Wednesday, January 29, 2014

The Back Story on the Suits and Spooks #RSAC Event, some F-bombs, and a Challenge.

The Ritz Carlton San Francisco
Warning: This post contains some profanity and is filled to the brim with opinion. Don't read it if you're easily offended.

If you haven't heard by now, I've contracted with the Ritz Carlton San Francisco hotel to host a 3 hour cocktail reception called the Suits and Spooks Security Town Hall on the evening of February 27th, which falls during the RSA Conference (RSAC) week. I did this on the heels of completing an exhausting two day Suits and Spooks DC event last week. Here's why.

Some people that I respect who have formerly worked in the IC kept telling me that I and others who were upset over the NSA/RSA deal didn't have all the facts; that the NSA bends over backwards to protect the rights of U.S. citizens; and so on. My response to them was that (a) no one ever has all the facts including "cleared" analysts, and that we all must deal with the facts at hand as responsible citizens, taxpayers, and voters; and (b) I have no doubt that NSA employees do their best every day to protect the rights of U.S. citizens within their legal guidelines. However, the legal guidelines need to be changed. They aren't holy writ, you aren't priests, and we aren't living in the Dark Ages where one cannot question the law.

The extreme opposite side of the debate has its share of problems as well. Some are privacy advocates who are either too naive to know that bad people mean us harm or too narcissistic to care. The fact is that if you're in that group, your opinion is held at no cost to you. If another tragedy occurs because the NSA lost critical assets due to Snowden's criminal acts, it won't be you who's held responsible. It'll be the entire Intelligence Community. No matter what you or I think about the need for intel reform, we have ZERO skin in the game. They are the ones who are working for less than competitive wages in the service of their country. They are the ones who will be held responsible when another tragedy occurs, not some Twitter warrior who's never had to make a harder decision than figuring out how to incorporate "ninja" into his social media bio.

After I recovered from three days of no sleep and little to eat during Suits and Spooks DC, I scanned the talks for B-SidesSF and TrustyCon, thinking that I'd find at least a few speakers who would address the NSA/RSA issue; especially after all the shit I heard about how the 12 of us who did boycott RSAC were just doing it for the publicity and/or basically wasting our time. Surely some of those critics would have submitted talks to BSides so that they could "work from within" to evoke change. Astoundingly, BSidesSF final agenda showed ZERO talks on the subject. The reason, according to BSidesSF when I commented about it on Twitter, was that they hadn't received any submissions! What the fuck does it take to make a cyber security engineer or researcher mad enough to do something substantive instead of just arguing on social media? You may be perfectly comfortable living and working in a digital universe, but it's not enough to tweet your outrage. You still need to get your hands dirty. You need to take a stand about something which COSTS YOU SOMETHING. Otherwise, you haven't done shit.

So, I decided to give at least 100 people of the 20,000 or more who would be at RSAC a chance to do something constructive with their feelings and opinions about how we are or aren't balancing national security concerns with the right to privacy; about how massive surveillance world-wide is unacceptable and counter-productive, or is exactly what we need to do. I decided to create a 3 hour Security Town Hall with some of the best and brightest people I could convince to come to represent both sides of the issue, and to run it using the Suits and Spooks format that encourages interaction between speakers and attendees. Yes, you can go to TrustyCon, B-SidesSF, and RSAC and hear some terrific speakers, but can you as an attendee engage with them? Probably not. Certainly not at the level that we do it at Suits and Spooks where after the first 10 minutes, the speaker can be challenged at any time.

So here's my challenge to you. If you think the NSA is doing something wrong or could be accomplishing its missions better, come to the town hall and ask a former NSA Inspector General and a former NSA General Counsel your questions. Even better, listen to what some of the most experienced and educated leaders in national security and privacy have to say to each other and on what points they challenge each other, and then ask your question or make your point. This may be the only time that you'll ever have a chance to meet and speak with Joel Brenner, Stewart Baker, Mike Janke, Nate Fick, Katherine Maher, Chris Soghoian, Carson Sweet, Geoff Hancock, Erin Simpson, Danny Yadron, and a few more outstanding individuals yet to be announced - all in one place and all willing to speak and share viewpoints and opinions with you and every other attendee who cares enough to come, listen, ask questions, have your opinions challenged, and hopefully leave with a fire lit in your belly to take action regardless of which side of the debate you support.

Finally, I want to point out that 100% of all of the registration fees (minus 2.9% credit card processing) goes to one of four charitable foundations which you select when you register. So regardless of your feelings about me personally, you can come knowing that your dollars are helping the EFF, the ACLU, the CIA Officers Memorial Foundation, or the NSA Cryptologic Museum. And that I and the event's sponsors are paying for everything else except your drinks. It's a cash bar.

No comments:

Post a Comment