Agreed; his extensive infosec background and smooth-talking politician talents meant that he probably had full knowledge of how this was going to go down. What's interesting is why he attempted PR reconciliation at a relatively niche conference. Black Hat doesn't have much connection to the mass public, and trying to make yourself look good in front of a mass of angry hackers is pointless anyhow because hackers tend to stay angry about topics like privacy.
Now, if he had a full blown press conference with civilian attendees, then, well...
NSA recruits from engineering universities. They are quite good at it. The idea that he needs to troll Black Hat for talent dignifies the audience at Black Hat and misses the truth of what was happening there.
I speak at one of those universities almost every year, primarily so that I can talk in opposition to the NSA recruiter who is always there giving a talk at the same time.
Those young people look strongly to the culture defined in large part by conferences like Defcon and BlackHat in order to make their choices. For many of them, the trip to LV is the highlight of their year. If the culture of those events changes to be substantially hostile to the NSA and its employees, I can believe that young people in that demographic would at least think twice about joining the NSA.
Basically, I think keynotes like this are part of a cultural war for this community, and I think it's an important one.
> I speak at one of those universities almost every year, primarily so that I can talk in opposition to the NSA recruiter who is always there giving a talk at the same time.
Wow. That's really above and beyond the call of duty. Thanks for being one of the good guys. Sometimes it doesn't feel like there are any left.
Give me a break. Black Hat was started as an excuse to get companies to pay for their infosec teams to attend Defcon. I was at Defcon in the '90s, and spoke at the second-ever Black Hat; my partner Jeremy spoke at the first.
I think that start is exactly why BlackHat != Defcon, a decade and half later. Defcon's a "Let's Spend a Weekend in Vegas", while BlackHat is now held around the world.
> NSA recruits from engineering universities. They are quite good at it.
Given the nature of the technical problems they face, they would have to be pretty incompetent to not be good at recruiting from engineering universities.
"Would you rather build yet another CRUD app, or build systems that trawl through 20+ TB of data every day?"
Obviously there are ethical issues, but peoples' ethics are much more pliable than most of us like to believe.
> Obviously there are ethical issues, but peoples' ethics are much more pliable than most of us like to believe.
The irritating thing about this is that most of us aren't taught ethics. Most people don't take philosophy courses. Most people don't take civics courses. We're expected to just figure it out through osmosis.
It's not about pliability. Most people never actually develop their own approach to ethics.
Yeah. As much as a flaming atheist as I am, I regret that people aren't spending as much time getting an ethical education as they once did.
I suspect that one could teach an excellent non-religious Sunday School class by only asking difficult questions. The only people who scare me more than people who have never thought much about ethics are the ones who think they know The Answer.
Absolutely. That's roughly what philosophy courses are meant to do. They fire a shotgun round into the air to show you as much variance and disagreement between cogent and prominent thinkers and then ask, "So... what do you think?" (Speaking solely in terms of American education,) Literature classes also do this to a smaller extent. In elementary schools, more so but it's supposed to be done in social studies... which converts into history class later on.
These are all huge opportunities to teach ethics. We don't take them, because ethics isn't a marketable skill and has always been an implicit lesson. So we wrote standards and tests and teach to those and now here we are. Most people who graduate from high school do so believing that democracy is a flawed-but-least-flawed model of government they just have to endure, that history consists of great figures who dwarf the capabilities of the little people, and that actually understanding the breadth of our social fabric is pretty much impossible.
Ethics? Ethics is whatever doesn't piss off your best friend and still gets you laid.
I took Ethics as an elective during my C.S. undergrad and I think it's still in the top 3 of the most-formative individual courses of study I've ever undertaken. I'd highly highly recommend people take ethics or philosophy classes, if only to see how even the simplest scenarios can have complex dilemmas.
I had a Philosophy of Ethics course during my C.S. undergrad that was actually taught by a former member of the Michigan House of Representatives. He would discuss the kind of things he had to make decisions on during his time there, regarding the different points of view he had to take into account from an ethics perspective, and then have an open dialog with the class to discuss the different facets of the subject. Was a very interesting class that gave some interesting perspective.
I can't picture how you could teach ethics, actually. Meaning, if someone is already unethical, I can't see a way to make them ethical and in reverse - if you have an ethical person, they don't need to be told to be ethical. Is it then mostly a class on reassuring already ethical people that they're behaving well?
There isn't such a thing as an ethical person. There are situations and [un]ethical responses. Most people have no structured guidance on how to feel out a situation to categorize possible responses as ethical or unethical. Forming that structure would be the purpose of the class.
To draw an analogy, most programmers can write code. But programming class isn't really about teaching a language's order of operations or explaining its particular grammar: the value of a programming class has to do with its explanations of modularity and data encapsulation, of structuring flow and conceptualizing objects. Then examples are provided that exercise these explanations so that you can apply them in future situations.
Nah. Consider, for example, most of the people who participated in the mortgage bubble. Almost all of them thought they were behaving ethically. Most of them weren't, because the system was a) familiar enough that it didn't trip people's bad-situation triggers, and b) complicated enough that it was hard to see what the downstream ethical problems were.
E.g., the nice person at the mortgage issuer said the loan was good for them, so they just signed what he told them. And the mortgage guy was just doing what his boss told him. And that boss was just following the incentive plan set up. And the people buying the mortgages in bulk seemed happy with them, as did the ratings agencies. But in my view, most or all of them acted unethically; one can't swim in the mud and come out clean.
Even if everybody wants to do the right thing, what the right thing is hard to figure out. Ethics classes force people to think things through. They can't make a sociopath healthy, but they can help everybody else to sort out right from wrong in complicated situations.
I have no idea why anyone outside of the DoD would fear him.
Again, the truth is simple: it was a press op. The event was corporate enough that nobody was going to throw pies at him, but just countercultural enough that he could be assured that someone would make him look better by heckling.
"I’ve been tough on Spitzer, but we can’t forget that the reason he got in trouble was because of the new NSA domestic surveillance apparatus that was so brilliantly depicted in the Wall Street Journal yesterday. Here’s the Lede.
Five years ago, Congress killed an experimental Pentagon
anti-terrorism program meant to vacuum up electronic data
about people in the U.S. to search for suspicious
patterns. Opponents called it too broad an intrusion on
Americans’ privacy, even after the Sept. 11 terrorist
attacks.
But the data-sifting effort didn’t disappear. The National
Security Agency, once confined to foreign surveillance,
has been building essentially the same system.
Spitzer was what the data-mining experts at the NSA call a PEP–a politically exposed person. Banks now monitor PEP’s money wiring activities figuring they are classic targets of blackmail or bribery. Spitzer got caught in the data mining screen. I know people will probably say that even Mukasey had to sign off on an investigation as explosive as this. Spitzer was a self-detructive idiot, but at the end of the day, we have to realize that nobody has any privacy anymore."
The audience for this event is infosec professionals wearing t-shirts, for whatever that's worth to you. Demographically pretty compatible with Reddit, or at least the subset of Redditors with top-quartile (for IT) incomes.
To the extent that this audience has any engagement with public policy, that engagement is likely to take a Ron Paul-ish flavor.
Sorry, my comment wasn't very clear. I was comparing the behavior of the two audiences more than appearance or socioeconomic status or anything else. When the video comes out, people are likely to be reminded of the people doing Mic Checks at board meetings etc. And for many, that sort of thing is just rude and out of bounds.
Notice how he wore his uniform this year instead of something more casual like he did at last year's Def Con. I agree, this was very carefully orchestrated to help discredit his detractors.
That's not the BlackHat audience that I've seen for many years now. It's basically RSA these days. I think that demographic exists at BH as a vocal minority. When you're actually on the floor, it's difficult to actually find anybody you're thinking of. Don't forget that attendance is over 8,000 lately, IIRC.
I'm not going to say the conference isn't vendor-y and commercial; it is definitely that, and more so than it started. But it's nothing resembling RSA. Also: Defcon is nothing like what it was in the 90's; it's had a trajectory reminiscent of Burning Man's.
Fearing someone for organizational reasons is different than the fear I believe he is referring to. People may fear him due to the power he holds on changing people's lives with the information he controls and has access to.
I think he went to Black Hat because unlike Defcon, Black Hat is run by a large multinational media company with a PR department trained and motivated to secure keynote speakers who will attract the most press attention to the conference.
What is astonishing by that? They can easily be splicing fiber cables taking a copy of most Internet traffic and recording either the actual call or just the from/to/length info and his answer is totally correct. It is actually a really terrible question.
What? Defcon basically said "Hey feds, don't show up here". They may have said someone who works for the feds can show up, but they asked that they not represent their employeers, and to only represent themselves.
Not technically the same as a blanket ban, but they were pretty clear that they didn't want anyone attending while representing federal agency...
It's not about reconciliation with hackers, it's about creating a picture that will be portrayed to the rest of the country by the popular media.
News shows and websites will tell the story about a reasonable-seeming establishment guy going to give a speech, and a bunch of weird-looking hackers acting unruly.
The niche-ness of the conference could be part of the media strategy. If you want to portray your critics as part of a fringe, you find a place on the fringe and get yourself photographed there, dodging thrown beer bottles.
Now, if he had a full blown press conference with civilian attendees, then, well...