Feds BANNED from DEF CON by founder (who is Obama's cyber-expert)

And presumably uninvites himself?

Choosing a cloud hosting partner with confidence

DEF CON 21 Jeff Moss - the US government security advisor who founded the DEF CON hacking convention - has urged federal agents to stay away from the conference next month.

For the first time in the annual event's 20-year history, g-men and spooks have been made unwelcome. Exactly how effective the request will be remains to be seen.

Moss's anti-invitation was laid out in a note posted on the DEF CON website titled Feds, We Need Some Time Apart. And it reads like a text from someone who has realised an acquaintance they invite to a big blowout party every year has either been stealing from their stash or been especially mean to their other friends*:

For over two decades DEF CON has been an open nexus of hacker culture, a place where seasoned pros, hackers, academics, and feds can meet, share ideas and party on neutral territory. Our community operates in the spirit of openness, verified trust, and mutual respect.

When it comes to sharing and socializing with feds, recent revelations have made many in the community uncomfortable about this relationship. Therefore, I think it would be best for everyone involved if the feds call a "time-out" and not attend DEF CON this year.

This will give everybody time to think about how we got here, and what comes next.

The Dark Tangent

Moss, aka Dark Tangent, was appointed to the US government's Homeland Security Advisory Council by President Obama in 2009, and is chief security officer for internet overlord ICANN. He also founded the DEF CON and Black Hat computer security conferences, both regularly held in Las Vegas, Nevada.

It's presumed Moss's warning was in part sparked by recent revelations about the NSA and its monitoring of the world's internet connections - see the bootnote below. Feds are welcome to turn up to the top hacking conventions, provided they're transparent about it and can put up with a little ribbing from attendees. But perhaps in light of recent events, the presence of any g-men could spoil the atmosphere.

Among the security experts and hacker types who have reflected on the DEF CON blog post, some think the ban won't be enforced and the invitation is purely for show; others think it's a sensible move towards defusing potential antagonism that might otherwise spoil the whole event for everyone.

"I wonder if this means that the Feds will be escorted out of DEF CON, like those reporters who fail to register themselves as such," mulled Jeremiah Grossman, founder and CTO of WhiteHat Security, in a Twitter update.

Robert Graham of Errata Security has a characteristically thoughtful blog post supporting the cooling off move.

"A highly visible fed presence is likely to trigger conflict with people upset over Snowden-gate," Graham wrote. "From shouting matches, to physical violence, to 'hack the fed', something bad might occur. Or, simply attendees will choose to stay away. Any reasonable conference organizer, be they pro-fed or anti-fed, would want to reduce the likelihood of this conflict.

"The easiest way to do this is by reducing the number of feds at DEF CON, by asking them not to come. This is horribly unfair to them, of course, since they aren't the ones who would be starting these fights. But here's the thing: it's not a fed convention but a hacker party. The feds don't have a right to be there -- the hackers do. If bad behaving hackers are going to stir up trouble with innocent feds, it's still the feds who have to go."

Tor developer and longtime NSA critic Jacob Applebaum called on other conferences to follow suit. "I hope ‪#OHM2013‬ makes a statement similar to ‪#DefCon‬ - the feds and cops won't follow it but saying it sets expectations," he said in a Twitter update.

Applebaum's post is a reference to OHM2013: Observe. Hack. Make. which is due to take place between 31 July and 4 August in Amsterdam, the Netherlands.

BSides and Black Hat events will also be held in Vegas in the run-up to this year's DEF CON. Federal agents are welcome at both of these conferences, at least the time of writing. In fact the opening day keynote at Black Hat is due to be delivered by General Keith Alexander, the head of the NSA. DEF CON is due to start the day after, running from 1 to 4 August at the Rio Hotel and Casino.

Vegas promises to be action all the way over the next few weeks. ®


* For "stealing from their stash" read "tapping into their emails spools and browsing their web history via the PRISM programme". And for "been especially mean to their other friends", perhaps read "the controversial prosecution of Andrew 'weev' Auernheimer over the AT&T iPad hack case and/or the prosecution of Aaron Swartz in a separate case that some blame for the internet activist's suicide".

Top 5 reasons to deploy VMware with Tegile

More from The Register

next story
You really need to do some tech support for Aunty Agnes
Free anti-virus software, expires, stops updating and p0wns the world
Regin: The super-spyware the security industry has been silent about
NSA fingered as likely source of complex malware family
You stupid BRICK! PCs running Avast AV can't handle Windows fixes
Fix issued, fingers pointed, forums in flames
Looks for gov malware that evades most antivirus
Patch NOW! Microsoft slings emergency bug fix at Windows admins
Vulnerability promotes lusers to domain overlords ... oops
Hikvision devices wide open to hacking, claim securobods
prev story


Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Designing and building an open ITOA architecture
Learn about a new IT data taxonomy defined by the four data sources of IT visibility: wire, machine, agent, and synthetic data sets.
How to determine if cloud backup is right for your servers
Two key factors, technical feasibility and TCO economics, that backup and IT operations managers should consider when assessing cloud backup.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?