The main organizer of the annual DEF CON conference – an event for hackers, security professionals and subject academics – has asked that federal employees stay home this year, in the wake of recent revelations and lingering questions about the domestic surveillance policies of the National Security Agency.

From the DEF CON website:

Feds, we need some time apart.

For over two decades DEF CON has been an open nexus of hacker culture, a place where seasoned pros, hackers, academics, and feds can meet, share ideas and party on neutral territory. Our community operates in the spirit of openness, verified trust, and mutual respect.

When it comes to sharing and socializing with feds, recent revelations have made many in the community uncomfortable about this relationship. Therefore, I think it would be best for everyone involved if the feds call a “time-out” and not attend DEF CON this year.

This will give everybody time to think about how we got here, and what comes next.

The Dark Tangent

The DEF CON conference has in recent years become a friendlier recruiting ground for federal officials seeking out potential cybersecurity talent.  As Brian Krebs from Krebs on Security points out, it’s grown to become a mutually accepting environment between hackers and feds.

It’s been a while since DEF CON was a place where feds really had to watch their backs. I didn’t have the privilege to attend the first DEF CON 21 years ago, but it’s safe to say that relations between the hacker community and the feds were for many years colored by a sense of mutual antagonism and mistrust.

Much of that attitude seemed to have changed in the wake of 9/11, and for the past decade the relationship between the two camps has thawed and even warmed quite a bit. Intelligence and law enforcement agencies have come to find the conference a reliably fertile and lucrative grounds for recruiting talent. Heck, things had improved so much by this time last year that the conference’s keynote was given by none other than Keith Alexander, the director of the National Security Agency.

Here’s the presentation from General Alexander, who also leads the US Cyber Command, from DEF CON 20 in 2012.

Some have speculated that the dis-invite is a political statement from the conference organizer, Jeff Moss (“Dark Tangent”).  But that’s not necessarily the case.  Recognizing that some common interests exist, the conference has had a successful history of keeping a mutually tenable atmosphere amongst personalities that might typically be at conflict.  Moss’ blog post is likely trying to avoid any potential for conflict this year during a time in which policy revelations have created a more tumultuous environment.

Robert Graham at Errata Security elaborates further on this.

People who run things, from corporate CEOs to con organizers, learn to keep themselves above the fray. They spend a lot of effort heading off conflict before it has a chance to start. They don’t take sides. Those who are wedded to their side are sometimes unable to recognize this impartiality.

A highly visible fed presence is likely to trigger conflict with people upset over Snowden-gate. From shouting matches, to physical violence, to “hack the fed”, something bad might occur. Or, simply attendees will choose to stay away. Any reasonable conference organizer, be they pro-fed or anti-fed, would want to reduce the likelihood of this conflict.

The easiest way to do this is by reducing the number of feds at DEF CON, by asking them not to come. This is horribly unfair to them, of course, since they aren’t the ones who would be starting these fights. But here’s the thing: it’s not a fed convention but a hacker party. The feds don’t have a right to be there — the hackers do. If bad behaving hackers are going to stir up trouble with innocent feds, it’s still the feds who have to go.

At least one scheduled DEF CON event, the Policy Wonk Lounge, currently features government insiders, which includes cybersecurity officials from the US Department of Homeland Security.  No word yet on whether or not that will proceed as planned.

Meanwhile, General Alexander still appears to be scheduled as the keynote speaker at Black Hat, another hacking conference that occurs days before DEF CON.


Donations tax deductible
to the full extent allowed by law.