Jul 11, 2013 (05:07 AM EDT)
NSA Fallout: No Feds At Def Con
Read the Original Article at InformationWeek
"Feds, we need some time apart."
So read a message posted to the website of the Def Con 21 conference Wednesday by Jeff Moss, the Def Con founder known as Dark Tangent, representing the first time since the conference began in 1992 that the organizers have asked federal agents and officials to not attend.
"For over two decades Def Con has been an open nexus of hacker culture, a place where seasoned pros, hackers, academics and feds can meet, share ideas and party on neutral territory," said Moss, who's also the chief security officer of ICANN and since 2009 a member of the U.S. Homeland Security Advisory Council.
"When it comes to sharing and socializing with feds, recent revelations have made many in the community uncomfortable about this relationship. Therefore, I think it would be best for everyone involved if the feds call a 'time-out' and not attend Def Con this year," he said. "This will give everybody time to think about how we got here, and what comes next."
Those recent revelations, of course, include leaks by former National Security Agency (NSA) contractor Edward Snowden, who revealed that the agency is running domestic surveillance programs.
[ Hero, criminal, or traitor? See why NSA Prism Whistleblower Snowden Deserves A Medal. ]
Moss' move represents a sharp about-face from last year, when Gen. Keith Alexander, director of the NSA and U.S. Cyber Command, delivered the keynote address at the annual Las Vegas convention. Asked by Moss on stage if the NSA maintains files on all Americans, Alexander replied in the negative, reported Wired. "No, we don't. Absolutely no. And anybody who would tell you that we're keeping files or dossiers on the American people knows that's not true," said Alexander.
"I've spent 20 years trying to get someone from the NSA" to speak at the conference, Moss told CNET at the time. "It's eye-opening to see the world from their view," he said. "On the NSA's 60th anniversary and our 20th anniversary this has all come together."
As that suggests, federal agencies have a long-standing involvement in Def Con. In 2000, one press briefing I attended -- recording devices and cellphones prohibited -- was slow to start. "We apologize for the delay," said a Def Con media liaison. "The CIA is caucusing in the men's room."
"Spot the Fed," best described as "a paranoid version of pin the tail on the donkey" -- for hackers concerned that someone was watching their every move -- has long been a fun Def Con fixture, with spotters scoring an "I spotted the fed!" t-shirt and feds receiving an "I am the fed!" shirt.
The Def Con ban on U.S. government employees at the Aug. 1-4 conference drew mixed commentary from information security professionals. "If the suggested ban on 'feds' at Def Con this year is in the interest of their own safety, what does that say about the attendees?" tweeted Chris Eng, VP of research at Veracode.
In fact, that says a lot about attendees, replied the Bangkok-based vulnerability broker known as The Grugq. "There are loads of smelly moronic drunk teenage idiots males in attendance. Have you seriously never been or something?" The Grugq tweeted, noting that a ban on feds would "likely help prevent stupid drunken antics from some."
Others agreed with that assessment. "A highly visible fed presence is likely to trigger conflict with people upset over Snowden-gate. From shouting matches, to physical violence, to 'hack the fed,' something bad might occur. Or, simply attendees will choose to stay away. Any reasonable conference organizer, be they pro-fed or anti-fed, would want to reduce the likelihood of this conflict," said Robert David Graham, CEO of Errata Security, in a blog post.
"The easiest way to do this is by reducing the number of feds at Def Con, by asking them not to come," he said. "This is horribly unfair to them, of course, since they aren't the ones who would be starting these fights. But here's the thing: it's not a fed convention but a hacker party."