skip to main content

DEF CON Hacking Conference

Transparency Report

DEF CON Conference Transparency Report

Since DEF CON 25, we have started to share a summary of incidents we are aware of that happened at the convention for a given year.

My hope is that by doing this DEF CON will encourage other conventions to duplicate this reporting and share their data so collectivly we can shed some light on the challenge we face in creating more safe and inclusive events.

- The Dark Tangent


Pre DEF CON 30


(Updates before DC 30) Transparency Report

(2022 July 28)
It has been a surreal and humbling experience to literally grow up with the community of hackers that developed over the last 30 years. It started with an inclusive call for hackers, lawyers, artists, feds, #hack, #phreak, basically everyone interested, to attend the first, small, DEF CON. As I grew up IRL, so did the convention. I learned to accept some hard truths such as “You can’t please all people all of the time” and “Do what you can, when you can.” I have always tried to stay true to the core of DEF CON and the Hacker Ethos, even when change is not comfortable or convenient.

In 2015, we introduced a formal Code of Conduct and in 2017, we began publishing post-event transparency reports with statistics about the incidents we are aware of. In 2018, we launched a hotline for attendees to anonymously report behavior violating our Code of Conduct or to connect with a trained and empathic ear. All of this has been a team effort made possible by incredibly smart, compassionate, and capable staff, volunteers, and community supporters.

As we prepare to celebrate three decades of DEF CON, we’re constantly learning what it means to effectively support an evolving community with transparency and empathy. So today, we’re publishing details about our escalation process when we receive reports of Code of Conduct violations.

What does DEF CON do with Code of Conduct violation reports?

In the past, individual community members shouldered too much of the burden to protect each other using whatever means they could. We, the event organizers, must be better.

Our code of conduct is simple: “We do not condone harassment against any participant, for any reason. Harassment includes deliberate intimidation and targeting individuals in a manner that makes them feel uncomfortable, unwelcome, or afraid.”

To be clear, the term “harassment” encompasses any behavior that makes others feel uncomfortable or unsafe.

When we receive a report of a Code of Conduct violation, our leadership team representing multiple functions and departments, conducts a review of the substance in consultation with our attorney as needed. This usually involves speaking with parties named in the report including potential witnesses, alleged offender(s), and victim(s).

We then review all the evidence available to us through community reports, news media, and internal investigations to determine whether the allegations are substantiated. Most of the reports we receive are for minor violations that result in a warning, but severe allegations may require a referral to hotel security and/or law enforcement, especially if the report includes claims of criminal behavior.

Please remember all DEF CON attendees are guests of both the conference and the hosting property, which has its own Code of Conduct and rules. The property will remove anyone that breaks their rules and will prevent you from attending the conference in the future.

Does DEF CON publish report details?

Our transparency report includes the number and category of incidents that are reported during the DEF CON conference each year. We also respond to reports through the year and publish updates for the community about major incidents that occur between events. Repeat offenders and those who commit more egregious offenses are permanently banned from our events. In the case of the most troubling offenses or those who we feel may represent an ongoing risk to the community, we take the extra step of naming them publicly. We believe we have an obligation to the community not to provide cover for these individuals to quietly find new and unsuspecting victims elsewhere. When we disclose this information, we do so to protect the DEF CON community, not to act as a public trial.

If the report of harassment presents a risk of immediate or future retaliation, or at the request of the reporting individual, we will take measures to protect their identity and/or details of the accusations. We’ve adopted these safeguards based on recommendations from the National Network to End Domestic Violence and the Violence Against Women Office at the US Department of Justice.

When affected individuals feel safe and comfortable doing so, they may approach alleged offenders about inappropriate behavior and ask them to stop. However, disparity in power or status, fear of retaliation, or the nature of the behavior may make direct confrontation difficult, and therefore there is no requirement for such action to be taken before DEF CON begins our investigation. In fact, retaliation is itself a violation of our Code of Conduct, which states:

“We do not condone harassment against any participant, for any reason. Harassment includes deliberate intimidation and targeting individuals in a manner that makes them feel uncomfortable, unwelcome, or afraid.”

As a private event and organization, we reserve the right to prioritize protecting the privacy of reporting individuals and victims of abusive behavior above other potential interests. Additionally, as private property, the hotel can trespass individuals permanently banned from DEF CON, creating a criminal and physical barrier between those individuals and the conference areas.

Anyone can report harassment. If you are at DEF CON and are being harassed, notice that someone else is being harassed, or have any other concerns, you can let us know by contacting any Goon, registration desk, or info booth, as well as by calling or texting the hotline at 725-222-0934. As a reminder, you can also contact the hotline during the con if you just need someone supportive to talk to.

You can also file a report year-round by contacting safety@defcon.org. We encourage individuals to report CoC violations as soon as they’re able to so we can begin our investigation before evidence is lost or destroyed, but it’s never too late to make a report.

- The Dark Tangent


Post DEF CON 29


(Updates between DC 29 and DC 30) Transparency Report

(2022 Feb 9)

  1. We received multiple CoC violation reports about a DEF CON Village leader, Chris Hadnagy of the SE Village. After conversations with the reporting parties and Chris, we are confident the severity of the transgressions merits a ban from DEF CON.
  2. We have also taken the rare action to disband the DEF CON Group DCG414. Code of Conduct violations by the group's primary Point of Contact and subsequent mishandling of the event left us without confidence in the group’s leadership.


DEF CON 29


(2021 August 5-8) Transparency Report
From our [closing ceremony] transparency report announcement:

DEF CON 29 – Virtual

Of 95,562+ total messages the moderation team deleted 127 (0.13%)
We received 30 reports via “Report-a-violation feature.”

Across the 34,321+ accounts on the DEF CON Discord, the moderation team:
* Warned 45 users (0.05%)
* Temporarily Muted 50 users (0.05%)
* Kicked 7 users (0.02%)
* Banned 6 users (0.017%)

DEF CON 29 - Physical

Medical & Health:
7 medical emergencies 4 requiring EMTs
4 mental health issues requiring specialist support
[we noticed a significant number of attendees struggling this year and asked the community to have each others backs]

Menstrual Products
Now Provided in all convention area restrooms, regardless of gender.
Estimated 850+ of these were distributed

Policy & Conduct
1 lost passport
3 photo policy violations
3 suspicious packages
2 people removed for not masking
Approx 25 turned away for not being vaccinated
2 removed by security from Vaccination check


x

DEF CON 27


Estimated number of people : 30k+
Announced at closing ceremonies August 11, 2019

# Description
6 Harassment
1 Sexual Assault
2 Theft/Loss
3 Bans/Trespasses
2 Falling Ceiling
2 Foiled Attacks on Casino
1 Biblical Grasshopper Plague
2 Warnings Issued to Our Staff
1 Staff Member Dismissed
5 Drunk and Disorderly
5 Photo Policy Complaints
1 Media Company Ejected
1 Hotel Safety-Security Issue
1 Failed Troll Attempt/ Self Own


Support Line Stats
Available each day of the conference rom 0800-0400
Completely anonymous
Trained community volunteers

# Description
29 Total Calls
12 Code of Conduct Reports
5 Referrals to Para-Professional Counseling
1 Legal Issue
1 Person Trapped Back of House


DEF CON 26


Estimated number of people: 28,000+
Announced at closing ceremonies August 12th, 2018

# Description
3 Harassment
7 Sexual Harassment
1 Sexual Assault

7 Medical Incidents
2 Theft
3 Vandalism
1 Tresspassing
1 Falling Ceiling
1 Badge Makers Exonerated
1 Attacks On Casino Foiled
1 Dust Storms / Flash Flood
1 Other Event’s Attendees Claiming We Hacked Them
1 Warnings Issued To Our Staff

Support Line Stats
Available each day of the conference from 08:00 to 04:00
Completely anonymous
Trained community volunteers

# Description
62 Total Calls
42 General Information Calls
3 Harassment Calls
5 Sexual Harassment Calls
1 Medical Help Calls
1 Concern Over Drink Tampering


DEF CON 25


Estimated number of people: 25,000+
Announced at closing ceremonies July 30th 2017

# Description
7 Harassment reports (Code of Conduct violations) including:
2 People banned for life due to harassing women
1 Person banned for life for harassing hotel staff
1 Person fled before we could identify and ban them for harassing a woman

9 Medical incidents leading to 4 hospital transports
3 Thefts
1 Vicious Dog report
3 Adorable Dog reports
3 Vandalism to DEF CON or hotel property
2 Trespass on hotel property
2 People un-banned for life by the hotel

Notes:
A DEF CON ban is a prohibition against a person or group from attending future conventions due to bad behavior. DEF CON conveys the information to the hotel and if a banned person returns they will be "trespassed" by hotel security and possibly prosecuted.

A hotel ban is a ban instituted by the hotel for bad behavior against the hotel or its interests and is outside of our control. You anger the hotel, you deal with the hotel.

Other notable bans:
DEF CON also monitors news reports and community forums for potential bad actors to exclude from our conventions, like we did with Jake Applebaum, John Draper aka Captain Crunch, and Morgan Marquis-Boire, who have all been banned.