The presence of federal agents at Def Con, declared or otherwise, is nothing new. But on its 20th anniversary, the world-famous hacker conference experienced an interesting first: a keynote speech from the director of a major US intelligence agency.
Dressed down in t-shirt and jeans and wearing a warm, disarming smile, Gen. Keith Alexander, head of the National Security Agency and US Cyber Command, appeared on stage to address thousands of security professionals, hardware hackers, and other brilliant computer miscreants during the annual gathering at the Rio hotel in Las Vegas. His mission was obvious: to diffuse long-held tensions, illustrate the common ground between hackers and the government, and ultimately persuade members of the community to use their skills in service to Big Brother.
The timing was no accident. With various government agencies and corporations still wearing a black eye after a rash of online intrusions that began last year with attacks on the FBI, CIA, and others, Alexander's appearance at the conference seemed symbolic of a US government that's finally owning up to its prior incompetence in the realm of cybersecurity. The NSA also had a booth in Def Con's vendor room, and even a special recruitment website set up specifically for the conference's attendees.
"If we had everyone in this room working on it, we could solve many of these issues."
To slather on the charm, Alexander recognized CyFi, the 11-year-old hacker who revealed a zero-day exploit at last year's Def Con, and praised the audience for their work in uncovering critical lapses in computer security. "If we had everyone in this room working on it, we could solve many of these issues," he said, citing the defense of online privacy, critical infrastructure, and intellectual property as the Agency's most important goals.
If a spy chief claiming to support online privacy wasn't strange enough, one arm of the General's trim black tee was emblazoned with the logo of the Electronic Frontier Foundation, the legal non-profit dedicated to defending digital rights and currently engaged in several lawsuits against the federal government. On the other arm, the unmistakable tapered sphere of AT&T, whom the White House have admitted are cooperating in the NSA's warrantless wiretapping program.
"Sometimes you guys get a bad rep," Alexander said to the crowd. "From my perspective, what you guys are doing to figure out vulnerabilities in systems is absolutely needed."
"Then stop arresting us!" one heckler in the audience replied. Another carried a small cardboard sign that said "Bullshit," to be used for just such an occasion.
The sentiment was common among the conference's attendees, several of whom have become notorious for using their skills to expose vulnerabilities in computer systems, often to the great chagrin of corporations and governments. Andrew "weev" Auernheimer, a hacker facing federal indictment after disclosing major flaws in the iPad's SIM identification system in 2010, says that even hackers working for positive change are often looked on with suspicion — and targeted — by government agencies.
"Data now runs society, and the idea that somebody could flip a bit and cause trouble ... it gives the establishment pause, and of course they're angry," said Auernheimer during Def Con's VIP Ninja Party last Saturday. "We're the new witches to burn because somebody's losing cash and Congressional bailouts only go so far, I guess."
Needless to say, NSA recruitment in the hacker hive can be a hard sell. And although Alexander is correct in saying that hackers and NSA agents share many things in common, one similarity he conveniently omits is the fact that both groups, not just hackers, are known to run afoul of the law.
The fact that the hacker-hungry NSA has yet to answer for its own crimes adds to the patronizing sting felt by many attendees as a result of Alexander's appearance. During a series of presumably pre-screened questions issued by Def Con founder Jeff Moss, Alexander once again denied allegations that the NSA is collecting records on American citizens, saying that "anybody who would tell you that we’re keeping files or dossiers on the American people knows that’s not true."
Alexander claims that such data-gathering is impossible because the Foreign Intelligence Surveillance Act (FISA) protects American citizens from being caught in electronic dragnets. But former NSA executive William Binney says that that is simply not the case, and that the General was playing "word games."
"The NSA is still, as far as I'm concerned, in direct violation of the Constitution."
"They're still, as far as I'm concerned, in direct violation of the Constitution," Binney said of the NSA after Alexander's speech. "They just basically write off FISA, it doesn't exist for them." Binney quit the NSA in 2001, after he saw the Agency's surveillance program turn on American citizens following the events of 9/11. Surveillance powers were later expanded even further after the passage of the 2008 FISA Amendments Act, and retroactive legal immunity was granted to telcos who assisted in the program.
Later that day, Binney joined author Jim Bamford and ACLU lawyers Jameel Jaffer and Alex Abdo for a panel on the NSA's Constitutional transgressions.
"So little is known about how the NSA interprets its authority, and how it's using that authority," said Abdo, pointing out that FISA's requirements to minimize data collected on American citizens still allow the government to store communications as long as something within is of interest to national security. "All the oversight is totally dependent on what NSA tells [the FISA courts]," added Binney. "They have no idea what they're doing unless they're told."
Earlier this month, declassified documents from the Office of the Director of National Intelligence admitted that the collection of data was "on at least one occasion" ruled unconstitutional. And later this week, the Senate will vote on the Cybersecurity Act of 2012 which, if not amended, would give sites like Google and Facebook a free pass to monitor users and send the resulting data to the government.
Considering the value that hackers at Def Con typically place on issues like privacy and anonymity (photos of crowds and peoples' faces are strictly verboten unless explicitly permitted) the NSA's aggressive recruitment seems like a longshot. But Binney says there's nothing wrong with letting General Alexander give it a shot. "That's just an admission that internally they're having problems solving these issues," he said of the recruitment strategy. "He's looking for talent."