Re: DC21 :: Time apart from Feds

I was shocked for a few minutes, and then I thought about it. Now I am not too shocked at all. It has created some "buzz" though... not too long after the announcement, a reddit thread on this topic has almost 350 comments! (FYI: I rarely go to reddit.com... I don't like the signal to noise ratio, despite the diversity of the discussion topics and opinions)... for those that do not know me, I can be "hyper-verbose" sometimes, so... if this is "tl;dr" for you, no worries. I am no authority on this topic, just sharing my opinion and some ideas (both serious ideas and jokes, but I do have over a decade of DefCon attendee and some gooning experience as well, so perhaps this post is worth reading... just giving people a disclaimer, this turned out to be a long post)

All I know (and care about right now, quite frankly) is that I want the "spot the fed" contest to come back! I haven't had any coffee yet, so I am going to leave recent events in media & poly-ticks out of this post. I have no official count, but I seriously felt like the majority of attendees at DefCon 20 had active security clearance of some kind. That says something about the "InfoSec Industry" more than it does about DefCon, but... I did feel a bit awkward about it. I miss the DefCon at the Alexis Park, when "feds" It is also worth noting that budget sequestration may mean if a "fed" shows up at DefCon, it may be because they have been or want to be part of this diverse conference (and community, as DefCon has grown a bit beyond the conference, even though most people are busy earning paychecks, and rightfully so, for the most part...)

I am genuinely curious, and it relates to this discussion: what is a "fed" anyway...? Someone who is attending DefCon directly using government funds and/or for the purpose of gathering intelligence...? What about someone who works for the USDA or FDA or something where the charter is about consumer protection...? Even if on official business, I assume they would be considered Feds. What about "foreign intelligence agents" (I befriended at least one last year) or *drum-roll* the many government contractors? What about people working for non-profits that may have motives that align with the Federal Government of the USA, even if the individual (or hell, the entire organization) is not aware of any intent that goes against a hacker ethos.

I think it is super cool that DT posted this and did so in a clever way, but I am a little bit confused, and most of all interested in Spot the Fed coming back. As with the Spot the Fed contest in the past, I would imagine that certain federal employees (National Parks Service, and most of the Department of the Interior...) would not really be considered "feds". So, back to the key question here... what constitutes "fed"...? These days, which are much different than the fond memories I have of Defcon 7 thru Defcon 13 at the Alexis Park, for better and for worse, the lines have blurred more than ever before... and quite frankly, I never minded the fed presence, as long as there was no direct violation of my privacy, which seems to be the key issue or maybe just the undertone of the "we need some time apart" post on defcon.org. I can think of at least a dozen people who are "Feds" in one capacity or another, and they are members of the DefCon community (and these forums, even)... some have been going to the conference for over a decade.

My opinion is that as long as these "Feds" are not attending DefCon on official (or perhaps "on-duty" is a better term, as DefCon should be about learning and sharing, like kindergarden =P) business and/or billing their travel expenses to the government, they should get some kind of exemption from this seemingly dramatic turn-around from the libertarian policy of the past. Unless someone was removed from the conference for security reasons (and perhaps even banned, as it takes a lot of fucktardness to get kicked out of DefCon), historically, I believe the only restrictions were ever placed on the press... and that was regarding photography and privacy, and I believe those press rules changed a few years ago. This "decree" (of sorts, more like a request, of course) regarding a "time-out" is, IMHO, a brilliant move on DT's part, but things have changed so much since DefCon started, and there is no reasonable way to enforce this, so I don't really see how this will play out in a practical sense. Or... maybe someone brings back the "spot the fed" contest, but perhaps with a new twist... or maybe Feds just have to wear a "Hello, my name is..." type sticker, or any other identifying marker.

If DefCon had legitimate access to the appropriate databases, I would suggest facial recognition and/or some kind of "fed detector" test at the registration process, but that just seems absurd (as it should, this last part was a joke... but it would be very funny to implement!) This is all very interesting, and I hope this change is for the best for everyone, but I guess it is mostly speculation until we see how it all plays out at DefCon.

Most of all, I got annoyed by recruiters... the foreign intelligence people were actually incredibly polite and understood that transparency was appreciated, while the US Government recruiters were incredibly rude and creepy, with little to no transparency. Perhaps that last sentence of mine sums it all up... Maybe "Feds" (including contractors if their job is national security) should be allowed, as long as they are not rude or creepy about recruiting, and can be as transparent as their job allows. That would build some good faith and start to restore what seems like a "broken bridge" between the libertarian and/or privacy conscious hackers and the ones, fed or not, who don't give a damn about privacy and/or liberty (within reason, which is where this all gets more complicated)... *sigh*

Oh, at the end of writing this, I noticed that a friend of a friend wrote an article (here: http://www.zdnet.com/feds-not-welcom...ce-7000017926/ ) with some clarification... much unlike last year, there will be no government speakers and no three letter agencies in the vendor area. So, IMHO, this sounds more symbolic (yet important, especially in times like these) than a realistic expectation (like privacy on the internet and over plaintext, for instance, is clearly unrealistic). Either way, well-played to DT and I can only imagine what the debates among Sr. Goons might have been like... I would imagine there was a good consensus, but it is an interesting idea, but the logistics and enforcement seem to make it a voluntary program. I just hope this doesn't scare off any "good feds", like some young bright minds from NASA. Most of all, recruiters, please leave me (and anyone else who doesn't want to get recruited) alone this year. If one is to attempt to recruit a hacker, at a conference or anywhere, they should do it with a decent amount of respect. We are not criminals, we are reverse-engineers and tend to figure out things faster than the incumbents, hence the desperate attempts at recruitment. If anything, that is what I am most excited about, although I don't know if DT's post will change things that much, as every job offer I got last year was not in the DefCon space, but other parts of the hotel... (creepy!)

So... one last thing: hell yes! I want some time apart! Thank you for speaking up on this topic. I *need* some time apart from the more sketchy feds, and especially from disrespectful and/or otherwise annoying recruiters. I have a feeling DC20 was the peak of official "Fed" presence and recruitment at DefCon, as hopefully RAND Corporation or some other group (perhaps DoD) has come up with a study that shows the (generalized) archetypes, traits, and values of hackers are often in direct conflict with authority, especially when approaching this level of fear among some members (the whistleblowers and/or hacktivists, most of all) of the "hacker community", which to me seems like more or a hacker archetype and/or subculture, as the "hacker community" has become so very fragmented for this very reason (feds, contractors, poor results from them, violation of civil liberties, and related or unrelated other topics) plus the fact that hackers need jobs and nation-states still spend lots of money and wield lots of power. Otherwise, go work for a big bank or some other private-sector corporate behemoth, Oil industry, Monsanto (Agri-Bio), Pharmaceuticals, etc... you get the idea. All these employers have various projects that result in ethical (and sometimes illegal) shades of grey, which is really nothing new to the hacker ethos... we should be more prepared for this. Also, I hope I don't get "flamed" for this "more prepared for this" comment, but I do feel that way. Also, keep in mind... believe it or not, it could be worse. For instance, I haven't moved to Canada, yet... =P

Re: DC21 :: Time apart from Feds

Yeah, I think this is some fallout from the NSA Dir saying "we're not spying on you, we're your friends" and then (duh) having it turn out to be the exact opposite. Also attendees from "the rest of the world" who don't want the US spying on them either.

Having the feds have to be a bit more undercover is probably a good thing, in my opinion.

What is a fed (my definition):
- works for federal law enforcement (FBI, DEA, etc)
- works for the gov on "hacking" type stuff (not tech support or the DMV, for example)
- is attending defcon to research "bad guys" in relation to law enforcement
Honestly, private contractors working for the feds should probably be included too. In Ye Olde Defcon the attendees were the hackers, and the Feds were the guys trying to catch them.

Kallahar

Re: DC21 :: Time apart from Feds

Maybe it's just my distrust for them speaking, but I would always assume that even if "they" attended on their own dime, they would still be debriefed when they're back on the clock. There would always be some sort of information gathering by off the clock feds.

Re: DC21 :: Time apart from Feds

Christmas Truce

Would have been pretty shitty if they were sneaking time-activated chemical gas bombs into the field.

Re: DC21 :: Time apart from Feds

Been watching this go on for days and it's driving me nuts. Apparently some in the press can't parse the English language very well. Nowhere in DT's statement did he ban anyone from attending. There is a lot of tension in the community right now and he was asking politely for feds to consider not attending this year.

Re: DC21 :: Time apart from Feds

They will still be there, no matter what is said or done. Even if there was a "ban" on a federal employee attending they would still be there. They will be tapping the phones, intercepting all communications and attempting to "recruit" (brainwash) young impressionable operators to further encroach upon and destroy privacy and the freedom we "have" on the internet, on our phones and in our personal lives.