Reality Douses DefCon Camaraderie
Andrew Brandt,
Saturday, August 03, 2002

Nation's new security priorities put new risks, greater penalties on cybercrime.

LAS VEGAS--This year's DefCon, the annual mixed gathering of hackers, federal agents, and corporate security experts, isn't the mutually respectful free-for-all of the past.

This tenth annual conference is the first since the terrorist attacks of September 11, and its tone has changed. The anti-establishment hacker attendees typically flaunt their disdain for the same federal agents and prosecutors who capture and prosecute electronic vandals. And the agents usually participate good-naturedly in ongoing games like "Spot the Fed." Advertisement

But recent legislation and law enforcement crackdowns produced a more subdued debate over civil rights and disclosing software holes. The event reflects the new uneasiness accompanying the respect and trust the diverse parties have built.

Although many of this year's discussions cover the same ground as previous years, the culture of openness is restrained and some information is being withheld, says DefCon's founder and organizer, Jeff "Dark Tangent" Moss.

"People aren't sharing everything anymore," Moss says. Concerned about possible lawsuits by hacked corporations or prosecution under the Digital Millennium Copyright Act, hackers who previously had almost gleefully detailed Windows vulnerabilities, are "keeping their exploits to themselves," Moss says.

Life for Hacking?

The most heavily attended sessions also reflect concerns over myriad new and proposed laws that criminalize several kinds of computer activities. The hackers especially want to know more about the new legal landscape, as well as online privacy and anonymity in digital communication.

"Patriot and You," a review of the Patriot Act passed as an anti-terrorist measure, drew a standing-room-only crowd of several hundred attendees. Jennifer Granick, a Stanford University law professor and longtime hacker defense attorney, described how new data security laws could land hackers in jail. The audience listened in rapt silence to her presentation.

Granick also described possible repercussions of two proposed new laws under discussion in Congress. One measure would impose a penalty of life imprisonment for computer crimes that led to loss of life.

"You'll hear about life sentences for hackers," Granick told the audience, adding, "not for all hackers, but for hackers whose actions result in deaths."

Also under consideration by the Senate is a bill to curtail distribution of copyrighted materials on file-sharing networks. Hackers who work for the entertainment industry could interfere with, and "hack back" against, such peer-to-peer operations. "I'm not taking bets on this particular fight," Granick joked to the crowd.

Granick also encouraged the crowd of computer experts to become more politically active. She said they should contact their elected representatives to protest legislation the hackers disagree with.

Hackers need to tell Congress that "criminal laws can only go so far in protecting us," Granick said. "We need real security, and laws alone won't protect us."