Government overreach is the primary culprit that keeps the Internet from being the free and open source of information and ideas that it could be, according to a leading computer crime defense attorney.
Jennifer Granick, director of civil liberties at the Stanford Center for Internet and Society, addressed the subject of Internet freedom yesterday in her keynote address at the annual Black Hat computer security conference in Las Vegas.
Granick said that as long as there’s overregulation, censorship and laws that don’t stop the real bad guys, Internet innovation will be stifled. She added that while safety and security are important, the result of efforts to meet those priorities means the Internet is no longer the breeding ground for innovation that it was two decades ago.
“I’m here to tell you today that this dream of Internet freedom is dying,” Granick told a capacity audience. “The question that is left [is], is that dream still possible?”
While there’s no one entity to blame for the slow demise of the open Internet, there’s also no entity that’s making it a priority to protect innovation, Granick said. Adding to that situation is the fact that many new Internet users are from parts of the world that don’t have the protections of the Bill of Rights and the First Amendment to the U.S. Constitution.
Granick singled out the federal Computer Fraud and Abuse Act that calls for up to 10 years in prison for a first-time offense. She maintained that the act has no effect when it comes to prosecuting hackers in countries like China when they launch state-sponsored attacks against U.S. companies and government agencies. At the same time, though, relatively minor American hackers often receive disproportionately lengthy prison sentences.
Along with regulation, Granick pointed to industry centralization, globalization and loss of “the freedom to tinker.” She called on security researchers to advocate harder for the rights to study, modify and reverse-engineer Internet hardware and software.
Centralization takes place when the majority of the Internet backbone comes from a small number of providers. The resulting data chokepoints can centralize security and stop spam and denial-of-service attacks, but it also makes it easier for government agencies to gather data about Internet users.
We reached out to Rich Mogull, analyst and CEO at Phoenix-based Securosis, who told us that there should be no line dividing security and the freedom to tinker.
“We need the freedom to tinker to discover how secure the things we buy and use actually are. The real line is between tinkering and criminal activity,” he said. “Motivation and results separate the two: break into a Web site and it’s criminal; discover that a service you pay for isn’t handling your personal information safely and report it, and that’s clearly different.”
Additionally, if a user experiments with purchased hardware or software and finds a vulnerability, the user isn’t actively attacking a service in a way that could damage a business or its customers, Moguli added.
Granick called on security professionals to take measures such as building in end-to-end encryption in which the key is held by the end user and not the vendor. She also advocated for government-free technology development, and abolishing obsolete laws that stand in the way of Internet freedom.
This entry passed through the Full-Text RSS service – if this is your content and you’re reading it on someone else’s site, please read the FAQ at fivefilters.org/content-only/faq.php#publishers.