[DEFCON 21] An Open Letter - The White Hat's Dilemma: Professional Ethics
An Open Letter - The White Hat's Dilemma: Professional Ethics in the Age of Swartz, PRISM and Stuxnet Speaker: Alex Stamos - Co-Founder and CTO, iSec Partners The information security world is constantly buffeted by the struggle between whitehats, blackhats, antisec, greenhats, anarchists, statists and dozens of other self-identified interest groups. While much of this internecine conflict is easily dismissed as "InfoSec Drama", the noise of interpersonal grudges often obscures a legitimate and important debate: what is the definition of "security" to whom do we provide it? The last several years have made this external argument and internal ethical debate much more difficult to individuals gainfully employed in InfoSec, thanks to politically motivated prosecutions, domestic surveillance by democratic societies, and even the direct targeting of large companies by their home nations. What rules should guide us in deciding what jobs to take, what services to provide, and our actions in the public sphere? This talk does not have the answers, but hopefully can help the overall community ask the right questions. We will begin with the speaker's personal experience working for Aaron Swartz's defense and on several high-profile civil cases. We will then discuss recent events in offensive cyber-warfare and the new dilemmas this poses for defenders. Finally, the speaker will present one possible framework for ethical decision making in such a complicated time, and will unveil an effort to affect change in the White Hat community. Alex Stamos is a co-founder and CTO of iSEC Partners. While helping to build iSEC into an industry leader, Alex has been focused on helping his clients address their most difficult security challenges. He has worked to secure mobile platforms, cloud computing infrastructures and other emerging technologies while pushing forward the industry's understanding of how to build trustworthy systems in these new computing paradigms. He is a frequent speaker at conferences such as BlackHat, FS-ISAC, the Critical Infrastructure Protection Congress, Infragard, CanSecWest and Interop. Before forming iSEC, Alex was a Managing Security Consultant at @stake and had operational security responsibility at Loudcloud. He received a BSEE from the University of California, Berkeley.
