Hacker News new | comments | show | ask | jobs | submit login
Feds, We Need Some Time Apart (defcon.org)
587 points by rosser 1112 days ago | hide | past | web | 250 comments | favorite



So I assume Dark Tangent won't attend his own con? Jeff Moss sits on the Homeland Security Advisory Board and is the CSO of ICANN.[1] If that's not "the man", I don't know what is.

[1] http://www.dhs.gov/homeland-security-advisory-council-member...


Ironically, there is a security issue with that page. The links for each name go to some sort of CMS edit page for each record. It says access denied, but having the URL scheme for editing pages wouldn't be the most useless thing in the world for the type of person interested in editing such things....you know like the type of people that attend Defcon.

https://edit.dhs.gov/homeland-security-advisory-council-memb...


I can understand your position with DHS. But CANN is hardly the man. Would you prefer a world where ICANN is unable to find competent security people because working for ICANN is some how associated with evil?


Supporting ICANN is hardly working in the name of "good".

Sure, working with ICANN may not be associated with "evil".

However to those in the know, it is associated with greed under the guise of "service to the public".

Personally, I'd prefer a world where ICANN, namely the centralization and commercialization of domain names to benefit a select few insiders and an array of parasitic sleazebags, gave way to a non-antagonistic naming system harmonized with trademark law and actually run transparently as a public service, for the public benefit.


However to those in the know, it is associated with greed under the guise of "service to the public".

Don't forget a US-centric internet, far more readily controlled and manipulated by that state than any other.


I have heard exactly zero accusations that ICANN is doing anything to control or manipulate the Internet for the good of the U.S. None of the recent revelations about Prism, tapping cables, etc. have anything to do with ICANN.


When you hear other countries talking about "US control over the internet" they're largely talking about ICANN.

But I agree that they're not "The Man" per se. Though I assume they're co-opted to the core.


Entry (since the site is down):

"Feds, we need some time apart. Posted 7.10.13

For over two decades DEF CON has been an open nexus of hacker culture, a place where seasoned pros, hackers, academics, and feds can meet, share ideas and party on neutral territory. Our community operates in the spirit of openness, verified trust, and mutual respect.

When it comes to sharing and socializing with feds, recent revelations have made many in the community uncomfortable about this relationship. Therefore, I think it would be best for everyone involved if the feds call a "time-out" and not attend DEF CON this year.

This will give everybody time to think about how we got here, and what comes next.

The Dark Tangent"


Will this actually affect the feds ability to attend or will they just attend in plain clothes? Or will they be able to attend as feds and just be looked down upon?


It basically means that spot the fed will be more eventful this year.


Literally, with like paintball guns or some other form of humiliation.


Wouldn't that be assaulting a federal agent?


If they're off duty and in plain clothes shouldn't it be a civilian assault? Although, since the intent is to paint a federal agent I suppose you'd have a case.


or just assault?


Assault would be threatening them with a paintballing. Battery is when the paintball hits their trachea.

http://wiki.answers.com/Q/What_is_the_difference_between_ass...


just alert everyone that they will be engaging in a paintball event; and they consent to the assault.


I am pretty sure it doesn't work that way. :)


Maybe if everyone signs a consent form at registration.


There is no registration at defcon, it's all anonymous. You hand them cash for a badge and a packet of info/stickers/cd and are on your way.


When you go to a paintball field, is there a complicated registration process, or is it just understood that paintball is played at this particular place? Whatever legal maneuvers the paintball field's management has to do, DefCon could do.

(I suspect the main objections to indoor paintball will come from the venue. Perhaps a less messy, but still humiliating, method can be used?)


This is an absurd proposal, but given that the Rio won't let people running pubs in this years call for parties attach stuff to the walls (Can't find the link offhand, but it was in the submission info), I think it's safe to assume that paint guns inside wouldn't happen.

That said, that's the least important reason, the more important one being that you can't just nail people with any kind of gun at an infosec conference, no matter how unconf it is.


And FYI, about 100 different people will have your credit card information if you use the hotel ATM to get your cash.


There is nothing to mark them as feds, payments are in cash and everyone is in plain clothes. I think this will make very little difference to who attends.

It is also worth mentioning that Black Hat (the two days preceding DEF CON) has reportedly seen a drop in registrations due to lack of funding for federal employees to attend (I have no source for this other than industry rumor). There was a suggestion that some would still attend DEF CON and save on the registration cost for Black Hat, but many were planning to stay away anyway.

I feel that this is more public relations than anything else, the feds will still be there but DEF CON can present the image of being underground hackers fighting "the man". Some of the smartest people that I have met at these sort of events work for governments around the world, either directly or through private companies.

The reason the lines have blurred between the two groups over the past decade is as much to do with money as it is to do with diplomacy or a shared enemy. I think that this statement goes against one of the core values of DEF CON: that everyone is welcome, regardless of background or ability.


It's definitely plausible. Slashed travel and conference budgets have been a major result of the sequester.


A good number of the Feds seem to enjoy self-identifying. Many will still attend, but the chemistry will definitely be different.


My impression was that they enjoy drinking a lot and for many Defcon was the only time of year they got to go "under cover".


>everyone is welcome, regardless of background or ability

This year, in the spirit of inclusivity, they should bring in the lead architect of the Great Firewall of China.


Feds always attend in plain clothes so this effectively does nothing. I also wonder if a Fed only means investigative or law enforcement type Feds or also includes federally employed IT peoples.


iamtherockstar you are hellbanned. Your comment appears as dead. I tell you because you made an informative comment. Looks like it happened about a month ago.


thanks for the info noob! quit bothering people.


I think I accidentally upvoted this comment when my phone's browser glitched. Meant to downvote.


I don't think the intention is to create a moat around the conference. Things have been getting quite cozy between these two [1]; I'm sure recent revelations don't play well with this conference's attendee base.

[1] https://www.computerworld.com/s/article/9229756/NSA_chief_as...


A moat "this year" until it's safe for them, PR-wise, to work at legitimizing the feds again.


Perhaps this is why this bothers me: the Feds don't need any help from Defcon. If anything, it's the other way around.


Maybe it should be renamed FedCon.


It may affect their ability to recruit.


Honestly, I doubt it. They had a legit enigma machine last year. It was cool. Their booth was busy because of it.

That said, I doubt anyone interested in working for the NSA would be put off by this/the recent leaks, or that anyone who didn't want to work for the NSA was going to change their mind at DEF CON.


People care about what their peers think of them. Even if a recruit don't have a problem with what the NSA does, the job is significantly less "cool" today than it was not that long ago.


Not everyone cares what their peers think of them... particularly if they in turn think their peers are being dicks. And not everyone has the same opinion (or level of outrage) over what the NSA has done.


What kind of fool would do all the work to get a security clearance to get a "cool" job at the NSA that they wouldn't be able to tell anyone at all about?

It's folklore wisdom that many of those people have to tell their friends and family that they work for the "GSA" doing PC networking or something like that.


I applaud Jeff's (DarkTangent) stance on this. I've been to 7 Defcons now and the Feds have always been treated fairly. Even the media has been treated with respect, so long as they are transparent and honest about being media [1]. Honesty and openness have been betrayed this year with the Snowden leaks, and I'm glad people are finally taking a stand.

I'm curious other security conventions will take the same stance.

[1] One year a reporter disguised herself as an attendee instead of admitting she was a reporter, and was attempting to get hackers on record saying that they've hacked into <this> and <that> important system. She was found out and summarily chased (literally) out the convention.


I'm extremely impressed with DarkTangent, this must have been a difficult move for him to make, especially given that the NSA Director(DernZa) was the keynote speaker at the last defcon. He is probably getting a mountain range of shit right now from the feds.

" Over the past two decades, hackers at Defcon and the feds have been circling each other suspiciously. The nation's top "spook" -- National Security Agency Director Gen. Keith Alexander -- giving a keynote at the hacker confab, shows just how much tensions have mellowed." http://news.cnet.com/8301-1009_3-57481689-83/nsa-director-fi...

Things don't look so mellow anymore.


>He is probably getting a mountain range of shit right now from the feds.

I doubt it. It's just PR. Defcon will invite the feds back once everything blows over, PRISM or not.


DT is famous for cultivating controversy for PR. AIUI, in the past Defcon has orchestrate [big company's] lawyers literally walking on stage to shut down a vulnerability disclosure talk.


I'm skeptical. For the past few years that I've been attending, defcon felt at some times like an instrument for fed recruiting while paying lip service to its original "underground" feel. DT's message almost felt like posturing to underline the latter rather than a sincere statement to curtail the former. I won't pretend that I'm a long time attendee (my first was DC16), so I would love to hear from some more seasoned attendees if my impression is correct.

Edit: the reason for that impression is that there is no declaration of a policy in his message (e.g. "feds are prohibited from soliciting employees at DC21"), rather a soft "time-out". With all due respect to DT, neither we nor the feds are in the third grade. Contrast this with their strict journalist policy and recall how that undercover reporter was outed and kicked out/chased away a few years ago.


You might have felt like that because the original organizer, "Dark Tangent" aka Jeff Moss, turned state's evidence in 2009. He's been on the federal payroll ever since.

Here, he's trying to pose as an anti-fed activist while simultaneously drawing a Department of Homeland Security paycheck.


I went to DC in the 90s and almost everybody you ran into was doing something illegal, like the Shadowcrew guys and a team of motorola hackers I mainly hung out with. Almost every talk gave hommage to whatever current hacker was in prison or on the run, and typically was anti fed, anti surviellance and anti copyright. Totally different now because at the time felt like the whole culture was under seige by overzealous feds and there was constant rumours of feds watching the exits with surveillance like we were the mafia or something


I had written more here, but even after cutting down this post is still to long. Basically the evolution of DC is in large part a response to its own success. 13k attendees (IIRC) is going to change things, and any difference makes it easy to get disenchanted and/or nay-say. I don't think the attitude and execution have gotten worse overall, just different.

the reason for that impression is that there is no declaration of a policy in his message

Defcon knows they can't dictate everything that happens, only influence it. Feds are going to be there one way or another, thats why DT had an "invite the feds" attitude from the beginning. To hear some goons tell it, the "spot the fed" game was created as a social device to reduce animosity between attendees and law enforcement while also reminding everyone that strangers at the convention aren't your friends.

Even with enforcing hard and fast ideas (like the journalism boundary) they start off with a light touch. They gave the reporter many chances to stop snooping about and get a press badge. Before letting us into the convention center on day one red shirts were giving out warnings. That was days before she was publicly called out in one of the panels and marched out of the Riv.

As you say, we're not in third grade. But defcon does know it, and understand they can't keep people out a no-names cash-transaction event based on attendee employer. The most they can hope to do is say "Hey, maybe not so much this year?" Time will tell how it plays out, but the last thing I would call it is an attempt to save face or change the image of the event. I thought it was 100% DT playing a joke at first, and I still think its a joke now, just one with a message.


As hackers we have an ethical obligation to refuse service to tyrants and dictators. Like mercenaries who profiteer off war, we should ostracize those who act against humanity.


Exactly: Stay away from North Korea


We also have an ethical obligation not to abuse the computer systems of those less skilled than us, but that obligation has hardly stopped that kind of stuff.


This is going to be my tenth (?!) year at DEF CON.

The culture of DEF CON, and especially its evolution, is a very interesting one. When I first attended DEF CON, it was a bunch of seemingly scary hackers. Fortunately, it turns out most of them were amazing people.

As the conference grew (and changed venues several times), the culture began to evolve. The barrier to entry--in terms of being "accepted" into the subculture--lowered significantly. DEF CON stopped being a scary place, with goons that would "de-tech" you and throw you in the pool, and more of a mainstream event. For the most part, I'm completely supportive of where DEF CON's going. I'm definitely supportive of air conditioning in the venue, instead of standing outside in the sweltering Las Vegas summertime heat.

That said, though, it's not really a "hacker conference" anymore. Not more than its sister conference, Black Hat, or something like RSA, anyway.

DEF CON used to be about hacking. Not in the HN sense, but in the "illegal entry into networks" definition. Now, it's less about hacking and more about the actual information security industry; this is probably related to the fact that everyone I knew at the first DEF CON I attended (myself included) currently works in the infosec industry.

With growth, exposure, and the inclusion of white hats, DEF CON naturally became a recruiting ground for federal agencies, including law enforcement, the military, intelligence, etc. The 'spot the fed' game that began as a joke (with prizes!) soon seemed silly, since there were so many federal employees/recruiters/agents.

I'm all for DEF CON entering the mainstream. It's a conference and community that I've grown to love, and the lessons I've learned there (not to mention the friends I've made) have helped me immensely--both personally and professionally. That said, though, there's pretty much zero chance that this announcement DT made will have any effect whatsoever on federal agents, recruiters or representatives attending the con. More than anything, it's a huge publicity stunt.

After all, most of the staff and "old school" attendees work for "the man" now. For some, like me, it's just hacking for money; many, though, actually do work for defense and intelligence contractors. Should they be banned because of their affiliation?

Personally, I don't think so.

PS: If you're considering going to DEF CON and you've never been, you should! It's a booze-fueled learning, partying and networking event unlike any other. Plus, you get to hang out in Vegas for a weekend!


>many, though, actually do work for defense and intelligence contractors. Should they be banned because of their affiliation?

Absolutely. The hacker community should not contribute to the knowledge of those who work to undermine privacy and feed the surveillance-industrial complex.


James Bamford pointed out in The Shadow Factory (back in 2008), that much of the "surveillance-industrial complex" is outsourced and that much of this bleeding edge tech is in fact coming from private companies (Narus, companies originating from Israel, etc). Should DEFCON setup a review board to ban employees from private companies they also don't agree with?


Why not? Contributing to the knowledge of companies such at Narus is detrimental to the good of humanity.


When is discrimination against an individual based on his or her employer detrimental to the good of humanity?


If one doesn't want to be besmirched by the dealings of an employer that profits from supplying mass surveillance tech then one should work elsewhere.


So discrimination against employees is okay if you don't like the employer?


Certainly, yes. Is it not ok to discriminate against someone who has joined a terrorist group and is actively helping them? Is an army medic not rightly discriminated against by the other side if the medic's side loses the war?

Discrimination is bad when it's about 'who someone is', never when it's about 'what someone does'. Providing work and support in exchange for money is very much 'what someone does'.


So from your two examples, discrimination on the basis of one's employer is okay if the employer is not recognized as legitimate by the state, taxes are not remitted, etc.

How do you decide if it's okay or not to discriminate against employees when the employer in question is legal? You say it's never bad. How do you know that?

Is it okay for the IRS to discriminate on the basis of one's employer? What about other arms of the government?


>How do you decide if it's okay or not to discriminate against employees when the employer in question is legal?

What is legal and what is ethical are not necessarily the same thing, hence laws changing to make slavery illegal, etc. Ethical considerations often result in the changing of laws.


So ethical things can be illegal, unethical things can be legal.

Would discrimination against the employees of a legal employer in one's own state (country) ever be unethical?


>Would discrimination against the employees of a legal employer in one's own state (country) ever be unethical?

Of course. Feel free to skip the leading questions and make whatever point you're working towards.


I'm trying to understand how your mind works, I'm not making a specific point or leading you in a certain direction. It doesn't help when you don't answer questions directly, it looks like you're trying to avoid answering them - this could have been less painful. For my part I could have been less obtuse and aggressive.

I believe that discriminating against someone on the basis of their legal employment is unethical and you don't, so I'm trying to determine when it's okay and when it's not okay.

What I've learned is that some people (including you) believe that sometimes it's okay to discriminate against people on the basis of their legal employment and sometimes it's not, and that it's up to whether the employment in question goes against your own personal ethical standards.

I'm not condemning this discrimination, only noting that it goes against my own personal ethics. People need jobs to survive, and even Snowden spent more of his life as a bad guy than as a hero. I'm fine with discriminating against work, but not against workers.

If you want to explore the issue in more depth, fine - maybe there are more nuances - but I understand if you're tired of it.


In the case where you are able to make a choice about which job you take then yes you definitely should be held to account for that choice. Because it is a moral one.

You had the choice of hacking for the good of people or you could join forces with 'The Man' and make a bunch of money. Maybe the choice isn't so binary, but nonetheless the choice is there. I could understand your statement, 'People need jobs to survive', if your profession was bricklayer, or shelf-stacker, but being a no doubt highly qualified individual in a booming field, as Snowden is, does not generally leave you scrambling to pay the rent and buy your groceries.


So is it ethical for universities to reject applicants on the basis of their past/present/future employers being unethical in the selection committee's eyes?


Let's break it down into whether it is ethical to reject based on past/present/future employers.

Present employers? Certainly. A number of business schools do this already in the selection process. If you run a gun school and a student comes to you to tell you he is using your training to rob a bank, it would be unethical to teach him. If you are doing training on hacking and you know the student will use this hacking for unethical and illegal wiretapping, it would be unethical to teach him. Again, it is fine to discriminate on what someone is doing.

Future employers? If the candidate is locked into the path - eg, he will use your training to rob a bank, then it would be unethical to teach him. However, as he has not done it yet, and people can change their minds, it would likely be ethical to teach him while also steering him towards the correct path. Ethical or not would depend on three factors: how likely you are to sway him; how much damage he would cause if you could not; and how easy it would be for him to find the training elsewhere, where he would likely not benefit at all from steering.

Past employers? This one is, unfortunately, much harder. If someone is a murderer and has not gone to jail, should you discriminate? If someone is a murderer and has gone to jail but is not repentant, should you discriminate? If he is repentant, should you discriminate? This one is difficult because it crosses the line of 'who one is' and 'what one does'. I'd say everyone will give different answers here based on a huge number of factors. It likely comes down to repentance and acknowledgment on whether what one does was wrong and believable agreement that it will not be done again.


I forgot to put the word legal before employers like I did upthread. I'm sorry if that changes your answer and you feel like you wasted your time, because basically what you wrote about illegal employment makes sense to me. Thanks for the thoughtful response.


Ah, if you put the word 'legal' there, then there is no discussion and nothing to talk about: legal is whatever it says in the law of your country. I'm not in USA, so I have no idea what is or isn't legal, and don't actually care. Legal has nothing to do with ethics and whether something is right or wrong, and doing something that is ethical but illegal is always preferred over something that is legal but unethical. It would always be an ethical imperative to attempt to change an unethical law as well.

Of coarse, sometimes we put our own safety above ethics, and people have differing opinions on whether that is right or not. There is no easy answer there.


I am surprised to hear that laws and ethics have nothing to do with each other. Is it a random chance that murder is illegal and unethical just about everywhere?

Really I was just wondering if you have any examples of legal but unethical employers that you believe it's okay for a university to cite to discriminate against an applicant, in your home country. Perhaps the military?


How did we get into employment? Is it legal to reject neo-Nazis from a parade?


He needs to stop playing devils advocate. It's painfully obvious you are right. Why on earth would you want someone to leech information from a hacking convention to be used against those very same people? Fuck that. Ban whoever you need to ban.


> So ethical things can be illegal, unethical things can be legal.

Ding ding ding. Please keep this in mind at all times.

They not only can be, but unfortunately both often are.


It's interesting to me that you thought this was the first time I'd encountered this idea. I guess I need to work on my communication skills.

Also, this is a bit off-topic, but "ding ding ding" is rather condescending. I believe you think I'm somebody that I'm not.


By "okay" do you mean "legal" or "ethical" or "moral"? In this case it looks to be completely legal.

Regarding federal law, discrimination on the basis of race, sex, national origin, and a few other protected classes is illegal. Discrimination on the basis of other factors is generally acceptable, except where they collide with membership in the protected classes. (For example, a hacker conference cannot require that all participants have an uncovered head and demand observant Jews, Sikhs, etc. to take off their religious headgear, since there is no safety need for it.) Employment in a specific company is in general not a protected class.

Some states have additional restrictions on which discriminatory practices are not okay. In California, the Unruh Civil Rights Act says: “All persons within the jurisdiction of this state are free and equal, and no matter what their sex, race, color, religion, ancestry, national origin, disability, medical condition, marital status, or sexual orientation are entitled to the full and equal accommodations, advantages, facilities, privileges, or services in all business establishments of every kind whatsoever.”

Most civil rights protections limit the prohibition to a list of discriminatory classes. The Unruh act is different because, quoting from the courts: “The Act expresses a state and national policy against discrimination on arbitrary grounds. Its provisions were intended as an active measure measure that would create and preserve a nondiscriminatory environment in California business establishments by ‘banishing’ or ‘eradicating’ arbitrary, invidious discrimination by such establishments.”

For example an ACLU lawyer was found to be in violation of the Unruh Act because in a 1980 California public meeting on police surveillance practices, where the police chief was invited but declined to come, one of the police officers attended in civilian clothes, and never announced that he was an officer. The ACLU believed he was an undercover agent, and kicked him out. The officer sued, and the courts found that that was arbitrary discrimination.

In any case, DefCon is in Nevada, which does not have a similar law. I don't know enough about California law to be able to say if this prohibition against Fed participation is arbitrary or not, were it to take place in California.


Well, so I mean ethical / moral (is there a distinction?) and the 1980 case involving the Unruh act is a legal embodiment of my own ethics / morals. Thanks for the details, that was enlightening.


I encourage you to look it up for yourself (because you seem to have a lot to learn on the subject of ethics). Here's some starters:

http://en.wiktionary.org/wiki/ethical

http://en.wiktionary.org/wiki/moral#Adjective

"In general usage ethical is used to describe standards of behavior between individuals, while moral or immoral can describe any behavior. You can call lying unethical or immoral, for example, because it involves the behavior of one person and how it affects another, but violating dietary prohibitions in a holy text can only be described as immoral."


Thank you for clarifying the distinction. I prefer this definition:

> Although the words can be considered synonyms, morals are beliefs based on practices or teachings regarding how people conduct themselves in personal relationships and in society, while ethics refers to a set or system of principles, or a philosophy or theory behind them. (Principles, however, is itself is a synonym for morals.) One lives according to one’s morals but adheres to one’s ethics while doing so. Morals are the tools by which one lives, and ethics constitute the manual that codifies them.

http://www.dailywritingtips.com/ethics-vs-morals/

which oddly conflicts with yours. This confusion is perhaps why I generally fail to make the distinction.


I don't see how this can be in question, if the employees chose their employer freely. How can one seriously oppose a corporate entity if one may not oppose the people who comprise the corporate entity.

"Corporations are people, my friend".


If employees choose their employers freely, what are interviews for?


Well, they are partly for helping you choose your employer. Job interviews are 2 sided and I personally take the attitude that any employer who thinks otherwise has failed the interview process and is therefore ineligible for the position of employing me.


I like your choice of metasyntactic variables.


I bet you say that to all the boys.


If people choose their spouses freely, what is dating for?


Exactly?


Any chance you could stop asking silly questions? The employees choose freely to apply for work there was (very obviously) what I meant.


It may be what you meant, but it wasn't what I read. Anyway, fine.

If I apply to companies A and B, where A is ethical and B is unethical, but only B offers me a job, which I accept, have I freely chosen my employer? Let's assume these are the only companies available.


Yes you freely applied to work for a company you believed to be unethical. But if there are only two companies available to work for and one is unethical you should probably move elsewhere. Just to be clear, my statement was aimed at educated people in countries with some choice of employment. It wasn't intended as an arch right-wing statement. If poverty or political circumstances remove your freedom to choose then that would invalidate what I said.


There is truth to the fact that we can't completely choose who we work for. But none the less, you are responsible for the choices you make. If a man is repeatedly raped and abused as a child we still hold him accountable as a man who rapes someone.


I basically am against discrimination on the basis of one's employer for the same principles behind any individual freedom. I might not like your work, but I respect that you are a taxpayer in the same state as me and as such contribute to our ability to meet in relative peace in the first place, and I won't condone organized discrimination against you on the basis of your legal work. If anything, I will petition the state to make your work illegal.


I disagree. It's dangerous to let people slide because "they're just doing their job". People "just doing their job" are the enablers. Without them, none of the really serious man-made tragedies of history would have been possible.


I have no problem with protesting the work people do. I just have a problem with locking them out of the protest.


No one is locking them out of protesting in general. Just our protest.


Well, it seems we have incompatible ethics. Either you violate mine or I violate yours.


I would say that any voluntarily acquired and freely renounceable attribute is a valid and ethical attribute by which to judge the character of, or discriminate against, another person.

It may or may not be a good idea to do so, but the organizers of a private gathering may exclude whom they wish; the nature of ones employer is not an unethical standard for exclusion.


How are you defining things that are to the detriment of humanity? Which ethical system are you making judgements like that on? Does the scale of things that are bad for humanity come into play?


If you want to make a case for an "ethical system" in which mass surveillance is good for humanity be my guest (and PM me your email login credentials while you're at it: I promise not to use them irresponsibly).


You're not the NSA; defending mass surveillance by them is not incompatible with not trusting you with one's email account.

Not that I defend mass government surveillance, I'm just tired of that pseudo-argument.


The NSA is made up on individuals like you or me and Edward Snowden has made the case that there's little preventing any insider from accessing what they want on whomever they want. As the surveillance state becomes an accepted part of modern society there will be those who seek involvement in it expressly for the purpose of abusing or exploiting their power.


They are individuals, yes (though they are certainly not random people), but they still operate within a structure that shapes their actions. For example, while I oppose it on philosophical grounds, I don't see an NSA operator exploiting my email credential for any personal purpose. But some random guy on HN - who knows? He might just post them on 4chan for the lulz.

It's simply a facile argument that weakens the real arguments against mass state surveillance.


It's not a bad argument, there's just better ones.

For example, while I oppose it on philosophical grounds, I don't see an NSA operator exploiting my email credential for any personal purpose.

It's perfectly possible to be crushed by a system without any of those operating the levers knowing or feeling anything personally about you. Systemic exploitation, a corrupt system if you will, is hardly better than corrupt individuals within a system, and the most horrific things in history all were rather apersonal, that's kinda what allowed them to reach an otherwise impossible scale, ferocity and longevity.

People distrusting people while trusting faceless agencies is the problem, not the solution.


Actually, I don't think Snowden has made that case. He's asserted it, certainly, but things like the PRISM slides don't back him up.


> defending mass surveillance by them is not incompatible with not trusting you with one's email account.

How on earth can you make that argument? Ostensibly, by giving him the credentials you trust something to keep your privacy private. With the feds, you have no choice.


I'm sorry, could you please rephrase that? I don't understand what you mean.


When is discrimination against an individual based on his or her employer detrimental to the good of humanity?

Employers are kinda made up of the people that work for them. Any attempts to disassociate the two shall fail.

So yes, humanity is better when people actually have experience consequences for their actions -- instead of hiding behind other people, or symbols even, like "employer".

We're not talking about being mean to people because of their skin color, or not selling them ice cream because they're working for the Mafia. We're talking not selling them weapons, and not letting them buy you drinks and whatnot, because they're working for the Mafia. That's exactly appropriate.

What's next, not "discriminating" against people because they are running marathons for the Rapists Association, even though they're not rapists themselves? Boo-hoo, really.

You're making a mockery out of the word "discrimination" here. You're equating withdrawing support from those who do harm with being mean to handicapped people and whatnot: Fuck that, utterly and completely.


>What's next, not "discriminating" against people because they are running marathons for the Rapists Association, even though they're not rapists themselves? Boo-hoo, really.

Can you leave free speech out of this.

Returning to the main point, the bigger problem with discriminating based on employer is that employers are very large entities. We cannot expect everyone to know everything their employer is doing, let alone be responsible or actively contributing to it. Also, as dalke points out, there is legal precedent precident that discrimination based on employers is discrimination (specifically the ACLU kicked out a non-uniformed unannounced police officer). Granted this was only a violation of (California) state law, but the law had a specific list of protected classes, and employer was not on it.


Can you leave free speech out of this.

Maybe, if you could kindly explain what you mean by that, because I don't get it.

the bigger problem with discriminating based on employer is that employers are very large entities. We cannot expect everyone to know everything their employer is doing, let alone be responsible or actively contributing to it

There are over a hundred hours of Adolf Eichmann trials on Youtube. Watch any one of them, provided it contains him defending himself. So if the bigger problem is a complete non-issue, what does that say about the smaller ones?

Also, as dalke points out, there is legal precedent precident that discrimination based on employers is discrimination (specifically the ACLU kicked out a non-uniformed unannounced police officer). Granted this was only a violation of (California) state law, but the law had a specific list of protected classes, and employer was not on it.

What is legal or not might be an issue for the organizers, granted, but personally I care more about what is right and what isn't. So if they break the laws for this, more power to them; if they can find a loophole, also fine. Private clubs can invite whoever they fuck they want, for example; this wouldn't be very practical, but there's nearly always a way.


All you are basically saying is that it is not ok to discriminate based on employer if the person has no idea what their employer is doing.

Presumably this is not the case if it is known what an employer is doing, although when it is not known what an employer is doing, discrimination based on employer would seem uncommon.


I think you might be reading into my words a bit too far. The Mafia is not a legal employer. Requiring someone to have a legal employer in order to buy a legal weapon makes sense. (Perhaps. Maybe it makes sense for them not to have an illegal employer.) At any rate the Mafia do not generally buy legal weapons. As for not letting somebody buy me a drink, that's not exactly organizational discrimination - it's more like personal discrimination - but not letting a certain class of individuals enter a bar based on their legal employment is. Personal discrimination is a lot murkier, and everyone does it to some degree.

I know that I didn't make the distinction between legal and illegal until later on, so maybe you didn't see it.


Doubt any lawyer or court would agree with that "Employers made up of the people that work for them" - except possibly in the case of a coop.

In the US and the UK employment law descends from the masters and servants act - Note the term.


> When is discrimination against an individual based on his or her employer detrimental to the good of humanity?

Ever since we decided "just following orders" isn't a valid excuse.


Would you think it a wise idea to offer any form of training to an active member of the Nazi regime?


Lots of reasons. If someone were employed by, say, the Gestapo then it's pretty clear you would want to discriminate against them.


You're the 3rd person to try and Godwin the thread.

Can we stick to discrimination against the employees of legal employers in one's own state that one recognizes as legitimate and one is not in active rebellion against?


Can we stfu about Godwin? Do you even know what it means? It's from the time of usenet and all it was was an observation that when the Nazi's come up the discussion is usually over.

It's certainly not a good excuse to go ignoring important lessons in history. Nazi Germany is one of the better examples of why "just doing my job" is not a valid excuse for anything.


Actually Godwin only said that the longer discussions on the internet get, the greater the chance of someone making a comparison to the Nazis. Various groups decided that if this event occurred it was an indicator that the person who made the comparison had lost the debate and that the discussion was over.


Various groups may have decided that, and may even be right in some cases but there are plenty of valid reasons to bring up the Nazis for base line comparisons.


I think you are confusing the current social/political issue (overreaching surveillance) with the mere fact that surveillance technology exists (a neutral thing, in and out of itself). This would be like speaking out against police in general, because police can be corrupt. It is understandable, but not realistic; we still want those robberies, murders and break-ins solved.


Overreaching surveillance has been an open secret since ECHELON was revealed. The idea of mass surveillance tech existing without being abused is great, theoretically, but may not work in practice. Yes, we want intelligence organizations to do their jobs ethnically, but there is currently no reason for them to do so. Therefore, until there is a reason for these organizations to behave, it is entirely rational to do everything possible to lessen their currently excessive power.


I completely agree with your argument.

However, this seems to imply that all American hackers/entrepreneurs/etc.need to move to remote cabins in Montana and stop contributing to society, because anyone who contributes to society in America is directly supporting this system (albeit, 1 degree removed from those working directly for the government).

I currently don't know a way around this problem, and I don't actually want to stop being productive. I've had this on my mind for a while. Any thoughts would be greatly appreciated.


Not true at all. It entirely depends on what you're building.

Build new tools to protect privacy. Advance encryption technology faster. Build new communication software to keep the NSA out. The list is practically infinite and applies to nearly every segment of web / internet / mobile / pc.


Doesn't the NSA do all of that too though? They standardized Suite B crypto, invented SHA-1 (and -0), developed SELinux, etc. etc.


> Not true at all. It entirely depends on what you're building.

No it doesn't. He's making the same argument terrorists sometimes use to justify their actions. We're not innocent -- that by paying taxes, voting, and otherwise being a member of our society, we're culpable for what that society chooses to do.

You don't get to pick and choose what your taxes fund; in large part, that's the whole point of taxation.


There's still a difference.

When I am in a room, I contribute to the humidity of that room. Now imagine me turning on the faucet or boiling some water.... and then saying "I can't turn them off, it would make no sense, I would contribute to the humidity either way!".

I'll just go ahead and say if people can't think at all, so that they only know the difference between "nothing exists" and "everything is the same", then whatever they're building can't be that good, and chances are great we'd be better of without it.


Sure, there are degrees of contribution, and direct is clearly more intentioned than indirect, but at the end of the day the beast doesn't care if it's fed willingly or unwillingly, and the vast majority of government funding is involuntary. If it's going to die, it needs to be unable to feed, what people are willing to contribute is irrelevant when its primary income is violently coerced.

I have thought long and hard about that underlying argument and at the end of the day I both could not find a flaw with it, and was subsequently compelled to become a globally nomadic anarcho capitalist, just to avoid being forced to contribute to what amounts to only a fairly tame by comparison lackey of the US.


at the end of the day the beast doesn't care if it's fed willingly or unwillingly

I totally hear what you saying and as a matter of fact, I used to be very depressed by this. And maybe I'm being a coward. But I also think that billions of people need to be organized somewhat to live together, even millions or thousands. We need plumbing, we need roads, hospitals, and even taxes. To some degree, at least. I mean, come on, even though there are bad doctors, it's kinda cool that I can just look one up in the yellow pages and have a great chance of getting competent treatment. Or eat fast food without dying of salmonella or something. It's not perfect, but I don't want medieval times back either. Yeah, I'm probably a coward ^^

Still, to me the problem isn't so much that there is government, but that it's not a mechanism for people to govern themselves, but like something external we accept to be broken and our enemy, instead of us. That it's a shitty government, run by people who wanted to get in for all the wrong reasons - instead of by everyone, all the time. Mr. Taxman [1], who just lies to you before election and there is fuck all anyone can do.

As Chomsky said, governments have one "defect", they are theoretically democratic -- corporations have no defect, they're pure tyrannies. So unless you become some kind of super inventor / investor, and so rich that you and others of your calibre could really move things around, well.. you'd still have your voice I guess. And that might be enough, there are surely ways to not pay into the wrong hands and still affect people, so I'm not knocking it at all. If you can pull it off, good luck! And write a book/blog about it, too.

[1] http://www.youtube.com/watch?v=_0M__0Z1pjg


I'll take a pure tyranny I can choose whether or not to participate in over a democracy that demands my submission on all collective decisions any day of the year. I don't even really understand the reasonableness of the counterpoint to that position I have to admit, people take that position just come across as faintly unhinged.


> was subsequently compelled to become a globally nomadic anarcho capitalist, just to avoid being forced to contribute to what amounts to only a fairly tame by comparison lackey of the US

This is a really interesting story, and I'm going to be giving it a lot of thought. One problem for me is that I do computer science research (I'm a grad student), and I'd like to keep doing something somewhere similar after I graduate (but self-employed), but if you're working on generic low-level computer stuff that can be re-used by everybody ad infinitum, the state will use it. I'm not a Linux kernel developer, for example, but that's a good analogy. I don't see a good way to stop supporting the state without giving up on doing computer science research. I'd appreciate any thoughts.

So, you don't have to pay taxes (except for things like sales tax) to any state? As an American, I think I'd have to renounce my citizenship (they still make you pay taxes when you are overseas), which would probably have a number of negative impacts for me personally, such as possibly making travel difficult.

Overall, I'm not so sure that I agree with your conclusions, but I'm still thinking about it. Yes, I am supporting the state, but not willingly, and not quietly (though I am not vocal about my opposition to the system in my corporeal life, which wouldn't do any good anyway in my work environment, and would probably do much harm). Actually, I'm the victim. Is a Jew working in a munitions factory in Nazi Germany morally obligated to commit suicide rather than try to ride out the war? I would say "no," and I would tentatively say that about the actual situation I am in, for the same reasons.

My bigger concern about supporting the system as I do is that it is self-defeating (of myself). In the limit (i.e., in communism), there is no possibility for productive labor, because 100% of your earnings will be taken by the government and used against you. We are not in that situation. Still, US government action seems to be moving in the direction of making it impossible to start and run small businesses; this is already the case in some sectors, like telecom. When all there are, are large corporate giants under tight regulatory control (which is literally the model adopted by Hitler and Mussolini), we are all worker drones; it would be equally (un)productive for me personally to work a a cashier at Wal-Mart as it would be to be a software engineer. (Because you get paid approximately the same in both cases and true innovation is illegal or impossiblein both cases.) I fear that we are not all that far from that situation.


Have you thought long and hard about how you will avoid contributing to the corporations that also stand in the way of complete liberty? Or is it just the government you're afraid of?


Yes, it was extremely complex and I consider myself quite ingenious for accomplishing this breathtaking feat of ingenuity, but here's the trick;

If you disapprove of anything about a business, it turns out that you can actually choose not to support them economically. When you make this choice they lack the ability to send thugs in costume around to kidnap/torture/murder you.

Further, if enough people in a free market agree with your evaluation of that business, it will actually stop existing rather than grow larger and larger fuelled by continuously increasing external security threats and various other negative externalities provoked by the kinds of things that aggravated you about it in the first place.

Fascinating stuff. These incentives for behaviour are responsible for some amazing feats throughout history, too. When you can't just kill people for refusing to support you, you often end up needing to provide actual value.

Not always mind you, some particularly unscrupulous businesses can become joined at the hip with the state and feed from the same larcenous trough, but at that stage it's hard to actually distinguish where they end and the state begins, thus your normal actions to avoid support to the state hit this particular shambling hybrid just as hard.

That's actually the difference between state and non state actors typically speaking, one you don't get to tell you're not interested in without risk of death. Mindblowingly complex stuff I know.


As enjoyable as the sarcasm is, you've only eliminated direct contribution to corporations that you know that you disapprove.

But you have already stated that you oppose even indirect contributions to government. Why the contradiction? Do you oppose indirect support to things that take actions you disapprove of, or not?


You are confusing the concepts of degree and knowledge.

Knowingly or unknowingly, willingly or unwillingly... these lay on difference axises.

I could excuse those who unknowingly willingly contribute to an atrocity (Paul Stabenow of the Tesch & Stabenow corporation is arguably an example). The unknowing unwilling are similarly hard to blame. Examples for this escape me at the moment though I am certain that there are examples in history of people compelled to work who did not know what they were contributing to. If I had to guess, I would say that workers for the Tesch & Stabenow corporation in the company's later years could perhaps fit this category.

Examples of the knowing unwilling could be the workers at Mittelwerk. They knew what they were contributing to and were forced to continue. Knowing willing could arguably include Wernher von Braun, though some would (mistakenly, I think) put him on the edge of knowingly unwillingly.


I have no confusion between the two concepts. Common sense always applies for starters ("Wow, a 99¢ hamburger! Obviously those cattle were treated humanely!").

Likewise blissful ignorance is no excuse (in an indirect world) for being unaware of the reasonable impact or influence of your allocation of capital. Otherwise there's no reason to complain of indirectly helping the government by paying taxes, for all I know every single penny of my tax money could have gone to provide food for the needy and beds for the homeless and it's just your taxes that are going toward funding guns and NSA.

The whole idea that one must know that some corporations are shadier than others belies the very question I asked, since one could willingly contribute to only those aspects of government which are considered good and to none of the other ones (which are considered bad, knowingly or unknowingly).

OP has rejected that argument in its entirety though; there is no way to claim unknowing and unwilling support of bad government in that view, so why should it be permissible to unknowingly and unwillingly support bad corporations?


> for all I know every single penny of my tax money could have gone to provide food for the needy and beds for the homeless and it's just your taxes that are going toward funding guns and NSA.

It's a collective pool to which you contribute which is used for both purposes, you bear some responsibility for both actions by extension.

> since one could willingly contribute to only those aspects of government which are considered good and to none of the other ones (which are considered bad, knowingly or unknowingly).

No, they couldn't, your option to contribute to the state is violently coerced and the allocation after it is violently coerced is out of your hands. You can play games imagining your money went to a nurse instead of a CIA black ops mission to overthrow a popular foreign leader and prop up the interests of your state in the region, but at the end of the day that's all that is, a game.

> so why should it be permissible to unknowingly and unwillingly support bad corporations?

It isn't; you are responsible for the repercussions of that 99c hamburger, act accordingly. You're right that's the only consistent position, and you're right that it implies that people are responsible for the actions of the entities and organisations which they support.

If you simply ignore material reality and obvious facts so you can ignore having to deal with the cognitive dissonance that comes from contributing directly to behaviour you despise, then you're once again just playing games. It's your responsibility to make your decisions and your responsibility to examine the repercussions of those decisions, I understand that the concept of personal responsibility is completely alien to the vast majority of statist humans in existence, but that doesn't stop it being the only path I am able to accept.

The knowingly or unknowingly bit gets slightly harder however since it's not completely beyond the realm of imagination that you might trust a party with which you choose to do business to behave in accordance with your expectations and standards. However, the difference there is, once it becomes clear they've violated that trust, you retain the option to cease your dealings with them.

No matter how many times the state violates that trust, you do not acquire that option, your option is the same as it was to begin with, serve or die.


> No matter how many times the state violates that trust, you do not acquire that option, your option is the same as it was to begin with, serve or die.

You do have options though. Go somewhere that has no state, convince the people to disestablish the state (oh, and somehow prevent them from re-establishing one), or go somewhere that has a state that you would be willing to serve.


If you're actually serious the best part about this response is that you honestly consider it a mitigation.

Hey if you don't like your gang just join another one. Or convince all the other gangsters to quit the gang and all people everywhere to never start a gang again. But don't think for a minute you can stop following orders from the Don.


You can always refuse to do what the Don says... just don't be surprised at what the Don does after he finds that he has no use for you.

I wish I could tell you the world was different, but it's not. We live in a real world, not an utopia. No matter where you go there will be some variant of the 'despot with a stick', whether they call themselves guv'nah or not.


I can respect that, acknowledging that they all are just a pack of murdering thugs at the end of the day and it's not some system for the service of the people was my entire point. I will not be a slave, I don't care what that costs me, it's already made me give up ever having roots and a family so if it gets worse I'll accept that before compromising my principles.


> He's making the same argument terrorists sometimes use to justify their actions. We're not innocent -- that by paying taxes, voting, and otherwise being a member of our society, we're culpable for what that society chooses to do.

Actually, I'm not making that argument. This may be a subtle difference that is not important for this discussion, though.

My argument is that as a victim of the US government, it doesn't make sense to keep supporting the system that is victimizing me. All the work I do in my life will be approximately 1 step forward, 1 step back.

(Quite literally, as the tax rate is probably roughly around 50% in all, though I don't really mean it in that sense.)


You don't get to pick and choose what your taxes fund; in large part, that's the whole point of taxation.

Sort of. I illegally decided to refuse to pay my taxes to the federal government, and instead payed extra taxes to my state government.

http://izbicki.me/blog/why-and-how-im-refusing-to-pay-war-ta...


As a European graduate this is what keeps me away from moving to the bay area. Maybe you also could consider moving to a country with less surveillance?


Well, I actually feel much more victimized by the notion that society owns me than that I'm being spied on, although both are a problem. The societal ownership of inviduals is a much bigger problem in Europe (outside of the UK), which has never had a history of individual rights, which was the explicit purpose of the Founding Fathers when they created the US.


Which country would that be?


Switzerland.


considering how they rolled over with the banking issue I would not trust my data there anymore than some place else. What is to stop them from doing the same with any data should the US come knocking? Even your President seems to believe criminal investigation of Snowden may be warranted.

Now if your government finally does take a stand on the banking issue and tells US authorities to take a hike I would be more inclined to have similar faith in your nation as you do.


One advantage of Switzerland is that the people have a much stronger voice in telling their politicians to do exactly that (and in some cases, voting on the issues themselves).


While I think "1 degree removed" is better than the alternative, you do have a valid point.


Life is not binary.

Imagine you're in a room you can't get out of. By the nature of aerobic respiration, you're slowly transforming all the oxygen into carbon dioxide. Now imagine there is a running car in the room with you. Do you first shut off the car to prevent it from filling up the room with exhaust and carbon monoxide, or do you give up because there's no point in life?

You can either give up by selling all your belongings and begin to live on the street as a non-tax paying citizen, or you can do something to stop the things that are taking away your freedoms and liberties, or at the very least, do something to make it harder for those that want to take away your freedoms to do so.

I suffer from depression and have had times in life where suicide is a real option, yet I can't imagine how anyone can think "welp, I better give up now because there isn't a point in trying!" There's always an option. Exercise that option.


>You can either give up by selling all your belongings and begin to live on the street as a non-tax paying citizen, or you can do something to stop the things that are taking away your freedoms and liberties, or at the very least, do something to make it harder for those that want to take away your freedoms to do so.

False dichotomy, there are other options that both don't lend any legitimacy to the state and allow you to live a pretty good life these days. Especially for people with technically advanced skillets. The world is much bigger than the tax farm you were born in which claims dominion over you, and outside the borders of that farm, its powers are greatly diminished.


Unless that particular farm is the US or North Korea. Both of which expect you to keep filing taxes on money you earn no matter where you earn it [1].

[1] Obviously there are exemptions for foreign earned income, but if you're in country with lower tax than the US (of which there are a fair amount) you could end up paying the US taxes on money that has literally nothing to do with them. Worse, if you're married to a native of that country and must file jointly in the new country then the US expects you to file jointly with them too and pay taxes on your spouses earning.


Yeah if I was from the US I would have to renounce my citizenship, but there's no doubt in my mind I would have done so if necessary. Also it's the US and some African tinpot dictatorship if memory serves.


> do something to stop the things that are taking away your freedoms and liberties, or at the very least, do something to make it harder for those that want to take away your freedoms to do so.

Like what? (Last time I asked this question on HN I got about 5 answers that said "Call your Congressman," which I don't agree with.) I honestly don't believe there's anything I can do that would change things meaningfully, even if I dedicated my whole life to it, short of maybe starting a major political movement, which I highly doubt I'd be able to do.


Well that's the problem, there's not much any one of us individually would be able to do. It has a be a mass movement to effect that type of change.

Even simply refusing to join these organizations doesn't help as much as you might think. NSA can teach smart people to program if it comes to that, so there's always someone to fill the seat. Only now, the person filling that seat has ethical norms even farther away from yours.


Wouldn't it be nice to have some people working in government that are not interested in undermining privacy and feeding the surveillance-industrial complex?


Nice? Nice would be if "government" or "politician" was something every citizen did on the side and all the time, like breathing, instead of it being a profession. What you are suggesting is "slightly better than the worst", but nowhere near "nice" in my books.

Also, for what? So the rest can hide behind them? Because that's what effectively happens. Very little change, very great excuse. We couldn't even discuss police brutality here without some people moaning about how some cop or other is a decent person, as if generalizing to make a point is somehow worse than shooting unarmed people.

Not that I don't hear the point you're trying to make, I used to think that too, I don't anymore. When something is past the point of return, just throwing people at it won't turn it around, it just wastes perfectly good people. I'd rather lean on the assholes who currently work for assholes, to stop being assholes, than send non-assholes into that grinder.


Those sorts of people can, like Edward Snowden, find their own way into the system.


There are in fact those people, in fact they probably represent the majority. I think when everything is said and done it is likely to be the case that all of this overreach was driven by either top-tier leadership or the political levels as opposed to some imaginary spooky minion bent on some mass-voyeuristic fantasy.


So you're saying we shouldn't have open source? Shouldn't publish information from conferences?


Not publishing information would harm legitimate community. What is published, however, isn't the entirety of the value a conference provides. Anyone who attends conferences knows that much of the useful information is gained outside of talks. Malicious organizations personally attend conferences not simply to watch the talks in person, but to gather intelligence on infosec and target attendees and to create employee/CI relationships.


I've got certain friends working for the gov't at three letter agencies that this year have been explicitly told they are not allowed to attend DEF CON either under the banner of the agency or on their own time.

This was announced before this post by DT though.


>It's a booze-fueled learning, partying and networking event unlike any other

Is there any way to get use out of it that doesn't include 'booze-fueled and partying'. I have no problem with booze, but I definitely dislike partying. Yes, I'm a wet blanket, but if the partying atmosphere is where the use comes from, I would seriously be uninterested.

I know that actually does limit the networking part too.


I went to "theSummit" last year as a speaker. The speakers were all asked to wear blinky badges so people could find them and ask about their talks. Unfortunately, in proper party fashion, they had the DJ playing crap music so loudly that any real discussion was impossible. There was little of interest in there, really, so I took my leave pretty quickly.

I much prefer to hang at the bars on the casino floor and talk to whoever comes around. They let you smoke, the music is better and less deafening, and you'll meet more interesting people.

There's a big element at DEFCON of people who read way too many Neal Stephenson novels, got a utilikilt and a mohawk, and are roleplaying as haxxors. Escape that. Find interesting talks. Find feds, because they're getting paid to do security work and are often damn good at it. Don't feel like you have to go to every talk.


>Is there any way to get use out of it that doesn't include 'booze-fueled and partying'.

Sure, you can check out the talks, wander around the venue (CTF, vendor booths, etc), talk to people. The "partying" isn't as rampant as some may have you believe. Sure there are parties, but it's not like you will be dragged into one. They also appear to be non-inclusive. I know I wasn't invited to any last year (and I'm no wet towel! ;). In fact, I was uninvited to one (you can't come; it's "private"). There is still plenty to get out of going and plenty of fun to be had.


I like all the competitions and games you can join before or during the con (check the forums for official contests etc). Hacker Jeopardy is by far my favorite con event. On Thursday there's the Atomic Barbeque, which is a great way to network with people and chow down. I don't know if they still do the Hacker Iron Chef, but that was fun to watch.

Getting into parties is half the fun! I remember the times I social engineered my way into the Ninja party. Humans are so insecure...

p.s. even if you don't drink, the quickest way to make friends at defcon is to give someone free alcohol. the goons also appreciate free beverages.


I'm pretty sure this is a joke since DT himself can be considered a fed, and there are lots of Defcon leadership that work with/for the feds as well.


I considered that. And yeah, DT is definitely a federal employee.

I guess it depends on what you consider a 'fed.' Is a sysadmin at NASA a Fed? They are employed by the federal government...

Law enforcement--especially intelligence--is not going to be particularly well received this year. In the years I've attended, it's always a friendly sort of cat and mouse game. "You're the Fed, I'm the hacker, let's get a beer!" What with PRISM and domestic surveillance, though, I wouldn't be surprised if this was a serious effort by the con to reduce drama and distance itself from the intelligence and law enforcement communities.

Is General Alexander still keynoting Black Hat?


I wouldn't be surprised if this was a serious effort by the con to reduce drama and distance itself from the intelligence and law enforcement communities.

Despite practically being in bed together, and all that is supposed to change just like that? It seems like some sick joke, from the outside looking in of course…

Then again, it has more or less always been this way and maybe things seem different now that the tide has receded a bit…


Yes Gen. Alexander is still speaking at Black Hat. I'm not sure that DT has the influence inside Black Hat that he once did. I would be interested to see how that talk goes down, but then BH has never been about "hackers" in the way that DEF CON is

There appears to be a distinct effort to separate BH and DC this year, there is less speaker overlap compared with previous years, attendance to BH doesn't get you in to DC like it used to, etc. This is probably UBM (owners of the BH brand) trying to protect their revenue.


The standard for "spot the fed" was "someone with federal arrest powers" -- even an NSA sysadmin wouldn't count.


>this is a joke

More of a PR effort to salvage the brand than a joke, I'd guess.


I've been attending for generally the same time frame. It seems a bit ironic as it was made known to me that the majority of the organizers are feds now. Are they all staying away too?


I will attempt to translate Jeff's short message:

In light of recent events, this is not an opportune time for recruiting and so the feds will not be attending the conference in their usual numbers. However, they will of course still be monitoring all communcations at the event, so they will be there in spirit.


A curious aspect is that the person who wrote this message (Jeff Moss) is actually a fed himself. Does he plan to exclude himself from the conference?


http://news.cnet.com/8301-27080_3-20095649-245/when-hackers-...

In the early years, DefCon founder Jeff Moss used to say "if you're 20 and you're working for The Man, you're a loser,"... "Ten years ago, Moss said 'if you're 30 and you're not working for The Man, you're a loser.' And now he agreed that at 40 he is The Man.'"


"It is difficult to get a man to understand something when his salary depends upon his not understanding it."

-Upton Sinclair


DefCon is a joke. Nobody with any skill takes that conference seriously.

This is a complete farce as one of the key speakers last year was Gen Keith Alexander. NSA was fairly open about recruiting directly from DefCon and DefCon leadership had no problem with it. Anyone with even a slight security background could have predicted Prism and other programs just by the AT&T whistleblower from the mid 2000's.

DefCon is just too big, too mainstream for any real technical value. I don't need to fly to Vegas to watch umpteen panel discussions with crazy EFF people.


Which conferences do you consider decent for someone with skills?


There are a lot of smaller technical trainings and conferences once you get to a certain level. I like to rate conferences by the technical quality of what is being presented. Am I constantly being blown away by new ideas? What can I use in my own projects to make them better?

At too many defcons I have seen nonsense panel discussions and presentations by people with little qualifications. Some presentations I have seen have obviously been created one or two nights beforehand. I've even seen a troll presentation where slides with walls of text were read word for word in a monotone voice.

I have no idea who this person is or how old this list is and I have not attended every one of these conferences but you might take a look at this:

http://faculty.cs.tamu.edu/guofei/sec_conf_stat.htm


My understanding is that the overwhelming majority of Federal employees on official duty from FBI, DHS, DOD, NSA, etc.. that attend DEFCON (and related conferences) are actually not agents at all, but rather low ranking analysts whose job at the conferences are to assess the material presented and report back. This is opposed to, say, recruiting CIs or surveilling targets.

Source: I asked a Fed.


This is more about making a statement than anything else. Will the information still reach the feds? Sure.

But the request is deliberately creating a delineation: the government is no longer for the people or part of the people, it exists for it's own sake.

Will the government understand and ramp itself down?

Whatever you thought about Ron Paul, his politics would have prevented all of this. All of the wars. All the foreign aid. And we would live in paradise ;)


> Whatever you thought about Ron Paul, his politics would have prevented all of this. All of the wars. All the foreign aid. And we would live in paradise ;)

This made me laugh. Considering how much Republicans and Tea Partiers are ostracized for making cuts, just imagine how much people would come down on a fiscally conservative basically Libertarian candidate in 2016 (even if he runs as a Republican).


Ostracized by who? People in the media or regular working class folk who pay plenty but get little?

My parents both work and make money and the only real benefits that they have gotten as a result of trillions spent on war is that they'll continue to pay taxes for the rehabilitation of the soldiers whose bodies and lives have been destroyed.

They MIGHT collect on social security, etc but given that they're still at least 10 years from retirement, it's certainly nothing they can count on.


And given that there's been talk about raising the general Soc Sec boundary from 65 to 70, it's even more of a question if they will benefit...

Both my parents have "retired" in the past year though they continue to work for money, and they were both a little bitter about how low the benefits are. I had to point out that at least they will probably get what they get. For those of us younger?


https://en.wikipedia.org/wiki/Political_positions_of_Ron_Pau...


Okay, I read the link. What's the point you're trying to make?


Ron Paul would have gotten rid of the one thing they think the government does do for them, as well as a number of things they don't notice.


Okay, but he also believes that the income tax is unconstitutional. If he's able to get social security to go away it's likely he'd also eliminate the income tax. Losing social security AND the income tax would likely be a net win for middle aged working folk like my parents.

If two people are making a combined $120k/year their tax burden is around $27k. With 10-15 years to go til retirement that's another $270-$405k in gross savings, neglecting any ability to earn interest (which right now is effectively 0%).

I don't know what the social security pay-out rates are these days but $300k today versus a decreasing probability of future benefit payments from the SSA seems like a reasonable risk to take, given the choice. Not that we'll ever have the choice, mind you.


> Okay, but he also believes that the income tax is unconstitutional. If he's able to get social security to go away it's likely he'd also eliminate the income tax.

X wants A. X also wants B. Therefore, if X gets A, X will also get B.

That doesn't work.

> Losing social security AND the income tax would likely be a net win for middle aged working folk like my parents.

Your analysis seems to be pretty shallow on this, particularly, it seems presume that the income tax can go away with everything else operating as is with no effect except taxpayers not paying the tax.


A world where Ron Paul gets elected president and/or gets any of his legislation passed is a substantially different world than the one we live in today. Hugely different.

If it were possible for the general population to somehow wake up and realize that Social Security is a ponzi scheme and that it's not sustainable long term (not good odds that will happen, mind you) then it's ENTIRELY conceivable that said people might listen to the "income tax isn't constitutional" argument as well.

The political landscape would have to be so incredibly different for social security to go away I can't even really comprehend it. You can speculate that people wouldn't both abolish social security AND the income tax. I speculate that such a thing could reasonably happen. We'll never actually find out who's right.


> A world where Ron Paul gets elected president and/or gets any of his legislation passed is a substantially different world than the one we live in today. Hugely different.

Sure, but the ability to build a minimum winning coalition on eliminating social security is pretty much irrelevant to finding a minimum winning coalition on eliminating income tax.

> If it were possible for the general population to somehow wake up and realize that Social Security is a ponzi scheme and that it's not sustainable long term

Its not possible for them to "wake up and realize" that because its not true, but its certainly possible for them to be convinced of that; indeed, that's a fairly common idea (at least, if you take out the "ponzi scheme" part) now. What is less common is the idea that the best way of dealing with that is to eliminate the program entirely rather than addressing features that make it nonsustainable. [1]

> then it's ENTIRELY conceivable that said people might listen to the "income tax isn't constitutional" argument as well.

Sure, its entirely conceivable that people might listen to that argument. That's a bit different saying that it is likely that he would also be able to eliminate the income tax (there is a big gap between "conceivable" and "likely" and another big gap between "listen to" and "agree with".)

> The political landscape would have to be so incredibly different for social security to go away I can't even really comprehend it.

I have no problem with that description, but that's an argument against any assertion you might make about what would be likely in that case, not an argument for it.

> You can speculate that people wouldn't both abolish social security AND the income tax.

I could, but I haven't. A statement that your claim that a particular outcome is likely is not supported by the argument you have presented for it is not a claim that the outcome is impossible.

> I speculate that such a thing could reasonably happen.

There's a difference between speculating that a thing "could reasonably happen" and asserting, as you did previously, that it is likely.

[1] E.g., http://www.gallup.com/poll/1693/social-security.aspx


>> The political landscape would have to be so incredibly different for social security to go away I can't even really comprehend it. >I have no problem with that description, but that's an argument against any assertion you might make about what would be likely in that case, not an argument for it.

You're basically arguing that the status quo is, and always will be, the predominant way of the world working unless a person can provide direct evidence to the contrary in a big way. I get that, and it makes a lot of sense. I generally feel the same way.

What I'm trying to suggest is that the world where social security gets eliminated is so different that your assertion that the status quo is, doesn't hold. You'll probably disagree with me on that issue but ultimately there's no way for us to know either way. It's all speculation. The evidence that I would give to support such a notion is that when serious political change happens, it often happens in a big way.

I think it's highly likely that the only way social security could get eliminated is some kind of a revolution, peaceful or not. Since there are so many people who currently benefit from social security right now having paid very little in (they like the program) and plenty of people who paid in their entire working lives (they desperately want to get their money out of it) that they constitute a large entrenched interest.

You're saying that the minimum amount of energy to get this 1000 ton rock moved from point A to point B doesn't imply that the other 1000 ton rock right next to it would go anywhere at all. I'm suggesting that for a rock that friggin huge to get moved there's some kind of bigger thing happening like a landslide, an earthquake, a big explosion, etc and thus, perhaps it might.


> You're basically arguing that the status quo is, and always will be, the predominant way of the world working unless a person can provide direct evidence to the contrary in a big way.

No, I am arguing that arguments of the form "if X occurs, its likely that Y will also occur" need to be justified by more than "X would take a radically different world, and Y occuring would be conceivably plausible in such a radically different world, therefore, it is likely that Y will occur if X occurs."

> What I'm trying to suggest is that the world where social security gets eliminated is so different that your assertion that the status quo is, doesn't hold.

I haven't made any such assertion. I have simply argued that you have failed to provide anything that remotely approaches support for you claim that it is likely that income tax would be eliminated if social security was eliminated.

> The evidence that I would give to support such a notion is that when serious political change happens, it often happens in a big way.

Even granting, arguendo, that point and your belief that social security takes a "revolution", that's not evidence in support of the likelihood of any particular currently-unlikely change being made possible by the situation that enables the elimination of social security.

> Since there are so many people who currently benefit from social security right now having paid very little in

The only people who have substantial SS benefits while paying very little in are the lower-earning surviving spouses of people who paid in and then died, so I think your premise here is a bit dubious.

> You're saying that the minimum amount of energy to get this 1000 ton rock moved from point A to point B doesn't imply that the other 1000 ton rock right next to it would go anywhere at all.

No, I'm not. A better analogy would be saying that I am rejecting the claim that the mere fact that it would take a quite substantial minimum energy to move the 1000 ton rock from point A to point be justifies a claim of the specific path a neighboring rock would be likely to take in the event the first rock was moved from point A to point B.


You haven't convinced me that I'm made some highly incorrect giant leap of faith in logic, and I clearly haven't convinced you that my ideas aren't outlandish. Thanks anyhow, though. It's taught me to be more specific in my arguments.


They get sub $5 gas. That's what the money is being spent on.


The average car is driven say 10k miles per year. At 20mpg that's 500 gallons of gas. At $4 per gallon, it's $2k. At $8 per gallon, that's $4k. A difference of only $2k.

I'm not sure that the money on wars is well spent (even in a callous, dollars only sense) if it's saving the average household $4k a year in gas money (two cars).


The pump is not the only place that you pay for gas.


Yup, there used to be an old ad campaign--"If you have it, a truck brought it." And it's true--although with modern supply chains today we probably should also throw in ships, trains, and airplanes.

Transportation costs are embedded in the cost of every physical good.


Trains are much less sensitive to fuel prices than trucks are.

The capital investment necessary to make trains work at all is really big. But after that the marginal cost of an additional car is very low. In terms of energy efficiency, trains are much better than trucks. What they lack is convenience, at least right now.

In terms of cost, trucks often win because the trucking company doesn't bear the burden of building/maintaining the highway system. Yes they pay fuel taxes, but trucks make basically all the wear on roads. Wear seems to be based on the fourth power of weight. Check this: http://facweb.knowlton.ohio-state.edu/pviton/courses2/crp776...

This is a common theme for basically everything having to do with energy efficiency. You can have low up-front cost and larger ongoing costs, or larger up-front costs and lower ongoing costs. In the case of trains the ongoing costs are similar at current fuel prices but once they double again you'll see more train cargo and less truck cargo.


The problem with trains is that the capital investment and up-front work that is needed becomes a political issue[1]. How do you decide on the route of a new train line? Who pays for the line to be built?

Building railway infrastructure was simpler when there was a lot of open country to build long straight lines through, but building a new line today is much harder with compulsory purchase of land and groups lobbying against it. The process takes a long time too, so elected officials won't see the benefits of backing it at the next election.

I think it is unlikely that US freight will move from road to rail without a significant amount of political and financial pressure.

[1] http://en.wikipedia.org/wiki/High_Speed_2


$2,000 is a lot of money to a lot of Americans.


It's always amusing watching people talk about Ron and Rand Paul on the internet. Usually they haven't quite figured out that they're basically fake libertarians. Ducks


Libertarians != libertarians. The difference is that Libertarians are a party and libertarians like to party. :)

The Pauls are fiscally conservative which is only 1/2 of the Libertarian equation. The party stands for social liberalism and fiscal conservatism. Basically this just means less tax, more privatized government services, and to leave people alone if they aren't hurting each other.

Small-"l" libertarians are those that believe the liberty of the people is most important, even more important than any social or ethical constraints that have been placed upon them, but they believe that there can be a government that can enforce this, unlike anarchists.


First, I agree with many small "l" libertarians are not comfortable with the US Libertarian Party. But how is your paragraph 2 above at odds with paragraph 3? You don't say so explicitly, but are you suggesting that small "l" Libertarians don't believe in fiscal conservatism?


> The Pauls are ...

The Pauls are basically grandstanders. They'll adopt any pseudo-libertarian position that they think makes a good soundbite. They record will show that they haven't actually done much of legislative consequence. Anyone who takes them at face value based on the soundbites IMO needs to develop more of a sense of cynicism when assessing politics.


You are confusing popularity with effectiveness.

Ron Paul specifically had been talking for what, 20 years about auditing the federal reserve more than they were allowed. They finally got something through under someone else's name, but the victory was his.

The reason is that Ron Paul and his like cannot push through something on his own. The entrenched interests are way too powerful.


> You are confusing popularity with effectiveness.

No, I am saying this ineffectiveness is motivated by lack of genuine interest. They're just opportunists, no better than any other.

His son is even more blatant about this, showing up at the last minute with tough questions when something is in the headlines, but not showing any signs of prior interest or following through. It gets him quoted in the news a lot, and a lot of support from people who aren't paying attention.

They are very willing to fall totally in line with the entrenched interests you mention. That they happen to be allowed token protest votes on stuff that won't be in serious danger is incidental.

That and... I guess being pro-life is a big libertarian position?


Ok


"low ranking analysts whose job at the conferences are to assess the material presented and report back."

And maybe those people should go home and rethink their lives.


"Man, I really shouldn't have designed that RFID toolbooth so oppressively.... I'll have to do better than that in the future. :("


Your point is taken, not all security work is oppressive. And my comment was calculated to be over the top.

The narrower point being, of course, if you're involved in work that supports Constitutional violations, you should think about what you're doing. Hard. Because if your work supports these things, then you're destroying what you probably signed up to protect. Probably not your fault, the mission was hijacked. But now there's no way to pretend. So think about it, and ideally, act.

And if you're just designing tollbooth security, then thanks for your service. :)


> The narrower point being, of course, if you're involved in work that supports Constitutional violations, you should think about what you're doing. Hard.

Well, even things like PRISM have valid Constitutional and national security usages. Things like metadata collection have been allowed for decades as well, under the auspices of valid law enforcement investigations.

Holding all Internet traffic in a buffer for 5 years? Collecting all email metadata that passes by? Now that's getting risky, but how many people do you think are actually involved in that? And why is that less dangerous than CALEA (something which DEFCON didn't kick out the Feds for...)?

If you flip the concept to instead be "could what I'm working on possibly be used for oppression" then there are a lot more government workers than you might think that would have to be introspective.

It has the worse effect of muddying lines of responsibility ("I couldn't have done this bad thing if $FOO hadn't build it!"), which is another path we don't want to go down... the same logic that blames the analyst for creating a process with valid purpose and bad effect could be used to blame the HR rep for hiring the analyst, or the janitor for keeping his workspace clean. And all the while we should be pointing our fingers at the person who actually did something wrong!


>but rather low ranking analysts whose job at the conferences are to assess the material presented and report back

So? I work for a private company. I 'report back' on the cool shit I saw, let people know what was around, what was popular, etc. It's a learning experience. Saying they 'report back' is useless. If you go to a con and don't talk with other people about the stuff you saw there it's almost wasteful.

I think I know what you meant though - they go and see what all the 'underground hackers' are up to.


So what? They still work for law enforcement.


Try the non-SSL version if you're having trouble accessing the site. http://www.defcon.org/#dc21fedbreak


I was assuming Defcon 21 would be down on fed count this year due to 1) the sequester hurting travel budgets and 2) recent (well, in the past year) high profile wasting of money in Las Vegas by the GSA.

There's also OHM running in parallel, which will draw off some of the European attendees (probably not law enforcement/intel, though). If I got to pick between OHM and PW/BS/BH/DC (all 4 running in Las Vegas that week), I'd probably pick Ohm.


Note the "this year". Defcon is just looking after their branding. If they had concern for privacy they wouldn't have had the NSA directory keynote last year and let him lie to their audience.


The feds have all the 0 day and privileged access now. What do they need Def Con for anyway? Well, I guess they'll miss out on getting drunk.


It's probably a worthwhile recruiting venue, even if they just get one every year or two.


Recruiting?


God help the poor schmucks left to run that booth this year.

(I've never been; I presume it is like most other conferences and you've got a slough of bored recruiters staffing info booths?)


No info booths, they are lucky if they get a table, but even then outright using it for recruiting is not allowed. Last year they had an Enigma machine on display.


They don't get a booth.


Recruiting for IT jobs at alphabet agencies.


It seems quite clear to me that Dark Tangent is attempting to stop something bad from happening at DEF CON. He doesn't want a fight or a brawl breaking out, or implied threats or negative community interaction. His advice isn't so much a 'no feds allowed' sign, but more of an open warning that coming as a Fed might cause undesired tension and circumstances that weren't previously present in such high volumes.

Calling the situation ironic because DT is a fed is unrelated - he may work for the government, but he isn't in a position that has a conflict of interest with a hacker conference (read: he doesn't work for the NSA). If you say "Dark Tangent" to a person in the security community, people recognize him as the creator of a hacker conference; not a government employee.


Keith Alexander, Director of the NSA spoke at DEFCON last year to a standing-room-only audience. Every year "the feds" have a presence at DEFCON.


And he's the Keynote speaker at Blackhat the week before.


It's important to remember that DEF CON is not banning the feds, but instead asking them to not participate this year. There's a big difference here. The former is mandatory, unilateral; the other is an invite to pause and reconsider the relationship.

Now I'm curious on how government agencies will respond. They may go anyway -- and have to deal with a very unwelcoming mood, or respect the request and give some space for the sec community to discuss the case more openly.

I, for one, fully support DT's request, and really hope the feds understand that the problem is not who they are or what they represent, but their tactics and methods recently exposed.

They can't expect to be welcomed anywhere, given the obvious abuses that are happening against U.S. Citizens (and everyone else, for the matter), under the excuse of "war on terrorism".


Defcon is cancelled.


Is it an inside joke to always say defcon is cancelled? (Not that you'd tell me if it was...) "Is Defcon cancelled" is in the FAQ: https://www.defcon.org/html/defcon-14/dc-14-faq.html#Is%20DE...


Just confirmed on IRC, Defcon is cancelled.


Just got this confirmed through an anonymous source at DEF CON, it has indeed been canceled. With feds no longer being welcome there simply would not be enough money made from ticket sales to pay the costs for the venue.


Come on guys, you know we don't cancel DEF CON until the badge line reaches 200 people.


Could you post a link or a screenshot to verify your claim?


i can confirm this.


Did anyone else look at the defcon21 logo and see a hand giving "the finger"? ("def" are the fingers, 21 is the palm, the top of the d is an extended finger)


Is it possible that this post is a message to many who work for the government to evaluate what they are doing and decide whether they are comfortable with what their job involves. After all there's a huge spectrum of possible actions between whistle-blowing and unthinkingly following procedures. And you can work for change from within... perhaps.


I don't think this is about "taking a stand." As has been pointed out, Dark Tangent is himself working for the Feds.

> recent revelations have made many in the community uncomfortable about this relationship.

They just don't want to deal with fed vs. non-fed tensions at the con. Maybe they're afraid fights would break out.


HN effect on the site?


There were issues yesterday too: https://twitter.com/_defcon_/status/354873376675868674


If the feds can get air traffic controllers in other countries around the world to down the Bolivian President's jet... I don't think they'd have any trouble getting into DefCon if they really wanted to.


Smart move. Then people not feds has to come in order to prove they are not feds.


Does a "time-out" mean that they're discouraged from attending or that they won't be issued badges?


They are politely discouraged from attending. I imagine that a person who says "I'm a fed" while buying a badge would not be issued one, but Defcon has no way to avoid issuing badges to feds who don't disclose their status.


Hmm... forgive my ignorance, but do they have the right to not issue a badge to anyone based on occupation? Sounds like discrimination. Hope they don't sue. ;)


Defcon is not a government entity, it has freedom of association rights, and law enforcement officers are not a suspect classification.


It could probably be considered public though and therefore freedom of association wouldn't apply.


Freedom of association always applies, the only question is whether government can and has overridden it.

For "has", neither Congress nor Nevada has attempted to make discrimination based on employer illegal, in a place of public accommodation or otherwise. There can be no illegal discrimination when there is no relevant law, making the case moot from its inception.

And even if they had attempted such (that is, we move to the "can" analysis), we know from the Supreme Court's unanimous decision in Hurley that it's difficult to do even where there is an entanglement of public and private interests, the harm to the private interests is extremely attenuated, and the excluded group is arguably quasi-suspect.


Is half the Security industry just attending conferences? Seriously.


[deleted]


It's not just you.


interseting times we live in




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact

Search: