got it.

Zenobia Godschalk (03:09.423)
Good. How are you doing?

John Verry (03:10.902)
Good. Excited to have you on. I always like to start simple. Tell us a little bit about who you are and what is it that you do every day.

Zenobia Godschalk (03:17.578)
Yeah, absolutely. So thank you so much, first of all, for having me on. I am probably in a little bit of a different role from many of your guests. I am the head of communications for a company called Swirled Labs, which is responsible for helping to grow the Hedera ecosystem. And Hedera is a, for the folks who are in Web3, Hedera is a layer one blockchain. We’ll get into that a little bit more. But my role is to help tell stories about why do people need blockchain.

It is not just for trading cryptocurrency. It is not just for exchanging pixelated art You know, why are people actually using blockchain both as startups as well as enterprises?

John Verry (04:02.509)
I always ask, what’s your drink of choice?

Zenobia Godschalk (04:06.262)
Oh, that’s an easy one. Champagne, anything bubbly. You gotta celebrate life every day. Not every day.

John Verry (04:12.642)
So are we of the true, if it’s not a French, it’s not champagne and we can’t call it that? Or will we go Prosecco and we do not, and if it’s bubbly and it’s a bubbly wine, it’s good enough?

Zenobia Godschalk (04:20.086)
No, we do not discriminate. If it is both, it’s a no.

Zenobia Godschalk (04:26.454)
That’s right, red and white, we endorse them all. Yeah.

John Verry (04:31.151)
So if you were only could have one, which one would it be?

Zenobia Godschalk (04:36.322)
Oh gosh. So many years ago, my husband and I went to a restaurant and we discovered this lovely champagne called Les Large, Les Large Pujo. And then this past summer, when both our kids were in sleepaway camp, we actually went to champagne and we met the family and we sat down in their tasting room and it is a lovely family-owned

champagne producer in the champagne region and they were absolutely delightful. It is a family affair from the you know the grandparents who started it to the parents who run it today to the kids who are spread out all over the world including in Napa doing things like distribution. So not only is it an amazing champagne but it’s just a lovely family story too.

John Verry (05:22.034)
Yeah, there’s nothing like doing something like that. Like we had the good fortune a few years ago to visit the Banffia State in Italy and met John and I’m trying to remember her name and they were the nicest people. And they were, she had links to the New York region where we’re from, from Long Island, where we were from. She had links to Liz Claiborne, which is a company that the woman I was traveling with, my wife’s best friend was a VP at. So.

Zenobia Godschalk (05:30.783)
Yeah.

John Verry (05:51.282)
We hit it off and she ended up we ended up leaving there like with a gift basket She just kept pouring us more and more wines bringing stuff over and then we’re like, okay, you know, what are we owe you? I mean, it was like one of those stories that you kind of just love to tell right because it’s just such a such a great experience I’ll ask you one last question because I drink a lot of alcohol but I Champagne is not something I know a lot about if I told you that my favorite is boob click Am I right? Am I on the right path there?

Zenobia Godschalk (05:52.381)
Yeah.

Zenobia Godschalk (06:01.614)
I don’t know.

Zenobia Godschalk (06:19.681)
Vuv Clicquot, I think. I don’t know how to pronounce it, but yes. But theirs is yummy, for sure. I agree, yeah.

John Verry (06:20.83)
Yeah, who could know? Yeah, I don’t know how to say it.

Yeah, that’s it if I’m buying one that for a special occasion buying one for somebody that’s usually the one that I’ll aspire to if I can find it all right, so Thank you for coming on I The Genesis was you know someone reached out and we get pitched a lot by people promoting things and then usually All right, but I ended up they very smartly put a link in there to your presentation You’re a TEDx presentation and so I said Ted X

Zenobia Godschalk (06:31.426)
Good choice.

John Verry (06:54.014)
I got to at least check it out. And I ended up just watching it. I’ve watched it twice. I thought it was really an excellent presentation. That’s sort of like the genesis of me being here. And there’s a line that I’ve heard, and you used a line very similar to it in your presentation that if you are not paying for a product, then you are the product. So, can you talk a little bit about that? How did we get here? And how bad is this problem actually? Because I think most people don’t realize how bad it is.

Zenobia Godschalk (07:22.958)
Sure, sure, yeah. And you know, I think that, so first of all, thank you for watching. It was…

an amazing experience and those guys do a great job of really forcing you to Articulate your thoughts in a very short time But you know, I think that so that I started the talk talking about originally, you know The premise was on the internet. Nobody knows you’re a dog, right? That was that’s the classic cartoon the New Yorker and originally, I think you could have all this anonymity on the internet and then Over time it became oh, wait a minute if we give you some of the things that you would like to do on the internet, maybe

you will exchange that for some of your data. And then further over time, it became even more insidious. Maybe we won’t even ask you if you want to give up your data. We’ll just start offering you more and more things, and we’re going to make the terms of service 75 pages long. And the chances of you actually reading them are slim to none. So I think when you go to services, when you go to something like a Facebook, when you go to these other platforms, that at the end of the day, their bottom line is advertising.

can they advertise to you and how much can they monetize that advertising to you? And so you have all these quote free services, whether it’s social networks, whether it’s games, whether it’s search, and all they’re doing is saying, great, I’m gonna gather more and more data about you so that I can sell things to you. And I think it reached a little bit of a tipping point for me because it’s pretty alarming that I can now not even be searching for something, but just talking about something. So.

We don’t even have any Alexa devices or other of those kinds of devices in our house, both from the cybersecurity aspect as well as from the 700th time that the kids set an alarm for seven minutes later to have Alexa go off. We said, no, that’s not a good idea. But even without that, you’ll be having a conversation. Your phone will be somewhere in the room.

Zenobia Godschalk (09:19.722)
And then the kinds of things that you’re talking about will be served up to you in your Facebook ads or in your Instagram ads or in some other ads where you’re like, well, that’s weird. I didn’t even search for a vacation in Jamaica. I just had a conversation with my husband about it and now all of a sudden I am getting ads on it. And so you see how pervasive and interconnected that is today and you realize, great, I haven’t paid for some of the services that come with my phone. I’ve certainly paid for the

the phone service and the device itself, but I’m not paying for something like Facebook. I’m not paying to search and crawl the web on Google. I’m not paying for all of those things, but I am paying in the fact that I have minimal privacy compared to what you had a decade ago, and they know so much about me.

John Verry (10:12.03)
Yeah, and the one thing which you pointed out and we know a little bit about because we’ve worked for some of the companies in the space is the data aggregation issue. Talk a little bit about that.

Zenobia Godschalk (10:23.25)
Yeah, and it’s, you know, it is, so some of that is pseudonymous, fine, but a lot of it, you know, it is, it’s very hard to actually wipe your data from anywhere on the internet. And then it’s not just on the internet, it’s some of these backend providers that have been around for a while and, you know, a few years ago we got a note from the IRS basically saying, hey, we flagged something, you know, as potentially a fraudulent, you know, a fraudulent

um, you know, return, uh, because they tried to get money back and, you know, unfortunately we know you never get money back. Um, but it turns out, you know, I don’t know if you remember when Equifax was breached, right? That is a crazy. Yeah. That is a crazy business model. I am going to collect all this data about you, and then I’m going to sell that to other people.

John Verry (11:06.326)
Oh yeah, that was one of the grand daddies.

Zenobia Godschalk (11:18.31)
And if you want to protect that data, you then have to pay me. Well, now I don’t have to pay you because you lost my data, so you’re providing that to me for free. So oops. But those kinds of models, they’re collecting data from every kind of source that they can imagine. They remember addresses that I don’t even remember I had. And they are able to build these profiles. And then they own the data.

in terms of how they’re securing that data. And they’re able to sell it. They’re able to monetize it, which seems insane, right? For you to not be able to say, no, please remove me from all of that.

John Verry (12:02.91)
Yeah, my favorite story with that is we had a client that was, and we had conversations about whether or not we wanted to work for the client because we felt it was a little bit evil to be honest with you. They would buy anonymized data and then what they would do is put it all together and make it non-anonymized based on the way they think it linked it. They figured out how to do that and it was nuts. One of their most profitable areas was selling leads to divorce attorneys before and their key thing was…

people in a certain age bracket who had suddenly started unusual patterns of buying things in flower stores, Victoria’s Secret, and health club memberships.

Zenobia Godschalk (12:46.31)
Wow, all the cliches all in one.

John Verry (12:47.738)
Yeah, exactly. I mean, they could have probably added Corvettes to that, purchasing Corvettes to it or sports cars, but they didn’t actually do that. So in your actual presentation, if I recall correctly, it was something like how blockchain can solve this privacy problem or perhaps more generically DLT, right? Can you explain, just to make sure we have a level playing field for the conversation for everyone, what is DLT?

Zenobia Godschalk (12:51.876)
Yeah.

Zenobia Godschalk (12:57.151)
Oh my gosh.

Zenobia Godschalk (13:15.35)
Yeah, so DLT stands for Distributed Ledger Technology. If you think about kind of the phases of compute, right? We went through kind of this mainframe era where companies controlled all the data. It was pretty centralized. It was, you know.

controlled within enterprises and organizations, not really open to the world. And then you had the web era, which for better or worse, the web was designed, I think, by a group of idealists who said, let’s just make open communication kind of our standard, right? Like, let’s make that the goal, is for anybody around the world to be able to communicate and to conduct commerce to do any of those things. Well, it turns out every technology has a good

And unfortunately, the bad actors for, as you know, ever since the internet has been around, have been able to take advantage of some of those things that were built to be sort of open protocols and built to enable that commerce and communication, but were not built with kind of security front and center and in mind. And so blockchain and sort of this Web 3 era is saying, okay, well, let’s put that control back in the hands of the users.

a public blockchain is essentially a multi-master, multi-use database where it’s a ledger, right? It’s a public ledger, whether that is in the simplest account of when you think of an accounting ledger, right? But it is just a record of all the transactions that have been done, and you can demonstrate that publicly. But you can also control, maybe you have small groups of people who can actually control certain things or view certain things on the board.

blockchain, or you have these smaller groups of people who can do that. But it’s a way, essentially, a new structure for compute where you decide, okay, what gets shared publicly, what gets kept private, and what are those sort of circles that I want to be both building and managing that infrastructure and sharing that data with?

John Verry (15:21.75)
Right, so would it be fair for someone listening to say, you know, DLT is effectively another type of database, right? Okay, good. Because I think most people like that database concept. I like the transaction component or the register component because I think databases you tend to think of as being these large blocks of information where ledgers you think of something which is going on, going off and people trying to keep track, right? It’s got more of that inherent tracking mechanism and which is a critical part, right,

Zenobia Godschalk (15:29.642)
That’s exactly right.

John Verry (15:51.166)
of blockchain and any of the DLT technologies, right, is this record keeping that’s immutable effectively, correct? So one of the things you mentioned in your speech that I thought was really cool was some of these new social networks, I guess is the right word to say it, right way to say it. And you said that in these social networks, rather than having this central repository, the Facebook or the Twitter or whoever is going to be sitting at the back and effectively owning and processing and possessing all of that data.

Zenobia Godschalk (15:56.702)
Yeah, exactly.

John Verry (16:21.274)
that you could be on a social network where you could share information with other people in your groups in that social network But that data is never going to one of the central repositories, right? How does that work?

Zenobia Godschalk (16:32.21)
Yeah, so I think, you know, if you think about it again as infrastructure, right? So the biggest thing, the biggest costs for all of these providers is really their infrastructure, right? They manage and host huge amounts of data. Um, and then they’re like, great. Well, in exchange for hosting that data, I’m then going to get to mine that data. So instead, if you said, okay, great. Well, I’d like to have a social network with, you know, my hundred friends. And we each agree that our little piece of the compute power will be

shared and the actual infrastructure and the application of that social network will then not be hosted by Facebook, but it will be shared hosting by all of us, right? So each of us hosts a little bit of that. You know, this is simplifying it, right? But each, instead of having one centralized entity that owns all the infrastructure, that pays for all the infrastructure and then owns all the data on it, each of us says,

Zenobia Godschalk (17:32.164)
to contribute in micro payments. But then I really get to control, okay then I say, nope I don’t want any level of advertising. Maybe I do, maybe with this other group of friends we’re willing to say, you know what sure for this group about exchanging home furniture I’m willing to share you know some of our

patterns of buying and selling. But in exchange for that, maybe advertisers on there pay us instead. So it’s really about thinking, OK, how do I share the costs of this infrastructure? And then, of course, the applications have to be built to take advantage of that infrastructure, that shared infrastructure. And then I can control which things.

are provided maybe to that application, which things aren’t provided to that application, you know, and depending on the type of group that I’m a part of, you know, maybe that changes.

John Verry (18:27.266)
So you’re probably not old enough to remember these days, but there used to be these file sharing things like bear sharing things where people could share movies and share music, right? You were kind of pirating it effectively. And it worked in a peer to peer model, right? And that, but that peer to peer model, the distribution, the infrastructure, when you participated, your systems became part of that infrastructure. In this model that we’re talking about here,

are we using a similar model or are we, like you said, through some form of micro payments, we’re hosting, the minute that we’re hosting some set, like there’s an EC2 instance sitting in Amazon, someone’s paying for that, someone has to administer it, right? So that kind of would break the model or am I not really understanding this? Okay.

Zenobia Godschalk (19:10.978)
So you could do it either way, right?

You could say, great, I want to host part of the infrastructure, and I want my group of people to each be able to host part of it. And I don’t want anybody outside to have access to it. So you really truly are sharing those infrastructure costs, and that group bears that burden. Or you could say, OK, well, I’m willing to have some of that infrastructure hosted elsewhere, but I will pay in micro payments so that infrastructure is not hosted by Facebook.

So that it’s hosted by another application that gives me the granularity to decide what kind of advertising I want, what kind of privacy controls I want. So you can kind of go the spectrum, right? If you say, great, like I don’t actually have that compute, I’m not interested in doing that, but I am interested in some of these more granular privacy controls, then maybe I agree that it is hosted somewhere else.

very visible to me who has access to that data, where it is built, etc.

John Verry (20:20.811)
Um.

So we have this ability through these mechanisms to have a greater degree of control of the information that we’re sharing and where it goes. In that model where there is a central component, right? Not one that’s just hosted by individually by the three people within that group. Is the way that we’re applying the security to that data through smart contracts, is that, like how does that, how does, like, you know, if that data ends up there, right?

How do we know that the people that are administering said system don’t have access to data we don’t want them to have access to?

Zenobia Godschalk (20:57.83)
Yeah, I think that’s a really good question. So there are two things. I think you can certainly use smart contracts. There’s also sort of this concept of pseudonymity, right? So maybe there are things that I only have on my system, but then, and this is not the blockchain itself, right? To be clear, there have to be applications that are also built on top of it to enable it, but maybe there is sort of a self-sovereign identity system, which then says,

necessarily have to tell you my name, address, phone number, all of these things, but that can be verified and then I can have sort of this pseudonymous identity within a certain group that I participate in.

John Verry (21:42.378)
I gotcha. Yeah, and then I’ve read some stuff about like off chain. So really what you just have is a hash to something which is off chain. So the person doesn’t really have access to it anyway. Okay, I gotcha. Interesting. So, and I think this was sort of the premise of your thought process of ideally implemented web three technology effectively can solve the privacy problem, right? Okay. So, which I thought was really

Zenobia Godschalk (21:51.83)
Yeah.

John Verry (22:11.378)
exciting. So there’s, we’ve got containing swamp, but we’ve got a swamp. I mean, Facebook’s not going away. YouTube’s not going away. Twitter’s not going away. You know, I’ve been, I’ve been on the internet for a long time. My information is out there. It’s all over the place. I am stupid enough that I have an Amazon device in my house and I’m willing to pay the price for that. And I understand I’m letting people in, but I don’t do anything all that exciting anyway. They know, they know I drink a lot of.

Zenobia Godschalk (22:17.678)
Hahaha

Zenobia Godschalk (22:21.773)
Yeah.

Zenobia Godschalk (22:29.377)
Yep.

Zenobia Godschalk (22:41.142)
So there you go. Yeah.

John Verry (22:41.402)
They know I like that. It’s okay. You know that. You want to advertise it, it’s probably good. I don’t know about the new ones. So I want to talk about whether I can use the same technology on the other side of the equation. Right? So if I’m a company that has this data and now we have, fortunately, I’m an advocate of it, new laws and regulations that are trying to protect us, GDPR, CCPA, VDPA, all of these new regulations.

Are there ways that we can use these same technologies from that side of the equation to help us comply with these regulations? Specifically, the ones that are the most challenging, I believe, are anything associated with the data subject access request, or that right to present, that right to edit, that right to the most important one, not the right to forget. Can you help us there too, please?

Zenobia Godschalk (23:38.338)
Yeah, so I think, you know, I think some systems, I mean, shoot, we still have mainframes, right? In a lot of organizations. So we’re, yeah, we’re not going to sort of retroactively solve all of those things. But think about how many times people start up, or organizations start up new applications, right? New applications, new services, they launch them. And they’re like, great, the first step is, can I please collect 75 different pieces of data about you? And then all of a sudden I now have to have GDPR.

John Verry (23:44.783)
There’s a lot more mainframe out there than you think.

Zenobia Godschalk (24:08.054)
because I’ve collected all this data about you. So to your point about, could I just, you know, have a hash of yes, I’m confirming that this person meets all these requirements, but I don’t actually have to own that data myself? Then think about the data collection and privacy burden, how much that gets reduced for those companies, right? So I don’t think overnight all those companies are going to retroactively do that probably for a lot of their existing applications. But if they started to do that for their new applications,

over time they are going to sunset their old ones, right? Over time, you know, even the longest lived companies, you know,

you know, sort of go into obscurity, right? And so you will see that shift in, great, if I don’t have the burden of GDPR compliance because I don’t actually own that data and I’m not seeing it, I’m just seeing sort of a hashed version of it, or I’m just seeing a pseudonymous version of it, then that’s not only better for the actual compliance, but that’s better for my burden, right? I don’t have to manage that data. I don’t have to let you know when there was a data breach. I don’t have to, you know,

yes, this has to comply with GDPR because I don’t ever see that data. And that’s not going to work for every application, right? There are some things where you’re going to need that. But the number of times that I’m asked for my birthdate and I’m like, you don’t need this, right? You need to know that I am much over the age of one.

John Verry (25:38.235)
25, 26?

Zenobia Godschalk (25:41.326)
Plus plus plus, exactly. But you need to know that, Mr. Producer in Champagne, that I’m trying to go visit your vineyards website. Please let me, please let me access it. But you don’t need to know my actual birth date.

John Verry (25:57.098)
Gotcha. So just make sure I understand this. So in terms of where blockchain has this advantage of having this, the immutability of the blockchain in a sense creates a problem for it being used with privacy if we were to actually store the private information we might want to delete, right? By definition, it’s immutable, right? So that is where this concept of offsite storage with a hash

Zenobia Godschalk (26:20.436)
Yeah.

John Verry (26:27.274)
gives us the value prop associated with the DLT, right? But yet we get around that issue where we actually can’t delete data. So it would make it easier for us to delete the data because if we wipe the hash, any reference or linked or if a smart contract does off that, right? Any capability for us to access that data is gone.

Zenobia Godschalk (26:47.734)
That’s right. And I think, you know, a lot of times when the technology first started, it was sort of this absolutist, well, you must publish everything to the blockchain. And that’s not really, I don’t think that’s practical. I don’t think that’s how this is going to evolve. And I think people are going to recognize there are things that I, like you said, I want to keep off chain. But then I want to keep a record of proving them on chain.

John Verry (27:12.394)
Gotcha. So, um, had era, if I got the pronunciation right, good. I’m two for two. I should quit now. So thanks everybody for listening. Um, so, um, uh, so had Dara, and again, I am web, not web three knowledgeable. Uh, so when I look at your website, I’m a little confused, but it appears to me is that, uh, had era,

Zenobia Godschalk (27:16.758)
You did.

Zenobia Godschalk (27:22.166)
Hahaha!

John Verry (27:39.67)
basically provides the tools that a developer would need to build an application, a Web3 application that leverages the concept of blockchain. And it looks to me like you’re famous for something called Hashgraph, which is an alternative to blockchain, right? There’s both of those. If I got it right, both of those are DLTs. But Hashgraph is a different implementation of DLT than blockchain. Is that close to right?

Zenobia Godschalk (28:03.49)
So.

Zenobia Godschalk (28:08.979)
Um, yeah, so maybe I’ll rewind a little bit.

John Verry (28:13.71)
lose translation, you’re going to correct me. And you just did it, you’re just saying it in a nice way. Look, you could just say, no, John, that was idiotic. I mean, like other people do. I mean, my wife tells me all the time, so.

Zenobia Godschalk (28:25.193)
I won’t go there. It is confusing, right? I mean, this is sort of, we’re still in the phase of like explaining TCP IP to users where people are like, I don’t care, just show me how it works. Right? So I am really hoping that we can get out of that phase.

John Verry (28:37.689)
Just bring the web pages up, that’s all I need to know about.

Zenobia Godschalk (28:40.142)
So just show me the application and I will say we’re getting closer there, right? So Hedera is the network, right? You can think about it almost as the equivalent of the AWS or whatever else you would run your infrastructure on. Hedera is that layer one network. The way that the Hedera network runs is it uses something called the hash graph algorithm to come to consensus. So blockchain and, you know, for example, Bitcoin,

uses a different kind of consensus mechanism. It requires somebody to go do a math problem, that’s why it’s called proof of work, and then the person who solves that math problem fastest gets to write the next transaction to the network. Hedera uses a hashgraph algorithm, which uses something called Gossip About Gossip to actually write transactions to the network. And so, yes, Hedera provides,

things that both Hedera and the broader community have created so that people can go and build their applications on top of that network. And there’s a whole ecosystem of both open source tools and other infrastructure that is being built on top of and with Hedera to make that network function, right? So if you can imagine very early stages of the web, you know, not a lot of APIs, not a lot of other things that sort of plug in, we’re seeing that same kind of maturation

of the technology stack with blockchain and the other services that are built on top of it so that over time it gets much easier for people to build their applications there.

John Verry (30:21.266)
So I’m confused a little bit, maybe some other people listening are, because I find that term network interesting and maybe, you know, is it analogous to a physical, you know, TC, when you say network, right, like on the back end, like if I, if I really got down, so what are we talking about? Are we talking about server infrastructure? And when you say network, it’s the transiting of the data between the different

APIs, code mod, whatever it is, the components of this blockchain group of services that we can consume.

Zenobia Godschalk (31:00.03)
Yeah, that’s exactly right. So it is, I mean, I think if you think about it, sort of like cloud services, right? So it is a network of computers that sit, and so Hedera is one of the most distributed public networks. There are instances running on every continent except Antarctica, right? These, this network of computers comes to consensus, and…

John Verry (31:22.654)
And real quick, that network of computers, is that operated by just a bunch of entities that choose to participate, or is that a centrally administered, you know, Hedera service?

Zenobia Godschalk (31:34.67)
Great question.

Network governance is very important in blockchain, right? Because this whole idea of decentralized networks, decentralized infrastructure is really important. But what we saw happen with some of the original infrastructure was, OK, that’s all well and good in ideals, but it turns out like five guys in China are running most of this infrastructure. So that’s really not decentralized. So one of the things that Hedera did differently is its governance model, which was from day one, we took the governance model essentially

network and said, okay, we are going to have, today we have 31 governing council members. They are big companies who run, they run

You know, they typically run things like other infrastructure, you know, folks like Tata and Wipro and Google. They are also big banks and financial services companies. They are also companies who are just running other, you know, there are folks like Dell, there are other companies who are running applications on the network. And they have all raised their hand and said, I want to be part of the governing council and I want to run a node on the network. So I want to actually have some servers that are running and maintaining

structure.

Zenobia Godschalk (32:48.782)
And that we did for security purposes, as well as decentralization purposes. The goal over time is that anybody, anywhere in the world will be able to run a network idea node. Ideally, you’ll be able to run it on your phone when, you know, when the technology works that way. But to start with, to make sure the network is secure to begin with, we said, let’s have these companies run the network, initial network nodes, and let’s have them, you know, all the transactions go through there.

can trust that infrastructure. They also can say, hey, there’s no chance of collusion, right? If you’ve ever tried to even get 30 people to agree on something, I know there’s all these conspiracy theorists out there. If you’ve ever tried to get 30 individuals to agree on something, you realize it’s very hard. If you try to get 30 multinational Fortune 500 companies to try to collude, that is never going to happen. And so they all run this infrastructure with the goal being for people to say,

look like there’s no, they can’t make any changes to the network, they can’t change the code, they can’t do anything that would interfere with the network or hack into the network or do any of those kinds of things. They purely run that infrastructure.

John Verry (34:02.774)
You know there’s someone listening that’s sitting there shaking their head going, no, the dark state, it’s all the dark state. It’s the lizard people, dark state, you know, what’s the…

Zenobia Godschalk (34:11.848)
Yeah, I was on a podcast a few weeks ago where they said, you know, the one mega blockchain that everyone is using and I was like, Oh, well, um, that’s a concept I’ve never heard.

John Verry (34:22.628)
So you’re saying I wasn’t the stupidest person you spoke to. I feel better about that now.

Zenobia Godschalk (34:27.473)
Not by far. You have a smart audience and you know what they’re gonna ask.

John Verry (34:32.202)
So, and it may be a poor analogy, but if it’s reasonably close, it would probably help me and people like me that are never going to know as much as you know when they think about someone like Hedera. It almost sounds like in much the same way that if I was, I could develop an application from scratch or I could say, okay, I’m going to develop this application. Let me just go to AWS, right? I don’t need to spin up a database. I can use RDS. I don’t need to spin up a server. I can use EC2. I don’t need to spin up. I can do…

my log monitoring through alert watch or alert whatever the alerting product is. It’s almost the same thing with Hedera, right? It sounds like I’m effectively consuming your services as part of my application.

Zenobia Godschalk (35:10.454)
That’s right. And so yeah, it is those network services and then also things like a tokenization service and a smart contract.

John Verry (35:16.266)
Right. Smart contracts and right. Yeah. So some of the components. And so it’s almost in a weird way, like AWS has that giant page of all those services that you can kind of take advantage of. I’d be taking advantages of the same type of, you know, services that are similar to that are specific to, um, to hashgraph blockchains.

Zenobia Godschalk (35:35.318)
Yes, that’s right. Yeah.

John Verry (35:37.814)
Cool. One last question. This might be a, this is a stupid question. I know one of the things that I think I’ve heard over the years is that why blockchain hasn’t advanced faster was because there were problems with speed because of the, you know, that transaction speed was somehow some type of a problem. So I might be right. I might not be right. If I am right, does Hashgraph do something different that would have positive or negative impact on

whatever that is, transaction speed, execution speed, I’m not sure what they call that.

Zenobia Godschalk (36:08.606)
Yeah, you like totally teed that up for me. That was not a dumb question. That was a great question. Thank you.

John Verry (36:13.334)
I mean, you fed it to me. Like we rehearsed this for 45 minutes before we jumped on. I mean, you fed me the line. I knew exactly what to say. The thing is that I was compelled, it sounded legit, right? It sounded like a guy struggling to answer a question. You know, so I’m just a great actor. That’s all it is. Yeah.

Zenobia Godschalk (36:24.775)
I’m sorry.

Zenobia Godschalk (36:29.334)
Perfect! Doot doot!

Yes, so like we talked about, you know, the original sort of Bitcoin and some of those systems were designed for proof of work, right? They were designed to say let’s slow down the network because that’s our security mechanism And we will require someone to go do that math proof so that they can write to the network What the hashgraph algorithm has solved is that problem which is okay? How do I you know, how do I have sort of there is sort of this blockchain trilemma, right? How do I have speed as well as security as well as?

as verification that those are the right transactions that are being written to the network. So, Hedera and I will give credit, other next generation blockchains are very fast. We today can do thousands of transactions per second on a single shard. If you look, there’s actually a public transaction monitor that shows how many transactions have been conducted on the Hedera network. It’s up to 40 billion.

So I think this is at the scale of what’s happening on the Visa network today. So if you want to find applications that go even further beyond that, I would love to see them. But today, the networks, and especially Hedera, really are capable of

pushing through that level of transactions because I think, you know, just like, I mean, you remember dial-up, right? You remember what it was like to, I remember trying to edit a PowerPoint on my home computer with dial-up in 99 and I was like, oh, well, maybe by tomorrow morning when I wake up, this thing will have actually sent to my boss, fingers crossed. You know, but today you send it in five seconds and you don’t even think about it.

Zenobia Godschalk (38:18.097)
of infrastructure and some of that is very well deserved, but some of that is just a matter of time and saying, hey, the next generations of these technologies will fix that.

John Verry (38:30.006)
Gotcha. By definition, does Hedera have to be a public blockchain or a public, yeah, DLT, or can I also use it as a private DLT?

Zenobia Godschalk (38:43.614)
Yeah, so actually, the Hedera was created by Dr. Lehmann Baird, and the first company was called Swirlds. And so Swirlds actually started doing private instances of Hashgraph. That has been run by some companies today. And you know, you could think about, you know, most people use the public network. It’s just sort of easier than standing that up. But we are seeing people sort of say, wait a minute, maybe I will want to have some part

run in a private network and some part of this run in a public network. So I think there’s… ..

John Verry (39:18.998)
And you could blend, you can, there’s ways of blending, okay.

Zenobia Godschalk (39:21.81)
Yeah, I mean, there’s certainly work that has to be done, but yes.

John Verry (39:25.65)
Okay, last question. I saw when I was preparing for the podcast, some, I’ll call it academic papers, that talked about using blockchain technology, DLT technology, to address privacy, like CCPA, GDPR, like we had in our conversation. Are you aware of anyone actually doing that on Hedera, or people developing applications that way, for privacy?

Zenobia Godschalk (39:51.966)
Yeah, there are a number of applications and I think they are really kind of around the identity space. So actually IBM is doing that. There are some startups in the space that are doing that and they’re really trying to focus on this idea of self-sovereign identity. And you know, like we talked about the pseudonymization of data. So MECO is a startup that’s really focused on that space. They’re actually out of Australia.

building block of this next generation of technology, right? Once those things are solved and a lot of people can use them, then you’re going to see that next generation of applications that says, great, thank goodness, I don’t have to deal with that piece of the data. I don’t have to touch it.

John Verry (40:37.718)
Gotcha, so is that almost like, conceptually, what you’re saying is you’ve got this application.

that has all of my sensitive information that I’ve got very tight control over who it can be shared with, then if somebody wants access to that data, right, I’ve got to grant them access through, you know, so through that mechanism, you know, and then they’ll share that information on demand as it’s needed with none of that data ever leaving and persisting in the other environment.

Zenobia Godschalk (41:14.814)
Yeah, so yeah, you could either share the data itself or you could share some version of a validation of that data. Yeah.

John Verry (41:25.098)
Right, right, like they do say, like age validation. Right, so they can’t ask for my birthday, but they can ask, is this person older than 18? Okay, which is awesome, right, because then my birthday’s not floating around out there. Right, or does this person have a valid driver’s license? Okay, and they don’t need to know the deal number. Awesome, we beat it up pretty good. Anything we missed, anything you wanna add?

Zenobia Godschalk (41:37.947)
Yeah.

Zenobia Godschalk (41:50.234)
I don’t think so. I think, you know, I will say this is new technology, but I think the thing that’s different about this than in sort of some of my early days in my career is that there are online developer communities that are so willing to just engage with newbies and, you know, have conversations about how it works and how they’ve implemented it. So, you know, the Hedera Twitter accounts and some of the developer Discord and other accounts are super active.

to go in there and just learn. They can read or they can ask questions. And there really are no dumb questions because this technology has been around for only a hot minute in the grand scheme of things. And there are no experts. There are only folks who are just continuing to learn.

John Verry (42:39.847)
Give me, I don’t know if you’re prepped for this, give me an amazing or horrible CISO. What fictional character, real world person do you think would make an amazing or horrible, I’m gonna say instead of CISO, web three developer.

Zenobia Godschalk (42:52.719)
Ah, okay, web3 developer and why.

Zenobia Godschalk (43:00.797)
Well, when you said see-so, you know what came to mind was, um, grew from the minions?

Zenobia Godschalk (43:08.854)
because he has this.

John Verry (43:11.199)
So that sounds to me like you’ve watched that show with kids before. Yeah, you know, you can actually tell age differences and you know, like my kids are older than your kids because the Minions is something like I kind of know a little about but don’t really know. But other people have, somebody else literally asked that question and said, grew as well. And so I was like, I gotta go look up grew. I think I know who he is. But now I’m not positive.

Zenobia Godschalk (43:15.207)
multiple times, so many times, right?

Zenobia Godschalk (43:23.106)
Hahaha

Zenobia Godschalk (43:38.327)
Yeah. He’s a great character though, right? He comes from this sort of very evil background and he has all these super creative ideas about how to be evil and his, you know, his heart is basically melted by these three girls he adopts. His minions go and do his bidding, but they don’t always do what they’re supposed to. It doesn’t always work. There are lots of things that go wrong.

You know, so I think he has sort of turned that around. And I think you sort of, you have to have a little bit of that, right? To work in, whether it’s to work in the security industry or to work in web three, you have to have a little bit of that kind of anti-establishment. I’m willing to look at things from different perspectives. I, you know, I’m willing to sort of see things go crazy and creative, but at the end of the day, you know, my heart is in the right place and my best, you know,

want what’s sort of in the best interests of the community or a broader you know ecosystem than just myself.

John Verry (44:41.154)
Well, you know, I think that is honestly a better answer for the Web3 developer versus the CSO, is that, you know, isn’t like one of the prevailing drivers to Web3 is this giving control back to the people, right? And ownership, distributed ownership and digital assets. And, you know, so, you know, it’s actually a really good answer for both. Right. Because, you know, if you think about it from a, I do believe that most people that are in the security space are there because…

Zenobia Godschalk (45:05.018)
I’m sorry.

John Verry (45:10.666)
They believe that their work is honorable, and that we’re doing the right thing, and we’re helping protect people, helping protect companies, and the more we can do that, the better off they all are. But I think that that’s the whole idea of Web3 as well, right, is returning control from the evil empire, like the Zuckerbergs of the world that people think of having been fair citizens in our digital world.

Zenobia Godschalk (45:20.619)
Yeah.

Zenobia Godschalk (45:31.374)
It’s a very good way to put it.

John Verry (45:33.56)
So, well, this has been fun and I appreciate you putting up with my dumb questions.

Zenobia Godschalk (45:37.982)
Well, thank you so much. I’ve really enjoyed it.

John Verry (45:40.63)
Yeah.

Pivot Point is now part of CBIZ. Click Here for more information.

Episode 135: Can Distributed Ledger Technology Simplify Privacy Compliance? W/ Zenobia Godschalk

What's Next?

What do you think? Is Digital Business Risk Management the Future of Attack Surface Management?

Search our Blogs

What are the 5 Key DevOps Research & Assessment (DORA) Metrics and Why Should I Care?

ISO 42001: What are the Key Elements of an AI Management System?

ISO 42001, ISO 27001 and ISO 27701: Is This the New “Big 3” for Provably Secure and Compliant AI?

How Much Does ISO 27001 Certification Cost in 2024?

What is Distributed Ledger Technology (DLT) and How Can It Simplify Privacy Compliance?

Virtual CISOs and Community Banks—Perfect Together

What is Hedera Hashgraph and How Does It Solve Blockchain Privacy Issues?

Data Privacy Compliance in Higher Ed: Now is the Time

What is a TISAX Simplified Group Assessment and Who Can Use It?

CMMC Proposed Rule Changes: What’s Changing and How to Prepare

What is Kubescape and Why Should We (as Cloud-Native Developers) Care?

Container and Kubernetes Security: A Nontechnical Introduction

What is a Container and Why are They So Popular with Developers?

What is the New Jersey Data Privacy Law, and How Can We Streamline Compliance?

The EU AI Act: 9 Top Questions Answered

SOC 2 Reports – Which Trust Services Criteria Do You Need?

6 Key Takeaways from the 2023 SOC Benchmark Study

CMMC Proposed Rule: New Guidance on CMMC Level 3

The New CMMC Proposed Rule—Answers to Your Top 9 Questions

ISO 27001 Accreditation: Why It Matters for Cloud Service Providers

How can we help you?

Services

Compliance

Insights

Pivot Point Security