Close this search box.
Current trends in Internet Freedom

EP 64: Current trends in Internet Freedom

Our bi-weekly Inflection Point bulletin will help you keep up with the fast-paced evolution of cyber risk management.

Sign Up Now!

About this episode

October 13, 2020

Kip Boyle, CEO of Cyber Risk Opportunities, and Jake Bernstein, JD and Cybersecurity Practice Lead at Focal Law Group, review trends in Internet Freedom with our guest, Harold Li, Vice President of ExpressVPN.


Episode Transcript

Speaker 1: Welcome to the Cyber Risk Management Podcast. Our mission is to help you thrive as a cyber risk manager. On today's episode, your virtual chief information security officer is Kip Boyle and your virtual cybersecurity council is Jake Bernstein. Visit them at and

Jake Bernstein: So Kip, what are we going to talk about today?

Kip Boyle: Hey, Jake, this is going to be a great episode I think because today we're going to talk about trends in internet freedom, which I think is a really important theme for people who are doing cyber risk management, it really affects how we have to do our job. And what I love about today's episode is we're going to explore internet freedom with the help of our guests, Harold Li, who is a vice-president with ExpressVPN.

Jake Bernstein: Harold, welcome to the podcast.

Harold Li: Thanks for having me.

Kip Boyle: Harold, did I say your name right?

Harold Li: That's right, Harold.

Kip Boyle: Oh good.

Jake Bernstein: That's great. So quality content here already. So before we get started Kip, Kip and I actually just want to be clear that ExpressVPN is not a sponsor on this show. We are excited to have Harold because he is on the cutting edge of this topic of internet freedom and we wanted him to be our guests. So there's no advertisements here, this is content and it's going to be really interesting. So Harold, let's start with the obvious question, what is a VPN? What does that stand for?

Harold Li: Well, I'm sure most of your listeners know but it stands for virtual private network and essentially it's a service or a tool that redirects your traffic through a proxy server through an encrypted tunnel so that you can protect your data, you can spoof your IP address and potentially appear in a different part of the world if you so please.

Kip Boyle: And a proxy server, I think we should probably define that term as well. I mean, Harold, what would you call a proxy server? How do you explain that?

Harold Li: Sure. I would just say it's a server between you and the final destination or the server that's sending you information. So instead of going straight to say Facebook servers, when you're trying to access that, you're going through say ExpressVPN servers before that data goes to Facebook servers. And that has a few benefits, for example, if you're in a country where you're not allowed to access Facebook, going through a proxy helps you circumvent that or perhaps you just don't want your network provider or your government or your employer say our school to know what site you're visiting, what service you're using, then the proxy service also kind of obfuscate that.

Kip Boyle: Okay. And a proxy server can really be anywhere in the world, right? It doesn't have to be in the country that you're living in.

Harold Li: Yes, exactly. So we have got servers on every continent except for Antarctica, we're working on that.

Kip Boyle: Oh man. I was really hoping you were going to say, including Antarctica, that would have been cool. I don't know how practical it would be.

Harold Li: We hear the content libraries there are great. So.

Kip Boyle: Oh man. Okay. Well, let's roll back the clock for just a moment because the idea that individual citizens should consider using a VPN is relatively new in the history of the internet. And I think it's kind of ironic because the internet was originally a military project and it was designed to ensure reliable communications in the event of link failures. And we have to remember that back in that day and time data communications were typically a point to point link. And so when the link dropped for whatever reason on either side or somewhere in the middle, all communication was cut off and so the military said, oh, we can't have that, we need to be able to get messages through no matter what. But that's kind of the midst of time, right? It's kind of where it started but over the years it's transformed. So Harold what do you see the internet has become in today's society?

Harold Li: Yeah, I mean, it's probably cliche by now to suggest that the researchers back then at ARPA had no idea what the internet would become. I would say the best way to understand just how fundamentally it's changed is how we consider the internet utility, there are a lot of conversations about that, or even consider internet access part of our human rights. So there's been some conversation about that even on the UN level about to what degree it's kind of a key part of our human rights. And that's because the internet has become such a fundamental part of every aspect of human life, I think that's a pretty obvious thing to say now. And most of us don't have to think about it most of the time but unfortunately a lot of people do have to think about that problem. And that's why the answer to what has intranet become is not so simple because it's not the same for everyone.

And in some countries, the intranet has shut down sometimes, it's censored, of course, those are who are economically disadvantaged or often digitally disadvantage. So for billions of people around the world, the internet isn't the same thing it is for you and me and that's why questions around access and digital rights are really important. And even for you and me, there's lots of important questions about privacy, security, surveillance and rights online. I mean that's also something that's really evolved dramatically and perhaps ties back to the government and military being involved in the internet from the get-go. And when we're conducting these most crucial and sensitive parts of our lives online it's really important to think about.

Kip Boyle: So I would boil your answer Harold up to my co-host favorite phrase, it depends, right? It depends on who you are, it depends on what you're trying to do, right? The internet is this thing that can be whatever you need it to be, which is actually amazing considering where it came from. And another thing that I think is important to mention about the internet and the reason why I talk about its origins is because it was never built to be secure in the way that we think of it now. It was never built to ensure the privacy of communications that just wasn't one of the design objectives, it was just really built to make sure that a message got through and we've been living with the consequences of that ever since sometimes good and sometimes bad.

Harold Li: All right. Sometimes I think about how email was built so long ago and even today we have issues with email spoofing that are still not properly solved because email was a result from that.

Kip Boyle: Right. Yeah. That's why criminals are using business email compromise to steal billions of dollars because we don't have an easy way to know if an email is authentic.

Jake Bernstein: It's very true. And I think it's interesting how this conversation about internet freedom already touches on obvious cyber risk management points. And so on that point, our audience is made up of people who are both individuals, many of whom value this idea of a free and open internet, but they're also senior decision makers doing cyber risk management for their employers or their companies. But let's go ahead and talk about their personal dimension first. Why should our listeners or people in general purchase a VPN for use? And are there free VPN solutions? And what's the difference in your mind? Keeping in mind again for our audience that this is not an advertisement for ExpressVPN though obviously feel free to mention the differences between paid and free VPNs.

Harold Li: Sure, no problem. I'll avoid plugging ExpressVPN too much. I mean, I'll start by saying, I'm guessing most of your listeners have at least a passing familiarity with the cost of running tech infrastructure that spans dozens of countries and has to reliably support terabytes of transfer. And certainly I know that maintaining a secure reliable VPN with that kind of infrastructure isn't cheap. So as with all free services on internet, there's always that question as where are they getting revenue to cover those operating costs and where are their incentives aligned, right? And that's not even to speak of investing money back into improving the privacy and security of the service, which of course we do, I won't belabor that point too much at the risk of making it sound like an ad, that revenue is making things possible, like investing in new protocols and providing customer service and better platform support and all these things that are crucial to ensuring that if you're using a VPN because you care about your privacy and security, then you want to make sure you're putting your money and your data somewhere reliable.

Jake Bernstein: So I think something you said is sticking with me which is this idea and I'm actually not sure if all of our listeners fully appreciate the cost of infrastructure. We have a lot of cybersecurity engineers and folks, we certainly have a lot of IT people who listen, a lot of software guys, but not everybody in this industry is a network engineer. And I would suspect that a lot of people don't fully appreciate the sheer cost of the hardware involved in running this type of thing. Maybe, since this is kind of a cyber risk type situation, explain what kinds of issues arise if you don't have a solid hardware backbone for a VPN.

Harold Li: Yeah. That's a great question. There's lots of issues here. So one is just, you choosing data centers that you can trust. Obviously you have to be able to have a server network that is physically protected to ensure that it's secure. You have to have servers and bandwidth between data centers that is sufficiently fast so that you're not unordinarily slowing down your internet connection just for the sake of securing it. And I think we all know that if you put risk management or mitigation solutions in place that severely hamper the fundamental user experience, users aren't going to use it. So is issues like that, it is building VPN apps that don't leak. So many VPN share the same core protocols but how you implement them varies greatly. So perhaps when you're connecting or disconnecting from the VPN, you're switching between networks, your VPN app is actually leaking some of the traffic outside of the VPN tunnel, that's another example of investments across the board, whether it's software or infrastructure.

Kip Boyle: Right. Okay. Now I think we've definitely all learned in the downstream from some of the Facebook to buckles that when you are not paying for something that you're consuming, you're probably the product, right? Somebody is monetizing you. And so all I can say is I hear a lot of people ask me, oh, I need a password manager, oh, I need a VPN, what's the best free one? That's where they go to first. They seem very averse to paying for things if they don't have to and I understand that as a base instinct. But what I'm constantly telling people is, look, you should not be evaluating your security tools the same way that you evaluate a word processor, right? One thing that you would never think about with a word processor is the quality of its engineering, is it going to fail? Is going to promise you one thing but then do something totally different behind your back?

Jake Bernstein: Kip, I'm going to have to disagree with you there, you're clearly have never had to file a document with the court in perfect word processing file. In fact, we care deeply about all of those things with our-

Kip Boyle: Well some people do.

Jake Bernstein: ... word processor and we pay for them. I mean, I think really the core concept here is you get what you pay for. And if you pay for nothing, you shouldn't be surprised if you don't get something that is not great.

Kip Boyle: Yeah. And so what I tell people who ask me about security software, no matter what it is, I say, look, you really need to pay attention to who's doing it and you really should pay them something so that they'll have the revenue that they need to do all the things that Harold was describing because those things all need to be done. But I'd rather give somebody a little bit of my money than to have them do other things to raise revenues. So Harold, what do some VPN providers do to raise revenue that you're aware of if they're not charging customers?

Harold Li: Sure. Well, I don't want to paint them all the same paint brush but we have seen some examples of free VPNs doing things like collecting data. There was a time when Facebook was running a VPN that was collecting data on what sites you're visiting for their advertising purposes. We've seen free VPNs inject ads into websites you visit so on top of that, you're already getting, here is more ads. And men, one really bad example, one free VPN converted its user's computers into a botnet. So all of these are potential issues, I won't say that every free VPN is behaving like this. But back to your point, oh I was just going to say, often I compare it to protecting your house and your digital data is as important as the valuables in your house. If someone is walking around offering you free locks or if they're offering to install a free security system on your house, you'd probably not say yes.

Kip Boyle: You would be rightly suspicious of that or at least you should be, right? And at the time of the recording of this episode and I didn't read the details of this very deeply but I did see a headline and I read an opening paragraph about some VPN. I think they were free VPN services that had stated in their policies that they did not log traffic but it turns out that they did and somebody discovered a massive cache of VPN logs. And so that really provided some strong evidence that what you're saying sometimes happens.

Harold Li: Absolutely.

Jake Bernstein: So let's talk a little bit about taking that. So you said VPN logs, and again, we have people who was varying levels of technical knowledge. So a VPN, we'll describing it as this tunnel, but what it really means is that the VPN has to know everything that you're doing in order to function, is that correct?

Harold Li: Well, to a certain degree. So obviously if you're already using some encrypted connection like HTTPS, you're using end to end encrypted messaging for example, then that encryption already kind of hides that data from anyone who's handling it along the way, including the VPN, including your ISP or anyone else.

Jake Bernstein: But in terms of the websites you visit and-

Harold Li: Yes, exactly.

Jake Bernstein: ... that kind of-

Harold Li: The metadata.

Jake Bernstein: ... the metadata, for example. Right. And so okay. So that's really helpful to know. And one of the things that we often say is that a VPN as a security tool, it helps prevent, Kip I like how you've changed this to a person in the middle of attack, and the reason that the person, I'm just going to have a hard time with that-

Kip Boyle: It's traditionally yes but we have to do it. We have to clean up our language.

Jake Bernstein: Yeah. A person in the middle attack to observe somebody's internet traffic, the VPN makes that basically impossible. So if the bad guys can't spy on the traffic they're going to try to compromise the computer which would neutralize the VPN. What's your advice to avoid that kind of compromise and maybe more broadly speaking, what type of security threats does a VPN protect against and what kind does it not protect against?

Harold Li: Yeah, that's a great question. So I'll try to answer in two ways. I mean, of course a person in the middle attack is just one of the many ways your data could be stolen. And as it says right in the name of this podcast, risk is about management, right? It's about mitigation, you can't eliminate all these risks. So I think there're two things I would say, one is, that is part of the reason why you need to look at VPN providers who are really invested in privacy and security because even for them it's not just about providing encryption between your client app and the server, it's also about how are they managing the servers, how do they making sure those servers are secure even if someone says gains physical access to them.

So for example, we run our servers in RAM only so that if someone tries to seize that server, anytime that server reboots that ensures that no data is left on it and also ensures that if someone got in and were to say, leave a back door, that would be wiped immediately. So then taking additional steps like that even though we're already not collecting logs but just going the extra step to make sure our servers can't possibly be recording this information and persisting, that's really important.

Kip Boyle: Hey Harold, before you continue with your answer, and I do want you to continue with that, I really want to point out something to the audience. So this whole idea of loading everything that you need to run in RAM and to leave no executable on the hard drive or the SSD, that's actually very good. And that goes to the heart of why people, I think, struggle so much to know which security services to purchase or which security products to purchase, because I tell you what, Harold, I had no idea you did that, now that I know you do that, that increases my confidence in your service. But if I was going to choose a different service it's like, gosh, how would I figure things out like that, right? Unless you were publishing that openly in an easy way for me to read and consume, I wouldn't know that. So I just want to point out that what's going on behind the scenes, how you do things is really important and it can be difficult to know. So I just want to make that statement, please continue Harold.

Harold Li: Well, I will take that very nice opening to say, you can visit to read more about that. But the second part of my answer, it is about what individuals can do. So of course other vectors, their internet traffic, their digital data can be compromised, are hugely varied includes malware, physical device theft, phishing, and other social engineering. So it really depends on your threat model to use that term again, it depends, but of course there are a lot of key basics like using multi-factor authentication, minimizing confidential and sensitive data that's on your devices if it doesn't need to be there, making sure that if your device is really sensitive, doing security event monitoring, and in certain cases, if you're entering very sensitive environments, you might want to use burner devices of course. So.

Kip Boyle: And for anybody who has watched Better Call Saul you know what a burner device is, right? But how would that actually work in practice in this case that you're suggesting?

Harold Li: Well again, it depends on your third model and your resources. So I've heard from companies where when they're traveling to a sensitive country, say China, and they're carrying a device with them, what they do is they just bring a Chromebook with them and then they do what they need to do on the Chromebook with no data stored locally and when they leave the country they donate it to a charity. So they don't touch that device again, it doesn't go into the corporate network again. So that's the kind of a really dramatic example, but.

Kip Boyle: No. But it's good, right? I mean, that sort of helps us understand what the end point is, right? Of the spectrum. On one end of the spectrum, you don't care, you just keep doing what you do, the other end of the spectrum is you would do something as you suggested. So no, I think that helps people understand sort of what the state of affairs is.

Jake Bernstein: And that's really interesting, I think everyone kind of has the idea of a burner phone but if you have enough money you can do burner laptops, if you need to and I think that actually is a-

Kip Boyle: Or tablet.

Jake Bernstein: ... really, yeah, or tablet, it's a really good suggestion. It's a really good thing to keep in mind particularly when you go into an untrusted environment.

Kip Boyle: Yeah. I would even point out that if you are a journalist and you're reporting on human rights abuses in a country that has a regime that's hostile to what you're doing, you had better be going over to the Electronic Frontier Foundation's website because they have an entire tutorial there and they actually run webinars to teach you how to be on the internet safely. It includes the VPN, yes, but there's so many other things you've got to do. You're almost a spy operating in a foreign power. I mean, you've really got to take a lot of protections so just want to add that in there. I mean, if you're really paranoid go over there and find out what they recommend.

Jake Bernstein: So did we finish that... I actually can't remember now. crosstalk Yeah, did we let him get to his second point?

Harold Li: Yes. That was the second point, what people can do on their ends in addition to what we're doing on our end. But I mean, of course we could go on and on and on about what security measures people could be taking.

Kip Boyle: Yeah. I mean, I would just add a couple of just quick ideas, right? We've talked about stuff like this before like you should be using some form of two factor authentication and you should not be using your administrator account for web browsing and email processing, things like that. I mean, there's some basic cyber hygiene that you should be practicing all the time to avoid getting malware on your computer no matter what the motivation is for putting that on your computer. So, but I just think it's important for us to recognize that a VPN is an important building block to protecting yourself but it often is only one block and you need to add other things to it.

Harold Li: Absolutely.

Jake Bernstein: And just as a really quick example, we've mentioned the term drive-by download before. Correct me if I'm wrong Harold, but there's nothing about a VPN that would prevent a drive-by download from occurring, correct?

Harold Li: Incorrect. Right. So if users are clicking phishing links or visiting sites where there might be a drive-by download or otherwise. Yeah, that's traffic that's going through the encrypted tunnel port when it arrives on your end. Of course, it's decrypted so you can access it and you might be getting yourself in trouble there.

Jake Bernstein: Yeah. And it's important just to quickly point out that that should not be taken as a criticism of VPN, that's not what they're for, VPNs they don't stand for virus prevention network.

Kip Boyle: Oh, well done. And I know you made that up.

Jake Bernstein: I did, although that is clever.

Kip Boyle: Yeah, that's great.

Jake Bernstein: They just don't, that's not their purpose. So.

Kip Boyle: No, but you would add other things to it. Like, for example, if your company is using Office 365, I know that they have a feature that you can turn on and I think it's called Safe Links. So then Office 365 would examine a link that you clicked on to see if it was malicious or yeah, you can do other traffic filtering to guard against those kinds of malicious downloads. Again, just another brick in the puzzle.

Harold Li: Yeah. And I think one thing that we haven't mentioned is the basic of password managers and not only do password managers help make sure that you're not using the same password over and over again, but also they're great for catching phishing sites because they won't enter your username and password on a site that's not the legitimate site, whereas it's very easy for humans to fall for phishing sites and that's not a criticism of humans necessarily, it's just easier for the password manager to do that job.

Kip Boyle: Right. Yeah. Because the password manager is going to actually parse the URL that you're asking it to interact with and so that's a great point. And it also sort of reinforces something we talked about earlier in the episode which is, don't just use any password manager, right? You need to go out and get one that's attack resistant, high quality, has a team standing behind it to fix it when it gets attacked or when a vulnerability emerges and will reliably do the kinds of things that Harold just talked about since you are putting a lot of trust in it. So, okay. So I'd like to shift the conversation away from what should our listeners be doing as individuals to preserve their internet freedom and take full advantage of what the internet means to them.

Now let's shift the conversation to our listeners are making decisions, making cyber risk decisions on behalf of their employers and so that means they have to conduct commerce possibly internationally. So I know I've heard and dealt with the great firewall of China and we know that Russia and other countries are balkanizing the internet and putting restrictions in place. So, Harold, what would you tell us about what should we do in the course of our business if we encounter trade restrictions on the internet, blocked access, whatever, I mean, can a VPN help us with that? How does that work?

Harold Li: Yeah absolutely, a VPN can help with that. So whether you're using a kind of a consumer VPN like ExpressVPN or you're a large corporation that's using something from say Cisco, a corporate VPN, both of those might be able to help with block access. So I think a great example is a lot of global companies, maybe they're using Google apps and they're finding that their employees and their partners actually can't access any of that in China for example. So it's easy for someone who's sitting in say a company that's headquartered in the US or UK to forget that the internet has borders, unfortunately it does, and it's really important to think about where are our employees and partners? What might be blocked there or even their internet being completely shut down as we've seen many, many examples of. And how is the data flowing? What are the risks associated with data flowing in and out of those countries? All of these are issues that really need to be thought about and it's really important to think about the fact that there are borders on internet and we need to recognize and deal with that.

Kip Boyle: Yeah. Is there a clearing house of that kind of information or do we just have to do local research?

Harold Li: Well, there are some good resources so Freedom House has Freedom on the Net report, that gives a sense of what censorship looks like in different countries although it doesn't really provide kind of a exhaustive list of every single service or site that might be blocked. And then there's also the great people at Access Now work on something called KeepItOn, which deals with internet shutdowns and tracks those to see where the internet might be completely shut down temporarily in a certain country due to a political event or something of that nature. And those are some good trackers. There's also a project called OONI, O-O-N-I, which it stands for Open Observatory of Networking Interference and they're a free tool that helps to observe where there might be censorship, surveillance or traffic manipulation.

Kip Boyle: The fact that you rattled that all off the top of your head tells me that we do in fact have an expert on the show on internet freedom. That's really cool. Thank you for sharing all those great resources.

Jake Bernstein: So tied into that question is, do you have any concerns that public VPNs could be regulated, even regulated out of existence? And are you aware of any countries where VPNs are currently illegal?

Harold Li: Yeah, so I think that, I mean, there's two sides to that coin. Definitely there are governments who want to control access to the internet in some of the countries you've mentioned already and including Russia and the Middle East and thus to them a VPN is a threat because it unlocks that access, it opens access to the free and open internet, it helps people access censored content. But I think a lot of these governments see the flip side as well, where a lot of people are using VPNs for their security and privacy reasons. And if you're a international business operating out of one of these countries and you need to access say Facebook or Google, they recognize that it's important for researchers and business and other parties in their country expats as well. So I'm somewhat optimistic that no one is going to regulate VPNs completely out of existence although we have seen regulations in some places where they're trying to insist that you block the sites that they want blacklisted.
Which is something of course we wouldn't agree to but Russia is an example of in the past few years they've been trying to ramp up this effort to ask VPN providers to connect to their kind of blacklist and start blacklisting sites that they want blocked. So I think those are the places where there might be some legal issues but I also think there's something interesting that's happening even in a Western world which is a conversation about whether encryption is going to be regulated, at least partly out of existence. If you're starting to insist that companies are able to decrypt even antenna encryption then you're asking them to install back doors essentially and we are seeing it even in the US with the EARN IT Act which is talking about providing law enforcement with access to encrypted communication.

Jake Bernstein: And I think though we can probably guess what your stance on that is. I think it's probably an entire episode in and of itself but in 60 seconds or less just, there's many reasons that whole idea doesn't work and I think the simplest way to say it is that there's no way to guarantee that a back door is only used by good guys and then that doesn't even get into the philosophical question of who are the good guys, but-

Kip Boyle: We should do a whole episode on the crypto wars.

Jake Bernstein: Yeah.

Kip Boyle: We absolutely should because history tends to repeat itself. And I lived through this in the early 90s when the US government was regulating encryption as ammunition and then the community fought back. And for example, I'll distinctly remember somebody saying, well, encryption is math are you going to blockade math or forbid math? And then they actually put one of the encryption algorithms on a t-shirt and wore the t-shirt out of the country when they weren't supposed to export. Anyway, so yes, there's a whole episode of juicy content that we could do later.

Jake Bernstein: And then, I guess, just to state the obvious for anyone wondering, in the VPN context, it of course it's based on encryption. And if your encryption protocols and algorithms are required to have a backdoor effectively you can't guarantee security, would you agree with that statement, Harold?

Harold Li: Right. Once you break encryption for one use or one case you're breaking encryption for every use and every case where that encryption is being applied. And I always think of a clear analogy would be, yes, it's possible to stop more crime from happening if we install cameras in everyone's home but I don't think we would accept that outcome of breaking privacy for everybody to deal with maybe-

Kip Boyle: Oh man, that opens up a whole nother episode. Voice assistance and people paying money to bring some kind of a smart speaker into their home. And, ah, so.

Jake Bernstein: And it's interesting, security and privacy often go hand in hand but one of the ways that there's also another kind of interesting relationship between what I will say is safety and privacy and that's a very different relationship than security has with privacy. So yet another episode, right?

Kip Boyle: Yeah, definitely. Hey, I just want to make one more comment about backdoors for encryption products, those can look in different ways. And so I just want to help the audience realize that one way a backdoor can exist is if somebody has weakened the algorithm and knows how to use that weakness to decrypt traffic. Another way a backdoor can be inserted is to actually mess with key management or require a special law enforcement decryption key that would allow them to decrypt any traffic possibly with a court order or whatnot. But anyway, so there's just multiple ways of doing that and I want to make sure people understand that it's not just one approach.

Harold Li: And all of them are bad.

Kip Boyle: I would agree with that. Yeah, definitely. Okay. Well that just about wraps up our time together. So Harold, first of all, thank you for being our guest today. I thought the content you shared was fantastic. Here's your official opportunity to tell people, where can they learn more about you and your work?

Harold Li: Sure. So I'll just point people to a very simple to learn all about our service and if you were interested in topics we talked about today this is what we geek out about all the time. So our blog has tons of content even if you're not shopping for a VPN today.

Jake Bernstein: And then as a bonus that nobody saw coming except me, I will point out that I have been a paying customer of ExpressVPN for years before I even started this podcast. So no one has paid me to say that, it is just reality.

Kip Boyle: Do you like the company so much you're going to buy it?

Jake Bernstein: Buy the company?

Kip Boyle: Yeah, that was a meme on an old radio show where the guy would come on and say, "I liked that product so much, I bought the company."

Jake Bernstein: Oh, I wish. If I had enough money to buy companies, yeah, but for now I'm just content with paying for the service.

Kip Boyle: Satisfied user?

Jake Bernstein: Yeah.

Kip Boyle: Okay. Well that wraps up this episode of the Cyber Risk Management Podcast. And today we discussed trends in internet freedom and we did that with the help of our excellent guest, Harold Li. We'll see you next time.

Jake Bernstein: See you next time.

Speaker 1: Thanks for joining us today on the Cyber Risk Management Podcast. Remember that cyber risk management is a team sport, so include your senior decision makers, legal department, HR, and IT for full effectiveness. So if you want to manage cyber as the dynamic business risk it has become we can help. Find out more by visiting us at and Thanks for tuning in. See you next time.

Headshot of Kip BoyleYOUR HOST:

Kip Boyle
Cyber Risk Opportunities

Kip Boyle is a 20-year information security expert and is the founder and CEO of Cyber Risk Opportunities. He is a former Chief Information Security Officer for both technology and financial services companies and was a cyber-security consultant at Stanford Research Institute (SRI).


Jake Bernstein
K&L Gates LLC

Jake Bernstein, an attorney and Certified Information Systems Security Professional (CISSP) who practices extensively in cybersecurity and privacy as both a counselor and litigator.