Looks like somebody wants to nominate themselves for a government contract.
A statement such as "We believe the exclusion of the "feds" this year does the exact opposite at a critical time." is just ridiculous. Even more bizarre is the idea of mentioning openness in the (current) government context.
If there is a positive effect between the openness of the hacker community and the Feds then why did we end up with the current situation?
The current situation is incredibly bad so I absolutely support the decision by DEF CON. Even if there is only one single occasion where people stop talking/avoiding a person who is working to close with government agencies this is a success.
People who work for these agencies will always hide behind some "greater good" narrative and avoid taking personal responsibility. My hope is that by getting personally shunned by their former peer group it might help them realize that this is not longer just business-as-usual.
Government loves to really up the public with the us vs them rhetoric so they definitely deserve a dose of their own medicine.
> Looks like somebody wants to nominate themselves for a government contract.
Interesting how when the news media baselessly questions the motives of whistleblowers it's a "smear campaign." When someone on HN does it to someone who's vaguely pro-NSA it's the top comment.
He's not even vaguely pro-NSA. He's pro-openness. The fact that this is the top comment is sad and its a testament to knee-jerk reactions in echo chambers around the world. There's a difference between the government as an entity and individuals who are employed by them. Feds attending DEF CON aren't really Feds, their security guys like everyone else there. Depending on the context one could be a fed first and other things second but at DEF CON that's not the case and barring a certain group of people turns it into a situation where you're labelled based on what you don't have in common with other attendees rather than being welcomed because of what everyone at the even shares.
I'm talking about our identities here. I do some charity work on the board of a non profit. When I give talks and attend events with others in that particular field I am an advocate for a cause like everyone else there, not a developer. To take it even further I'll add some details.
The charity is involved with educating the public about the recent heroin epidemic that's been hitting the country pretty badly. Now lets suppose that NIDA or the DEA was involved with a scandal having to do with letting dealers off the hook or fudging some study. And lets suppose the prevention and treatment community, in response to this, announced that no Feds are allowed to attend our annual event (which is real) where we always invite speakers who work in the area of prevention, treatment, and law enforcement. That would not be the right thing to do. Those Feds who normally come to our events have a genuine concern for the cause and offer valuable insights. By not inviting them the organization may make a strong political statement but its really not doing anything except allowing a small group of people to pat themselves on the back and say "yeah, we showed them". Meanwhile all of our attendees and guests are missing out on valuable insights they may have otherwise gotten had the organization not taken this route.
There are betters ways of making political statements. DEF CON themselves could have tried to do something to address the NSA leaks issue at the event without barring a group of people who most likely don't even consider themselves as Feds when they're in the context of a security convention.
May it be because those whistleblowers did something right, while the NSA did something wrong?
Or, could also be because governments normally pay lots and lots of people for holding opinion, while normally there is nobody paying for the opposite side.
No pill can heal that wound. Imagine you're a Government worker with 15y of experience. You would automagically think about the public as "them". If you're an Admin or IT-Guy, you "already" do that, by separating you from the "Common User".
And guess what, there is nothing wrong with this. It doesn't produce bad habits or bad intentions, because this is totally dependant on the persons character.
As a symbolic statement by DEF CON, I like the "no feds" thing. Pragmatically, it probably won't much much difference, since any Feds who want to attend can probably attend and just not identify themselves as feds. OK, yeah, Keith Alexander might be spotted, but the average run-of-the-mill FBI or NSA geek probably isn't all that recognizable unless they wear their official ID or something.
BUT... looking at it from the "keep your friends close, and your enemies closer" perspective, I'm not sure this is a Good Thing. The feds are going to do what they're going to do, regardless of what DEF CON does. Might as well invite them in, pick their brains, and learn as much as possible to help counter their shady machinations.
My major problem with the PRISM debacle was less that the NSA stores and analyzes Internet traffic (although it's perfectly reasonable to be upset about it) and more that they were doing it secretively (mixed with some disgust at how much money, energy, and time must be wasted storing and sifting through unfathomable amounts of data).
With that in mind, it's kind of counterintuitive to close the door to conversation when silence was the issue in the first place. It almost seems like a melodramatic romance ("I just need to be alone right now."), which portrays the DEF CON organizers as reactionary and immature.
I also think it creates unnecessary hostility when you disinvite a group of people that everyone seems to know will attend anyway. In fact, it just creates more secrecy.
Ordinary citizens talking to the NSA isn't going to stop them, it's more likely to get those same concerned citizens put on any number of watchlists. At the moment, I have some serious doubt that even Congress can stop the NSA and am quite sure they're not going to bother, aside from making a little noise so it looks like they're defending The Constitution.
What will put a stop to this is a Presidential Order, but that's not going to be forthcoming under any administration.
Ordinary Citizens have always been the driving force behind every major change in this country. Talk to everyone you can about this and for Christ's sake try a little positivity!
I think the NSA and friends are underestimating the amount of anger out there, and that the Congresscritters will probably try for a reduction of the NSA's budget to punish them for lying to them. The future of the organization might not be in jeopardy (although from the way congressmen seem peeved, it might) but there will definitely be cutbacks across the entire surveillance business.
See http://www.washingtonpost.com/politics/lawmakers-say-adminis... from the Washington Post.
See the following paragraph on the page 1: "“The national security state has grown so that any administration is now not upfront with Congress,” said Rep. Jerrold Nadler (D-N.Y.), a senior member of the House Judiciary Committee. “It’s an imbalance that’s grown in our government, and one that we have to cleanse.”"
as well as the last 5 paragraphs:
(para 1) Clapper’s statement prompted some lawmakers to allege what Rep. Justin Amash (R-Mich.) called a “double standard” in which a top official could deliver false testimony without fear of penalty.
(para 2) “If the administration has a policy to lie to Congress about classified materials in unclassified hearings, then you have to ask yourself what value the hearings have and whether or not anyone else is doing it,” said Rep. Mick Mulvaney (R-S.C.).
(para 3) Some are calling for a major overhaul of the current oversight system, including the intelligence committees and the surveillance court, which were created in the late 1970s amid growing concern about U.S. spy practices following Watergate, the Vietnam War and revelations about CIA efforts to overthrow foreign governments.
(para 4) Congress “tried to make agencies which have to operate in secret accountable nevertheless to the law,” said former vice president Walter F. Mondale, who as a senator was a member of the Church Committee, which led the efforts to overhaul the system.
(para 5) Now, Mondale said, “that system has totally collapsed.” He said Clapper’s willingness to mislead the public during Senate testimony “is what happens when there’s no accountability. . . . What is the consequence of fibbing to the American people?”
This seems to indicate to me that some congressmen are indeed interested in changing things around.
"Congresscritters will probably try for a reduction of the NSA's budget"
Not if the leadership and seniors have anything to do with it. Boehner called Snowden a traitor; he doesn't want to be told what Snowden knows. And Feinstein has defended the programs.
Wyden and Udall are in the minority. Everyone else on the Senate Intelligence Committee heard what those two heard, and there were no words of discontent or reform beyond what those two said. Indeed, most of you probably know their names only because of their faint opposition. They've been speaking as much as they dare for years, which means the rest of the committee has known for years. And yet, nothing.
Most, if not all, of the SIC members are the politically powerful members of the Senate, who will only be replaced at the polls if they screw up in an unrecoverable way (usually a sex scandal - people remember those). At any rate, because it's a rotating membership, there's no guarantee that anyone with any shred of decency toward privacy will wind up on it.
Congressmen have to be re-elected, and they have to show to their constituents that they have done _something_ to protect their privacy... There will be change.
Congress at large has the worst approval ratings in years, possibly ever. And yet we keep on mostly re-electing the individuals that make up the body, while in the same breath complaining about Congress.
I don't agree with the statement that Secure Ideas makes; they are opting out because DEFCON is supposed to be an open collaboration place, but if the very netsec community doesn't have the balls to stand up to the extreme over-reach of the NSA, then we are farked.
Yes, most of us have known for years the extent of the spying the NSA/USG does -- and I believe it's time to take back some individual sovereignty -- the NSA has all but dissolved this.
For me, this is not a political issue, its a human rights issue. I have no respect for the NSA and its apologists, period.
> but if the very netsec community doesn't have the balls to stand up to the extreme over-reach of the NSA, then we are farked.
I would agree with this much more if they had previously had a statement suggesting that feds from oppressive foreign regimes were not invited. As a non-US citizen, there is a sentiment of "it was OK when we thought they were just doing it to foreigners" about much of this debate.
However, this isn't about standing up to anyone, it's a PR move by DEF CON.
I'm sure this will just further your impression of the general sentiment, but I want to try to explain it as a US citizen. The biggest problem many people have with what the NSA has been revealed to be doing is that it breaks laws regarding the US government's ability to invade the privacy of its citizens, and it does so in secret, precluding real democratic oversight. While spying on foreigners may be unsavory, it does not fundamentally break our government the way (secretly) spying on citizens does.
Thank you for taking the time to respond. I can certainly understand the feelings of betrayal and injustice that comes from a government breaking the law to spy on its own citizens.
I have been working in the information security industry for just shy of a decade and while I have been openly accepted to attend/participate/speak at events, I have always felt that it is a US-centric industry. I had assumed that this is because of the huge amount of government money invested in to corporations and individuals that make up the community.
One of the things that I love about DEF CON is that it is big enough to make it truly international, when teamed with Black Hat it makes that week in Vegas unmissable. This stance on feds, by many people who I would call friends, gives the impression that they were happy to work/contract for the US gov while they knew they were targeting foreigners but not citizens.
It's worthwhile to note that people have often stated that the Constitution is not a "suicide pact". We are free (as a people) do what needs to be done to preserve our union. Whatever your political persuasion, it cannot be denied that bad actors are trying to coordinate and plan attacks against "soft" targets inside the United States and abroad. This is not a theoretical problem. It's real.
What is extremely unsavory about this entire affair is that the entire citizenry has somehow become a suspect. Every snippet of our communiques, interests, and associations is now considered "fair game". This has been done without ANY meaningful discussion in the public sphere. We, as a people, have been misled and our desire to understand what our government has been doing has been ignored. This is wrong.
I don't agree with Snowden's actions. I think he handled it the wrong way if what he wanted was to bring attention to this state of affairs. There are many who feel like he might have done this for personal glory or with traitorous intent. I'm not convinced one way or another, but I'm not happy with how this has unfolded.
I'm glad that there are enough people paying attention to this devils bargain we've made in the pursuit of security and I hope we get some resolution before things go back to the status quo.
We need to have a national conversation about this. The sooner the better. If there is a silver lining in Snowden's actions, I hope this is it.
"The Constitution is not a suicide pact" is a quote from Abraham Lincoln, as the civil war really was an existential threat to the union itself.
Similarly, the cold war was clearly an existential threat to the union itself, the most obvious example being the hundreds of nuclear ICBM's in Cuba.
Terrorism of the Boston Marathon sort is now an unfortunate reality, but is in no way comparable to these two events, and I simply don't see how it poses any existential threat to the union at all.
It's important to put things into perspective by understanding the threats we have faced in the past, and all that has been sacrificed to bring us the freedom we have now, so that we don't throw it away due to overreacting.
Yes, looks like it's commonly but wrong attributed to him.
It's more interesting in the context of Lincoln's suspension of Habeus corpus in the Civil War than as an unpopular dissenting opinion in a free speech case, though.
The terrorists who attacked us on 9/11 didn't start two wars and introduce countless (bad) societal changes, we did those things in response to the terrorist attacks. The distinction is important. We made a choice.
What I think you're ignoring is a prolonged, persistent, and increasing series of attacks against US persons and territories. 9/11 was just one of a series of attacks against us. Every previous attack was nearly ignored and forgotten here at home. I'm talking about the first World Trade Center bombing, the Cole Attack, and others.
And, honestly, it's easy for you to criticize. I lost three friends in the aftermath when our country went to war. This isn't an armchair argument for me.
I don't think it's fair to excuse the act of UBL and AQ only to denounce our response. I have little patience for pacifists.
I am not a pacifist. I do not excuse the actions of the terrorists, I denounce them in the strongest possible terms. There can never be any justification for what they have done. But I have less standing to criticize their actions than to criticize those of my government. Part of my job as a citizen of this country to hold opinions on its behavior, and my opinion is that since 9/11 we have been largely fighting the wrong people, and that the fight has been expensive in cost and in civil liberties. I believe the cure has been worse than the disease, and that the severity of the disease has been, and continues to be, overstated.
You are, of course, right that it's easy to criticize from an armchair, but representative democracy is all about finding a balance between the opinions of the experts with the most skin in the game and the wider populace, of which I am a part. I don't need to be a direct participant in the struggle against terrorism to be entitled to an opinion on it.
"I believe the cure has been worse than the disease, and that the severity of the disease has been, and continues to be, overstated."
I don't agree with you. Specifically, the threat of radicalized Islam is real and present. Downplaying that threat when it was still confined to overseas military targets led directly to 9/11. We (the US) missed several opportunities to effectively neutralize UBL and AQ in the decade before 9/11.
Where I think you're going wrong is to dismiss or de-emphasize the complete shift of military power away from large nation-states towards small non-state actors. Terrorism is winning as a strategy.
If we do not find some way to stem this threat, the world is going to get a whole lot more unstable and unsafe for everyone. And I'm not talking about just the USA. I'm talking about most of Europe and Asia as well.
I know some people look at the Arab Spring as a promising development, but history shows that there is a high likelihood of further bloodshed and tyranny taking root where there is a power vacuum. (n/b Iraq, Iran, Lebanon, Syria, and Egypt)
I'm fine with you disagreeing with me, but I'd prefer you to disagree with my actual belief. I believe that the threat has been overstated, not that there is no threat. There is an extremely wide band between "no threat" and "such an enormous threat that our society must be fundamentally altered in order to meet it". The former would be a vast understatement, but I believe the latter is a (much less vast) overstatement. Of course I have no hard data to base any of these beliefs on, because any such data is secret, these are merely the conclusions I've drawn from what I'm allowed to know.
I completely agree with you that terrorism is winning as a strategy. The goal of terrorism is to make us afraid, and we are afraid. I do think it warrants a strategic realignment. I'm not against all new strategies, just the ones that appear to me to be illegal or outside what I believe to be the spirit of the law.
I totally get your argument though. It is a dangerous world. I think we are just willing to make different trade-offs in the mitigation of that danger.
This isn't the first time the U.S. has faced a non-state organized group with worldwide ambitions killing innocents as a political tactic, the late 19th century anarchists were identical in all of these respects.
This needs to be personal - especially because we are not talking about some exploited minimal wage earners who have no other options.
But instead about professionals who have made the intentional choice to dedicate 8h+ a day to organizations that set out to destroy privacy and private communication across the world.
Your comment made me think of something.. Let me ask you:
THe NSA in specific and the intelligence community in general clearly believes that the information about, opinions of and actions by equate to "a person" -- if they did not, they would not be surveilling what they are.
Your question of whether I respect the "people" or their "arguments", appears to me, to be loaded.
It's as if you're attempting to determine if I make a distinction between the people in the positions of NSA staff vs. the actions they take as a willing person under employ.
I respect people: human beings. As a human being I see myself as a part of a singular species on a, thus far, singular planet in our universe. I am not an enemy of humanity - I am an advocate of it. The opinions arguments and actions of planetary governments though appear to actually be at odds with humanity and its longevity.
So, on the one hand we have an agencies actions which distill a person to their digital DNA; analyses, evaluates and judges it coming to a conclusion in whole as to what that person "is" and a schism in our culture that you appear to be attempting to exploit: your question is attempting to play to my "humanity" with these being people who are just making decisions and arguments in line with the "orders and directives" of an institutional body such as the NSA/USG.
Let me be very clear; I don't care who anyone works for, if you are attempting to control, oppress, exploit or succeed at the expense of people as a whole - you are an enemy to humanity.
You could be an individual, a group, a corporation or a government. I stand for both my individual sovereignty and the collective well being of my species and civilization.
This is what sets us apart from the insects; we are capable of thriving as collective individuals as opposed to hive-minded slaves.
So the mathematician at NSA who developed the SHA-1 algorithm that underlies a lot of higher-level crypto primitives... is he an oppressor or an individual making a positive contribution to the collective good?
How about the janitor who sweeps the bathroom floor at the NSA? Is he or she an enemy of humanity?
Hopefully you would conclude otherwise for both, but now you run into the situation where you have to judge individual actions and not just collective membership when assessing who is, or is not, an enemy of humanity. Note that I haven't even had to try to stick up for those 'just following orders'.
By all means, judge people on what they do; judge ideas on their own merits; that's all I've ever asked for myself. Just remember that sometimes good work may come from organizations that you consider evil. Imagine how we would have thought of the infamous Nazi Oskar Schindler, before we knew the real story of his factory.
Likewise, good people may have bad ideas, and those with good ideas are not necessarily good people trying to lead you to a good goal.
If you retread my comment, I specifically said I have no respect for the people at the NSA (and USG in general) who have worked to create a global surveillance state.
Your question about the "janitor" is ridiculous. While he's the lowest on the pawn totem, I am specifically talking a out those who know that they have created the systems designed to spy on every man woman and child on the planet.
If you cannot separate these people from those in a janitorial position, then you're clearly attempting to sideline the discussion.
> If you retread my comment, I specifically said I have no respect for the people at the NSA (and USG in general) who have worked to create a global surveillance state
Well all I ask is that you keep that in mind next time you decry someone for working at NSA, or FBI, or any of a number of other agencies, unless you actually know what they've done.
People are all too willing to offload rational thought to the simple act of labeling. The Bush-style logic of "You're either with us or against us" was wrong when talking about terrorism, and it's still wrong when you're talking about the NSA, or even government in general.
Let people be evaluated for what they actually do, not merely for where they showed up for work. In case you're wondering, this does mean that I don't support excluding Feds from a conference just because they're Feds, arrest powers or otherwise... though you could ask the agency not to send their employees on official duty since we oppose the agency's actions itself.
this is rank hypocrisy. The NSA is simply using what "security researchers" have been talking about at Defcon for years. One lone hacker gets into a telecom's system and he makes a name for himself (or herself). A government agency does it and everyone gets on their sanctimonious high horse when all the NSA is doing is taking hacking to its next logical step, government weaponization of hacking. .
We the People don't take kindly to our elected and appointed Public Servants openly lying to us with impunity about programs which are most definitely against the spirit and intent of the Bill of Rights.
There's no comparison between some "lone hacker" and our own government entities.
The idea that we should accept what the NSA et al have been doing in our name simply because it might be the next logical step is preposterous!
The next logical step is extermination camps, and the parallels between our current IC & that of Nazi Germany are too numerous to ignore.
That our government wastes so much on these spy programs while simultaneously neglecting our own people is unforgivable.
Hypocrisy has no place in our government, but that's exactly what we have now.
Here's hoping that the free time slots are now filled with talks that discuss ways to escape the surveillance state. Particularly how systems for the use of masses could be erected.
Exactly. Democratizing defenses for the average person needs to become the norm. Every person in the world has the right to be free from government surveillance, both domestic and foreign.
Had to scroll too far down to find this comment. Defcon's argument, which Secure Ideas didn't seem to get, was:
P1) This is a place for those who believe in openness, sharing, and mutual gain.
P2) Feds have been hiding the fact that they've been screwing us all along.
Conclusion: This isn't a place for Feds.
The blog posts states: "...but rather a continuation of openness that this event has always encouraged." But this is exactly why the Feds aren't allowed.
this is so awesome by Secure Ideas, and also an awful move by DEF CON. one of the largest problems with current state of technology is that what the fed is doing is possible. hopefully there will be a lot of talk about how to shift towards more secure services such as mesh nets and polymorphic encryption. the feds would have been good resources to talk to, and it's extremely hard to find an opportunity to have the kind of necessary talks outside of conventions like DEF CON.
> one of the largest problems with current state of technology is that what the fed is doing is possible.
I think you meant 'legal' but you accidentally wrote 'possible' instead. Mesh nets and polymorphic encryption don't stand a chance against a supoena and the threat of a lengthy imprisonment/huge fine for noncompliance.
I said what I meant. And I think you're implying that the government doesn't use the same backdoors and web surveillance strategies that all black hats (anyone really) has the ability to deploy.
The stark difference being that no hacker has the ability to deploy a standing army, a secret police force, or secret courts for issuing secret warrants.
Uhm.. the feds do not share or collaborate. They will prosecute any of their own who do give back. In fact, Keith Alexander came there last year to lie to your face.
I think they make a really good point, which is that true neutrality is something beneficial for the whole community.
Besides, DEFCON's statement was symbolic. If the NSA is watching us constantly anyway, they're going to be hacking us and us hacking them even if we and/or they are not at the conference.
Even if the "feds" aren't officially invited to run a booth and take applications, they're gonna show up anyways probably three weeks before the event to install facial recognition cameras and audio recording bugs in all the hotel rooms (;
I'm sure that they don't need to. They just ask the casinos and other places to give them all the footage after the fact.
Wouldn't you want to hold a conference like this in a place where all surveillance equipment were not standard so you can spot them as anomalies in the surroundings?
I would imagine that every single person that has attended is on the list of people whose communications are stored indefinitely.
By closing themselves to the US "feds" community, do they open themselves up to the larger international black hat community?
I would imagine that any foreign black hat would have reservations about going to DEFCON.
In fact, the DEFCON community probably benefits from diversifying globally by being held in other countries.
I don't know anything about DEFCON, but how diversified is the audience that attends? Historically, have the overwhelming majority of non-fed attendees been US citizens? I would imagine that both Germany and Israel are well represented in the community.
If so, how do they attend without risking being put on a no-entry list at the border?
Anyone can attend DEF CON, including feds that leave their badges in their wallets. That being the case, this statement was made for the benefit of exactly one audience: government procurement departments.
There's this thing called sequestration going on that's disrupting the budgets of all the federal agencies.
The feds are cutting budget for ridiculous things like the blue angels.
But they're totally going to be maintaining the budget for hacker cons in Las Vegas.
This is all about street cred for defcon & nothing to do with "taking a break." Jeff Moss is too sophisticated to be throwing away all those relationships. This is a stunt circle jerk.
After the GSA stunt a few years ago, you bet conference budgets have been cut. Departments are given a set budget for each conference--if I remember right, the DOE allocates $100k max per conference. Sounds like a lot, but then you see what happened to last year's Supercomputing conference. That's a weeklong conference traditionally attended by many of the DOE's large supercomputing community. $100k does not send many people to a week-long conference. This was enough to cause very notable effects on the conference as a whole; outlets such as The Register even commented on it. I've heard rumors that some companies may not be going this year because without the DOE there, it's just not as valuable for HPC vendors.
I think some who have direct or indirect ties to NSA or other government organizations will probably feel the pressure to opt out for DEFCON that increasingly have become anti-government.
They make a good point: DEF CON has not given "concrete" reason for why they banned the feds. They merely allude to "recent revelations".
I am not necessarily opposed to the idea of banning people for bad behavior, but DEF CON should spell out a concrete policy, apply it to everyone, and be specific about the offending actions.
Is Defcon worried about fights breaking out or something? You know the 'feds' are going to be there anyway. At least if they were in the open then everyone could give them a piece of their minds and maybe convince some of them to quit their jobs or at least give more consideration to the other perspective.
Wow, I got my talk down to "you or one other talk" and wasn't accepted (I did apply late). Tempted to see if they'll let me replace Secure Ideas. I have no problem with the "feds, please stay home" policy.
A statement such as "We believe the exclusion of the "feds" this year does the exact opposite at a critical time." is just ridiculous. Even more bizarre is the idea of mentioning openness in the (current) government context.
If there is a positive effect between the openness of the hacker community and the Feds then why did we end up with the current situation?
The current situation is incredibly bad so I absolutely support the decision by DEF CON. Even if there is only one single occasion where people stop talking/avoiding a person who is working to close with government agencies this is a success.
People who work for these agencies will always hide behind some "greater good" narrative and avoid taking personal responsibility. My hope is that by getting personally shunned by their former peer group it might help them realize that this is not longer just business-as-usual.
Government loves to really up the public with the us vs them rhetoric so they definitely deserve a dose of their own medicine.