Keynote: Threat Modeling and Constitutional Law
Black Hat USA 2025 · Day 1 · Briefings
Jennifer Granick, the ACLU's Surveillance and Cybersecurity Counsel, challenged Black Hat attendees to expand their threat models beyond criminals and include government surveillance as a genuine risk to their users. Drawing on the Fourth Amendment's mounting inadequacy against data brokers, commandeered government databases, and reverse location searches, she called on security professionals to use their technical expertise to protect bystanders — not just from hackers, but from suspicionless dragnet surveillance enabled by modern data collection. ---
AI review
Granick's threat-model expansion argument is correct, the Avengers framing lands, and the three Fourth Amendment failure modes — data brokers, commandeered databases, reverse searches — are concrete enough to be useful. But she's a lawyer at a hacker conference, and the technical ask ('minimize data collection, encrypt by default') is 2015 security advice with a 2025 political coat of paint.