Some of the pioneers of Defcon, Gail Thackeray and Dead Addict, take the floor at Defcon 20 to recall how it all started and compare it to where it is now.
Gail Thackeray: Good morning, my name is Gail Thackeray and I was at DEFCON 1; I was the only prosecutor they invited to come (who would?), and my assignment then was to debate the issues of hacking, and initially, when Dead Addict called me, I told him I don’t attend such conventions, and later on we had some discussions, and I did go. It was very interesting for all of us: I got up in front of a very tiny group of people in a very tiny conference room in the old Sands, and I said: “There’s no debate. You’ve already lost; hacking’s illegal in 50 states, the federal government, and a lot of other countries.” And it went downhill from there.
So let’s go back: where were we at DEFCON 1? First of all, I’m thrilled to see how many women are in the audience. At DEFCON 7 Kevin Mitnick was still on the lam, and the FBI sent an agent to try and capture him if he showed up. And even though “Spot The Fed” was a big deal as late as DEFCON 7, and they spotted a bunch of feds and trotted them out on the stage, they never got the FBI agent, and you know why? She was a girl.
So what we had at DEFCON 1 were a bunch of cops who were suddenly confronting a world they knew nothing about: cops were not using computers then. And we had a bunch of hackers, some of whom were doing exploratory, interesting stuff, some of whom were doing very expensive destructive stuff, which is what led to the prosecutions of the late 1980s and early 1990s that got all the press attention, and it started the debate and led to DEFCON, led to the formation of the Electronic Frontier Foundation. And I want to add for those of you who think we were always divided communities: I was an early member of the EFF.
At the point when DEFCON 1 happened, we had a huge national debate going on, a lot of it was being played out and distorted in the press, because we had cops who didn’t understand the technology; we had hackers who didn’t understand why other people were mad at them, and we had the press who couldn’t talk to either of those groups.
I remember there was a conversation going on on The WELL – some of you may remember The Well, there was no Internet then, so you had to be paying very large long-distance bills if you were commuting to The WELL. And some of the best educated press people in America were asking things like: “In Operation Sundevil, where you did 19 simultaneous search warrants across the country, nobody got arrested” – “Well, that’s why we call them a search warrant. The arrest warrant is when you use the information from your search warrant to arrest the guy who did the bad stuff.”
We had different factions who could not communicate at DEFCON 1, and that’s kind of what led to DEFCON 1, right? We were all really nervous: the hackers weren’t necessarily cool with being in a room with a prosecutor. I did have to ask them not to commit any felonies in front of me, and the cops were not at that time comfortable with being on the stage with a hacker, or even in the same room, unless they were interviewing said hacker.
I want to say that 20 years later, we’ve come a long way in our ability to communicate, this is proof of that. We don’t agree on a lot of things, but post 9/11 we agree on a lot of things. The fact that this many people here want to hear what the General will have to say in a few minutes, is proof that you’ve changed. The fact that so many law enforcement and security people are here is proof of the fact that we’ve changed.
What we had at the time of DEFCON 1 was mass confusion: the issues weren’t all that clear, the factions didn’t share a language. Today we have cops using computers. It was actually law enforcement that pretty much invented the field of computer forensics. I know those early guys, and they were writing code, because they were desperate, they needed help. They went to Peter Norton and they got some tweaks to Norton utilities, and that was kind of the beginning of computer forensics: the stuff they were writing and what Peter Norton did to assist this.
Now, some of you are in the position of protecting the systems that we all rely on, and I think everybody in this room can agree that whatever we think about the exploratory form of hacking, there is a reliability factor that we all depend on in the civil society, and that means that you don’t take risks and endanger my stuff, and that was the fundamental divide we had at DEFCON 1, we’re still debating it now.
As Americans, I don’t think most of you, who are here Americans – we have a lot of foreign guests – as Americans I don’t think most of you would take kindly to a group of hackers from some other country shutting down any of our infrastructure, especially if it affects you.
We have evolved in our attitudes towards privacy over 20 years. We’re still arguing about it – I know some of you are pretty mad at Facebook about every 6 months. Privacy is where you feel you’re invaded. Hackers didn’t at that time, from my point of view, respect other people’s property and other people’s privacy.
There’s a lot of misinformation about those early prosecutions. A couple of the high-profile ones that led to DEFCON and the EFF were actually fraud investigations. Huge financial losses were being suffered as a result of some people’s behavior. The cops didn’t sit around and say: “Gee, whose civil liberties can we go trample on today? Oh, let’s pick hackers.” The cops are responsive to a need, a demand from their constituents, which is, at some point, in the lives of all of us. And that’s what happened: we were still trying to solve huge financial losses. You know why we don’t have as many hacker cases today? Because you all have Internet access for free. You’re not running up other people’s phones bills, and you’re not robbing other people off their credit cards as much.
We also have better educated cops. We have spent a lot of time training them; they’re still not where they need to be – they’re light years behind most of you. But we have officers: the Arizona computer forensics lab at the anti-terrorism center where I now work, is a marvelous resource. And we have people who specialize in things that weren’t even invented when DEFCON 1 was happening.
Phone forensics – that’s an oxymoron, there is no forensics with phones. For most phones you can’t do a true forensic examination, so we’re doing with phones now, and with GPS and all the other widgets, what we were doing in a very primitive way at the time of DEFCON 1.
One of the legends of the computer investigation early committee, which was a federal loose group that was trying to tech each other: “What is this stuff, how are we dealing with it, what’s the law? There’s no law. What do you mean there’s no law, this is a bad thing?” We were involved in all those early issues in law enforcement; we had some contact with members of the hacker community, some of them educated us, not always as volunteers. Their interviews were extremely educational, and I’m proud to say, as far as I know, as of 4 years ago, all of my alumni are really respectable citizens, and most of them are working in the computer security field. So the hacker community has evolved to become part of the solution, and not just the problem.When we look at the evolution, and that’s a common thing Dead Addict and I were talking about last night – the evolution of the whole community, not just DEFCON community, but the whole society around us: as the General will talk about, we have more stuff in common than we have disagreements about. You don’t want me or any of my alumni shutting down the electricity when you’re working on an important project. We don’t want other countries taking our stuff, giving it away, so that our brilliant minds, and some of you in this audience actually make money from your skills when you’re not at DEFCON – you don’t want people stealing your stuff; you don’t want people data mining your stuff and misusing it. Those are all areas we have in common.
And I think DEFCON and EFF have contributed greatly to the shared understanding that brings us all here, listen to the General. So I’m going to turn this over to Eli, oh, sorry, Dead Eli, and let him give you the other side of the perspective of DEFCON 1. Just think: when we were here the first time, half of you weren’t born, nobody had a computer except for people in the room, who were not cops; we didn’t have the Internet and we didn’t have the conversation going. Look how far we’ve come in 20 years. Thank you.