Join Paul Spain and Stephen Phillips (Snyk) for an insightful discussion on EdTech’s Kai’s Education and Kami, major layoffs hit Spark, 2degrees, and One NZ, the impact of AI on job interviews, fintech Debut’s aim to launch NZ’s first open banking and AI-driven bank, Telegram’s CEO arrested and law enforcement access to encrypted communications, Qantas first-class coding error, a look at Australia’s ‘right to disconnect’ law and more.
Special thanks to our show partners: One NZ, 2degrees, Spark NZ, HP, and Gorilla Technology.
Episode Transcript (computer-generated)
Paul Spain:
Hey, folks. Greetings and welcome along to the New Zealand tech podcast. I’m your host, Paul Spain. And today we have Stephen Phillips from Snyk joining us. How are you, Stephen?
Stephen Phillips:
Very good, thanks, Paul.
Paul Spain:
Great to have you back on the New Zealand Tech Podcast. Lots to delve into today. Before we do, though, big thank you to our show partners One NZ, Spark, 2degrees, HP and Gorilla Technology. It’s a big week. When I look at the things going on locally, there’s some things to celebrate. There are some challenges from the economy impacting us locally here in New Zealand. A story I was alluded to today with a call from one of the radio stations in regards to some challenges that AI is causing for job applicants. Also some movements in the world of fintech financial tech and then some international areas to delve into as well.
Paul Spain:
But let’s jump straight in. Kami. Now, we’ve had Kami on the New Zealand tech podcast. Before they considered in the edtech space and Covid was a massive boon for them. It was a real time of growth. But the end of COVID was not the end of Kami. They have continued to go from strength to strength as a business. And with their most recent investment into Kami, which means that the majority shareholding now is offshore, puts the value of the business at NZd300 million.
Paul Spain:
That is an incredible achievement, isn’t it?
Stephen Phillips:
Yeah, great. Great company as well. Very strong governance, oversight, and solving problems for customers.
Paul Spain:
Yeah, look, it’s really pleasing to see. And for those that are interested, actually, I’ll see if I can have a look and we can find out which episode we first chatted to Cammie. We are looking at an interview with them again to hear a bit more of the. The Kami story. But we had Kenji Wang, who’s co founder and chief executive in the past, to share a little bit of their story. And really what we’re hearing was that their chrome plugin, browser plugin that they had built had just been an absolute boon in the education sector, particularly with kids in the US and around the world needing to, I guess, work and do things with PDF’s and so on. And their plugin massively facilitated that. But they’ve gone on from strength to strength.
Paul Spain:
They’ve got quite a large development team, haven’t they, Stephen? So there’s a lot to their operation, and, you know, they are, you know, one of those who has used a sort of a freemium model where, you know, they’ve given away access to their technology to a lot of people, but now they’re at, I think, over 40 million users and just about every country in the world. So yeah, really, really, really good. Really good stuff. So yeah, that’s one that folks might be interested in. Episode 477 of the New Zealand tech podcast, if you’re interested in that one. And another one that’s in the sort of edtech world is Kai’s education. And we talked to them back on episode 615 and they’ve just recently been featured in top 50 edtech startups list and I think that’s a global list. So, you know, just encouraging to see kiwi firms doing incredibly well on the, on the global stage.
Paul Spain:
I guess in some ways we get used to it, but I think it’s important that we celebrate it, that we, you know, that we have that awareness of the great work that’s going on. Kai’s education. Yeah, the AZ is I guess, a kind of a. A use of robotics in education and learning and they’ve taken a fresh and innovative approach to the use of the technology. So yeah, all the best to them. Now, on the flip side, we’ve got challenges in the economy and of course it’s often the technology that we look to help us grow on the global stage, increase our export revenues so that we get less issues when it comes to our economy. But it isn’t impacting a lot of organisations across the country. What have you been seeing, Stephen? You talk to a lot of businesses out there.
Paul Spain:
I know you’re pretty well networked up and down the country. There are some companies that are just thriving regardless, aren’t there? But other ones that are, you know, getting hit pretty hard.
Stephen Phillips:
Yeah, certainly media, logistics and obviously telecommunications people have been optimizing their spend across, whether it’s business, whether it’s personal. People are cutting back a bit.
Paul Spain:
Yeah, and that was the news this week from Spark that, you know, they’ve talked about a challenging year and it saw their net profit fall 72% from 1.1 billion to 316 million. So that’s a pretty hefty hit and lot. They’re now in the position, as we’ve seen with other telecommunications and or telcos, as we tend to call them. I guess they’re a lot more than telecommunications these days. They’re very much technology providers in their own rights in many ways. But yes, Spark aiming to cut $50 million in labour costs was the headline from the Herald. And hundreds of jobs to be impacted. Look, this is going to be a really, really difficult time for, you know, for those that are hit as it has been, you know, for many over, you know, over the last period and you know, two degrees and one and Z have had their own cuts as well.
Paul Spain:
So yeah, I guess we certainly wish our best to those who are impacted and you know, I guess we do everything we can and you know, hopefully the economy comes back pretty sooner rather than later.
Stephen Phillips:
Yeah, I think in the past when we’ve seen downturns in the economy it hasn’t impacted the technology sector so much. But I think as technology becomes more commoditized I think we’re starting to see more impacts across a broader range of industries.
Paul Spain:
Yeah, it leads into this other topic of AI and job seekers. So stuff ran a story about a job seeker who was, who’s been interviewed by over 100 robots and the story goes that he can’t even get work as a dishwasher. So he’s trying to get some jobs that are not at the kind of high end where he should need to do a huge amount of interviewing and so on. And he’s been going through these online interviews and the Australian platform Sapia. I think s a p I a Sapia. AI is being used by a range of New Zealand businesses. Spark is one of those in New Zealand. And I guess this is, this is part of where I.
Paul Spain:
Organisations are able to be more efficient because they’re handing work over to software and AI. What the SapiA website talks about is that they say their automated chat and this is talking from an employer’s perspective, lets you interview everyone and because it’s low pressure, every candidate will bring their real and best self the result. You see the whole person, not just the CV. So that’s the headline. And in fact that Spark is one of their reference customers looking at their website and that’s where it’s mentioned of spark decreasing hiring costs by 70% and boosting diversity. So there’s, these are the changes that are afoot and I guess some have had that fear is AI is going to take my job away. Well here AI might just give you a job, but of course it’s not just the AI. And when we talk about efficiency, that may mean that roles have disappeared.
Paul Spain:
So with Spark saying sort of decreasing their hiring costs, that could be external costs, that could be jobs lost there, it could be internal. I don’t know the ins and outs in that example, but I think there’s a bit more nuance and sort of complexity to this. When I read about this chap having to go through all of these interviews, Venkata Shastri is how I pronounce his name, and I know I haven’t got that perfectly right, but he said he was sending up to ten applications a day and he’s been job hunting for something like six months. And he’s basically saying, look, he’s not getting to talk to people anymore. He’s doing these interviews with the AI bots. Look, in some ways you could say that’s a step up if you weren’t getting an interview before. But hey, now a lot more people are getting interviewed, you might get more opportunities. The flip side, I guess, is if you’ve got an accent that the AI can’t understand too well, or there’s something where a human might pick you, where the algorithm might not.
Paul Spain:
So there can be flip sides. I’m picking here where sometimes you’ll do better with a human, sometimes you might do better with an AI in the screening process. But I guess the part of me that likes to look on the positive side would be quite pleased that actually more people are getting a form of interview or people may be getting a little bit further along before they get cut off the list. What are your thoughts on this?
Stephen Phillips:
I think it’s good that it’s made interviewing more accessible to more people, comes down to the selection of the questions and how they’re actually gathering sentiment. And if due to language difficulty, you’re not creating basically a positive sentiment experience, that’s certainly going to introduce bias, which is something that I think employers are going to need to really be careful with because you’ve seen some examples like in the US and all around this, where bias basically has come into various processes and then it’s ended up in court and the like. So.
Paul Spain:
Yeah, yeah, well, look, I mean, bias can come from people, and if you’re using AI, well, that’s gonna, you know, it’s being perpetrated, it’s being fed data from, you know, from people’s preferences and so on. So I, I’m not sure you ever entirely get rid of it. But, yeah, I mean, if an AI, and I think we’ve talked about this on the New Zealand tech podcast before, a system that does transcription, let’s say, Microsoft Teams, for instance, Microsoft Teams want you to set the language right. So it’s like, oh, is this person speaking in us English? Are they speaking in Australia, UK English, Australian, you know, Kiwi English? I think it’s New Zealand English, which in itself is odd that you have to set that because, well, have Microsoft not aware that you can have two people on a conversation that are from different parts of the world and are gonna speak different flavors of the language. Maybe they can get their on to fixing that one. Now, of course we like to throw stones at the big guys, because you can, and no doubt all of that stuff will come in the fullness of time, but there is an element of those sort of shortcomings that I imagine that any platform is gonna have to deal with. And as you say, if someone’s English is good, that might not be their first language, but it might not matter for the role. This chap was talking about is he’s happy just to do dishes.
Paul Spain:
Right? And maybe after getting some media attention today, he’ll get some quick job offers. But we see Spark, Kmart, Woolworths and others that are using this technology. So I guess my hope is that the technology iterates quite quickly. They address some of the shortcomings. I can imagine you could do some pretty smart stuff with this software that advantages everyone over time.
Stephen Phillips:
Yeah, you might be able to start by the bot asking basically what language are you most comfortable conversing in? And then you can eliminate that bias.
Paul Spain:
Yes, yes. Yeah. And look, there’d be pros and cons of this, but if there’s a really big platform, if Sapia is the platform that a lot of the big companies are using as an individual, you could choose to sign up with this platform, and you might allow them to keep and collate information on you. So when you go for your next interview, it’s not actually asking you some of those same generic questions before, because you leave that in the system. And there might be other mechanisms like that to bring some efficiency. There’d be pros and cons to that sort of approach.
Stephen Phillips:
I’m sure, you know, some people would probably be able to figure out how to game the system as well. That’s true. What’s to stop you having multiple tries and figuring out maybe where you might have gone wrong and getting some coaching on how to game the system.
Paul Spain:
Yep. I guess you could feed in the questions into an AI and then get whether it’s whether the answers are coming from the AI or from yourself, and feed them back at the system. There’s so many different versions. Do you use your voice? Do you use an AI that can be heard more clearly? And you just start with, hey, I’m giving these answers through an AI because some AI’s don’t understand my voice. Right. So I guess there are a lot of possibilities as to how these things play out in future, but they’re not necessarily going to always put everybody on a level playing field.
Stephen Phillips:
Yeah. Have an LLM basically listening as you’re doing it and pick the best answer.
Paul Spain:
Yeah. Yeah. So, yeah, interesting times ahead. Look, I don’t think these sorts of tools are going to go away. They’re huge benefit to business and I think it’s going to be a journey to get the very best results for both businesses organisations and those applying for applying for differing roles. So yeah, we’ll see how that plays out. But I mean, Spark’s comment around a 70% saving in their hiring costs, I think, you know, that alone is going to really spur on a lot of organisations and, yeah, the idea that you are giving a lot more people a chance to interview in some form even if it is a bit time consuming for applicants, you know, I think there is, you know, there’s some real positive to that. I guess you have to balance it in terms of how long do you tie them up for if it’s kind of a five minute interview, you know, to me that’s, you know, that that’s probably not, not too bad.
Paul Spain:
Now that’s me sitting more on the employer side of the table than someone that’s needed to apply for, you know, for a job for a long time. But yeah, I see some good there.
Stephen Phillips:
Yep.
Paul Spain:
All right, so the other topic on, on a local basis wanted to tap into is we heard today from a New Zealand fintech company called Debut who are working, they say, to become the first locally owned bank designed for open banking and AI. Now the Commerce Commission has, I guess, you know, recently published their report on open banking and competition within the sector. There’s a lot about this you can go and read online, but when the recent media releases from last week said that the Commerce Commission’s final report into competition into the personal banking sector points to a potential of a stronger kiwi bank as a disruptor to the four major retail banks and open banking as a game changer, unlocking competition and revolutionizing choice for Kiwi consumers. Now, I’ve seen others maybe not, you know, not, not quite so, not quite so excited about this. And so, you know, I’m kind of keen to hear your thoughts on, you know, from what you’ve heard, Stephen, you’ve worked in the banking world before as a chief information security officer and you keep a good kind of eye across, you know, a range of sectors having, having worked in various ones including sort of telco land, you know, what do you, what do you make of what’s going on and then maybe we can have a little bit of a chat around you know, debuts comments yeah, well.
Stephen Phillips:
Open banking’s sort of on the premise that you’re commoditizing the set of services that a bank provides to its customers and makes it portable, just like doing number porting between a telco. So you can move from bank to bank to get potentially better rates. But the challenge you’re faced with is it can then lead to probably less innovation and investment in innovative financial services. Right, because if bank one offers all of these innovative services and you move to bank two because the rate’s better, maybe you stay because you still want some of those innovative services. So how that dynamic is going to play out is probably pretty key. So I think you’re seeing all of the major retail banks are dabbling with this type of a thing, but they’re also pursuing a let’s capture more customer market share through innovation and how we differentiate through innovation. So I think the main banks probably won’t uptake open banking until the regulator forces their hand. Is probably the thing with KiwiBank.
Stephen Phillips:
They’ve always struggled for lack of capital investment so that they can actually be on the same playing field in terms of cost of capital and innovation in the feature set that they offer. So there’s quite a few dynamics there.
Paul Spain:
Yeah. And look, I guess we’ve seen it in other sectors. Sometimes a sector will sort of move so that a regulator doesn’t have to insist on change, but quite often we don’t maybe see the level of change that might really suit consumers until a regulator comes in. And this isn’t just New Zealand, this is a global thing. Right. And we could delve into the chat around iPhones now in Europe, and if you buy your iPhone in Europe and you stay in Europe and you’re not anywhere else in the world, then Apple have one set of rules that they play to and let you tap into third party app stores and so on. And I think the EU would argue that’s the best version of your iPhone you could have, and probably many would agree. But yeah, if you then travel to the US and base yourself there, I think after about a month you have to kind of go back to following the us rules.
Paul Spain:
And this is where the European Commission have kind of put their foot down the regulator there and said, hey, we need a different picture than what we’ve had. So that’s probably one of the big ones in the tech world at the moment. But most of these areas there is that sort of crossover and a big sort of tech element to it. And I think that’s what’s going on here in banking. A lot of it is about the technology and open banking. That idea that we can have really innovative maybe app based services and banks or competing type services and really, really smart little innovations that can be added in, you know, tech enabled, isn’t it? And then the idea that, yeah, you can, you can tap into your banking data in any way you like, as we’re kind of used to between different app platforms. It’s kind of where we want to get to, isn’t it? Realistically, we just wish the banks would come along for the ride and innovate and lead the way.
Stephen Phillips:
Yeah, it’s definitely going to be a challenger that takes the lead and all here. And, you know, we’ve seen the challenger model, you know, work. It does take a decade and the likes or more. So two degrees. Sort of 20 years ago was, it wasn’t challenger. Now they’re actually, you know, one of the, one of the big players. So it does happen.
Paul Spain:
Yeah. And, yeah, one of those companies, and again, we’ve had them on the show before, or Dosh and they’re doing their new things and look, I think they’re doing a pretty good job. But there is that element where commerce commission or regulator doesn’t go maybe far enough. And this is all down to individual perceptions. The Commerce Commission would say they’ve got this right. Those that have got, I guess, that are within the traditional banking system will have their opinions. And those that are in these sort of challenger and more innovative new companies like Dosh and light debut would be hoping that maybe the regulator does a little bit more. So it’s quite an interesting time.
Paul Spain:
I guess I would lean more in the direction of, yeah, we do want to support more innovation. We have, in the scheme of it, reasonably large sums of money floating out of New Zealand back to the Australian banking systems. And that’s usually, what are we talking? A billion dollars per bank if you were to average it out over a period out of those four big banks. So for every adult New Zealander, there’s maybe $1,000 that’s going, you know, in profits off the back of that individual in the direction of Australia. So, you know, putting on my sort of selfish bike, you know, buy New Zealand made by Kiwi made and those sorts of things. I would love it if we had, you know, better options in the New Zealand market, if kiwi bank were better and more innovative, if the smaller players, you know, like the doshas of this world, were, I guess, better backed, better.
Stephen Phillips:
Supported by, you know, maybe even incentivized.
Paul Spain:
By the government and maybe even. Maybe even incentivized by the government. Yeah, that’s a good point. So, yeah, look, I hope that it doesn’t stop. Here would be my initial thinking on the things that I’ve read out of what the Commerce Commission have shared recently. I’m curious, you know, what the government will do with Kiwi bank. It’s not, you know, it’s not particularly something you would expect, you know, a right lending government to put a lot of effort into their own, you know, a government, government owned entity like a. Like a bank.
Paul Spain:
That’s not how they tend to play. So yeah, I’m not quite sure what, you know, what this picture looks like over the next few years. You know, that said, I do see good things coming from KiwiBank and. But, you know, I’d probably like to. I’d like to see a lot more of the innovation coming from there. But, you know, they’ve certainly made some, made some good efforts and they’ve got behind the fintech sector in New Zealand and supported a fair bit of innovation. So. Yeah, interesting period, isn’t it?
Stephen Phillips:
Certainly is, yeah.
Paul Spain:
Is dosh a service you’ve had to play around with?
Stephen Phillips:
No, I haven’t had a look at that one. I’ve had a look at a few.
Paul Spain:
I’m just firing up my dosh app now for a look.
Stephen Phillips:
Certainly some of the second tier banks and all as well, they have to earn market share through innovation as well. Like your Taranaki’s, your heartlands and the likes. I think you’re going to see some of these players as well as starting to make a bit of a play as they see the regulators have more openness to open banking.
Paul Spain:
Yeah, okay. Yeah, yeah. So yeah, I mean, I’m just having a look at their app now. I mean they’re working hard with the sort of partnerships and things that they’ve set up. Like I’m looking here, shop Lululemon online with your dosh card. Get 8% cash back. I don’t think our banks are doing that. These sorts of things.
Paul Spain:
Shop milk run via the Dosh app with your dosh card, 7% cashback. You know, so there’s a whole raft of these sorts of things and obviously these are commercial partnerships that I’m sure are win win all round. Something with hello, fresh puma. 8% cash back, 10% cashback on Manuka doctor. So they are working very, very hard to kind of help get that momentum and to get onto people’s phones and to be a mechanism but of course, most of us are going to put most of our money in a traditional bank until a dosh becomes, has that rubber stamp from the regulator that says, you’re a bank, you know, and probably we wait, you know, the bulk of the population are gonna wait a decade or more before you really jump on board, unless something is, you know, absolutely, you know, game changing. Right. And that’s where you get your Netflix’s and your Ubers and so on. It’s like, oh, that’s completely different from what we’re doing.
Paul Spain:
Let’s go do it. But, yeah, I think it is worth keeping a watch on these apps and FinTechs. And as listeners of the New Zealand tech podcast, we tend to be people that are interested in the new technologies and adopting them. So I would encourage listeners, go and look up dosh. Go and look up debut. Let’s have a look at what these companies are doing. We’d love to hear some feedback on what you’re finding. And of course, it’s, you know, it’s all about people getting behind them, helping them build traction and then raising funds and around the regulatory environment, being supportive.
Paul Spain:
And if all those things line up, then we’re away. So I hope that happens.
Stephen Phillips:
Yeah, it certainly happened in that EFTPOSt in New Zealand. New Zealand was a real innovator in that space, and we ended up being a long way ahead of other markets like the US.
Paul Spain:
Yes. Yeah.
Stephen Phillips:
But then over time, the large players, like your visas and all those types of things, sort of hooked back into that market and some of the innovation got lost.
Paul Spain:
It really did, actually. It’s interesting you mentioned FBOss, because I was thinking about efbos the other day, and I was reading around the death of the magnetic strip, and I thought, hold on, my EFTPOS card. They do have their efpos online, which isn’t highly adopted, but it works well without the same sort of fee structure as credit cards. But other than that, it sort of seems like that they’re stuck in some sort of a time warp because every other gadget or every other sort of tap to pay. That’s kind of the go. Not swiping something with a magnetic strip yet. I do it to save a few dollars a week on costs at cafes and the Lycos. Swipe my card through because you’re not paying the extra fees to the globals.
Paul Spain:
Yeah. The global financial giants. And so we do that. But it has left me wondering, when’s fboss going to get with the next step of the game? Yeah. Yeah. So yeah, there’s an opportunity there. And, of course, efpos got sold and is now, you know, I think, owned by a public company in France or Europe. So that picture has, has, has certainly changed and maybe we’re just too small a market that they don’t care.
Stephen Phillips:
And, you know, with phones and NFC tap technology, there is a lot of peer to peer sort of payment providers. If a peer to peer payment provider starts working with retailers and those types of things, you could actually have some quite interesting sort of solutions and all here.
Paul Spain:
Yeah, it does seem quite hard to get these things working and across the line. But if we look to the buy now, pay later segment where a lot of retailers managed to get their head around somebody paying in a slightly different mechanism, and that went, you know, whether it was in store or whether it was online through varying e commerce platforms and so on, those players managed to get some reasonably quick traction. So it says it’s not impossible if the will and the desire is there.
Stephen Phillips:
Yeah, correct. They’ve certainly struggled, though, with managing levels of fraud and AML and compliance and all around that because the regulators sort of leaned into that market and made it harder for the buy now, pay later players to work there because there was real risk.
Paul Spain:
Yeah. And look, you know, we’ve seen the realities being that there wasn’t, those platforms weren’t maybe as profitable as some first thought. So, yeah, somewhat, somewhat complicated. But, you know, the fact that retailers were able to successfully change, to accept effectively new forms of payment through these platforms shows that it can be done. Ultimately comes down to the financial motivation. And for them, they were convinced they could get enough in terms of an increment in their sales by these platforms. Now, you know, the question is, yeah, can, can some of our newer players, you know, come up with other mechanisms or. Yeah, do that? Do they just do what, for instance, dosh does, which is, you know, they give you a debit card and so, hey, they’re having to carry that fee structure and that’s all part of it.
Paul Spain:
Or are we going to get something that’s a bit more in that kind of EFTPOS realm where a whole lot of money, a big percentage of a transaction, it doesn’t have to get taken out of the mix and sent to the other side of the planet? I’d be very interested to see how that could play out and then we could delve into central bank digital currencies and what technology that may or may not bring from a payment perspective. But that’s probably a topic for another day. Stephen, I’m sure you’d have some thoughts there. Now, onto the international front, the telegram chief executive, Pavel Durov. If I’ve got his name pretty close to right, Pavel is Paul in Russian, if I recall correctly? Or is it Paul? I think it is. So he has been arrested in France now, I guess, with your hat on. As someone that sort of lives and works in the cybersecurity world, maybe you could sort of walk us through a little bit around telegram and kind of how they’ve been sort of thought of within a cyber and I guess, a broader perspective. And.
Paul Spain:
Yeah, why is this happening?
Stephen Phillips:
Well, I think all of the social media companies, of course, Telegram is one of those that have secure messaging channels, are all being actively compelled by law enforcement to provide a reasonable access on the basis of a subpoena, and the likes to actually share information when they become aware of particular threats. So this has happened with the likes of Facebook, with Zuckerberg. It’s happening to Google sort of all of the time. It’s happening to all of the social platforms, TikTok and the likes. What telegram is mostly known for, though, is being the platform of choice for organized crime. So there’s a lot of organised crime that gets perpetrated at a, like a nation state in a criminal sort of, sort of money laundering, all sorts of other sort of various nefarious sort of things happening on the platform. He appears to have got in trouble, basically for not complying basically with law enforcement requests and protecting his customers, as you would protect the privacy of your customers. But there needs to be a bit of a balance there and there’s a big shootout sort of starting to happen now between some of the us sort of law enforcement compelling these platforms to better share, because the cryptography underpinning this technology has evolved to the point now where a provider like Telegram, like Facebook, can legitimately say, I don’t control the secrets that are required to give you access to that anymore.
Stephen Phillips:
And once you reach that point, it’s very easy for criminal operators to actually obscure basically what they’re doing. And that’s kind of where we’re at. And I think this is possibly a bit of a test case by the European Union, who like to actually push on these things, and they’re probably wanting to actually sort of make this a bit of a test case.
Paul Spain:
So I’m curious for your thoughts. You’ve talked about telegram being used for criminal purposes, shall we say? Of course, that sort of thing can happen on, you know, can and does happen on any platform, right?
Stephen Phillips:
Correct.
Paul Spain:
Even on unsecured text messages. Right. Which is, which is, you know, why in, well, probably not just years gone by, but more so in years gone by. You know, we would hear around criminals getting, getting caught because, you know, their text messages were monitored by the telecommunications provider following some sort of court order or whatever the legal process is in a given region. And of course, if you’re going to do something and you don’t want anyone to find out, you try and hide it. Right. But it’s not just telegram that encrypt people’s data. So how, how do you think that this should sort of, you know, play out in the future? Do we need to have that ongoing sort of legal access and, well, you know, or do we move to a world where it is just, hey, we just know things are encrypted and just like your bank communications and, you know, no one, including law enforcement, can, you know, can ever get to that information.
Stephen Phillips:
Yeah, it’s quite, you know, there’s always been a legal precedence for access to lines of communication. Like legal intercept has been a part of since the 1950s, sort of. There’s been legal intercept in most countries, western countries, legal frameworks, but always subject to a subpoena. But what’s happening is the end to end cryptography is to such a point now where you can’t even sort of determine from looking at the communications happening whether there is just cause to actually look into that. There’s a little bit of metadata potentially, that leaks around what the exit and entry nodes are for the stream of communications, but very difficult to actually have just cause and all on that sort of thing now.
Paul Spain:
Yeah. And the reason for that is those communications, they’re fully encrypted from start to finish. So, for instance, the European Union can put pressure on the telegrams and other social media platforms to, you know, to stop having end to end encrypted messaging. But of course, if you do that, there’s always ways around it. There’s always ways that encrypted communications are going to be seen in just the same way. I don’t know. During World War Two, for instance, we had those encrypted communications and some of them, we know the movies and so on, they were able to crack them and figure them out. But we are getting into a world where increasingly anybody has access to that type of technology.
Paul Spain:
Now, we’ve also heard the stories around the so called encrypted platforms and encrypted phones and so on, and then lots of people getting found out cause they thought that their communications were totally secret and actually the authorities were in there looking at the messages and maybe even sending some of the messages and so on.
Stephen Phillips:
Right. Became basically the provider to the drug cartel of their comms channels. As soon as you’ve got access to the physical device at the end, which obviously police can compel, you do actually have access to the channels. So if you’ve physically got access to a device, you can’t hide the communications at that point. So law enforcement does have that, but it’s when they want to do it remotely and when they’ve got suspicion basically, of that based on metadata, remotely. So maybe that is the balance. But there’s certainly a lot more debate that needs to happen because the likes of the NSA and the homeland security in the US and all those types of things are pushing for more and more here. But then in other places they’ve been winding it back because there has been misuses of.
Stephen Phillips:
Of mass surveillance. So it’s always going to be a balance.
Paul Spain:
Yeah, look, I think we’re going to be debating this for some time to come. Now, it was interesting yesterday, Qantas were selling first class seats for up to 85% off their usual price, except they were doing it unknowingly, didn’t quite realize what they were up to. It is at times amusing, the missteps that technology enables on sort of a, you know, on a mass scale that in earlier years would have been, you know, there would have been too many layers in a buying a ticket process for that sort of thing, probably to have been quite so usual. But these days, something like that happens. It can often sort of go viral before the airline can, you know, maybe do too much about it. They have now, you know, the extent of these kind of digital errors or operator errors. That technology, you know, for whatever reason, is still not programmed in a smart enough manner to stop, is such that their terms and conditions allow them to get out of actually delivering these tickets that they’ve promised to do so in these circumstances. So it was interesting reading around that one yesterday in the Australian media, but I saw in this case Qantas.
Paul Spain:
And I think this is more and more becoming a consumer expectation, which is, hey, airline, if you make that sort of mistake, it is on you probably more than it’s on the consumers that bought the tickets. Now, they’re not letting people keep their first class tickets, they’re downgrading them to business class. But it’s still a massive, massive discount off. Yeah, I think it was business class return fares between Australia and the US for maybe it was about $4,000 or some reasonably large discount. Do you think that airlines should be held fully accountable on this stuff? Because surely we’re not new to having custom software developed and having ticketing systems that are sort of software based. We should be at a point now where a system has enough rules in it that sort of says, hey, if these are being discounted at mega ridiculous rate when it comes to an air fear based on the average fare or whatever other rule system you put in there, that you’ve got to get double, triple, whatever sign off before they go through, shouldn’t the technology be that advanced by this point in time? Stephen?
Stephen Phillips:
You’d hope so. It couldn’t happen to a nicer airline, because if you cast your mind back a few months, Qantas had some challenges where they were cancelling flights, basically, and ended up sort of bumping the profitability, basically, on flights. And that was obviously extra revenue in their favour.
Paul Spain:
That’s right.
Stephen Phillips:
So maybe this is just the, you know, quandary to that. It’s the opposite of that. To balance that out, you know, they pump the prices over here.
Paul Spain:
Right?
Stephen Phillips:
Maybe they have to carry this one.
Paul Spain:
Now, also in Australia, you know, we have this new right to disconnect law for employees. And look, I found this fascinating because if we look back pre computers, and I know that might seem like it’s hundreds or thousands of years ago, but it’s not. But pre everybody having a computer, or certainly pre everybody having a smartphone, that’s not a million years ago, 25, 35.
Stephen Phillips:
Years ago.
Paul Spain:
We had this scenario where if an employer wanted to communicate with a member of their team outside of normal work hours, there were hoops you’d jump through. You could pick up the telephone and call them and you might reach them if they were at home. You could maybe drive around for a visit or whatnot. Of course, now we’ve got 24/7 communications, regardless of where somebody else is on the planet. And in some cases, this hasn’t necessarily played out very well. So the Australian laws here, I guess, basically enabling employees to refuse to monitor, read, or respond to contacts from an employer or a third party, such as a client, outside of working hours, unless that refusal is unreasonable. So I guess it leaves that room for those who are working in roles where, hey, there is on call aspects or varying expectations with deadlines, you know, news media and things like that. I guess there will be, you know, a whole mix of.
Paul Spain:
Of roles that the tech sector is probably one of those more complicated ones, and that, you know, that, you know, there would be some circumstances here, but it seems like, you know, there’s, there’s some, yeah, there’s some wisdom and actually, you know, applying some thinking here. I don’t know whether it does or doesn’t need to be something that’s legislated if we were to look at it in a New Zealand context. But I think it’s certainly an important conversation to be having. It’s something important to, you know, to be, you know, thinking about because, yeah, you, you get this wrong and, yeah, the, the impact on individuals and their families and so on can be, you know, can be really big.
Stephen Phillips:
Yeah, well, I think good on Australia for taking the advantage here. Normally on employment law, it’s kind of like they’re a little bit closer to the american market. So. Yeah, great that they’re prioritizing people’s health over economic goals. So I think it probably does restores the balance a bit. But what a lot of people probably haven’t done though, is there’s a lot of the facilities to filter this sort of stuff out on your phone. So just by playing around with your profile of who can access you sort of over what platform, at what time, and even sort of check only certain users, you can do those sort of things. But it’s a, it’s on the individual.
Stephen Phillips:
But for people that aren’t inclined to do that, maybe this provides the level of protection they need.
Paul Spain:
Yeah, I mean, I think it is quite a challenging one. I see some, you know, some of the responses have, you know, there’s been criticism from employers associations saying the legislation is flawed and rushed into law. So, yeah, getting these things right I think is always easier said than done. We’ve seen these sort of laws going in.
Stephen Phillips:
You want a betting in period to make sure there isn’t actually any unintended consequence.
Paul Spain:
And in theory, we’ve seen that because these laws have been in place in Europe and Latin America. So there has been some activity. I see in 2018 there was 60,000 euro fine for rent a kill initial courtesy of a french court because they breached their employees right to disconnect from work after requiring an individual to constantly have his phone turned on in case of emergencies. Now, I’m sure there’s a whole lot more to that, but if you’re working a role where you need to be on call to deal with emergencies, then, you know, reasonably reasonable that, that the phone, you know, should be on during, you know, certain hours and at certain times. But I’m sure there’s a whole lot more, you know, to that particular one. And of course you don’t, you don’t generally want, you know, that all being dumped on, say, one individual and so on. And that’s where this sort of legislation, I would hope, helps increase the sort of balance where these things are out of kilter currently.
Stephen Phillips:
Yeah. You always need to protect that goodwill bargaining aspect for those edge cases. And if an employer is acting in bad faith around some of that, you need to have the right protections there.
Paul Spain:
Yep. And I think we need to encourage the conversations as well. Right. So that it becomes, it’s something that people are comfortable to, you know, to talk about because, yeah, if these things aren’t, aren’t getting attention, then they don’t necessarily land in the right place. Good stuff. Well, that’s our main topics. Tell us a little bit what’s happening in the world of Snyk. For those that don’t know Snyk, tell us a little bit about what Snyk does.
Stephen Phillips:
So what Snyk does is software that gets developed by developers and the likes. In New Zealand, we help to protect developers from writing vulnerable software a little bit like Grammarly and the like. So as you’re coding something yourself or, or as you’re maybe using chat, GPT or copilot to create the code for you, you need something like a Grammarly for security software to step in and make sure that you’re not building vulnerable software. So really that’s what we’re doing.
Paul Spain:
So you’re able to look at the code as it’s being, look at the.
Stephen Phillips:
Code produced as you’re producing it, but then also look at the code that you’re bringing in from open source and understand what vulnerabilities are in that and how to actually eliminate them. So it’s all around helping businesses operate more secure software without getting in the way of developer productivity. So that’s the type of thing we’re doing. And it’s used for startups, sort of tech companies that are building innovation and using software all the way up to the largest companies in New Zealand and the likes. Yeah.
Paul Spain:
So you’re well used kind of across a whole range of fears. Basically, wherever there’s been software development done, that’s where Snyk comes in to help making sure it’s secure.
Stephen Phillips:
Absolutely, yeah.
Paul Spain:
Interesting. And any examples you can share with us of, I don’t know, anything from that coding world that might interest, you know, listeners, be it, I don’t know whether it’s. Whether it’s examples of things that your tools have picked up or what would be.
Stephen Phillips:
Yeah, probably only about 10% of the code that developers use is written themselves. About 90% of it they’re actually pulling from open source libraries. Over the past two to three years, there’s been 6700% increase in the number of those packages from open source that are being compromised because there’s millions and millions of projects around the world and developers don’t want to keep looking after them for a long time. So what happens is they get a little bit deprecated and unused and then someone will put their hand up and go, hey, do you want me to help with this? And then they’ll get the confidence of the open source provider to hand over access to that code and then they’ll put a couple of good updates and all in, but then maybe a bit later they’ll add in some malicious code that then ends up making that piece of software work as a data stealer. So that’s something that we’re seeing a lot more prevalence in all of, especially in the last twelve months. So it’s something that businesses kind of really need to be aware of is that your software can turn against you.
Paul Spain:
Yeah. So there’s a pretty big flip side to the great aspects of open source which developers do heavily utilize. And yeah, having a tool there to help is pretty important.
Stephen Phillips:
Yeah.
Paul Spain:
Okay, great. Oh, thank you for that. That’s great. Always good to have you on the show, Stephen, and your insights. Thank you everyone for listening in. We’ll of course be back again next week with another episode. And of course a big thank you to our show partners. Gorilla technology, HP, 2degrees Spark and One NZ.
Paul Spain:
I hope you have a fantastic week ahead. All right, see ya.