When Security Compromises Security – The Caesars / DEF CON Debacle
I was hoping that this first post after DEF CON would be a roundup of all the amazing things our team experienced while there. DEF CON is our once a year pilgrimage to see everyone in our team in person, because we all work remotely. We fly people to Las Vegas from all around the USA and from Sweden and Australia.
Our company is a family business. My wife and I are the founders and exec leadership. But it goes beyond that. Family is part of the Defiant team and family participates in DEF CON. We have a mom and daughter team at Defiant who are incredibly talented. We have spouses and significant others join us for DEF CON with their children, and they participate in events.
October 1 last year was terrible for Las Vegas. The city experienced one of the worst mass shootings in US history. Naturally, Las Vegas has beefed up security protocols. The trouble is that they have put controls in place that actually put visitors to Las Vegas at risk.
The following is a brief summary of the experience one of our own team members had, which she shared on our internal chat with the team. I’ve sanitized it to preserve her anonymity:
“Hotel security came and pounded on the door Saturday night saying that we hadn’t had our room cleaned (even though we had) and that they had to inspect our room. They were a little rough; I let [my husband] handle them. Other folks on our team hadn’t had their room serviced and didn’t get a visit. Now that I have some space, I’m reading that a number of people had similar visits, some much, much worse that what we experienced.”
Here is another experience that Katie Moussouris had. For reference, Katie is a legend in the security community – she is a respected scholar and has testified in front of the U.S. Senate Subcommittee on Consumer Protection, Product Safety, Insurance, and Data Security.
Marc Rogers, head of DEF CON security for almost 20 years, has offered to resign over this situation. Marc, I think the last thing we want is those who can navigate us out of this situation to resign. You’re not responsible for this and this is new data for all of us. In my humble opinion, the DEF CON leadership and community should work together to find middle-ground with Caesars and Las Vegas, or find an alternative.
Clearly something needs to change. When I invite individuals traveling alone and families of our team and their children to Las Vegas, I need to know that they will be safe. Our team member that was affected was not traveling alone and she had her husband to lean on. Katie did not have a significant other present to support her, so I can only imagine how she felt in a Casino where anyone from the street can enter the facility, come up the lifts and bang on a room door demanding entry.
So at this time our team is putting a hold on our 2019 DEF CON plans. I can’t, in good conscience, put our team in a situation where they may be intruded on at random times by a security service that fails to clearly identify itself and where the protocols are inconsistently implemented.
For the record, our room bill at Caesars alone came in at over $50K, excluding meals and other expenses. I’m sure other larger organizations spend more, but for us, that’s a respectable chunk of cash.
Unless there is clear guidance and this issue is owned and comprehensively resolved by Caesars and the Las Vegas hotels, we will be evaluating alternative locations to get our team and their families together – and we will be focusing on safe and professionally run environments.
Mark Maunder – Defiant Founder & CEO