Feds BANNED from DEF CON by founder (who is Obama’s cyber-expert)
DEF CON 21 Jeff Moss – the US government security advisor who founded the DEF CON hacking convention – has urged federal agents to stay away from the conference next month.
For the first time in the annual event’s 20-year history, g-men and spooks have been made unwelcome. Exactly how effective the request will be remains to be seen.
Moss’s anti-invitation was laid out in a note posted on the DEF CON website titled Feds, We Need Some Time Apart. And it reads like a text from someone who has realised an acquaintance they invite to a big blowout party every year has either been stealing from their stash or been especially mean to their other friends*:
For over two decades DEF CON has been an open nexus of hacker culture, a place where seasoned pros, hackers, academics, and feds can meet, share ideas and party on neutral territory. Our community operates in the spirit of openness, verified trust, and mutual respect.
When it comes to sharing and socializing with feds, recent revelations have made many in the community uncomfortable about this relationship. Therefore, I think it would be best for everyone involved if the feds call a “time-out” and not attend DEF CON this year.
This will give everybody time to think about how we got here, and what comes next.
The Dark Tangent
Moss, aka Dark Tangent, was appointed to the US government’s Homeland Security Advisory Council by President Obama in 2009, and is chief security officer for internet overlord, ICANN. He also founded the DEF CON and Black Hat computer security conferences, both regularly held in Las Vegas, Nevada.
It’s presumed Moss’s warning was in part sparked by recent revelations about the NSA and its monitoring of the world’s internet connections – see the bootnote below. Feds are welcome to turn up to the top hacking conventions, provided they’re transparent about it and can put up with a little ribbing from attendees. But perhaps in light of recent events, the presence of any g-men could spoil the atmosphere.
Among the security experts and hacker types who have reflected on the DEF CON blog post, some think the ban won’t be enforced and the invitation is purely for show; others think it’s a sensible move towards defusing potential antagonism that might otherwise spoil the whole event for everyone.
“I wonder if this means that the Feds will be escorted out of DEF CON, like those reporters who fail to register themselves as such,” mulled Jeremiah Grossman, founder and CTO of WhiteHat Security, in a Twitter update.
Robert Graham of Errata Security has a characteristically thoughtful blog post supporting the cooling off move.
“A highly visible fed presence is likely to trigger conflict with people upset over Snowden-gate,” Graham wrote. “From shouting matches, to physical violence, to ‘hack the fed’, something bad might occur. Or, simply attendees will choose to stay away. Any reasonable conference organizer, be they pro-fed or anti-fed, would want to reduce the likelihood of this conflict.
“The easiest way to do this is by reducing the number of feds at DEF CON, by asking them not to come. This is horribly unfair to them, of course, since they aren’t the ones who would be starting these fights. But here’s the thing: it’s not a fed convention but a hacker party. The feds don’t have a right to be there — the hackers do. If bad behaving hackers are going to stir up trouble with innocent feds, it’s still the feds who have to go.”
Tor developer and longtime NSA critic Jacob Applebaum called on other conferences to follow suit. “I hope #OHM2013 makes a statement similar to #DefCon – the feds and cops won’t follow it but saying it sets expectations,” he said in a Twitter update.
Applebaum’s post is a reference to OHM2013: Observe. Hack. Make. which is due to take place between 31 July and 4 August in Amsterdam, the Netherlands.
BSides and Black Hat events will also be held in Vegas in the run-up to this year’s DEF CON. Federal agents are welcome at both of these conferences, at least the time of writing. In fact the opening day keynote at Black Hat is due to be delivered by General Keith Alexander, the head of the NSA. DEF CON is due to start the day after, running from 1 to 4 August at the Rio Hotel and Casino.
Vegas promises to be action all the way over the next few weeks. ®
* For “stealing from their stash” read “tapping into their emails spools and browsing their web history via the PRISM programme”. And for “been especially mean to their other friends”, perhaps read “the controversial prosecution of Andrew ‘weev’ Auernheimer over the ATT iPad hack case and/or the prosecution of Aaron Swartz in a separate case that some blame for the internet activist’s suicide”.