Ethics Village
In The Hopes Of Fostering A Better Understanding Of The Ethical Questions We Face As A Community
Tell Me More


Ethics Village at DEFCON 2018

Acceptance Notification: June 29th CST

The DEFCON Ethics Village, is a two day ethics conference focused on the fostering a discussion about ethics in the security domain. The discussion on ethics in the security domain has been present since its inception however, we want to foster a greater discussion on ethics across all security domains. We want to celebrate the mistakes and grow as a community.

We want to learn what ethical situations arise for security professionals. We want to learn how security professionals handle these situations. We want to know about times you stood up to your boss because of your ethical beliefs to when you did something completely unethical and possibly broke the law.

The Ethics Village is sponsorsed by DC 217 an interest group for computer security topics.

Check out our chat with Sean Martin and ITSPmagazine:

Asking For A Friend

As a security professional and/or enthusiast you may have faced an ethical dilemma. We hope you would share this ethical dilemma with the security community, in order to start building an understanding of all the ethical situations one might face as well as learn about potential solutions.


Friday, August 10th

12:00 PM
Asking for a Friend

1:00 PM: Keynote
Ethics for Security Practitioners
While at the first glance infosec might seem to be a mainly technical domain you might encounter ethical dilemmas very soon once you start working in the field (namely when you do offensive stuff). In this talk I'll provide an introduction how to tackle such situations in a structured way and on the basis of common approaches and values.

2:00 PM
Accountability without accountability: A censorship measurement case study
Protecting volunteers from retribution, and why the fear of unknown unknowns is paralyzing to the academic measurement community.

3:00 PM
Responsible Disclosure Panel
In today's climate of data breaches and information leaks, how do we in the infosec community disclose the vulnerabilities we discover responsibly? Who are we responsible to? Can we set a standard practice that is ethical, fair and effective? These and other questions will be discussed by some familiar faces on our Responsible Disclosure Panel.

4:00 PM
Ethical Disclosure and the Reduction of Harm
How does a researcher become empowered to influence business and marketing leaders to balance coordinated disclosure, opsec protection, and tradecraft protection, with corporate interests? This talk examines use cases gone wrong, and opportunities for all groups to work together to make it right.

5:30 PM
Patching the CFAA: The New CIAA and “Ethical” Conduct in Security Research
Care about fixing the CFAA? Hear about a new proposal to better protect security research: the Computer Intrusion and Abuse Act. Because the proposal relies on norms/ethics in the security research community, we will debate the hard cases - situations where researcher norms vary.

6:30 PM

Saturday, August 11th

11:00 AM
Ethics of Technology in Humanitarian and Disaster Response
How do we combat the moral dilemmas technology brings to humanitarian and disaster response? Ethically based decision making can improve the influence of technology during a crisis.

1:00 PM
Nations and Nationalism and Cyber Security - Navigating Difficult Relationships in the Private Infosec Space
When talent comes from intelligence agencies, what masters do we server, who takes priority, and how can companies ensure providers are supporting their interests above past masters? And how have companies muddied the waters so that these questions are relevant in the first place? Some exploration of conflicting duties and possible responses.

3:00 PM
Hack Back: Not An Option, But A Necessity? (A Mini-Workshop)
David Scott Lewis
“They don’t fear us.” This was General Nakasone’s response to Senator Sullivan’s remark that “we’re the world’s cyber punching bag” during Mr. Nakasone's confirmation hearings as NSA Director and USCYBERCOM Commander. This talk will present hack back as a form of offensive cyber going beyond active defense, persistent engagement, and the cyber kill chain, yet consistent with proposed legislation, and will put forth the claim that nextgen hack back will evolve into a hyperwar battlespace deterrent.
Concerns such as attribution and escalation will be addressed, as will the potential role of AI, cybernetics, and quantum computing. A working framework for hack back will be presented – HBaaS/ADaaS (Hack Back-as-a-Service/Active Defense-as-a-Service), as will reasons why culture must play a key role in developing policy options.
For illustrative purposes, China and Chinese culture will be examined in depth. This examination will begin with a look at China’s Mearsheimerian foreign relations practices, and will then review how Chinese culture and cultural norms should guide U.S. hack back policies specific to China.

5:00 PM
Diversity and Equality in Infosec
As the field of Infosec continues to grow in numbers, it is also growing in terms of diversity. Arguably the field needs bring in as many diverse perspectives as possible in order to face ever escalating technological and non-technological challenges. We seek to discuss the ethics of promoting diversity and equality, the ethics of the current methods in promoting diversity and equality, and what can be done to ethically promote diversity and equality in infosec.

6:00 PM


This year at DEFCON 26, we hope to host talks and discussion panels on the role of ethics in various security domains (e.g., vulnerability disclosure, incident response, digital forensics, security education, smart cars, IoT) and related topics. We intend to invite presentations from speakers with a wide variety of backgrounds in order to receive diverse perspectives. The goal of this village is to initiate a conversation among the security community in the hopes that it will foster a better understanding of the ethical questions we face as a community.

Contact Us

If you are interested in meeting with us at DEFCON or would like to submit a proposal for a talk, presentation or discussion panel, please send a detailed proposal to