So says Jennifer Granick, Director of Civil Liberties at the Stanford Center for Internet and Society, who gave the keynote address at the (somewhat infamous) Black Hat security conference today. Once, techno-utopians could say things like “The Internet treats censorship as damage and routes around it” with a straight face. Today, though, the ongoing centralization of the Internet in the name of security and convenience “increasingly facilitates surveillance, censorship, and control,” to quote Granick again.
It makes sense that security has been centralized. We’ve seen dozens of reasons why over the last year: this is, as Qualys CEO Philippe Courtot, “the year of the megabreach.” He had the Office of Personnel Management hack in mind, but there are plenty of other recent contenders:
Enterprises and governments do need to try to keep their customers and their public secure; you have to patch software to keep it secure, by automatically updating client software from a trusted central controller … but this creates central choke points. People want to use convenient, secure, and widely available online services; the best ones are those such as Facebook, Twitter, GMail, Amazon, etc … but this centralizes control even further.
“Decentralization empowers people to make their own decisions about right and wrong,” Granick says. Today, though, in our slowly centralizing Internet, those decisions are effectively being made on our behalf, whenever a service enforces a “moral standard” that forbids photos of breastfeeding mothers, or a government “cracks down on cybercrime” by convicting people for incrementing URL strings.
Granick is a lawyer, and as such, reserves most of her ire for the US government. “We need to get rid of secret law. We have secret law in this country and it is an abomination in the face of democracy,” she declaimed, which earned her only big round of applause from the Black Hat audience. (Which tends to be very conservative and pro-government; two years ago, when they invited Darth Vader General Keith Alexander, then head of the NSA, to give the keynote in the midst of the Edward Snowden furore, he was far more warmly received.)
She also pointed out that Congress’s knee-jerk, irrational “tough on hackers” attitude is deeply counterproductive. If the USA tries to insist that people can only use computers in strictly regimented and controlled ways, with harsh CFAA penalties for people who increment URLs, felony charges for 14-year-olds who change their teachers’ background images, etc., this will chill tinkerers/inventors and security researchers — i.e. the very people who find flaws and improve our security. But China and North Korea don’t care about the CFAA — and they’re the ones allegedly hacking the U.S. government.
It’s possible that the centralization of the Internet, and the increasing abdication of moral and technical authority to governments and corporations, are in fact inevitable. Granick quoted Tim Wu’s The Master Switch:
…but she ended with something like a call to revolution. If the free, open, and decentralized Internet does ultimately become controlled, closed, and centralized, Granick said. “We need to be ready to smash it apart and make something new and better.”
Pipe-dream idealism? Maybe. But amid a crowd — and an industry — that seems to increasingly value security and surveillance over freedom and privacy, it sounded like a reassuring breath of fresh air.