Black Hat may keep quiet about plans for controversial talks

Computerworld - The organizers of the Black Hat conference series may withhold details of selected talks at future events to avoid pressure from outside groups to cancel them.

In a conversation with Computerworld this week, Black Hat founder Jeff Moss said that going forward, conference organizers will work to determine which scheduled talks are likely to run into problems. Those found in danger of cancellation won't be announced "until the last possible moment," Moss said. "You'll just come to the show and find out [the final schedule] onsite.

"The idea is: How do we get the talks out without giving people months to try and influence or pressure researchers or their employers" into canceling a presentation? Moss said.

The issue bubbled to the surface after a scheduled talk on China's ability to launch cyberattacks was canceled days before the start of this week's Black Hat conference in Las Vegas due to of pressure from government agencies in Taiwan and China.

The presentation on "The Chinese Cyber Army: An Archaeological Study from 2001 to 2010," promised to provide attendees with a glimpse at China's government-backed hacking initiatives. The speaker was to be a researcher at Armorize, a Taiwanese security vendor.

According to a company executive, the decision to pull the talk was made after several Taiwanese and Chinese organizations that had contributed to the report wanted it pulled for reasons the vendor did not fully explain.

This is not the first time that a scheduled talk at Black Hat has been pulled at the last minute. Last year, a scheduled session that would explain a flaw in ATM software, hosted by a researcher at Juniper Networks, was canceled after complaints from the ATM vendor. The talk is now scheduled to be presented at this week's conference.

In 2008, Apple security researchers pulled out of a scheduled talk on the company's security practices. The authors succumbed to pressure from Apple marketing officials. Also in 2008, a talk by three MIT students on security flaws in the electronic ticketing system used by Boston's mass transit authority, scheduled for Moss' DefCon show, was canceled after a judge issued a restraining order.

Each of the canceled talks had been vetted and cleared through legal and other channels, Moss said. In each case, the talks were canceled due to outside pressures, he said.

"That totally drives me crazy," Moss said. "What we are going to do in future is to look into the crystal ball and see which talks we think are most likely to draw that kind of attention. Maybe we'll guess correctly, maybe we won't."

The goal is to ensure that the most controversial issues can be aired at Black Hat -- after a review by conference organizers, he said.

"We don't want any of our researchers dropping a huge zero-day bomb on a really serious issue. That's not cool," Moss said "We just want to get where the public at large hears about it at Black Hat. I want researchers to get up and say we found this great zero-day and by the way the patch for it is out."

"We are just trying to make sure the good talks see the light of day," Moss added.

Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan, or subscribe to Jaikumar's RSS feed . His e-mail address is jvijayan@computerworld.com.

Read more about Security in Computerworld's Security Topic Center.