Skip navigation

Duo Security is now a part of Cisco

About Cisco

Industry Events

DEF CON 24: Slouching Towards Utopia: Dreaming of a Free Internet

DEF CON is one of the oldest and largest hacker conventions around, taking place in Las Vegas, bringing together hackers, lawyers, law enforcement agents, civil libertarians and cryptographers.

One interesting talk I went to this year at DEF CON 24 was given by Jennifer Stisa Granick, the Director of Civil Liberties at the Stanford Center for Internet and Society, and former director at the Electronic Frontier Foundation (EFF).

She also happens to be the criminal law attorney that handled Michael Lynn’s case in what’s known as “Ciscogate;” a part of the vulnerability disclosure debate history - you can see a timeline of that here. And, she also happened to win Duo Security's 2016 Women in Security award.

Her talk, Slouching Towards Utopia: The State of the Internet Dream showcased the dream of Internet freedom - an online, decentralized place that would allow people to overcome age, race, class and gender and enable them to have free access to information.

But instead, there has been a hacker crackdown - the computer hack and abuse act is used to target people attempting to explore this network.

Another aspect of the dream of Internet freedom is that the Internet could be like the library, with every book that was ever written found on the shelf and freely available.

But instead, people want to police it, like TV or radio, and censor and partition the dirty stuff (porn) from the rest of the Internet.

This has galvanized a generation of activists for a freer Internet - a place where people would be able to govern themselves and come together. Jennifer included a slide on the Declaration of Independence of Cyberspace:

Governments of the Industrial World, you weary giants of flesh and steel, I come from Cyberspace, the new home of Mind. On behalf of the future, I ask you of the past to leave us alone. You are not welcome among us. You have no sovereignty where we gather.

Instead of this Internet freedom ideal, technology has made a map of what we do for the government and companies in order to learn about, manipulate and control us.

It is a golden age for surveillance, serving an appetite for censorship. There is not an appetite for individualized control of users’ machines; people want malware and automatic updates and all of the bad things online to be taken care of by others. And this is all enabled by centralization, regulation and globalization.

People are also putting pressure on private companies, including social media giants Facebook and Twitter, to act as an intermediary, by taking down content that they deem as hate speech, or inflammatory based on political viewpoints.

But the web only works as open if you can find the stuff you want to, when searching for it on Google. And Google is often pressured to demote copyright infringement torrents, as well as abide by EU’s right to be forgotten, a privacy right that enables individuals to delist themselves from search engine results.

As a result, private companies are forced to make certain business decisions. As global companies regulated by global governments, they have to make the decision to change their technology or software to meet government standards for privacy, or decide not to do business in certain countries (e.g., Google’s pull out of China).

Regulation is a slippery slope - while it starts with the stuff we can all agree on, it gets fuzzy when it comes to government perspective and the majority perspective. It becomes a question of political motivation.

When it comes to surveillance, technology provides a ton of information about us on and offline - from medical devices to device sensors and tvs, etc. The law should provide us with more protection, but it also often argues that the law doesn’t require a warrant to find your information that is tracked online.

The law underlying the NSA’s PRISM program will expire in 2017 - meaning, if the government is spying on a foreigner, they don’t need a warrant to do so. Those in the civil liberties community will try to restore protection for data stored in the U.S. A legislative proposal dictates that the U.S. has the right to turn over customer data to other governments, as long as they have an agreement/handshake.

However, companies have combatting this with the ability to implement encryption unilaterally, rolling it out over the past four or five years. Encryption frees us from mass surveillance, as the government must go to each individual source in order to unlock information, as we saw in the FBI vs. Apple case earlier this year.

There is pressure from different governments to get cooperation to ensure wiretap ability of our communication technology and services. Brazil is fining and attempting to jail Facebook executives for encrypting the messenger app, WhatsApp.

Jennifer claims that breaking the law is necessary for the evolution of our society, even if precluding crimes, as we often change our minds about what is considered criminal - the legalization of marijuana and homosexuality are a few examples.

The freedom to tinker allows us to capture, modify and understand the world around us. The Digital Millennium Copyright Act (DMCA) gives us legal protection to digital rights management software, controlling how people use underlying copyrighted work.

She gives the example of a company that aggregated an individual’s information into one centralized place, using their information on social media. Facebook targeted the company with a cease and desist letter. While the use of the data wasn’t illegal, simply sending a cease and desist letter made it illegal. Living in a permission-based world allows innovators to be sued based on the whims of a company.

Here’s a slide she included called The “Cycle:”

History shows a typical progression of information technologies from somebody’s hobby to somebody’s industry; from jury-rigged contraption to slick production marvel; from a freely accessible channel to one strictly controlled by a single corporation or cartel - from open to closed system.

In the next twenty years, Jennifer claims that things will happen without knowing why; there will be security haves/have-nots; the Internet will be regulated like TV, and there will be less utopia - more surveillance, censorship and a controlled online world.

Fear will start to drive our decision-making, with a preference of centralization and pressure on social networks.

Decentralized technology is a force for free speech, political freedom and expression. But technology alone isn’t the problem - we already have the tools for a decentralized network. The problem is that people don’t value technical freedom - they want the bad things to be taken care of, for them, instead.

We have to help people understand that getting rid of one thing will also come with a sacrifice, as we move toward the technology revolution. To start the revolution, we need to think globally and build decentralization where possible, as well as end to end encryption. We need to be more hands off private tech development, and start being afraid of the right things - start creating technology for the next cycle of the revolution.

See a copy of her slides to learn more.