LAS VEGAS -- Black Hat 2015 kicked off Wednesday with a newfound focus on the role of law in Internet culture and a generally bleak view of the terrain ahead.
Keynote speaker Jennifer Granick, known for her legal defense of high-profile hackers over the years and now director of civil liberties at Stanford University's Center for Internet of Society, opened on a note of idealism.
"I believe in the dream of a free and open Internet. And I believe that we want a world where information is freely accessible," Granick said. "And I believe in the freedom to tinker -- the hands-on imperative that people should be able to study, manipulate and reverse-engineer the devices and the software that define the world around us. That's what it means to engage with and understand our world."
However, Granick said Internet freedom is slowly eroding. "Today, the dream of Internet freedom that brought me to [Black Hat forerunner] DEF CON 20 years ago is dying," she said. "Nobody's murdering the dream, but it's dying because -- for better or for worse -- we've started to prioritize other things. We've started to put other values ahead of freedom and openness."
Granick said the decentralized systems of 20 years ago now function through centralized points of control. An Internet without regulation has become increasingly hemmed in by rules.
"And in terms of where these rules are coming from, we're seeing an Internet where the United States' dominance over the Internet is fading and other countries are getting into the regulatory business," Granick said. "This is really important because the next billion Internet users are going to come from countries that don't have a Bill of Rights, [or] that don't have a First Amendment."
Jennifer Granickdirector of civil liberties at Stanford University's Center for Internet of Society
Security, Granick said, is increasingly provided through centralized means by corporations and governments. "The dream today is in danger, but we can kind of see forward into the future and what the future will look like 20 years from now," she said. "Twenty years from now, you won't necessarily know about the decisions [that] are made that affect your life and your rights. You're not going to know why, and the people who designed the software may not know either."
Whereas the future of Internet regulation and the dream of an open, free environment may be uncertain, one thing Granick believes is a certainty is the emergence of legal liability of software providers -- specifically around new, connected devices and systems with the advent of the Internet of Things.
"Basically, what I envision is that something that has software in it -- and that didn't used to -- is going to blow up: your toaster or your refrigerator or your car," Granick said at a press briefing following her keynote. " And the usual suspects are going to come in and say 'that thing shouldn't have blown up.'"
And when that happens, Granick said, lawsuits will ensue -- and the notion that vendors are liable will begin with that toaster and work its way out to traditional software vendors.
Black Hat 2015: Why security machine learning is needed to address evolving threats