Black Hat – Smashing the future for fun and profit

Black HatI’m delighted to once again be writing to you from the Black Hat USA conference in Las Vegas, Nevada. This year’s Black Hat is as big as ever and the talks seem to have improved over 2011.

The first session I sat in today was titled “Smashing the future for fun and profit” and was a panel with Jeff Moss (Dark Tangent), Adam Shostack, Marcus Ranum and Bruce Schneier moderated by Jennifer Granick.

Those of you that may have asked me to be on a panel in the past may well know that I am not a big fan of panels. Most of them are buckets of #FAIL. This one however was very well executed. It was a great mix of hands-on practitioner mixed with big think topics.

Surprisingly nearly the entire discussion revolved around the role, responsibilities and behavior of government. Maybe Jeff is to blame for that considering his roles at Homeland Security and ICANN.

I think generally everyone seemed to agree with Marcus Ranum on the dividing line between what the government should be doing versus the private sector. Just like in other parts of our society the line is drawn between what only a nation-state can do and what the private sector is incented to do.

Jeff pointed out that government also plays an important role in those things that the private sector simply isn’t interested in, even if the development of these new technologies is needed and important.

He gave examples of how DHS has been involved in further development work on DNSSEC and secure BGP. Both are very important for the future integrity and security of the internet, yet there was little commercial advantage for the private sector to invest.

Jennifer did a brief poll asking the audience if they were more afraid of the government having access to their information and doing undesirable things with it or if we were more afraid of Google. A significantly larger proportion are afraid of Google.

Phrased another way we were asked if we are most afraid of the government, corporations or “the bad guys”. When put in these terms the “bad guys” were the most feared without question.

I found the panel’s opinions both enlightening and realistic. It was a no-bullshit zone and that openness lead to the success of the session.

The conclusion sums it up well. We still have a long way to go and we will not ever likely get there, but ten years from now we are likely to be better off for having tried to make it better.