Jennifer Granick bristles a little bit when she hears people talk about the cloud.
“The ‘cloud’ is such a terrible metaphor,” said Granick, director of civil liberties at Stanford’s Center for Internet and Society, in remarks Wednesday at Black Hat in Las Vegas.
“A cloud is billions of little droplets of water. But the Internet cloud is a finite and knowable number of companies that together have control of almost all of the Internet that we use.”
Granick, a veteran computer crime and privacy law attorney, used her keynote slot at Black Hat to talk about Internet security in the broader sense: the security of the Web’s basic structure as a decentralized network.
Infrastructure centralization, governance issues, and the rise of mass surveillance threaten, in her view, the Internet’s fundamental “end-to-end” design principle — the idea that dumb pipes connect anyone to anyone without interference, with decisions happening at the edge of the network.
Those decisions — about who can talk to whom, and what they can say — are increasingly made inside the private data centers of companies such as Facebook and Google. Even with the best intentions, those companies are subject to regulatory pressure from governments around the world. Many of those countries lack stringent legal protection for free speech.
To give one example from personal experience, I lived in Beijing in 2008. A Google image search for “Tiananmen Square” would return sunny tourist snapshots of the iconic landmark, instead of tanks rolling toward a lone protestor. (Google in 2010 began redirecting Chinese users to its Hong Kong-based search site, which is outside of the mainland government’s censorship jurisdiction.)
This isn’t to beat up on Google — companies can’t just flaunt the laws in the countries they operate in. And as Granick points out, the massive players that run the lion’s share of the cloud have become massive because they provide valuable services.
But, she says, “if we don’t do things differently, the Internet is going to end up like TV” — centralized, strictly regulated, and closed.
“If that’s true, then what we need to do in the next 20 years is get ready,” Granick adds. One potential solution is end-to-end encryption controlled by consumers — an idea vigorously opposed by the U.S. Department of Justice and Homeland Security.
Other decentralized networks might spring up in the Internet’s place. TOR, mesh networks, and blockchain could all be contenders. But that would mark the end of the Internet as it was originally designed.
“If the Internet is going to be this slick, stiffly controlled, closed thing,” says Granick, “we need to get ready to smash it apart and make something new and better.”