Cloudflare TV

🎂 Alexander Macgillivray & Doug Kramer Fireside Chat

Presented by Doug Kramer, Alexander Macgillivray
Originally aired on 

2020 marks Cloudflare’s 10th birthday. To celebrate this milestone, we are hosting a series of fireside chats with business and industry leaders all week long.

In this Cloudflare TV segment, Doug Kramer will host a fireside chat with Alexander Macgillivray, Co-Founder & GC of Alloy and former Deputy CTO of US Government.

Watch more Fireside Chats 🎂

Birthday Week
Fireside Chat

Transcript (Beta)

Welcome, everybody, to another conversation in Cloudflare's 10th birthday week.

This conversation is going to be with Alex Macgillivray, who has a number of different notable experiences in his background that we'll talk about here in a second.

And that is exactly why I think he has a unique perspective on what we're talking about this week.

And this should be a very interesting conversation. So Alex, welcome to Cloudflare's birthday week.

So as background, Alex trained as a lawyer, but a very technical one, who came to the Bay Area, worked at Google for a while, which we'll talk about in a minute, then notably went on and became general counsel at Twitter during very important parts in their growth, and then made a decision, I think it was about 2014, to go out and join the Obama administration at the White House as a deputy CTO.

We'll get to that as well. But Alex, let me just start with this question, because it's what we're starting with everybody this week.

And that is, you know, Cloudflare is turning 10. Obviously, Cloudflare was a very different company 10 years ago.

It was Matthew and Michelle and a couple of other people above a nail salon in Palo Alto.

But more importantly, the Internet was a very different thing 10 years ago.

And what we've seen and how we've seen the Internet change, both for good and for bad, and in ways that are challenging and complex, over the past 10 years has been significant.

So I might just start out with your perspective on that.

And in the past 10 years, what do you think have been the really significant changes in the way that the Internet operates, the way that the Internet is a part of our lives and what we're seeing on the Internet?

Yeah, for me, 10 years ago was, I'm not sure I really remember 10 years ago so well.

But 11 years ago was starting a Twitter with a small group of people.

And originally, I said no to the Twitter job, because I thought it was all about Kim Kardashian, and not about anything that would be something substantively interesting, or have any impact on the world.

Which you may or may not have been wrong about, despite how much the President of the United States now has replaced Kardashian on Twitter, I guess.

It does feel like sometimes that company would be happy to go back to those days.

But I think the other thing for me in that transition was coming from Google, which was kind of everywhere, and starting to be less liked, and going from the scrappy upstart to being more of the incumbent.

To go to another scrappy upstart that was mostly based in the US was a real joy, because I think one of the big things that has changed over the last 20 or 30 years in terms of Internet is that it's having a much bigger impact on people's day-to-day lives, which really raises the stakes for the jobs that we all do.

And also makes it so that more people in more places care about what people at these Internet companies are doing.

And lots of that is really good. Some of that can be contentious.

We definitely got more government interest, both in terms of trying to figure out who's using the platform for bad ends, but also trying to shape how the platform develops over time.

And I guess the most surprising thing of now for me is having a US President talk about blocking entire applications in a way that at the time, back in 2009, 2010, you definitely thought about the Great Firewall and China being that type of regime.

But I don't think you really ever had a sense for that as something that the US government might engage in, or that the US government might need its own Great Chinese Firewall.

That was just not something that was ever there.

And now certainly there are government actors who, if they had that tool, would find it quite useful.

Yep. No, I think we've certainly seen 10 years ago, as you were describing, the Great Firewall and then what you might call the global Internet, which was a very open, free, not a lot of upfront burdens and participating.

You've seen the shift away from that, notably in Europe in the past couple of years, their proposals in other places too.

And up until very recently, the US was still viewed as sort of the bastion of the old version of the Internet.

Although as you suggest, an American President sort of suggesting that making apps available across borders or not available across borders and things like that certainly sort of changes the calculus there and adds to the complexity.

Any particular takeaways, whoever people, an incessant number of panels want to call it sort of the splinter net or the localized Internet or whatever, any sort of thoughts you have on that progress?

We may be beyond the point about asking with a straight face whether or not it's a fad or not, but anything that you see in the way that the Internet is sort of being localized around the world that you think is particularly likely to happen, particularly problematic or particularly a good idea?

I think what's kind of fascinating, and this is I think mostly a really good thing, is as more and more people have thought that focusing on the Internet is important, you have a ramp up in all sorts of different views and viewpoints about what to do next.

And you also have this huge ramp up in expertise. You go from a government, I mean I remember the French government telling me when I was at Twitter that they wanted me to block the word Jew.

Just make it so the word Jew did not exist on Twitter, which is a very ham-handed way to regulate.

And I think what you have found, and this is partly why we're going down on these local Internet paths, is because governments really want to do very specific things to try to root out, again at their best, to try to root out specific harms that they're seeing that are affecting real people.

And that's just the increasing sophistication of governments.

So it's not turn the Internet on, turn the Internet off.

It's, and you see this in China certainly, is leading the way. It's let's let a little bit more of this type of dissent bubble up while we suppress that type of dissent as a way of moving public opinion from one particular thing to another particular thing.

And so that level of sophistication, you know across the board, I think you see this in academia, you see this in advocacy organizations, you see it even at the companies themselves.

Just the increasing level of sophistication means that you have finer and finer adjustments being made.

Yeah, and I think part of what we're seeing when you talk about that, we've seen much more sophisticated engagement by lawmakers and regulators around regulation of the Internet.

And it also I think goes back to part of what you said before and part of the moment we're living in where you sort of, Twitter at first was about Kardashian, and actually it's become much more fundamental to our lives.

And I think we saw that and understood it.

Like those of us who sort of work in some tech companies saw that this was more than just about, you know, the Internet early might have been about exchange of information, making information available around the world, letting people communicate easily.

But over time it became our banking and our jobs and our ties with family and logistics and operations, you know, and all these things that ended up happening on the Internet.

And so when you ran into the pandemic and you ran into so many other things, you realize, okay, so certainly regulation of content, regulation of communication, that sort of stuff is part of it.

But the Internet is so much more essential than that. And the regulation cuts both ways on that, because you find that, you know, some of the localized regulation in Europe is as much about keeping industrial data there, so that they can benefit from mining operations and large, you know, industrial machinery, as it is about trying to control discourse and keep certain words off the Internet and things like that.

And so I think, you know, I think it is maturing in a way that is good, but it certainly will lead to a lot of complexity over the next couple of years.

I'm sure of that. That's an easy bet. So. Well, and the state has never been higher too.

Yeah. I think that's the other thing. It's just as it becomes more and more impactful, which is certainly what I wanted in terms of my time within Internet industry, was I wanted to have a positive impact on people.

I wanted to have a deep impact on their lives. And, you know, you get that, that wish becomes granted.

And now all of a sudden, okay, the stakes are very high, because you can also have huge negative impact.

And focusing, you know, more and more, I think people are thinking through harm reduction as a part of everything from product launches to press releases, that as a way to kind of think through, if you if you're having so much impact, how do you ensure that you're not harming people?

So one of the things I definitely want to talk to you about that I think is a development of the last 10 years, it's really accelerated in the last year or two, even for most people, although you were ahead of this curve.

One of many, I think that you were ahead of is during your tenure at Google, sort of created this idea.

I mean, I may be giving you too much credit, but hopefully I'm not. And even if I'm not, who cares, I'll give it to you.

Created this idea of a product council, right?

And the idea of lawyers working with product teams and marketing teams is nothing new.

Consumer protection laws, local regulatory laws been around forever.

But I think what you did at Google was really take the lawyer, not just to be someone who thinks about selling something and who we sell to, but digging into the technology to understand the technology and understand all the things that were going on inside that may raise legal concerns, which was a nice to have for a long time, probably a smart to have.

But in the last three or four years, where you have all this regulation of the Internet that sort of is parsing all of these parts of the technology has become an absolute must to have, must have in a way that I'm not sure the market is ready for.

I don't think you're seeing law schools pump out tech savvy lawyers.

You may have tech savvy people that went to law school, but law schools aren't doing that and vice versa.

I'm not sure that you have computer science programs that are training people extensively about policy or law or things like that.

So talk to me a little bit about what you think the modern policy council role is and the role that will play in how we fill that gap.


So certainly there are some exceptions to the law school thing, the Berkman Center and MIT have really done amazing work there, but and Berkeley as well.

There's a ton more, but the, and I should also say Colprete Rana, who was the first lawyer at Google really was the model of the type of thinking I was trying to bring with Nicole Wong, who is just an incredible person and was between she and I, we kind of helped create that.

But the, the idea was to trade off a sort of exact substantive legal expertise as against deeper product expertise.

I don't think you get to get all of it.

Like you can't have somebody who knows, you know, every single law in every single area on every, in every single technology.

Like that's just not a thing.

So the question was what is the right trade-off for these products that are complex and have legal issues often are an important component of delivering the value to the user.

So, you know, a classic example here might be Google book search, right?

How do you deliver an index of the world's books in a way that respects copyright, but lets people actually find the books that they're looking for and then, you know, go read them at their library, right.

Or, or something like Gmail, like how do you think through the privacy components of being able to show you ads based on the content of this intimate personal communication.

And sort of understanding that we really wanted to get the lawyers kind of in early and in when the team was thinking about what value they wanted to deliver to the user, not just about to launch where you could only say yes or no.

And by the way, you're, you know, your no was likely to get overruled.

We wanted to be able to say, oh, you could do it this way or that way.

And how about you do it this way, because that gives you a ton more privacy protection in Gmail.

Or that means that when you get sued by the publishers, which we did in book search, you're going to win.

So that, I think that was the, that's the biggest thing, which, and it does come at a trade-off, right.

It means that because lawyers today are expected to know and do the impossible.

They're expected to know like the law in every single country in the world for an awfully wide now range of substantive things that impact on all of these products.

And so you are, I think you are trading off some of that deep legal knowledge, but again, at the benefit of a better understanding of the product.

And just to give you one more example from the Google days, right, Google Buzz had this feature that exposed essentially who you were friends with without your knowing or permission.

That was something that was in the product.

And the failure in many of these cases is just not understanding the product well enough and how it's going to be, what sort of, what the context for the user that it's going to arrive into.

So in the, in the work context, that might've made sense.

People might not have quite grasped it, but in the, in the public context, it didn't make any sense.

And it doesn't take an expert in privacy law to tell you that it takes somebody who really is deep in on the product and can, can kind of like see around the corners of where the product is going.

Yeah. What you're describing, what I've certainly experienced in this job is, you know, for those, hopefully there are a lot of people watching and hopefully a lot of them didn't go to law school, but for those who did, you know, law school, final exam questions are this like legendary thing.

We go through a whole semester of a class. The professor gives you two, maybe three really complicated hypotheticals, you know, and then you're supposed to spend a couple of hours sort of sorting through it and say, well, this is an issue.

And this is how I think that works out. And that's an issue.

And, and there's sort of these, what we thought were laughably unrealistic circumstances that brought all of the problems of the world into one sort of question or issue.

And it's like, you know, being in this job in 2020, it's like those, those actually are easy.

Those are, you can take a deep breath with those compared to what the reality now, where you have just, you know, millions of different users online coming from different places with whom you have primary, secondary, or tertiary sort of a relationship touching on issues like privacy, any of the content moderation issues across all of that.

And so training lawyers to understand the tech well enough to be able to do that, understand the multiplicity of different issues and all of that is certainly a, I think a unique thing when it comes to being a lawyer.

It's an exciting thing. It's a great thing, but it's really, really challenging.

So very good. I wonder what your experience has been.

Cause I, for me, I don't think you necessarily need to be a techie to do that.

You just need to be curious enough. I mean, this is, this is like what makes a good employee, what makes a good lawyer is being curious enough about the thing that you're trying to analyze.

You don't have to be an expert in it.

But just being able to be curious enough to ask a ton of questions, to really get your hands deep into it.

I found that was definitely more valuable. You know, listen, I always crave having more technical experience and I try to chase that out and I encourage our team to do that whenever we can.

I've never found it to be, you know, a significant blocking obstacle that I don't understand, you know, what Nick Sullivan is doing on encryption better than I do.

Usually I can ask the questions of someone like Nick to figure that out.

What's more important, and this might provide us an opportunity to pivot to the next thing we're going to talk about, is, you know, really when I came out and you and I both spent some time working in the Obama administration and both at the White House in very different sort of roles.

And mine was not a technical role, but it was very much a role where the complexity of the day and realizing how to triage an issue, figure out if it was a big deal, no deal, whether it was a short term, long term, and figure out what had to be done and what the essential questions were so you could then move on to the next thing.

It's something I learned there that I'd never learned at a firm or anything like that.

And that is certainly, for the people who sort of talk to me like, must have been very different working in crazy, big bureaucracy DC and then, you know, crazy, innovative Silicon Valley.

It's like, you know, that skill is very applicable to both.

And I don't know if you saw some insight into that, because I definitely agree with your characterization of it, and I've seen it a bit in both.

So, and actually, let me do that. Yeah, go ahead. Yeah, I think that's definitely true.

And, you know, first of all, just take a moment to reflect on what an awesome privilege it was to be able to work in that administration.

You know, certainly for me, it was, I was just incredible to be able to do that.

And, and to be able to see the depth of impact that government can have on people's lives, and to be a part of trying to shape that in a positive direction was killer.

I think the, you know, one thing I definitely learned when I was there, John Podesta was an advisor to the president and his, he would like, he was doing a lot of stuff, but he would walk into rooms sort of midway through the meeting, and refocus on, okay, but what is the actual value we're giving to the American people?

And so, like, always trying to focus on that, just like in a, in, you know, in a tech company, okay, but what is the actual value that you're providing to your user or to the world?

Like, that to me, like, the clarity of that often got me to the point what you're talking about, about being able to synthesize and get to the, get to the stuff that's important.

And, and I was always impressed, you know, with, we, it's called public service for a reason.

And I think in Washington, in a way that isn't fully respected, there are some deeply, you know, career employees with deep experience and understanding who bring a lot to the table about things that, that don't, you know, it's difficult to build a private company around.

I mean, you look at the pandemic now, you look at the hurricanes we were just talking about that are, you know, sort of going through East Coast, you know, I constantly found people who have that information and could deliver.

One of the things though, that I think the Obama administration realizes where they didn't have that expertise, where you didn't have career staff that were experts on these public health issues or things like that was in the technology space.

So in, I think it was about 2014, you did, you know, you leave Twitter and you go out to join the Obama administration as, as, as deputy CTO for the U.S.

And I think part of that was really to try and close that gap and bring some of the tech expertise and all of that into government to a greater extent than it was there.

Talk a little bit about, you know, that decision, why you thought that made sense.

Did you find that experience validating?

What were you able to accomplish? What do you hope that we're still able to accomplish on that front?

Well, I guess the first thing I would say is I think there was a tremendous, and there still is a tremendous amount of great technical talent within government.

I think where it was missing was really at that upper level.

So like there were tons of people in tons of agencies, and this is one of the lessons out of the U.S.

Digital Service, which was created during the Obama administration to try to kind of get through some of the bureaucratic red tape and make sure that the people who are trying to do good engineering work in the government could do it.

It, it, it felt like you had a whole bunch of people actually doing the work who were great, and maybe they were having to use old tools or maybe they weren't getting to do the thing that they were hoping to do, or maybe they had to, you know, contract out in these ridiculous waterfall five billion dollar contracts and you don't see anything for five years.

But the, but that was like the structure of government slowing them down, and it was a, it was a, it was a problem of in the rooms where the policy was being made, often you didn't have the implementers.

Yeah. And so that the, I think one of the things that President Obama saw and changed was he moved a bunch of technologists into those upper reaches, and that changed a lot of conversations.

I was sitting in a room once where we were talking about, you know, things that might make the U.S.

government more secure.

And, and one of the things that, that came up was bug bounties.

And what was interesting was they're sort of like around the room, you heard what people who had, who had never, you know, who were like the mucky mucks thought about bug bounties, which is, it's crazy to pay some people to attack the, you know, we're never going to pay somebody to attack the DOD website, right, was a literal thing that someone said, you know, and fortunately there were three of us, one of whom could say, well, hey, you know, every major Silicon Valley company does this, and it's extremely successful.

And another one who was from the Department of Defense, who could say, actually, the Department of Defense has been doing that for a couple years, and it's been great.

And so that, I think the, I guess what I would, I would reject that there aren't great techies, that there weren't already great techies in government, because there were.

What we need is, the litmus test I always use, is we need to have as many techies in those, in the higher level meetings, where policy is being made, as there are like lawyers and economists.

If we can get to parity with the lawyers and the economists, then we can make sure that we can deliver and implement and actually have the positive impact that we're trying to have with the American people.

No, I think that's really insightful, because that was definitely my experience as well, where it was, you know, it really was, listen, in some ways, you want the American government to be that aircraft carrier, you don't want it to be something that sort of, you know, turns in the wind on a dime, because either there's a new political election that happened or something else, you want it to be that steady, positive influence.

And it is this massively large business.

Yeah, not more fast to break things. Yeah. And, you know, and because there might, they've got to be concerned about grift and other sort of, you know, ethical sort of issues.

But it just created this desire to continue to do things as they've been done.

And when it came to technology, and sort of pulling out old systems and installing new systems, it was so it was always so much easier, just to sort of put a few more barnacles on the, you know, the existing system to try and patch things up and to do that.

And the bug bounty example makes makes a lot of sense when it comes to not only the sort of asking people to come and attack you, but then because of the requirements to be open about everything, which is also a transparency is a core principle of a lot of companies in Silicon Valley, but but wanting to sort of admit your faults, expose your faults, let those get ahead of you, which is a very healthy thing, but sometimes not part of the culture of government, which is something that they've had to accept more and more.

As you sort of ended that tenure, anything that you still would have focused on the two or three things that you think still need the most focus to make sure that government can be, you know, benefit from the sorts of things that you were you were talking about?

I think we've got to keep focusing on government, particularly government technology as services, not products.

And what I mean by that is that this is not the same as sort of, you know, buying a wrench, you're buying something that requires maintenance over time, that requires improvements over time.

And doing that in a more modern way, having check -ins, making sure that you're always dealing with the the user, the American people, the definitely that we still have, I think, a long way to go there.

And in particular, a long way to like get rid of the cruft of some of the bureaucracy to be able to get to allow people to do things like that, or just change the bureaucracy such that it is more friendly to those things that are going to be more successful.

In terms of like the thing that I wish I had pushed harder on was really around metrics.

I feel like, and you can even see it today, I feel like a lot of the metrics that we use to judge, for example, the economy don't necessarily jive with how people are actually experiencing and feeling the economy.

So a lot of our economic metrics right now are, you know, showing a pretty good picture, especially given everything that's going on.

But then you look at how this is impacting actual people, and it's really horrible.

And so I do think some sort of focus on making sure that the metrics that we use to drive our economy, to drive our government, to determine whether we're being successful or not successful, making sure that those actually match the way people are experiencing the world across, you know, different economic levels, across different ethnic groups, like that is really, really important, and something that I wish I had focused on.

So our time has been flying by, because this has been really great.

We have about four and a half minutes left, and there's one topic I want to let you talk about a little bit, because I'm sort of interested to hear about a little more, even though I've got some familiarity with this.

And that is, you know, talking about trust and safety. I don't think that there is a big goal that we experience on the inside of tech companies and people experience on the outside.

You know, the outside, the controversies about the Internet will be controversial website of the day or controversial tweet of the day, you know, or report about insidious activity, disinformation, whatever happening online, and then understand how trust and safety teams work internally at tech companies.

And they're really growing importance. And I think people are starting to understand that, but still don't have a sense.

They sort of want to debate whether or not this is a good or bad website or tweet or whatever, and don't want to talk about how this would work at a company.

And so, you know, you've been heavily involved in starting to organize a way to sort of make this a profession, to make it more of an organized, you know, sort of part of the industry.

And I wanted to give you a little bit of time to sort of talk about that, what your thought is there, and as maybe we look forward to the next 10 years, what are you sort of expecting might happen in the trust and safety space in the next five to 10 years?

Yeah, thanks. And I should say that Clarissa and Adeline Kay are really the leaders here, but this is the Trust and Safety Professional Association and the Trust and Safety Foundation.

And the idea behind them is pretty straightforward.

These trust and safety professionals have been doing these jobs for, you know, more than 30 years.

And yet, we don't think of it very much as a profession.

We don't think about people having training and knowledge and wisdom, and having dealt with these problems again and again and again over time.

So, what we're trying to do is make trust and safety professionals' lives better.

And Cloudflare is a corporate supporter, which means that the Cloudflare Trust and Safety team will be some of our first members.

But that idea of just giving trust and safety professionals a place to gather, a place to talk with each other, a place to talk about best practices, whether they be best practices about doing the job.

Like, how do you do therapy after seeing child abuse images, right?

Like, what are the types of groups that will help people who are dealing with that type of content?

All the way to, well, if you're trying to get rid of ISIS propaganda on your network, what does ISIS propaganda look like?

You know, we're not all experts in counterterrorism.

So, how do we ensure that we are able to kind of collect some of that information and make it more accessible to the people who really are the pros in the field?

And this is really driven out of the fact that I love trust and safety people.

I've worked with them, alongside of them, sometimes been the boss of them.

They're the people who, like, run into the absolute worst fight on the Internet involving the worst content and try to sort out, because it's usually between two users, right?

One person really loves the thing that they're saying, and the other person hates it, and try to work out what the right way forward is for the community as a whole that is on the platform.

So, that, yeah, sorry. And they also often have to run into those storms with, like, tools, because you want to take a little bit of a, you know, Hippocratic oath here, too, and, like, not do more harm, you know, than help, right?

So, they have, you know, a little bit of restraint that way.

And then also all of the variety of stuff they face, not only on content moderation questions, but also law enforcement access questions, transparency about the way all of this happens.

It's a really complex field, which could occupy a whole other sort of stretch.

So, we've got about 45 seconds left before we go off, and probably about 30 by the time I'm done with this last question.

But just any closing thought, you know, as we look forward to the next 10 years for the Internet, you know, in an optimistic point of view, anything that you think is sort of turning the corner or is just about to take off that will make the opportunities of the Internet really great for the next 10 years?

I mean, I think there are a few things that are much more important than the Internet.

So, I would close with just go out and vote.

Please vote. Voting is really important. Please go do it.

Very good. Alex, thanks so much for your time. Thanks for, you know, the unique perspective you bring from having worked out here, having worked in government, and look forward to see whatever you're up to next, because I'm sure certainly will make my life easier and my issues easier.

So, thanks. Thanks for continuing to be involved in all that.

Thanks so much for having me, Doug.