DEF CON
29

POLICY

DEF CON Discord Server
Discord
DEF CON Twitch Server
Twitch
DEF CON Entertainment Twitch Server
A&E
DEF CON Info Booth Server
Info
DEF CON YouTube Page
YouTube
DEF CON Forums Logo
Forums

The Policy Department is back for DEF CON 29!

The DEF CON Policy team is here to help policymakers connect with the DEF CON community and tap into its expertise.

For the upcoming DEF CON 29 annual conference, happening this year as a hybrid in-person event in Las Vegas and online, the policy team will be building onramps for policymakers to understand hacking and hackers to engage with policy.

We're also offering specialized supplementary programs in these categories specially targeted to policymakers and other policy-interested DEF CON attendees. And we're very happy to announce the return of the evening Lounge format for policy content!

To help navigate the universe of policy topics this year's DEF CON will address, either as part of the Main Track talks or through the specialized content, we will catalog policy-related content in one central location.

You can join the conversation in the Policy Dept. thread on the DEF CON Forums.

Check back soon for further updates as programming schedules are announced.



DEF CON POLICY TEAM SUPPLEMENTARY PROGRAMMING

The DEF CON Policy team is here to help policymakers connect with the DEF CON community and tap into its expertise.

For the upcoming DEF CON 29 annual conference, happening this year as a hybrid in-person event in Las Vegas and online, the policy team has built a series of onramps for policymakers to understand hacking and for hackers to engage with policy.

In addition to policy-focused Main Stage talks, the DEF CON policy team is also offering supplementary programming on individual policy topics: Policy Debriefs, Community Roundtables, and an Evening Lounge. All are welcome to attend Policy Debriefs and the Evening Lounge. Community Roundtables are designed to be intimate conversations among a handful of hackers and policymakers, under Chatham House Rule("participants are free to use the information received, but neither the identity nor the affiliation of the speaker(s), nor that of any other participant, may be revealed"), so attendance may be limited.

In person Policy Debriefs and Roundtables take place from 10:00-17:00 and the Lounge from 19:00-21:00 in Skyview 1-3 and 5/6 on Friday and Saturday. Full descriptions, times, and location information can be found below.

You can also join the conversation in the Policy Department thread on the DEF CON Forums.

Note: some location information TBD. Schedule also subject to change. Please check back regularly for latest updates.

POLICY DEBRIEF

"Policy debriefs" are presentations that serve as crash courses in building blocks of other tech policy discussions.

Myths and Legends of Section 230

FRIDAY 1:00pm – 2:00pm | Policy Debrief
Location TBD

It seems like everyone's talking about Section 230 these days, and keen to change it, without really knowing what it says and does. Don't let this happen to you! Come to this crash course in Section 230 given by Cathy Gellis, a lawyer who regularly litigates (and pontificates) about the statute to learn the truth about this crucial law that enables our online world. We'll talk about why we have Section 230, what it does, why it works, its relationship with the First Amendment, and some of the common misperceptions about it, including why getting rid of it might not make the Internet any better (and will probably make it worse).

Global Cyber Capacity Building - triple challenge or triple opportunity?

FRIDAY 2:30pm – 3:30pm | Policy Debrief
SKYVIEW 5/6

One thing government worldwide agree upon is that raising defenses helps us all, but also that poorer countries need a lot of help to do so. In recent years the term “cyber capacity building” (CCB) has been used to describe large-scale development assistance programs that help build CERTs, train infosec professionals, but also educate on global cybersecurity issues. Often hackers from DEF CON can find themselves offered lucrative engagements in e.g. the Balkans or Sub-Saharan Africa towards this end. But are programs really global, or more a new type of big power competition? How much can they really deliver both for those societies, but also the rest of the world? And what is the best way to get involved?

COMMUNITY ROUNDTABLES

Hackers, policymakers, and everyone in between are welcome to come share ideas and learn from each other and other experts in these community roundtables. Attendance numbers may be limited, however, so first-come-first-serve for in-room events. For online or hybrid events Zoom information will be circulated as we confirm space availability.


(De)Criminalizing Hacking Around the Globe

FRIDAY 10:00am – 11:00am | Community Roundtable
SKYVIEW 1 and online, (sign up here: https://us02web.zoom.us/meeting/register/tZcvd-yqpzkqE9bzjZeppc0bGmvkYjHnwQZN)

In the last 12 months, the Supreme Court has weighed in on the Computer Fraud and Abuse Act, a groundswell of support has arisen in the UK to reform the Computer Misuse Act, and a proposed law in Mexico would have criminalized hacking. In all cases, members of the hacker community had a voice. And with several more upcoming in the next 12 months, our community needs to continue engaging with policymakers so they understand our value to the global security ecosystem.

Toward a Global IoT Code of Practice

FRIDAY 11:30am – 12:30pm | Community Roundtable
SKYVIEW 1 and online, (sign up here: https://us02web.zoom.us/meeting/register/tZEqf-igrDIrG92o-NpocyyBPIMNfVEONXn7)

The UK’s Code of Practice for IoT Security, developed by the UK government, has become a European standard, and countries around the world are adopting it as defacto minimum threshold for devices. This session will elicit responses to proposed Parliamentary legislation which would apply the Code to consumer IoT sold and imported in the UK. Peter Stephens, who leads the initiative, will be on hand to frame the discussion, answer questions, and take feedback.

We can build it. We have the technology. So why aren't we?

FRIDAY 11:30am – 12:30pm | Community Roundtable
Online (sign up here: https://us02web.zoom.us/meeting/register/tZYkcumtqzsqGtzGz8976GzrMPoM3e6FEi1j)

Clean energy. Vaccines. We are an incredible species with an incredible capacity to innovate solutions to our biggest problems. So why are we so terrible at implementing them? Have some thoughts on this? Then come share them!

Zero Trust, Critical Software, and a Cyber Safety Review Board

FRIDAY 2:30pm – 3:30pm | Community Roundtable
SKYVIEW 1 and online, sign up here: https://us02web.zoom.us/meeting/register/tZAtfuqsrDgiH9y3ifQhU0Pg3bewc--OFyJ3)

The recent cybersecurity Executive Order called for several new protections for US Federal networks and the nation's critical infrastructure, though some of these are undefined. While Zero Trust Architectures neatly fit into vendor buzzword bingo, what are they really? And how can you define critical software when any software on a critical system could cause harm? How would a Cyber Safety Review Board weigh in on issues where bits and bytes meet flesh and blood? Join this session to talk through some of the implications.

Volunteer Hacker Fire Department

FRIDAY 4:00pm – 5:00pm | Community Roundtable
SKYVIEW 1 and online, (sign up here: https://us02web.zoom.us/meeting/register/tZUvduytqTwsGN2k75CDTSCl23o0QDiqbkDn)

The volunteer fire department model has saved countless lives and countless economic damage across the US and around the world. Several initiatives over the past several years - and continuing today - have given us a glimpse of what a volunteer-based hacker Fire Department might look like, addressing Internet-scale incidents. What are they and how do we scale them?

10 years after SOPA: where are we now?

FRIDAY 3:30pm – 4:30pm | Community Roundtable
Online (sign up here: https://us02web.zoom.us/meeting/register/tZAqdO2tqT0tGdRR1k_xro6MUseFIxMUAuGf)

Ten years ago the Internet nearly changed forever, with the passage of the SOPA/PIPA bills. Driven by copyright interests, it would have unleashed new powers for individuals and governments to censor speech online. Thanks to the public outrage by enough users, those bills didn't make it into law. But whether it comes cloaked in copyright, privacy, antitrust, or some other initiative, the appetite to control speech still continues to inform Internet policymaking discussions. Will they succeed this time in shaping new law? What happens to the Internet if they do? Come discuss these and other questions with Internet policy practitioners who interact with them daily.

Supply Chain in the COVID Era

SATURDAY 10:00am – 11:00am | Community Roundtable
SKYVIEW 1 and online, (sign up here: https://us02web.zoom.us/meeting/register/tZcud-Gprj8qE92RoBYuXTWhhHsakUjGvoLc)

During the global COVID pandemic, accidents and adversaries revealed opaque and ignored supply chain security issues in near-catastrophic ways. With global markets, global suppliers, global networks, and global adversaries, is there space for a globally-cohesive approach to shoring up supply chain security?

We need to talk about Norm – Discussions on International cyber norms in diplomacy

SATURDAY 10:00am – 11:00am | Community Roundtable
SKYVIEW 3

This session will dive into the wide and wonderful world of “cyber norms” – the long-running international discussions seeking to establish rules of the road of behavior in cyberspace. After years of prolonged discussions in the United Nations but also informal groups like the Global Commission on the Stability of Cyberspace, we seem to be at an impasse – do we want to simply reinforce the already agreed upon 11 norms (like “non-interference in critical infrastructure”), do we want to expand the list of norms to include new behavior (like protecting the basic infrastructure of the Internet), or do we want to do both? And who is this “we” anyway? We'll kick off with a deeper look at the state of norm discussions and then open for a wider Q/A and discussion on what norms can and could do.

If only you knew

SATURDAY 11:30am – 12:30pm | Community Roundtable
Online (sign up here: https://us02web.zoom.us/meeting/register/tZAlc-2pqT8uHNARKeSvxvivpQHj3UYH3hwV)

Regardless of the hat you wear – whether you are a policy person dealing with technology, a tech person reacting to policy, a legal advisor struggling to bridge the two, or a business person looking to keep the lights on in the meantime – you all confront your own challenges and issues. What are the top one or two things you know well about those challenges that you wish everyone else did? Come to this session to meet people wearing different hats than you and share those insights.

RANSOMWARE PART 1: Combatting Ransomware on a Global Stage

SATURDAY 1:00pm – 3:00pm (double-session) | Community Roundtable
Skyview 1 and online (sign up here: https://us02web.zoom.us/meeting/register/tZYvduuorzgtG9MAPy9QjVRAaaC4JKIu89aq)

Ransomware has made front page headlines and taken top stage in policy conversations, with even the US President issuing a letter to CEOs, Congress grilling Colonial Pipeline’s CEO, and the president of France committing 1 Billion Euro to fight ransomware in hospitals. While drafting and spreading technical “best practices” have failed to protect critical infrastructure around the world, which public policy levers are best suited to do so?

RANSOMWARE PART 2: The realities of responding to ransomware

SATURDAY 1:00pm – 3:00pm (double-session) | Community Roundtable
(Same location and sign-up information as Ransomware Part 1, above)

If it's Tuesday, it must be another ransomware attack. So what is a law-abiding company to do? If they pay, it just encourages the attacks. If they don't, then their business may suffer, or worse. Meanwhile, breach-notification regulation may have started a ticking clock forcing their hand – potentially in ways that are counter-productive to other policy efforts to stem the tide of these attacks. In this session we'll confront the practical realities and policy dilemmas these attacks provoke.

Implementing Cyber Solarium Commission Policy

SATURDAY 4:00pm – 5:00pm | Community Roundtable
SKYVIEW 1 and online, (sign up here: https://us02web.zoom.us/meeting/register/tZItdOCsqDouHd3-on_4mXNeaIsDQhq7HEz1)

Within a year of publication of the Cyberspace Solarium Commission report, at least 25 of its recommendations were passed into law by Congress. Solarium Commission leadership wants to know how to improve their next set of recommendations - such as the Bureau of Cyber Statistics - before they become law, and wants DEF CON's help to do so. Commission staff will present their topics and elicit feedback from you and your fellow hackers to avoid unintended consequences and to strengthen their implementation plans.

Thinking About Election Security

SATURDAY 4:00pm – 5:00pm | Community Roundtable
Online (sign up here: https://us02web.zoom.us/meeting/register/tZUlfu6hqTMoGtxIQ8TXdKvAUL4gZLj9x_o8)

Election security has left the realm of election professionals and is now top of mind for anyone. But what does it mean? Is it just about the security of voting equipment? Or the security of the entire system of running elections? If you haven't been able to catch the Voting Village's content, or would like the opportunity for a deeper dive on some of the issues policymakers are wrestling with, this session is for you.