[ISN] DCSB: Risk Management is Where the Money Is; Trust in Digital Commerce

From: mea culpa (jerichoat_private)
Date: Wed Nov 11 1998 - 22:16:22 PST

  • Next message: mea culpa: "[ISN] Patent May Threaten E-Privacy"

    Forwarded From: Robert Hettinga <rahat_private>
    Originally From: Dan Geer <geerat_private>
    Risk Management is Where the Money Is
    Digital Commerce Society of Boston
    3 November 98
    Daniel E. Geer, Jr., Sc.D.
    Senior Strategist, CertCo, Inc.
    55 Broad Street, NYC, and
    100 Cambridgepark Drive, Cambridge
    Given my biases, I am going to describe where the future of the security
    marketplace is and where it is not. I will argue that the financial
    community is and remains the place to look for "first light"  for new
    security technology. I will give you a rundown of what's new while I
    predict what little time is left for many of today's products, purveyors
    and regulators. I will argue that, in many ways, the party's over for the
    security field as we know it now. I will range broadly because security,
    as a concept, is universal. 
    "Nothing is so powerful as an idea whose time has come."  For security
    technology, that time is now. IBM calls the three requirements of the
    "e-business" future as: #1 security, #2 scalability, and #3 integration.
    Forrester, Gartner, META, Yankee and all the other analysts agree -- the
    most important enabling technology for electronic business, besides
    network connectivity itself, is security. AD Little estimates that
    security, privacy and the legal issues of digital signature together
    constitute over half of the quantifiable barriers to electronic commerce.
    There are whole venture funds whose investment focus is around security. 
    Security startups are everywhere; so are security books. The word
    "security" is hardly rare in employment advertisements.  You cannot walk a
    trade show and not see the word "security" in screaming big type. The
    number of security meetings is preposterous.  Presidential Commissions are
    busy spending real money on security for the information systems that run
    the country. 
    "In the future, everyone will each get 15 minutes of fame." That applies
    to security,too.  Today's security specialty companies cannot all survive;
    they can be eclipsed by the platform vendors too easily.  Only platform
    vendors can deliver security that is integrated enough to scale and
    invisible enough to ignore.  Even the Justice Department knows that once
    something is in the operating system, any independent market for it
    collapses. Yes, security's time may well have come, but in a Warhol world,
    that would mean that it is about time to go. 
    The focus of "security" research today is the study of "trust management"
    -- how trust is defined, created, annotated, propagated, circumscribed,
    stored, exchanged, accounted for, recalled and adjudicated in our
    electronic world.  This is natural because security is a means and not an
    end.  This is mature because all technology differentiates along
    cost-benefit lines.  All the security technology that you can buy today
    enables some aspect of trust management and novel variations show up
    You can walk out of this hall and buy systems that use passwords that get
    local machines to trust you enough to let you in. You can buy smart cards
    that can do your cryptographic calculations for you, respond to
    challenges, hold your keys inviolable or, more interestingly, have
    identities of their own and serve merely to introduce you on their own
    terms. You can buy biometric devices that look at your voice, your face,
    your retina, your fingerprint, or even the idiosyncrasies of how you
    learned to type and so say, "Yep, that's the guy." You can get systems
    that are sufficiently hardened that you can rely on them if for no other
    reason they are so nearly useless no one would want to break in. You can
    still get your hands on security systems in the raw and roll your own
    directly from source-code.  You can, anywhere, anytime, spin-up virtual
    private networks that are trustworthy protectors of your confidentiality
    however hostile the intervening wires are. You can even deliver privacy
    between strangers -- nearly a matter of creating trust in order to
    propagate it. You can put a document into the Eternity Service and trust
    that it can never be erased or you can put it into a cryptographic file
    system and trust that it can never be found.  Simple? Yes; academics and
    entrepreneurs alike are busy supplying ways to propagate trust. 
    They have it all wrong. 
    If you ever took a course in probability then you know that many problems
    are solved by calculating their dual -- the probability of "not X" can be
    a whole lot more tractable than figuring Pr(X) directly.  If you're in a
    security-based startup company, then you'll know that making money
    requires making excitement, even if the excitement is somebody else's
    public humiliation. And all of you can agree that the more important
    something is, the more it must be managed. Trust management is surely
    exciting, but like most exciting ideas it is unimportant. What is
    important is risk management, the sister, the dual of trust management.
    And because risk management makes money, it drives the security world from
    here on out. 
    Every financial firm of any substance has a formal Risk Management
    Department that consumes a lion's share of the corporate IT budget.  The
    financial world in its entirety is about packaging risk so that it can be
    bought and sold, i.e., so that risk can be securitized and finely enough
    graded to be managed at a profit. Everything from the lowly car loan to
    the most exotic derivative security is a risk-reward tradeoff. Don't for a
    minute underestimate the amount of money to be made on Wall Street, London
    and/or Tokyo when you can invent a new way to package risk. The impact of
    Moore's Law on the financial world is inestimable -- computing has made
    that world rich because it has enabled risk packaging to grow ever more
    precise, ever more real-time, ever more differentiated, ever more
    manageable. You don't have to understand forward swaptions, collateralized
    mortgage obligations, yield burning, or anything else to understand that
    risk management is where the money is. In a capitalist world, if something
    is where the money is, that something rules.  Risk is that something. 
    Security technology has heretofore been about moving trust around as if
    risk is definitionally undesirable and reliable trust management simply
    obviates the issue of risk.  It does not come close. In two years time the
    "trust-hauling" market will be somewhere on the down-slope between legacy
    and dead.  Risk management is going to take over as the dominant paradigm
    because risk management can subsume trust, but trust management cannot
    subsume risk. The Internet has made this so. 
    The Internet is irresistible because it lowers barriers to entry on a
    global basis -- global in both space and time.  Ever more important parts
    of the world's economy exist only in cyberspace, and lead times have
    entirely collapsed.  Every professional fortune teller is bidding
    geometric increases in the dollar volume of electronic commercial
    activity. But when there is enough booty available, even absurdly
    difficult attacks become plausible. This is the world we are in. It will
    never be possible to really do the job of trust management any more than
    it is possible to really win an arms race or really preclude your car from
    being stolen. But risk management -- that is doable and it is doable at a
    profit. The proof is all around us. 
    We are a score of years down this road. 1978 was a vintage security year;
    the remarkable papers by Rivest, Shamir & Adleman and Needham & Schroeder
    were published, both in CACM as it happens. The former introduced public
    key ideas and the latter created Kerberos. The counterpoint between these
    two technologies is instructive. Both symmetric cryptosystems, like
    Kerberos, and asymmetric cryptosystems, like RSA, do the same thing --
    that is to say they do key distribution -- but the semantics are quite
    different. The fundamental security-enabling activity of a secret key
    system is to issue fresh keys at low latency and on demand. The
    fundamental security-enabling activity of an asymmetric key system is to
    verify the as-yet-unrevoked status of a key already in circulation, again
    with low latency and on demand. This is key management and it is a systems
    cost; a secret key system like Kerberos has incurred nearly all its costs
    by the moment of key issuance. By contrast, a public key system incurs
    nearly all its costs with respect to key revocation.  Hence, a rule of
    thumb: The cost of key issuance plus the cost of key revocation is a
    constant, just yet another version of "You can pay me now or you can pay
    me later." 
    Because of the tradeoffs between who pays for what part of the systems
    cost and who gets the benefit, secret key systems and public key systems
    have different fields of use. Secret key systems are fast and offer
    revocation at no marginal cost. Public key systems are slow but they
    enable digital signature and thus enable proof of action, non-repudiation
    as it is called. Secret key systems are the default choice within an
    organization while public key systems are the default choice between
    organizations, i.e., secret key for where security is an intramural
    concern intramurally arbitrated, and public key for where security is
    extramural thereby requiring recourse to a third party judge in cases of
    dispute. The relentless blurring of what is intramural and what is
    extramural will favor public key over time. 
    Because a trust management paradigm says that a digital signature is only
    as valid as the key (in which it was signed) was at the moment of
    signature, it is only as good as the procedural perfection of the
    certificate issuer and the timely transmission of any subsequent
    revocation. **These are high costs.** In fact, the true costs of general
    public key infrastructure are so extraordinarily high that only our
    collective ignorance of those costs permits us to propel ourselves toward
    a general PKI as if it were a panacea.  When, not if, the user community
    at large realizes this, we "security people" will have but two choices,
    compromise on (gloss over) the quality of trust that public key can
    deliver or back off from the claims of full trust cheap.  In other words,
    we'll have to fit the benefit to the endurable cost or fit the cost to the
    requisite benefit.  Since, as a rule of thumb, to halve the probability of
    loss you have to at least double the cost of countermeasures, any finite
    tolerance of cost means an upper bound on how much security you can get.
    In the fullness of time, security technology will be evaluated on the same
    cost-benefit-risk tradeoff on which other technologies are evaluated. This
    is the price of maturity;  this is the price not yet paid. 
    Do not misunderstand me; public key technology, secret key technology,
    security technology in general are daily reaching new levels of protective
    capability. What they cannot protect against is being over-sold, and they
    are being over-sold. Why is that? 
    The days when the Internet was a toy are gone even if a high percentage of
    its new investors are still coming in merely to avoid looking dowdy.  The
    real question on the table is: When does the Internet become more like the
    data center. And what does making the Internet more like the data center
    mean? At a minimum, it means metered use.  Discussions are already
    widespread about requiring Internet postage; large ISPs will probably
    demand it, existing postal services would love to sell it and data
    centers, such as the financial giants, will get a better handle on what
    goes in and out the door. At least one Wall Street bank already does
    charge-back for network bandwidth consumption and their internal
    electronic security regime plays a role in assigning those costs just as,
    in turn, their security group manages the user database via incremental
    updates rather than fresh full copies so as to minimize their bandwidth
    charges. That's not postage, but it is close and it is now. 
    Incremental use charges are but one example, interesting mostly because
    they are a near term step toward making the Internet into a data center.
    The fundamental value of the data center is the information it holds. The
    past few years have seen data warehousing, data mining and now connection
    of the data center to the Web, data publishing if you will. MVS, for
    example, has a really good web server and someone in the audience will
    have to convince me that there is a difference between a 1970's central
    time-share machine and an MVS web server in a swarm of "thin clients" on
    fast networks. It certainly isn't the direct wire connection -- SSL
    simulates that well enough. It surely isn't the management model; the MIS
    director who had declared defeat in desktop configuration management will,
    you can be sure, rejoice at getting control back. 
    In the mainframe world, you move the computation to where the data is.  In
    a client server world, you move the data to where the computation is. Web
    servers front-ending corporate databases attached to virtual private
    networks full of some universal client like a web browser sure sounds like
    a resurgence of the data center to me. The IBM 390 is a good machine and
    the Wintel cartel has pretty much ensured that no upstart will enter their
    space. From Wintel's point of view, using all those desktop cycles for
    display functions is just fine. Could it be that simple? 
    Financial markets made SUN what it is today and vice versa -- SUN's first
    big win, the first big demonstration that computing power had risen to
    such a degree that moving the data to where the computing is made sense,
    "the network is the computer" and all that. Financial markets, in the
    sense of traders going head to head, used that power to replace whom you
    knew with what you know and set off a technology-as-weapon metaphor that
    has overtaken most of the business world. Financial Markets, in the sense
    of Exchanges, now rely on a dense spread of computing that exceeds what
    most of us have to deal with; more than one major bank has 15,000 FTP jobs
    a night just moving data to or from its data center. Plenty of staff at
    the NYSE lose $1000 apiece for every 15 minutes the Exchange is late
    opening due to IT unavailability. No computing equipment is too expensive
    when trumped with "I can make that back on the first trade." No small
    country runs its currency anymore. 
    There was once no question that the fundamental purpose of an exchange was
    to provide "an advantage of time and place" to those who would trade on it
    and, in so doing, establish efficiency and liquidity baselines against
    which others would be judged.  Beginning first with the "Paperwork Crisis"
    in the 60's and reaching a crescendo after the "Crash of '87," the
    Exchanges have been fully committed to electronic commerce before that
    phrase meant anything.  But since the Internet, time and place are
    meaningless and the Exchanges know it. They are working hard to make
    oversight, fair play and quality of service into new baselines. Clearly,
    security technology is #1 in their list of requirements followed closely
    by scalability and integration. 
    Security in a financial world market that is both nowhere and everywhere
    is a difficult thing to define well enough to solve, but if there is
    anything to engineering as a discipline then it is that the heavy work is
    in getting the problem statement right. So, to return to my central
    premise, if new security technology is a result of investment and if the
    investment in security technology is naturally centered within the
    financial community, what is the problem statement?  ** If we get that
    right, we can predict the future. **
    I submit that the problem statement is how to bring a transactional
    semantic to the Internet. This is not a new problem, but it is an as yet
    unsolved one. The existing financial markets want transactions because
    transactions are what they are about and transactions are what they know.
    Upstarts like the payment vendors want to be the first to deliver
    transactions and disintermediate the financial firms.  Technical legal
    beagles reason that there is no transaction without recourse, no recourse
    without contract, no contract without non-repudiation and no
    non-repudiation without digital signature.  Anyone who wants to do
    business on the Web needs transactions. 
    Hal Varian, an economist and Dean of the Information Management School at
    Berkeley, taught me that what the Internet changes more than anything else
    is that it brings the efficiency of auction to markets that never had that
    option.  This is a cover story in this week's "The Industry Standard."
    Auctions need security technology because what makes an auction an auction
    is the ability to conclude a transaction which, by its own execution,
    "discovers" a price. In other words, the nature of the world's economy is
    changed by the existence of the Internet, but only on the condition that
    electronic transactions are up to job. 
    So what do I mean by "transaction?" I mean a non-repudiable communication
    between two parties who can each verify the time-, value- and
    content-integrity of that communication, who can presume confidentiality
    of that communication, who can verify the authenticity and authorization
    of their counterparty and who can present all these evidences to third
    party adjudication should there be a need for recourse at any arbitrary
    time in the future. **Every single part of that definition begs the
    question of security mechanism.** It is on that basis I claim that the
    security technology of tomorrow will be crafted in response to the unmet
    needs of financial markets today. 
    As an example, your handwritten signature on a check is what, in
    principle, authorizes that funds move from A to B. In truth, from a bank's
    point of view, actually verifying handwritten signatures is a transaction
    cost that is not worth bearing unless the cost of verification is less
    than the risk of loss. At the largest banks, the threshold dollar amount
    below which verification does not really happen is a closely guarded
    number, but it generally exceeds $20,000 and still they have platoons of
    people doing this all day, every day. Converting the means of signature
    verification from a manual process into a machine-able one would radically
    change the economics of check processing. It would add billions to lines
    and do it from the cost-avoidance side of the ledger. 
    But that is not all. Some $300B of U.S. payments are made every day of
    which only $60B are in the form of checks; the balance is largely in cash
    transactions of $5 or less. From both the merchant's and the bank's
    perspectives, getting rid of cash would be a huge win because handling
    costs for small dollar amounts often exceed the profit margins on the
    underlying sales.  While the consumer may well adopt cashless payment out
    of some sense of convenience, the financial side of the house will enable
    it to avoid costs. 
    Only this morning, Frost & Sullivan released a study that defines
    e-commerce as "commercial transactions taking place over the Internet with
    exchange of value in real time."  Web payment sparked numerous startups
    with numerous different mechanisms. It is too late for you to enter this
    market, but it is not too late for those payment-systems vendors to
    rethink what they are trying to do. All of them are suffering because the
    volume of Web-based retail business has not picked up as fast as their
    business plans had presumed. For the retail customer, the main thing the
    Web offers is product discovery; a good print catalog and an 800 number
    are otherwise hard to beat. It is clear that the real money in Web
    commerce is in business-to-business commerce, but there the supply chain
    has a lot more complication and the kinds of security mechanisms need to
    be better than those for buying a toaster oven.  Whereas retail commerce
    is about small dollar amounts and stranger-to-stranger transactions
    through a financial intermediary like a credit-card company,
    business-to-business is more about relationships, the dollar value of the
    sale is much bigger, and banks play a direct role (through letters of
    credit, collateralized bills of lading, etc.) 
    B2B commerce does not have a good solution yet. If you want to sell into
    this market, be aware that the customer will buy either to avoid costs he
    has now or to make revenue he doesn't have yet. In the case of saving
    costs, you'll have to sell him the technology on a turnkey basis -- he
    will not cut you into the transactional revenue stream. If you can really
    show that your technology will make him revenue he did not have a chance
    to make otherwise, you may be able to get a piece of the revenue stream,
    but do not underestimate the cost-avoidance focus of big buyers and
    sellers. As far out as 2005, over half the Internet-transactions will be
    transactions converted from paper and credit/debit cards, not new
    transactions. **When selling into a cost-averse market you automate rather
    than revolutionize, and you do not get a piece of the action.**
    Everyone likes to talk about "disintermediating the banks," that is making
    the intermediary role of banks in commerce less essential by performing
    that service in some other way. Bill Gates is widely quoted as saying that
    "Banks are dinosaurs." At the highest end, they are not dinosaurs and they
    are not about to be disintermediated.  Whilst the banks have a natural
    affection for their income streams, that doesn't prevent
    disintermediation. Most wiseguys trying to disintermediate the banks
    misunderstand what banks do. This is what they do: They interpose their
    balance sheet between the expectations of the counterparties to a
    transaction and the risk of default on either of their parts. They
    undertake stop-loss protections against credit risk, insolvency,
    operational failure, currency fluctuation, diversion of funds delivery,
    etc. In other words, they manage risk because they can absorb loss. 
    **Electronic commerce payment technology cannot absorb loss, so it cannot
    and will not disintermediate the banks.**
    Think of this this way: All public key technology is driven to make a
    digital signature verifiable, i.e., it is about quality control and
    guarantee on the signature itself. This is a stunning thing, but it is not
    the whole equation. The intermediation role that banks play is to
    guarantee the transaction, i.e., it is broader than just the verification
    of a signature. The bank's know-how and its balance sheet are not
    something that can be replaced by a cryptographic calculation.  The
    ability to avoid loss never makes up for the ability to absorb loss.  The
    cryptography guarantees the signature; the bank's capital guarantees the
    transaction. **Risk control encapsulates trust.**
    In the midst of this, you might say "What are the standards?" in the sense
    of "What do the formal standards groups have to say?" The banking world is
    regulation rich and standards rich, too, which begs the question -- "Which
    standards matter?" The world of the Internet is making some of the
    banking-centric standards passe' but, unlike the combination of standards
    and regulations the banks are familiar with, the standards groups of the
    Internet cannot take on accountability for the implications of
    conformance/non-conformance though they continue to define it for others.
    This makes Internet standards substantially difficult to swallow because
    there is no accountability, nor can there be. The absence of enforcement
    guarantees that the only Internet standards that will really get attention
    are those that promote interoperability across jurisdictional boundaries.
    Ironically, this is all the pioneers of the Internet ever wanted. 
    What the banks want, and I assure you they will get, is a set of
    cryptographically sophisticated tools that move the risks of the Internet
    from open-ended to estimable. In a sense, this is like insurability. It is
    probably apocryphal, but the story goes that a major investment firm with
    a Web commerce idea went to a big insurance company to seek stop loss
    protection. The conversation supposedly went like this: 
       "How big is the potential loss?"
       "We don't know."
       "How likely is a loss to occur?"
       "We don't know."
       "How much is your company worth?"
       "This much."
       "That's the premium; send it in."
    Whether true or not, it illustrates the point -- the issue is getting a
    handle on the risk such that it can be priced.  Every one of you who has
    tried to sell security technology has discovered that the only willing
    customers are those who either (1) have just been embarrassed in public or
    (2) have just learned that they are facing an audit.  Everyone else is an
    unwilling customer.  We've been dumb about this;  we've tried to sell
    security as a means to establish trust but we've done it by railing about
    threats. It's no damned wonder that we haven't sold much. I know I have
    often wondered if my market might not explode were I to get just one of
    the big loss-prevention insurers to make good security practices and
    technology into an underwriting standard.  Then, just like "Do you have
    sprinklers?" everyone is forced to confront whether they want to pay for
    security or pay for non-security. I am confident that the insurers could
    soften up my targets a lot better than I can. 
    Let me tell you, they are about to. Insurability of Web commerce is
    essential, and no insurer is going to accept "We don't know" as an answer.
    They will say "Send it all in" and they'll mean it. The demand side for
    security technology is exploding but it isn't quite the security
    technology we have on hand. 
    If a digital signature has the uniquely irreplaceable property of
    providing proof to a judge, then the role of a "trusted third party" is
    going to become more important over time, not less.  Think of it this way:
    when I get a certificate issued to me by a certifying authority, I do have
    some risk around whether the CA is well operated or not. This includes the
    probability they will issue a certificate with my public key but someone
    else's name and whether when I tell them that my key has been compromised
    they will spring into decisive action. Most of that risk I can handle by a
    combination of due diligence and contract. 
    However, when I give my certificate to you and say "Hi, I'm here from
    Central Services to fix your system" it is you that's in a risky position.
    You have to say "Is this certificate valid?" That means you have to check
    that the certificate is not listed as revoked, that the signature on the
    certificate is well formed, that the certificate authority which issued
    this certificate itself has an identity certificate that is itself validly
    signed, that the certificate authority is itself not in any trouble with
    revocation, and and so forth, ** recursively. **
    The full cost of revocation testing is proportional to the square of the
    depth of the issuance hierarchy.  In other words, this exceeds the
    intellectual capacity of most certificate recipients. This means that most
    recipients cannot themselves rely on the security technology to establish
    trust beyond the shadow of doubt. Instead, if recipients are smart, they
    will turn again to the insurance world just as risk holders have done
    whenever they cannot afford to carry on their books the consequences of a
    remotely unlikely event. For the insurer, he will underwrite a guarantee
    on the transaction for a fee that will reflect his experience with the
    CA's practices, the kind of transaction undertaken, the dollar amounts
    involved, etc.  This will seem sensible to all parties because it is so
    familiar.  This is risk management underwritten by financial
    intermediaries.  This is where we will shortly be.  This is the card eight
    major banks and CertCo played ten days ago -- the formation of "a global
    network of compliant businesses that use a common risk management
    framework." **This is where we securitize the transactional risk of
    electronic commerce.**
    There is one potential fly in this ointment, and I do not intend to dwell
    on it, but I cannot get this far and not mention the threat to strong
    security apparati of having them undermined by key escrow.  Corporate
    policies and laws alike have always been defined in a territorial way that
    relies on clearly identifiable borders, physical locations where the
    policy or the law come to an end. But in the electronic world borders are
    meaningless. In some sense, sovereignty, based as it was on the idea of a
    border, is less meaningful now than for some centuries. In its place is a
    different kind of sovereignty, because the only borders in an electronic
    world are cryptographic ones.  As such, the debate over who may or may not
    have a key known only to themselves is a proxy discussion for who may or
    may not have sovereignty within a cryptographically defined space. 
    There are hard questions yet to answer. Compromised keys are revoked
    effective not to the moment of suspicion of compromise but rather
    retroactively to the last known time when the key was safe. In the case of
    escrow, should not a key's owner retroactively revoke it to the moment of
    its seizure from escrow should the owner later discover that it has been
    so seized? Or if a revoked key is only revoked by the action of the
    certifying authority signing a revocation notice in a special key, can
    that revocation-signing key itself ever be revoked? If it could, would
    that not invalidate (reverse) any revocations signed in it and what does
    that mean? I only offer these so that you do not equate my argument about
    the near-inevitability of investment in public key technology and
    digital-signature-dependent activities with some presumed infallibility of
    the technology or our understanding of it.  These questions will be
    settled one way or another, but they remain open as we speak here today,
    and there is money to be made. 
    I have tried to lay out my estimation on which way the tide is running and
    which moon's gravity matters. I could be completely wrong, or merely
    overstating what my biases bring me, but I think not. I think that just as
    the best estimate of tomorrow's weather is today's, the best estimate of
    how the Internet and the financial behemoths will interact is for the
    Internet to be driven, as a side effect, by the cost-reduction and
    profit-incented strategies of those financial behemoths.  They already
    transcend national boundaries and their investment decisions do run the
    world.  Were this to get enough investment, it might make security a
    solved problem at least as I define "solved" to mean "consistent with risk
    management in the insurance style." Since that would collapse the market
    for novel security add-ons, I strongly suggest that as you prepare your
    business plans you figure out how to be, as Tom Lehrer would say, a doctor
    specializing in diseases of the rich. 
    This is a very exciting time and it is a privilege to be a part of it. 
    When we are all relics in rocking chairs, we will still know that we were
    present at the creation. I know that I will count myself particularly
    lucky, including for your close attention these past few minutes. 
    Thank you for the honor of speaking with you. 
    Subscribe: mail majordomoat_private with "subscribe isn".
    Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]

    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:11:01 PDT