in >> welcome to the best of bloomberg west. i'm emily chang. every weekend will you bring you the best of bloomberg west. it is an explosive story about the massive target data breach. businessweek has learned a target security systems quickly picked up the data, but executives did nothing.

what when wrong? a look backley has at the timeline of events that led to the data theft that touched as many as one in three american consumers. >> the first time that target heard that they had been hacked was december 13. the bridge itself actually began sometime before then. what the target know and when did they know it? hackers began capturing credit card data on november 27. three days later, a site spotted the malware. soon, a security worker in india on toe alarm and sent it the minneapolis operation center. the alert is overlooked. on december 2, security tools detect another version of the malware, this red flag also goes undetected. had target acted on the alerts,

they would have been able to prevent one of the biggest data theft in history. instead, for more than two weeks, the hacker software collected credit card information and bounce it around the globe to places like moscow and odessa. i december 12, federal law enforcement officers contacted target. the retailer hires an independent team to run a forensic investigation. on december 15, target confirms it has been hacked and removes the malware. first public statement on thursday, december 19, revealing to 240 million cards may have been compromised. 22 days later, on january 10, target notifies customers that in addition to credit card theft, personal information for up to 70 million customers has also been stolen, and affecting as many as one third of american consumers. this datae on how breach happened, we spoke with michael riley, one of the

authors of the story in this week's issue of bloomberg businessweek. the headline of the story, target blew it. we asked him just how badly. >> this is a story about how targeted all the right things to prepare for exactly this kind of event. we spent a lot of money and bought some very sophisticated tools. fire i, which is the tool that catches the malware. it is used by the cia and pentagon. a superior a sock -- a security operations center. alert and allthe that technology and money spent itually found the malware as was coming in, the malware that would have been used to take the data out, the alert was

recognized in bangalore. he went to minneapolis and nothing happened. there is a human failure at the core of this. it is a little unclear why the react. not there's an issue of how the security teams deal with all of these alerts in a timely manner. what we do know is that their tools worked and they spotted the malware in time and they did not do anything to stop it. >> we do have a response from target. i want to read the full statement. they came back here a statement from the ceo, saying, target was certified as meeting the standards for the payment card industry in september 2013.

target is facing some 90 different lawsuits. michael, it seemed like you guys solved half the mystery here about how this happened. eye, theof fire security outfit that target had caught it before anything was stolen. >> clearly, what they're trying to do is figure out what went wrong on the human level. these findings were known to target as they went back, once they were notified by federal authorities that they had been hacked. they went back to look and see what all this expensive equipment and costly system that

they put together did not work. what they found is that as they did that investigation is in fact that it did work, at least on the technology level. the question is, where was the human failure along the line? did they not react quick enough? was a management issue that did not allow them to react to the alerts. the system created a luge of data. fire eye is a very specific and very good system that does not create a lot of false positives. maybe they did not pay attention to the system that they should have. i think that is what they are going through. the ceo says there are doing a complete top to bottom review of their security system, they're trying to figure out why this the malware could have been found in time and yet not done anything. >> they are used to using crummy tools and in this case they got a hold of a good one. >> this is part of security

industry in general. we have seen a security boom in tools. every company is selling something that can save your network, and there are a lot of really good tools out there. this is a set of next generation of tools that analyzes behavior. these companies also have a lot of legacy tools and older tools. they all have antivirus which can put of tens of thousands of alerts, even in a day. there's a huge amount of information that they have to go through. we talked to customers that use fire eye. this it is a really good tool but you have to have a security team that can respond to it in time and get what you want. one of the ironies is that fire i actually has a function -- has a function -- the i.t. teams and security teams like to be able to go and see what the problem is. when it cames that

to the last step they did not do it. little morealk a about what information was taken, who took it, where it went and how it was used in the next lock. michael, i have to admit, i am one of those people who is scared to shop at target. how safe is it now? think that when companies suffer breaches like this, they try very hard to learn from them. it is safe in the sense that on december 15 they were able to identify the malware that was on their systems and eliminated. that was not a hard thing to do, because of the way target systems work. they can reimage all their pos systems at once. have been cleaned out and those cards are not at risk. , are they question is suffering, is her system vulnerable in ways where hackers will continue to do this? one of the things about this hack is that it was not for a

sophisticated very the guys doing it were not the best hackers in the world. they did some very smart things, but they released a report a few days ago that said if target had its act together, they should have found these guys out before they did. >> michael riley and our editor at large cory johnson. nsa leaker edward snowden speaks to sxsw and the tech community. we speak to the man who shared the spotlight with him next.

♪

to the best of "bloomberg west."

nsa leaker edward snowden joined in via videoconference. snowden spoke about the consequences of the nsa's actions and how to fix them. surveillance mass affects all these other countries and not just the u.s.. the people who are in this room now, you guys are all the firefighters. we need you to help us. firefighters who was on stage leading the conversation with snowden at south i southwest was aclu's principal technologist oian. opher sogh >> i think ed really wanted to spark debate. he has been successful over the past three months in making sure this debate takes place by

bringing the public into the debate and making sure the public knew what the government has been doing. there's a reason that he picked sxsw. it was his first opportunity to speak live to the world. technology brought us into a surveillance state and it is the only thing that can save us from that surveillance state. this was a chance for him to speak with a technical audience and people who build the apps and services that we depend on. he had to convince them that now is the time to protect your information. >> i noticed the quality was not great. he was frozen on screen because he was apparently sending that video through multiple different proxies? >> that is correct. edward snowden took some steps to protect the identity of his location and protect information about where he is. unfortunately, there is no easy way to have a high-quality video

feed and have it also be secure and private at the same time. us that the lost on chat was happening over google. you guys used google hangout. talk about putting the responsibility back on technology companies and developers to make their product ore secure from the start. > >> the irony that we were using google service for this chat was not lost on us third we did an analysis of the video services and found that the services that had been designed to be as secure as possible were not easy to use and did not work over seven proxies. we ultimately decided that google's service was going to be the most reliable for us very and of course that meant that we were using a google service. we were having a conversation with 50,000 feet, so didn't need to be private. we did want to ensure that the location -- that adds location

remained private to other actors. this is -- there is this conflict between services that are secure and those that are easy to use. unfortunately, regular people have to pick one or the other. i thought it was notable that snowden was not just addressing technology, but addressing business people and those who are starting or building businesses and addressing investors that are deciding what kind of companies to invest in. what did he have to say or what do you know about his views or about the role of business in this security state? i think there is a big opportunity in the market right now for those who want to compete with google and facebook for privacy and security. there are many people who are willing to pay five or $10 a month for a secure e-mail product, for secure social networking of videoconferencing product. the fact is, the mass-market

services like google and facebook and skype are not designed to the private and secure. people pay for telephone service, they pay for fedex and stamps and cable tv. i think people are ready to secureaying for communications services. the market is there for whoever wants to seize it and run with it. >> aclu's principal technologist, christopher so ghoian. i talked about anonymity and of secrets.ation networker is a social that helps people connect with the rest of the world around them, no matter who you are, where you are, what you're thinking, what you're going through, what you want to talk about. a lot of these identity-based lifeforms, people do not share things about themselvesthat make

very vulnerable. the two power smartphones is to really be able to connect to the world around you. for is an amazing platform people to be able to connect with anyone, anywhere about anything. >> who is using it? , less than five percent of our users are under the age of 18. it is pretty much by design. anonymity is a very powerful tool. there's a spiderman quote that says with great power that comes great responsibility. anonymity in the same way. it is a powerful tool. >> how do you vet the things that are posted? some of the things that have been posted are about specific people to read some of them are mean. some of them may not be true. people all thell time that whisper is the safest place on the internet. normally, when you think about anonymity, sometimes people think it is a sinister thing. we are all about authenticity.

we have a very strict policy where we only allow you to use anonymity to protect yourself and never to hurt anyone else. >> so it is -- so if it is about will notc worsen, you posted. >> it does not go live. the exception is anything in the public domain. >> what about someone bringing up your competitor, secret. they started in the last couple of months trying to do something quite similar. to be you figure different from them? >> there's clearly a very big macro trend going on around anonymity and ether morality. it is all a reaction to all of this people being aware of the digital foot rent. the key differentiator about whisper is that we don't tap into your address book. it is not about doing things with people you know, right? you don't see posts from your friends, you don't follow

people. there's no social capital being exchanged. gaineds a lot less to be from people posting things that may be untrue. additionally, we recently mr. zimmerman. was right away broke a story about gwyneth paltrow. >> i think the thing about that is that we get to tell the stories that no one else is telling. we can drive awareness and conversation around these things that generally are not being talked about. >> so he's is working on hiring more journalists? >> we have an incredible team of who are shining light on these conversations that we should be having. >> are they going to be creating original content?

>> whisper is a user generated platform. so it is all about your ration and editorializing and packaging. >> my question is, will we see more of what he did with the clinic culture story? to try driving traffic to whisper. tell me about the story with that. how will he hire the people he is looking for? >> again, what we are trying to do with that is saying there are these great things going on on whisper to my right? how do we take that content and those discussions and even make -- even amplify those discussions, right? kobeody called him the bryant of viral content. what he does. that is why we brought him on the team and we are already seeing amazing results as it relates to new users and engagement. >> how big a spike did you see in users as a result

of that gwyneth paltrow story? >> i think our growth is pretty substantial. see prettye week we substantial growth. >> what can you share in terms of where you're at with users and growth? >> many many many many millions. we did three and a half million page views -- three and a half billion page views last month. a medicationer as medium. not unlike twitter or sms or snap chat, these are different communication mediums. are the talk of sxsw. i talked to a lot of people. a lot of people think you guys are awesome. a lot of people think these apps are ridiculous. how do you respond to that? >> anybody who takes a time to

spend with the product and see the impact that it has had on people's lives. just reading a post this morning that said i wish i were straight summit parents would let me again. feelsct that this person like they have no other place to talk about that then whisper, then by all means, whisper will always be around, no matter what until nobody feels like that is something they can't say out loud. >> was per ceo michael heyward at sxsw. ben horowitz on his hip-hop lessons. yes, he even wraps for us. raps for us. ♪

to the best of bloomberg west. i am emily chang. ben horowitz is one of the biggest names in tech investing. in his teenage years he was an aspiring rapper. he quotes hip-hop lyrics to help drive home business advice for entrepreneurs. here's what he had to say, or rap, about the business wisdom of jay-z or kanye west. >> you can't tell me nothing. nothing.'t tell me hip-hop is the music of entrepreneurship. pro-becoming a man as opposed to railing against the man. they think about themselves and talk about themselves as an

entrepreneur. when i write a blog post, it is generally to try to teach an entrepreneur how to do something. the post can take you through how to do it, it can't teach you how to internalize it. ♪ i wrote a post called cash flow and destiny, which is about white billing cash flow positive this important because then you can control your destiny. it is great for me to explain that, but until i put in kanye saying wait till i get my money right, then you can't tell me nothing, right? it is a little harder to understand. as another example, you wrote a post once on how i think

founders should run their companies and why they can often perform better than ceos can. said the rhymes are minute maid, i will be here when it fades. i will be here like a renegade. >> coming up, what is it like negotiating a deal with mark zuckerberg? we would talk with someone who negotiated with an almost bought facebook back in 2006. -- and almost bought facebook .ack in 2006 ♪

>> welcome back to the best of bloomberg west, i'm emily chang. facebook is now offering video as to select harness after

months of testing. the spots will be rolled out into users newsfeeds in late april and early may. this is one of the changes facebook is working towards. for more on facebook, i spoke with two men familiar with the company. om malik as well as dan ros enzweig. >> take a listen to what they had to say. >> it was early on. it had about 4.5 million users. had an instant connection. i listened to his vision and the story and the enormity of it and his confidence. talk about being bossy. i fell in love with him and where he was going. that was only when you could connect college to college.

we talked about it. he had a vision to take over the world, which you see him doing now. the combination would've been extraordinarily powerful and mark agreed to do it. >> you got him to agree to sell facebook to yahoo! for $1 billion. he backed out. i'm curious, what is it like to negotiate with mark zuckerberg? what do you imagine is different today? talk about companies like instagram and snap chat. look, he has got a charisma that most people who don't spend a lot of time with him don't understand. it is the power of the enormity of his vision, the confidence that they will figure it out. his willingness to make a mistake and then fix it. if we talk about things that are rolling out now like beacon and all of those things. he is relentless and what he believes in. that is why facebook is so powerful. he needs somebody like that --

you need somebody like that if you're going to run the world area >> your observation of dealmakers in your work as a journalist. i feel like one of your expertise is is enterprise. have you seen these deals that don't get done? what do you think you'll bring career ino your new d.c.. ? >> relationships and the ability to communicate. that is the difference between winning and losing. the inability of people to communicate is the number one reason things don't work out in the business world. i think it is so important for founders to understand that they are dealing with people on the other side, they are not dealing with a number. the number is essentially a number, because i think there is theal between mark and --

deal between mark and whatsapp got established because of a connection. >> you here after the fact that he has been working on these guys for a couple of years. >> when i was working with facebook, we worked on that schedule for over a year. .t was well over a year i met him and went and had dinner with him many times. hirerk, you also got to sheryl sandberg. >> nobody gets jail to do anything. to kinds not a number of gal. >> she is not a number to kind of anything and neither is he. it is interesting how all of this comes together. it all has to do -- look, silicon valley people want to win. want to be with an

organization that is going to win. some of these folks think they can win faster if they are with facebook. and trust confidence and respect that gets these things done and makes them work. >> mark zuckerberg looks really great right now. everyone seems to have a lot of confidence that he can make the best of these acquisitions and that these aren't going to be viewed as wrong moves in hindsight. how do we really know that? what makes him so special? versus buildy innovation and that can be ok? >> let me take that. i think the key to understanding mark or anybody like him is to understand that they have an innate confident in themselves -- and innate confidence in themselves. --ple who are ok being wrong people whose inc. they can

always win without being wrong do not succeed. whether it works out or not, it is a risk worth taking. liquid he is using, a stock, which is pretty inflated. cisco used to do this. they used to do it. sometimes half the cisco deals worked out very when they did, they ended up with a product like the cisco switch, which is saving the company until now. i think that is the same thing with mark. >> i wonder, now that you have a publicly traded stock and some capital to do with it, the stock is down quite a bit, sorry to rub it in. you are aware of this. you look at deals and try to figure out how integration is going to be just as hard as the decision to do it? >> sure, you have to look at the whole spectrum. the magic of some of these deals, a lot of these are not

businesses very to their very small teams. be zero is, there may integration. it is more of a cultural thing and do the agree on how they will run it hurt when he buy an actual business with a p and o and long-term culture, those don't work out nearly as well. isftbank's mafiosi son starting a massive price war. regulars like him by t-mobile. see the fcc allow him into the ring? we will find out when we return. ♪

>> welcome back to the best of

bloomberg west, i'm emily chang. sprint will start a massive price war. what are the chances of such a deal really happening? we discussed the possibility of a sprint-t-mobile deal with susan crawford. she is the author of captive audience. we started out by asking her if merger is-mobile really good for consumers. >> a price war is always good for consumers. that is what the sprint ceo is promising. what is really going on is a fight over the enterprise markets. sprint wants to be able to gain share their. basically, we will have a lot of price-cutting in the consumer market matter what happens. the sky says i can take a big chunk of the enterprise market if you just let me in and take over t-mobile. otherwise, t-mobile will keep cutting prices and making it more difficult for him to enter into that new enterprise market.

>> susan, in particular the enterprise market, is there something more valuable than that? is their higher-margin or more business? why is that the goal? >> it is the goal because the consumer market is pretty thoroughly saturated. just about everybody has smartphones. it is a fight over existing market share. vices are going to be going down. t-mobile is doing that already with its much lower price structure. sprint has a pretty high fixed price structure at the moment. someone would have to make big changes in order to compete with t-mobile. it sees no growth on the consumer side. he sees big growth on the enterprise side where he has very high capacity spectrum. he can carry lots of information over very short instances. he has very high band spectrum.

it goes over very short distances but carries lots of information. that is great for wi-fi, for managed wi-fi for businesses. you can see that as a tremendous market opportunity for him. >> susan, i want you to take a listen to the argument that was made on charlie rose when it comes to verizon and at&t, and the fight that he is preparing for. take a listen. >> i need to become a heavyweight. this is a heavyweight fight. i cannot be tiny. >> that will not work. they will squish you. >> and they will ignore us. the can stay profitable and fat. i want to make them fight back so they also become a muscle instead of fat, which is good for the united states. >> susan, is there any sense that regulators will back down from this idea that a want for

carriers? how realistic is a sprint-t-mobile merger really? >> at the moment it does not seem terribly realistic because the head of the antitrust division has made it clear when they said for, they meant for. they want to see t-mobile considering its maverick role and keep going with that. it is hard to see them backing down from this at the moment. saying is let's create a monster to take on the other two monsters. the department of justice may not want to see another monster. if that is unlikely, what does he get out of this? youhink he knows or do think he really thinks he has a good shot? verythink he is using the high prices being charged by verizon and at&t and the relatively slow speeds as a talking point. he thinks it will be very

encouraging to regulators, particularly the fcc. also, tom wheeler, the fcc chairman has said in a blog host the 40 was confirmed that he could use the opportunity of a merger to impose conditions that he can't get through the front door as a regulator. that is very attractive to the fcc as well. visitingd law professor and author, susan crawford. we shall discuss bitcoin and virtual currencies when we return. ♪

best ofme back to the bloomberg west. i am emily chang. prevents customers from targeting the bank for their bank accounts. here is the word on the future

of virtual currency. what you think of this whole bitcoin thing? >> who cares? i really think this is a fun story to look at, but it is investors. it is not relevant very to the important thing to recognize is that there are really important ideas that do develop over time. it is hard to get some of them right area to there are very few things in our economy harder to get right than a currency. >> use a bitcoin does not matter? >> who founded them does not matter either. it matters even less. i think there are at least three problems you have to solve to make any currency work, whether it is digital or not. solve, whichdid was really brilliant, was that they built a global network that was completely independent of today's financial system. that was a really hard problem to solve. and anonymous, which was part of the problem with the existing

financial system, which is to say it is golden to a lot of people that you don't know who they are. the second problem you have to solve is can you use it to buy things. clearly, you can't do that. one of the things that really matters is that you have to believe in it. it is a fiat. it is not cold, it is something fake. trust truly matters. what has happened here was you have to do the first to write before you do the third very bitcoin never got a chance to build the third because it blew up off the first one. world the thing, the needs something like bitcoin to work. whatever it is, it is not going to be bitcoin. >> bloomberg is in a great position. one of the problems, you have to be trusted. the agency that creates the thing has to be worthy of your trust, because these are -- >> why do we need this thing? >> for the same reason we were talking about the security problem before. the issue we face today is that we live in a world where size

matters more than right or wrong. the people who are largest have a disproportionate force in every activity in the economy, and politics. the biggest people get their way. that is not good for the population as a whole and a very long run. blood be fantastic, and by the way, if you going to do transactions online, credit cards make less sense for that. you need something that is native that can be used for online transactions globally by absolutely everyone. if you get something as pervasive as facebook that everyone could use to transact, who could do it? google could do it, facebook could do it. years ago i proposed to google that they could take all the cash and become a bank. it would be so obvious. it is the same as facebook. they're not viewed that as an opportunity. if you became the back of the internet? is a business that will last a lot longer than search or social.

>> you think bloomberg can do this to? >> absolutely. you have all the relationships of the financial institutions. if you want to pay for anything and build trust, you have to be integrated to some degree with where the people are going to use your current cr. >> i still don't understand why there is a great need for this. we have the u.s. dollar. we have currencies that trade. we have commodities that trade. do you believe that the snowden, and that we had earlier creates a business opportunity? if you believe it creates a business opportunity, then currency is one of the opportunities it creates. >> what about the potential for the currency to be hacked or stolen? >> explain to me how that is not happening now. we have redesigned the dollar bill several times in the last five years because it is really easy to hack u.s. currency. just because they aren't telling you does not mean it is not happening very >> than the money printing notion is that every

time there's been great money printing it is ended up in a collapsed. to thebody also got cash tune of 50 billion. all these illegal guys have gazillions of box built up. the demand for this currency will be huge. .> roger mcnamee there's a lot of criticism over uber's policies.

back, i'm emily chang and this is the best of bloomberg west. huber has been defending its search pricing. they explained to writers that drivers pocket 80% of their fares. search pricing affects less than 10% of trips.

we talked about this controversial topic with venture bill gurley. >> it actually came out over and experimentation process third we are noticing, this is almost two years ago in boston, late at night, about 1:00 a.m.. drivers :00 off the system. boston partygoers were opening their apps between 1:00 and 3:00 a.m.. there were no cars available. >> in boston. >> exactly. there was his issue where we didn't want the service to be unavailable until we experimented with offering different amounts to drivers to see if we could affect that supply. we found out we could very it since then we have done a lot of experimentation with price drops. has had numerous price drops in other cities very but we found is that you have hypersensitivity to price on

both supply and demand. togives you the capability move supply and demand around in ways that could be helpful to the system. know, i don'tou care about people or the pricing thing. i think the way this impacts the business and the reputation they have with consumers is surely important. as you sit on the board and have these discussions, or you guys taken aback by the reaction to the search pricing -- to the surge pricing. we know you alienated a lot of people. >> two things. you -- one you have to look at what the real alternative is. what could you do differently? here is one thing. look, we all know hotels, airlines, rental car companies all do the equivalent of surge pricing in times of higher

demand. they have a benefit relative to us. for them, the supply is fixed and the demand shifts. in our case, the exact time like new year's eve, the supply shrinks while demand is increasing. also those curves are moving for us. the driver does not want to be out on new year's eve, either. the times that most humans want to not drive, these same independent contractors want to not drive also. you are faced with an extreme example that is worse than the hotel case. here's what would happen. if we were to set prices at normal pricing in those moments while surprise shrinking and , 90-95% ofncreasing our writers would see no cars available. if you ask what is the pr hit, you have to contrast with what it would be if we did not do it. the company has come to the conclusion, and i certainly believe this as well, the product would look roque and if we did that. in these moments when he wanted to work the most,

it would not be available. this is a better alternative to that. >> can you explain why it has been compared to hotel rooms and airline flights went to mind is -- when demand is high and prices are higher. at times we will see an uber right that is five or seven times the normal price. why is that? flying travis the ceos home for christmas, he showed that airline -- that the airline ticket he bought home was 10 times the normal price. i happen to believe that these types of geeks are going to go down over time. one of the reasons why this whole notion of gouging is silly is because the company is out there begging people to be aware of it being ridiculously transparent. surge drop the feature is very interesting. >> all these features will cause

the peaks to be smoothed out. i would also argue this last new year's eve there were large numbers of hours in new york where there was no search urge pricing. >> you gave me a great stat earlier. of talked about the number lack cars in san francisco and .ow that has changed since uber tommy about those numbers. >> at any given moment in time system today,ber there is a number that is a multiple of that area that say there are a thousand or more. that is amazing that the number of cars increase because of ub er, rather than cars being diverted to uber.

>> bill gurley, venture capitalist. you can watch bloomberg west monday through friday. don't miss it. ♪