Friday, August 10th
Asking for a Friend
1:00 PM: KeynoteEthics for Security Practitioners
While at the first glance infosec might seem to be a mainly technical domain you might encounter ethical dilemmas very soon once you start working in the field (namely when you do offensive stuff). In this talk I'll provide an introduction how to tackle such situations in a structured way and on the basis of common approaches and values.
2:00 PM Accountability without accountability: A censorship measurement case study
Protecting volunteers from retribution, and why the fear of unknown unknowns is paralyzing to the academic measurement community.
3:00 PM Responsible Disclosure Panel
In today's climate of data breaches and information leaks, how do we in the infosec community disclose the vulnerabilities we discover responsibly? Who are we responsible to? Can we set a standard practice that is ethical, fair and effective? These and other questions will be discussed by some familiar faces on our Responsible Disclosure Panel.
4:00 PM Ethical Disclosure and the Reduction of Harm
How does a researcher become empowered to influence business and marketing leaders to balance coordinated disclosure, opsec protection, and tradecraft protection, with corporate interests? This talk examines use cases gone wrong, and opportunities for all groups to work together to make it right.
5:30 PM Patching the CFAA: The New CIAA and “Ethical” Conduct in Security Research
Care about fixing the CFAA? Hear about a new proposal to better protect security research: the Computer Intrusion and Abuse Act. Because the proposal relies on norms/ethics in the security research community, we will debate the hard cases - situations where researcher norms vary.
6:30 PM Discussion
Saturday, August 11th
11:00 AM Ethics of Technology in Humanitarian and Disaster Response
How do we combat the moral dilemmas technology brings to humanitarian and disaster response? Ethically based decision making can improve the influence of technology during a crisis.
1:00 PM Nations and Nationalism and Cyber Security - Navigating Difficult Relationships in the Private Infosec Space
When talent comes from intelligence agencies, what masters do we server, who takes priority, and how can companies ensure providers are supporting their interests above past masters? And how have companies muddied the waters so that these questions are relevant in the first place? Some exploration of conflicting duties and possible responses.
3:00 PM Hack Back: Not An Option, But A Necessity? (A Mini-Workshop)David Scott Lewis
The NSC's Susan Rice told Michael Daniel, Obama's cyber advisor, to 'Stand down," which let the Russians interfere in the election w/out fear of retaliation. This talk will demonstrate the folly of such policies.
5:00 PM Diversity and Equality in Infosec
As the field of Infosec continues to grow in numbers, it is also growing in terms of diversity. Arguably the field needs bring in as many diverse perspectives as possible in order to face ever escalating technological and non-technological challenges. We seek to discuss the ethics of promoting diversity and equality, the ethics of the current methods in promoting diversity and equality, and what can be done to ethically promote diversity and equality in infosec.
6:00 PM Discussion