This entire event was a staged press op. Keith Alexander is a ~30 year veteran of SIGINT, electronic warfare, and intelligence, and a Four-Star US Army General --- which is a bigger deal than you probably think it is. He's a spy chief in the truest sense and a master politician. Anyone who thinks he walked into that conference hall in Caesars without a near perfect forecast of the outcome of the speech is kidding themselves.
Heckling Alexander played right into the strategy. It gave him an opportunity to look reasonable compared to his detractors, and, more generally (and alarmingly), to have the NSA look more reasonable compared to opponents of NSA surveillance. It allowed him to "split the vote" with audience reactions, getting people who probably have serious misgivings about NSA programs to applaud his calm and graceful handling of shouted insults; many of those people probably applauded simply to protest the hecklers, who after all were making it harder for them to follow what Alexander was trying to say.
There was no serious Q&A on offer at the keynote. The questions were pre-screened; all attendees could do was vote on them. There was no possibility that anything would come of this speech other than an effectively unchallenged full-throated defense of the NSA's programs.
Even the premise of the keynote was calculated to wrong-foot NSA opponents. However much you might want to hear Alexander account for the activities of the NSA, the NSA itself is not the real oversight mechanism for the NSA! My guess is that no pol with meaningful oversight over NSA would have consented to address a room full of technology professionals about NSA's programs; they were happy to send NSA's own supremely well-trained figurehead to do that for them.
I think a walkout might have been effective, had it been organized well enough in advance (perhaps with some of the same aplomb as the [I think misguided] opposition to CISPA); at least you'd get some stinging photos.
My main take away from your comment is that Keith Alexander is Enabran Tain & that I feel like the US is approximating the Cardassian Union more everyday.
The existence of nuclear weapons has rendered traditional warfare unprofitable, except against the very weak, and even in those cases only military contractors benefit.
We invaded and occupied Iraq and didn't even get any oil, just a trillion or so in national debt. At least in the time of Rome citizen soldiers were titled large swaths of land in the conquered territories.
I expect in the long drawn out economic warfare to come that cyber espionage and surveillance to be critical advantages & well connected military contractors with access to the NSA's total information awareness database to profit handsomely from insider trading.
Update & Question:
I'm taking a short break from work and wondering why this comment has been down voted twice?
Instead of down voting & unless you just hate ST: DS9 references, can you provide a plausible argument against the inevitability that tapping the entire world's communications will not lead to insider trading?
There are so few terrorists in the world, and so many opportunities to profit from having early access to employment reports, corporate revenue numbers and other economic data.
Please give me a compelling reason why a wiretap on all the worlds communications is more likely to be used to catch terrorists than for simple greed?
>We invaded and occupied Iraq and didn't even get any oil, just a trillion or so in national debt. At least in the time of Rome citizen soldiers were titled large swaths of land in the conquered territories.
The trillions in national debt benefits somebody. Somebody somewhere gets those interest payments and they wouldn't have if the U.S had not borrowed from them.
Yes, but the cost far outweighs the benefits. The world (and the economy) is not a zero-sum game. People usually say that when they want to state that value can be created, but it cuts both ways. The fact that it's not a zero-sum game means that value can be destroyed.
We blew a trillion bucks on nothing useful. That's destroyed value. That somebody is benefitting in some small way from the side effects of this doesn't change that fact overall.
To reduce it to more comprehensible terms, imagine that I take out a $10,000 loan to buy a car, then crush that car into a cube. That's one less car in the world than before. That's a waste of $10,000 in value. That my creditors benefitted because they got interest off the loan doesn't change that fact.
This is an interesting question, what is value? What I took away from my econ classes long ago is that it's hard to determine the value of something outside of price (objectively). So if the hypothetical US taxpayer is satisfied with the perceived security they got from building
expensive machines, transporting them to the other side of the world, and blowing them up, then it's hard to argue with him.
This perspective, horribly, leans towards moving the large bulk of defense spending into the category of non-essential goods like cable tv, or beer, football, shopping at pottery barn. This is spending with a focus on the psychological state the good induces.
On the other hand, a true believer in the project of us military probably really feels that resources spent on war are actually essential to survival and should be categorized with spending on food, shelter,medical care, insurance.
Yep, excellent points there. I think my beliefs about the value of the war are superior to others' (because I'd change them if I didn't think that!) so I'd just call those people wrong and say that value really was destroyed. But, of course, I could be the one who is wrong.
If this was all capitalistic private enterprise, it would be much simpler. The people who saw value in it would contribute whatever money they thought was worthwhile, and that would be the "value" of the effort. I kind of doubt that most of the people who feel the war was necessary would actually put up the $3,000 per person if they had to write a check for it, but who knows.
When you get government involved, the question of value becomes much more complex.
I don't understand. My argument is simply that value can be destroyed, and that people can still benefit during this process even when the value being destroyed greatly dwarfs the benefit. There's nothing about that which requires the cost and benefit to go to the same place.
A car is a depreciating asset, so all crushing it does is accelerate its depreciation. Some utility is lost, but you also have to consider the impact of the 10k. Some went to steel mills, to workers, to dealers, etc. It's not like burning a stack of $100 bills.
If one were especially paranoid, one could note that the massive increase in debt from the Iraq war makes the "starve the beast" approach to government [1] much more plausible.
I don't think the US far right is quite that farsighted or quite that cynical. However, I've historically been too optimistic about the American power elite, so I wouldn't take my word for it.
Oh, come on. Bush went into office to starve the beast from day 1, and that's what we were all talking about when he rammed is stupid tax cuts through congress. That's what was going on when Senators were flipping from R to D until he was distracted by 9/11.
Control of the oil in Iraq is more strategically important than in the one scenario you describe.
As an aside I never read that Hussein had threatened to flood the market, I read that he threatened, as a negotiating tactic, to withhold oil. Do you have a source for the "flooding the market" claim?
For values of "for other things" of creating a massive flood of dollars on the world financial markets, undercutting its value, and precipitating a financial crisis the likes of which the US still hasn't seen.
There's also the theory suggested by some (I've just watched Robert Newberg's "History of Oil" though I've seen the point made elsewhere) that it was the move by Iraq, Iran, North Korea, and Venezuela to move oil sales from dollars to Euros which had something to do with the war.
Unfortunately those "investments" in war came at a time when investments in the US infrastructure and renewable energy would have paid MUCH bigger dividends.
Just a few days ago was the 75th anniversary of Henry Ford getting a medal from Hitler. I guess we learn from history that we don't learn from history.
Those boys aren't so interested in "starving the beast" as they are in feeding their wealthy constituent-donors. We need campaign finance reform.
And then, it's of course also about redistributing these tax dollars to your own benefit. It's about politicians taking money out of the tax pot and giving it to their friends.
...a "business" which companies like Google, Facebook, Twitter et al. are certainly doing/planning on doing too, at least indirectly, privately or otherwise under the radar.
They can also simply look at the correlations between the movements of their data and the market movements, and then make their predictions and thus investment decisions. It's not even rocket science.
Given their "Big Data" treasures, I don't think they will be able to resist that temptation.
This is another reason why I generally see a future of decentralization: it's simply a concept that's less prone to corruption and failure.
"Ubiquitous surveillance prevents millions from speaking
freely. BlackHat keynote attendees, let's not let Gen.
Alexander speak freely today."
I anticipated the protest to be effective, since black-hat hackers have somewhat of a culture of booing presenters who they morally object to. See for example an undercover reporter that was booed out of DEFCON in 2007. http://www.zdnet.com/blog/ou/undercover-nbc-dateline-reporte...
I think the thing that made this disruption ineffective is the majority of attendees weren't black-hat hackers. They were mostly corporate professionals. See Black Hat's own demographic survey http://www.blackhat.com/docs/bh-us-12/sponsors/bh-us-12-spon...
It's therefore not really surprising that most of the audience wanted to hear the general speak, and was annoyed by the disruption.
If, on the other hand, the general were speaking at DEFCON I think he probably would have been almost unanimously booed off the stage. But the feds are staying away from DEFON this year (for that reason).
So in retrospect, I think the disruption was a miscalculated PR move for the hacker community.
I think Moxie Marlinspike truly and deeply cares about these issues, isn't an outrage tourist, and has done more for online privacy than I probably ever will. I think he truly believed that attempting to disrupt the talk could be an effective strategy. But I also think he was wrong about this.
I'm actually less interested in our external perception than in how we see ourselves. I think the value of being disruptive isn't necessarily to show the world anything, but to define ourselves as a community with a cultural narrative that is unsympathetic to government surveillance.
If that's the narrative we want to create, then I think we need to take every opportunity we can to inject whatever cultural influence we can, because keynotes like this are the NSA's effort to do the opposite. I agree that one or two people heckling doesn't mean much, but I appreciate the bravery of the people that were disruptive, and I only wish that everyone there critical of Gen Alexander had contributed to an enormous chorus of boos and forced him off the stage.
In the end, at the very least the title of this story is "NSA director heckled on stage at Black Hat security conference" rather than "NSA director universally applauded by Black Hat security conference."
In the end, I don't think it matters much either way.
I think the walkout would have had the benefit of creating a wall of peers waiting outside the conference hall watching their peers who refused to participate. Also, again, good photo op.
It's funny, you and I are on the same page about wanting to disentangle software security (and I guess infosec) people from USG/SIGINT/LEO work, but for I suspect are somewhat different reasons. So many people on HN seem to think the whole industry is in the back pocket of the USG, which just isn't true; I think a lot of people considering careers helping with online privacy think they need to surrender their moral qualms about assisting the USG, which just isn't true.
I agree with the basic argument that Alexander is a savvy SOB and knew what he was in for...
BUT, you're making it sound like getting heckled on stage was desirable. I don't agree. I think it is more appropriate to say that the NSA is between a rock and a hard place. They could either...
* Get heckled and look culpable, but maintain the illusion that they give a shit what the general public thinks, or...
* Not attend and completely look like assholes hell bent on violating civil liberties.
Keith Alexander didn't win any friends by getting heckled. He just made fewer enemies.
> I think it is more appropriate to say that the NSA is between a rock and a hard place.
I think they're between breaching the constitution with far-reaching surveillance the Stasi would've given their left nut for, and hiding behind secret courts to legitimise their acts through rubber stamping. The surveillance continues. The genie is out of the bottle, justified by the biggest lie you were told - i.e. that there ever was a rock or hard place to begin with.
Or, they could hire a heckler (or manipulate a likely heckler in to being there) to make sure they get heckled, in just the right way, so they can respond and seem calm and win over some coverts to their cause, sow confusion and fracture the opposition.
In my mind, I imagine what I wrote above as being disinformation 101.
every article that I saw yesterday painted the general as a hero and the heckler as a turd. It seemed like a concerted PR effort to me. It's about discrediting you opponents in the public forum.
Aside from that, It struck me that a lot of people at conferences like this are on the NSA payroll one way or another. I'd hardly call the group a bunch of freedom fighters.
Agreed; his extensive infosec background and smooth-talking politician talents meant that he probably had full knowledge of how this was going to go down. What's interesting is why he attempted PR reconciliation at a relatively niche conference. Black Hat doesn't have much connection to the mass public, and trying to make yourself look good in front of a mass of angry hackers is pointless anyhow because hackers tend to stay angry about topics like privacy.
Now, if he had a full blown press conference with civilian attendees, then, well...
NSA recruits from engineering universities. They are quite good at it. The idea that he needs to troll Black Hat for talent dignifies the audience at Black Hat and misses the truth of what was happening there.
I speak at one of those universities almost every year, primarily so that I can talk in opposition to the NSA recruiter who is always there giving a talk at the same time.
Those young people look strongly to the culture defined in large part by conferences like Defcon and BlackHat in order to make their choices. For many of them, the trip to LV is the highlight of their year. If the culture of those events changes to be substantially hostile to the NSA and its employees, I can believe that young people in that demographic would at least think twice about joining the NSA.
Basically, I think keynotes like this are part of a cultural war for this community, and I think it's an important one.
> I speak at one of those universities almost every year, primarily so that I can talk in opposition to the NSA recruiter who is always there giving a talk at the same time.
Wow. That's really above and beyond the call of duty. Thanks for being one of the good guys. Sometimes it doesn't feel like there are any left.
Give me a break. Black Hat was started as an excuse to get companies to pay for their infosec teams to attend Defcon. I was at Defcon in the '90s, and spoke at the second-ever Black Hat; my partner Jeremy spoke at the first.
I think that start is exactly why BlackHat != Defcon, a decade and half later. Defcon's a "Let's Spend a Weekend in Vegas", while BlackHat is now held around the world.
> NSA recruits from engineering universities. They are quite good at it.
Given the nature of the technical problems they face, they would have to be pretty incompetent to not be good at recruiting from engineering universities.
"Would you rather build yet another CRUD app, or build systems that trawl through 20+ TB of data every day?"
Obviously there are ethical issues, but peoples' ethics are much more pliable than most of us like to believe.
> Obviously there are ethical issues, but peoples' ethics are much more pliable than most of us like to believe.
The irritating thing about this is that most of us aren't taught ethics. Most people don't take philosophy courses. Most people don't take civics courses. We're expected to just figure it out through osmosis.
It's not about pliability. Most people never actually develop their own approach to ethics.
Yeah. As much as a flaming atheist as I am, I regret that people aren't spending as much time getting an ethical education as they once did.
I suspect that one could teach an excellent non-religious Sunday School class by only asking difficult questions. The only people who scare me more than people who have never thought much about ethics are the ones who think they know The Answer.
Absolutely. That's roughly what philosophy courses are meant to do. They fire a shotgun round into the air to show you as much variance and disagreement between cogent and prominent thinkers and then ask, "So... what do you think?" (Speaking solely in terms of American education,) Literature classes also do this to a smaller extent. In elementary schools, more so but it's supposed to be done in social studies... which converts into history class later on.
These are all huge opportunities to teach ethics. We don't take them, because ethics isn't a marketable skill and has always been an implicit lesson. So we wrote standards and tests and teach to those and now here we are. Most people who graduate from high school do so believing that democracy is a flawed-but-least-flawed model of government they just have to endure, that history consists of great figures who dwarf the capabilities of the little people, and that actually understanding the breadth of our social fabric is pretty much impossible.
Ethics? Ethics is whatever doesn't piss off your best friend and still gets you laid.
I took Ethics as an elective during my C.S. undergrad and I think it's still in the top 3 of the most-formative individual courses of study I've ever undertaken. I'd highly highly recommend people take ethics or philosophy classes, if only to see how even the simplest scenarios can have complex dilemmas.
I had a Philosophy of Ethics course during my C.S. undergrad that was actually taught by a former member of the Michigan House of Representatives. He would discuss the kind of things he had to make decisions on during his time there, regarding the different points of view he had to take into account from an ethics perspective, and then have an open dialog with the class to discuss the different facets of the subject. Was a very interesting class that gave some interesting perspective.
I can't picture how you could teach ethics, actually. Meaning, if someone is already unethical, I can't see a way to make them ethical and in reverse - if you have an ethical person, they don't need to be told to be ethical. Is it then mostly a class on reassuring already ethical people that they're behaving well?
There isn't such a thing as an ethical person. There are situations and [un]ethical responses. Most people have no structured guidance on how to feel out a situation to categorize possible responses as ethical or unethical. Forming that structure would be the purpose of the class.
To draw an analogy, most programmers can write code. But programming class isn't really about teaching a language's order of operations or explaining its particular grammar: the value of a programming class has to do with its explanations of modularity and data encapsulation, of structuring flow and conceptualizing objects. Then examples are provided that exercise these explanations so that you can apply them in future situations.
Nah. Consider, for example, most of the people who participated in the mortgage bubble. Almost all of them thought they were behaving ethically. Most of them weren't, because the system was a) familiar enough that it didn't trip people's bad-situation triggers, and b) complicated enough that it was hard to see what the downstream ethical problems were.
E.g., the nice person at the mortgage issuer said the loan was good for them, so they just signed what he told them. And the mortgage guy was just doing what his boss told him. And that boss was just following the incentive plan set up. And the people buying the mortgages in bulk seemed happy with them, as did the ratings agencies. But in my view, most or all of them acted unethically; one can't swim in the mud and come out clean.
Even if everybody wants to do the right thing, what the right thing is hard to figure out. Ethics classes force people to think things through. They can't make a sociopath healthy, but they can help everybody else to sort out right from wrong in complicated situations.
I have no idea why anyone outside of the DoD would fear him.
Again, the truth is simple: it was a press op. The event was corporate enough that nobody was going to throw pies at him, but just countercultural enough that he could be assured that someone would make him look better by heckling.
"I’ve been tough on Spitzer, but we can’t forget that the reason he got in trouble was because of the new NSA domestic surveillance apparatus that was so brilliantly depicted in the Wall Street Journal yesterday. Here’s the Lede.
Five years ago, Congress killed an experimental Pentagon
anti-terrorism program meant to vacuum up electronic data
about people in the U.S. to search for suspicious
patterns. Opponents called it too broad an intrusion on
Americans’ privacy, even after the Sept. 11 terrorist
attacks.
But the data-sifting effort didn’t disappear. The National
Security Agency, once confined to foreign surveillance,
has been building essentially the same system.
Spitzer was what the data-mining experts at the NSA call a PEP–a politically exposed person. Banks now monitor PEP’s money wiring activities figuring they are classic targets of blackmail or bribery. Spitzer got caught in the data mining screen. I know people will probably say that even Mukasey had to sign off on an investigation as explosive as this. Spitzer was a self-detructive idiot, but at the end of the day, we have to realize that nobody has any privacy anymore."
The audience for this event is infosec professionals wearing t-shirts, for whatever that's worth to you. Demographically pretty compatible with Reddit, or at least the subset of Redditors with top-quartile (for IT) incomes.
To the extent that this audience has any engagement with public policy, that engagement is likely to take a Ron Paul-ish flavor.
Sorry, my comment wasn't very clear. I was comparing the behavior of the two audiences more than appearance or socioeconomic status or anything else. When the video comes out, people are likely to be reminded of the people doing Mic Checks at board meetings etc. And for many, that sort of thing is just rude and out of bounds.
Notice how he wore his uniform this year instead of something more casual like he did at last year's Def Con. I agree, this was very carefully orchestrated to help discredit his detractors.
That's not the BlackHat audience that I've seen for many years now. It's basically RSA these days. I think that demographic exists at BH as a vocal minority. When you're actually on the floor, it's difficult to actually find anybody you're thinking of. Don't forget that attendance is over 8,000 lately, IIRC.
I'm not going to say the conference isn't vendor-y and commercial; it is definitely that, and more so than it started. But it's nothing resembling RSA. Also: Defcon is nothing like what it was in the 90's; it's had a trajectory reminiscent of Burning Man's.
Fearing someone for organizational reasons is different than the fear I believe he is referring to. People may fear him due to the power he holds on changing people's lives with the information he controls and has access to.
I think he went to Black Hat because unlike Defcon, Black Hat is run by a large multinational media company with a PR department trained and motivated to secure keynote speakers who will attract the most press attention to the conference.
What is astonishing by that? They can easily be splicing fiber cables taking a copy of most Internet traffic and recording either the actual call or just the from/to/length info and his answer is totally correct. It is actually a really terrible question.
What? Defcon basically said "Hey feds, don't show up here". They may have said someone who works for the feds can show up, but they asked that they not represent their employeers, and to only represent themselves.
Not technically the same as a blanket ban, but they were pretty clear that they didn't want anyone attending while representing federal agency...
It's not about reconciliation with hackers, it's about creating a picture that will be portrayed to the rest of the country by the popular media.
News shows and websites will tell the story about a reasonable-seeming establishment guy going to give a speech, and a bunch of weird-looking hackers acting unruly.
The niche-ness of the conference could be part of the media strategy. If you want to portray your critics as part of a fringe, you find a place on the fringe and get yourself photographed there, dodging thrown beer bottles.
While I'm sure he's very capable and very much an expert in his field, I don't think he's this charming super politician that planned an elaborate scheme to sway the conference attendees' opinions by appearing to be sensible and calm in front of hecklers.
I mean, can you imagine how horrible this would have turned out if he didn't stay calm? It's basically standard procedure to stay calm and try to explain your way out of it. Sure, he got some applause, and the heckler got some applause too. I think anyone could have imagined something like that happening.
> There was no serious Q&A on offer at the keynote. The questions were pre-screened; all attendees could do was vote on them.
A joke in every sense, then. Audacious. He leads with a bit of humor, then says,
> and I do want to give a chance for you to ask some questions. Hopefully they'll be easy ones, and I have a crew here that can answer the hard ones if I need to.
I'm certain that this infiltration will be a pretty standard play; you can bet the security services also have people who get extra money at Google, Amazon, Facebook, Skype etc.
Alexander didn't score any points for himself or his organization by coming off like he has something to defend besides American citizens.
0. The intros were more than courteous, they were gushing
1. "Holding questions to the end" was an obvious grinfuck
2. The 8 minutes of q&a seemed completely prepared
3. It also had a sense of "we're hiring"
I don't know the guy, so I don't know where he actually stands on things. So I sure as shit don't trust anything he says just yet.
For what it's worth: I don't the the NSA is at all interested in hiring Black Hat attendees. I don't mean "that's not why they're there at Black Hat, to recruit". I mean, "they don't want those people to begin with".
I was just about to get on this thread and post about how reasonable and measured his response was. Your comment is one of the better ones I've read on this whole topic.
How can you still believe that guy anymore? He could be petting bunnies, while he sings with an angel's voice about how they're protecting the nation and that their spying is really not that bad - and I wouldn't believe him.
Obama's promises sounded very compelling and believable, too - until we learned the facts of his actions after he already won his 2nd mandate. I think it's important to remember that whenever you hear a politician speaking nicely without anything real to back it up. Otherwise we'd doomed to repeat the same mistakes, over and over and over again, fooled by master actors.
I'm an Australian. Obama is the most disappointing politician I've ever seen. He talks of Hope, then he takes it away. He talks of Freedom, but doesn't allow it. That's very sad.
And? My disappointment with my own government does not mean that I can't be disappointed with the leader of the "Free World" - one that is increasingly monitoring its own citizens, much like a totalitarian state would.
If this is how it goes in the United States, and the U.S. is held up as the standard for freedom, how is that good for the rest of the world?
Heckling Alexander played right into the strategy. It gave him an opportunity to look reasonable compared to his detractors, and, more generally (and alarmingly), to have the NSA look more reasonable compared to opponents of NSA surveillance. It allowed him to "split the vote" with audience reactions, getting people who probably have serious misgivings about NSA programs to applaud his calm and graceful handling of shouted insults; many of those people probably applauded simply to protest the hecklers, who after all were making it harder for them to follow what Alexander was trying to say.
There was no serious Q&A on offer at the keynote. The questions were pre-screened; all attendees could do was vote on them. There was no possibility that anything would come of this speech other than an effectively unchallenged full-throated defense of the NSA's programs.
Even the premise of the keynote was calculated to wrong-foot NSA opponents. However much you might want to hear Alexander account for the activities of the NSA, the NSA itself is not the real oversight mechanism for the NSA! My guess is that no pol with meaningful oversight over NSA would have consented to address a room full of technology professionals about NSA's programs; they were happy to send NSA's own supremely well-trained figurehead to do that for them.
I think a walkout might have been effective, had it been organized well enough in advance (perhaps with some of the same aplomb as the [I think misguided] opposition to CISPA); at least you'd get some stinging photos.