The Black Hat cybersecurity and hacking conference in Las Vegas this week is swarming with young, tech-savvy geeks, many of whom are devoted to the concept of an open and free Internet.
In other words, many come from much the same demographic and worldview as National Security Agency leaker Edward Snowden.
That presents a problem for government agencies and corporate security teams, who for years have recruited talented technologists at Black Hat, and its funkier underground cousin, DEF CON, which is also going on in Las Vegas this week.
At both events, there’s a strong undercurrent of sympathy for Snowden—and a renewed suspicion of government security types who in the past have been free to wander the halls here and compare notes with the hacker community.
“Never have I seen in the history of our community such tension and stress around what’s going on and what’s gonna come next,” said Jeff Moss, the founder of both Black Hat and DEF CON.
The head of the NSA, Gen. Keith Alexander, came face to face with that tension Wednesday, during his keynote speech at Black Hat. A small number of hecklers interrupted his speech several times, forcing Alexander to respond to their comments.
Defending his agency, Alexander said: “We stand for freedom.”
“Bullsh**t!” shouted an audience member.
Later, another heckler shouted that Alexander should read the constitution.
“I have,” Alexander replied. “You should, too.”
Alex Stamos, chief technology officer of the security firm Artemis, explained that the technologists at Black Hat are skeptical of the government’s claims now that it’s talking publicly about its surveillance programs.
“You hear all this discussion of, ‘We want to have an open discussion with the American citizenry,'” Stamos said. “But yet, we’re only having this discussion now that there’s a leaker. I think saying that they want feedback would feel a lot more honest if this had happened years ago.”
That tension makes it possible, maybe even likely, that there will be other Edward Snowdens—other young technologists who have access to information that powerful institutions don’t want to see made public.
“While you suspect there’ll be whistleblowers for the government, I’m waiting for a whistleblower from Google, or Amazon, or Yahoo,” said Moss. “I’m kind of waiting for the Facebook leaker.”
Moss said the huge amounts of data collected by those private firms creates the potential for abuses, and for leakers to come forward and reveal those abuses. “You now have employees who don’t have government oversight, but they have access to senators’ phonebooks, to competitors’ phonebooks, to friends’—email addresses of, you know, billionaires,” Moss said. “Potentially ripe for either blackmail or espionage.”
At the same time, many here say that the relationship between the government and the hacker community is not irreparably broken.
“I don’t think there’s this massive flood against the government,” said Shawn Henry, a former FBI executive assistant director and now president of a cybersecurity firm called CrowdStrike Services. “I think people will have legitimate questions that they should be asking. That’s why I think General Alexander being here is a good opportunity for people to ask those questions.”