At hacker conferences, government surveillance takes center stage
LAS VEGAS Shane MacDougall wears a black T-shirt with the word "hacker" on his chest. Around his neck is something called an uber badge, which is a flat metal cutout of a skull about the size of a coconut -- it gives him lifetime access to Defcon for free. He's been coming to the annual hacker convention for 14 years.
When it comes to the hacking community versus the U.S. government, it's a wobbly balancing act for MacDougal. While he makes the annual trip to Defcon to support the community he's become a fixture in, he's also here to work. Sponsored by his employer JL Bond Consulting, MacDougall teaches classes at Black Hat, a meeting where cybersecurity professionals share their research -- often revealing some of the most spine-chilling hacks of the year. Federal agents typically make the trek to take classes and learn about the latest hacks. Meanwhile, at Defcon, one of the world's largest annual hacker conventions, there are contests to see who is the best at breaking passwords and cracking into computers.
Black Hat and Defcon are held in the same week -- overlapping by one day, with many of the same people attending both conferences. MacDougall has seen the hacking community experience substantial changes since he's starting attending Defcon. For the most part, hackers are no longer shrouded in secrecy, hiding out from law enforcement.
"When I started it was 'screw the feds,' now it's like 'I want to be a fed.' This year, I think we're now seeing a swing back to the middle," MacDougall told CBSNews.com.
One hat does not fit all
The term "hacking" casts a wide net. Often times the community is seen as misfits, who set out to break the law. But there is an ever-growing collective of professionals who work closely with the government to provide tools to prevent crime, solve cases or protect intellectual property.
"Hacking isn't malicious. Hacking is bettering the technology because you're opening it up and being able to use it," a Defcon attendee named "Junkmail" told CBSNews.com.
It's commonly known that the feds come to the conferences to recruit the brightest minds in the cyber community. This year's meeting of hackers is especially tumultuous, in light of the revelation that the National Security Agency was secretly collecting metadata from telecommunications companies as part of a program called PRISM.
At Black Hat, where many of the attendees are government employees, jokes were prevalent about NSA surveillance and former Booz Hamilton contractor Edward Snowden, who leaked national security documents to the media. One booth was giving away temporary tattoos that said, "I am not the fed."
At a booth across the aisle from Booz Hamilton, a poll being conducted asked if Snowden is a villain or hero. The results were literally split down the middle, with the first day of polling resulting in a tie.
"The one wrong thing never justifies the other wrong thing. If there is overreach and if the NSA and other government agencies are overreaching, and they are invading our privacy that doesn't mean that you can violate the code of ethics and the oath that you take when you join that government agency to protect and serve your country," Andrew Lee, CEO of the North American branch of cybersecurity firm ESET told CBSNews.com.
The attitude was much different at Defcon, where T-shirts bearing Snowden's face, in the treatment Shepard Fairey famously gave to President Obama in the 2008 elections, had the word "hero" written in place of "hope." A similar T-shirt of Obama had the phrase "yes we scan" printed on it -- a play on words from the president's campaign slogan "yes we can."
Feds face the music
Long before news of the PRISM leak broke, Black Hat organizers invited NSA director Gen. Keith Alexander to give the keynote address. Instead of canceling his appearance, the director took the stage Wednesday morning and promised to set the record straight.
All went well until about halfway through his address, when the director was heckled by an audience member, who yelled out: "You lied to Congress. Why should we believe you're not lying to us?"
The director remained calm throughout the speech, and maintained his position that the NSA is not arbitrarily spying on Americans. Despite the outbursts -- and rumors that two cartons of eggs were confiscated before his speech -- Gen. Alexander's attendance was well received.
"I think it was a very good thing that he came. That fact that he engaged and he came, when he didn't have to -- I think that speaks volumes for his personal integrity. I think there will always be skepticism simply because there are things he still can't tell us," Lee said.
The reception was different at Defcon, where the feds were asked to stay home this year by the conferences' founder Jeff Moss.
On Thursday, during Defcon's keynote address, which was given my Ambassador Joseph R. DeTrani, president of the Intelligence and National Security Alliance, the audience was hostile -- interrupting the ambassador as he spoke about cybersecurity as a major nation threat.
DeTrani is no longer a government employee and his keynote was meant to be focused on nuclear proliferation, but it appeared that the community sought answers from anyone that could provide insight.
In a question-and-answer session, people lined up to press the ambassador on questions that ranged from government surveillance to cybercrime -- none of which are his areas of expertise. Defcon attendees were frustrated that he could not answer question that were most pressing to them. At one point a young man said, "I'm not really sure why you're here."
DeTrani took it all in stride and said that he was at Defcon because he was invited to speak. After his speech, the ambassador told CBSNews.com he was not surprised with the outbursts.
"I'm not naive to think you can walk into a group like this and sing 'Kumbaya, we love you,'" DeTrani said, and added that he does respect the community and hopes they can work together with the government to solve our biggest quandaries.
Paving the way for discourse
"These people are valuable -- the good hackers -- these people can help address these issues we're talking about," DeTrani said. "We can't have them standing outside and saying 'we're not part of it.'"
DeTrani believes the community shouldn't chastise government employees for doing their jobs, rather he suggested they take it up with Congress. In his speech, he pushed for hackers to reach out to their representatives and make their voice heard.
His sentiment is shared with former White House Director of Cybersecurity Sameer Bhalatra, who is now chief operating officer of the cybersecurity firm Imperium.
"I think security is very important -- to the president, to the country. Certainly privacy is very important to the same people" Bhalatra said. "We have to have a debate on how to balance those two needs or find ways to accomplish both at the same time. I think the better, more thorough debate we have, the more likely we are to come up with solutions that are more optimal."
For his part, MacDougall still doesn't trust the government, but he also believes it's the complacency of the people that's blocking progress.
"A lot of people just don't seem to understand the potential impact a lot of this surveillance has -- especially in a functioning democracy," he says. "The problem is that people confuse comfort with freedom."
Editor's Note: This article originally attributed a quote to ESET global CEO Richard Marko. It has been corrected to reflect that ESET's North American CEO Andrew Lee was interviewed.
