Thanks to the recent leaks revealing the NSA’s unsavory surveillance activities, there’s a schism in the hacker conference circuit. Two of the largest, most well-known information security conventions, DEF CON and Black Hat, have decided to take very different approaches to how they will interact with representatives of federal agencies (who, in the past, have regularly attended and spoken at these events).
DEF CON took the hard road and chose to cut off the “feds” from attending the conference this year. In a statement issued on Wednesday night, the conference founder Jeff Moss declared, “When it comes to sharing and socializing with feds, recent revelations have made many in the community uncomfortable about this relationship. Therefore, I think it would be best for everyone involved if the feds call a ‘time-out’ and not attend DEF CON this year.”
The ban is more a symbolic move—nobody will be checking for IDs at the door. (And what would a “not a fed” ID look like, anyway?) But this is a bold step that could have negative effects on U.S. cybersecurity, as both the hackers and agencies would benefit from being able to engage in some show-and-tell, and maybe some therapeutic venting, at the convention.
Black Hat, though, will be going the opposite direction. It will not only welcome the NSA into its conference, but, in one of his rare public appearances, NSA Director Keith Alexander will be delivering the keynote there. Granted, the keynote has been scheduled since mid-May, before Edward Snowden leaked revealing documents—plus, Alexander gave the keynote at DEF CON last year. But, in a statement to the Guardian, Black Hat’s general manager Trey Ford expressed nothing but joy and a sense of honor at having Alexander stand by his commitment to speak at and mingle during the event. Ford still feels like the hackers and feds have similar interest in warding off cyber-attacks and protecting “the internet at large”—even if the ways the NSA does so happen to be criminal in nature by many accounts.
There are other interesting juxtapositions between these two conferences and their starkly different attitudes toward the government. DEF CON and Black Hat were both founded by Moss, a hacker who goes by “The Dark Tangent,” in 1993 and 1997, respectively. But Moss sold Black Hat in 2008 to a technology publishing company. What’s more, the conferences occur back-to-back in Las Vegas at the end of July and beginning of August.
The difference in opinions about socializing with feds can, in large part, be tallied up to economics. Ashkan Soltani, an independent security researcher, told me that DEF CON is a community-driven organization and its statement is meant to send the NSA the message that the hacker community does not support the way they operate in a legal gray area. (You know, just in case the NSA was somehow oblivious to that fact.) But it would be difficult for Black Hat—a for-profit endeavor—to do the same, because it relies on corporate money and expensive multi-day training sessions, where large numbers of the attendees are feds, to underwrite the conference. Turning away so many customers would hurt the bottom line.
Alexander’s talk at Black Hat could be a boon or a disaster for him. These hackers want somebody to provide answers. However, if Alexander just speaks and leaves, dodges questions, or provides more misleading statements, than it’s going to further ignite tempers against the NSA, says Amie Stepanovich, director of the Domestic Surveillance Project at the Electronic Privacy Information Center. Especially because, she explained, “a lot of these documents show that [hackers] are uniquely targeted by the NSA,”
What the difference between the two conferences reveals is a division within the hacker community: the for-profit ones who get bounties and sell zero-day exploits, and those who take a strong stand on principle