N-1

Iniciar sesión
  • Blogs
  • LelaCoders
  • Sexual Harassment at DefCon (and Other Hacker Cons) /Schneier on Security

Sexual Harassment at DefCon (and Other Hacker Cons) /Schneier on Security

    spideralex
    • Todos
    Por spideralex

    Original post here

    Sexual Harassment at DefCon (and Other Hacker Cons)

    Excellent blog post by Valerie Aurora about sexual harassment at the DefCon hackers conference. Aside from the fact that this is utterly reprehensible behavior by the perpetrators involved, this is a real problem for our community.

    The response of "this is just what hacker culture is, and changing it will destroy hackerdom" is just plain wrong. When swaths of the population don't attend DefCon because they're not comfortable there or fear being assaulted, we all suffer. A lot.

    Finally, everyone at DEFCON benefits from more women attending. Women "hackers" -- in the creative technologist sense -- are everywhere, and many of them are brilliant, interesting, and just plain good company (think Limor Fried, Jeri Ellsworth, and Angela Byron). Companies recruiting for talent get access to the full range of qualified applicants, not just the ones who can put up with a brogrammer atmosphere. We get more and better talks on a wider range of subjects. Conversations are more fun. Conferences and everyone at them loses when amazing women don't attend.

    When you say, "Women shouldn't go to DEFCON if they don't like it," you are saying that women shouldn't have all of the opportunities that come with attending DEFCON: jobs, education, networking, book contracts, speaking opportunities -- or else should be willing to undergo sexual harassment and assault to get access to them. Is that really what you believe?

    And in case you're thinking this is just a bunch of awkward geeks trying to flirt, here are one person's DefCon stories:

    Like the man who drunkenly tried to lick my shoulder tattoo. Like the man who grabbed my hips while I was waiting for a drink at the EFF party. Like the man who tried to get me to show him my tits so he could punch a hole in a card that, when filled, would net him a favor from one of the official security staff (I do not have words for how slimy it is that the official security staff were in charge of what was essentially a competition to get women to show their boobs). Or lastly, the man who, without prompting, interrupted my conversation and asked me if I'd like to come back to his room for a "private pillowfight party." "You know," he said. "Just a bunch of girls having a pillowfight....fun!" When I asked him how many men would be standing around in a circle recording this event, he quickly assured me that "no one would be taking video! I swear!"

    Aurora writes that DefCon is no different from other hacker cons. I had some conversations with people at DefCon this year to the contrary, saying that DefCon is worse than other hacker cons. We speculated about possible reasons: it's so large (13,000 people were at DefCon 20), it's in Las Vegas (with all the sexual context that implies), and it's nobody's home turf. I don't know. Certainly the problem is rampant in geek culture.

    Aurora also mentions the "Red/Yellow Card project" by KC, another hacker: warning cards that can be handed out in response to harassing behavior. The cards are great, and a very hackerish sort of solution to the problem. She gave me a complete set -- there's also a green card for good behavior -- and I have been showing them to people since I returned. I haven't heard any stories about them being given out to harassers, but I suspect they would be more effective if they were given out by observers rather than by the harassed. (Bystanders play a large role in normalizing harassing behavior, and similarly play a large role preventing it.)

    Of course, the countermove by harassers would be to collect the cards as kind of a game. Yes, that would reduce the sting of the cards. No, that doesn't make them a bad idea. Still, a better idea is a strong anti-harassment policy from the cons themselves. Here's a good model.

    More resources: here, here, and here.

    Posted on August 15, 2012 at 8:57 AM206 Comments

    To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.

    Comments

    On the topic of endemic sexism in the field of computer science, just yesterday we had another example of the Playboy photograph of Lena Söderberg being used to demonstrate graphics technology:

    http://www.bbc.co.uk/news/technology-19260550

    Posted by: Stephen Morley at August 15, 2012 9:13 AM


    One of the issues with the Green-Yellow-Red card set up is that is becomes a game to collect them all. While anti-political correctness is very much with in the DefCon milieu, certain line-cross behaviour is not. If you feel that your being treated inappropriately, say something, call people out on there shit. People will get the hint. Suffering in silence will not help.

    My thoughts are my own, not DefCons

    Posted by: Jesse Krembs at August 15, 2012 9:20 AM


    Who I really wish would grow up at DEFCON is the EFF. Once again they have a fund raiser in which one of the prizes is a picture with one of the strippers DEF CON hires every year.

    And I agree its not just DEFCON. Last years THOTCON in Chicago was horribly sexist and even though this years improved considerably - it was still staged in a venue which was all muscle cars.

    Posted by: yoshi at August 15, 2012 9:20 AM


    The skeptic community has been embroiled over the issue of harassment at skeptic conferences for most of the last year. The skeptic community is a male and often geek dominated one, would it be too big a generalization to say the security world is also? It is difficult for men to realize their privilege in these arenas and change their behavior accordingly. Too much denial has gone on, but it seems the ship is slowly turning.

    Posted by: LittleBoyBrew at August 15, 2012 9:25 AM


    This makes me sick.

    Women in technology need respect.

    Posted by: Scott at August 15, 2012 9:37 AM


    I was at Thotcon and I liked the cars, as a middle aged female geek I was not harassed, it seemed pretty typical to me, very few women, lots of beer, some interesting talks.

    When I was a young scientist I found that threatening to break a nose really caused harassment to stop. I recommend it. Make a scene, it does work.

    Posted by: Sue Young at August 15, 2012 9:38 AM


    I'm going to be honest. That does sound like drunken geeks with low EQ trying to flirt.

    Posted by: sconzey at August 15, 2012 9:52 AM


    This is all just weird. No matter the place and time, this is sick. Unthinkable in Russia.

    Posted by: Kirill.B at August 15, 2012 9:53 AM


    Like the man who drunkenly tried to lick my shoulder tattoo.

    --Even when I'm drunk drunk I don't try to lick shoulders and if a girl goes for that well you may want to see a doctor :/

    Ladies, ear-piercing screams combined with pepperspray should do the trick and as a last resort act like you're trying to kick a "field goal" inbetween the "goal posts" :)

    Posted by: Figureitout at August 15, 2012 9:57 AM


    Guy who's never been to DefCon.... less interested now after reading this.

    Posted by: Johnston at August 15, 2012 9:59 AM


    She gave you the complete set? What in the world were you doing to that poor woman?

    Posted by: Craig at August 15, 2012 10:12 AM


    I was recently at a training event for up and coming security pros. I was pleased to see that about 20% of those there were women but disappointed that the ratio was still so unbalanced. Where I work, there is one woman out of eight in security and the rest of IT has only a handful, most of them in either administrative or help desk roles. A recent Slashdot article basically asked how sexist behavior could be brought to a tolerable level when the team's first female would be joining. Most of the crowd basically told the submitter to grow up and learn to be professional.

    Security is a growing field, one of the few that will probably see significant growth in the next few years in terms of people needed. If we males can't learn to be men, we're alienating most of half of the population and making our jobs that much harder.

    Posted by: Jarrod at August 15, 2012 10:15 AM


    All that is necessary for evil to triumph is for good men to do nothing.

    --Edmund Burke

    I think the security community is overlooking the opportunity to treat this as a security problem (which it is) and solve it.

    Posted by: Andrew G at August 15, 2012 10:24 AM


    Geeks being slobs? Most geeks are afraid of women, and would not even try to flirt, or have I been away too long?

    I think it shows that there is an abundance of feds at these cons. The whole idea is dumb anyway: show your name and face at a hacker con. Good idea. There is a certain "get away with anything" attitude in law enforcement these days. I just don't imagine people who work in this field having this kind of mindset.
    They are either feds or posers.

    Posted by: Doktor Jeep at August 15, 2012 10:27 AM


    Sounds like a typical nightclub or student bar shenanigans. If you think this is bad look up what happens at cosplay cons, lulzcon or any other con with a large/ b/ presense

    Posted by: derpsauce at August 15, 2012 10:27 AM


    I'm glad LittleBoyBrew brought up the similarity between this story and the issue of conference sexism reported by Rebecca Watson that has been shaking up the skeptic community for the past year. If Watson's experience is repeated, Valerie Aurora is in for a backlash of sexist slurs and accusations that will make the behavior of conference attendees seem pleasant by comparison. I would be extremely pleased if the InfoSec community could instead respond professionally and respectfully.

    Posted by: Albatross at August 15, 2012 10:33 AM


    re: @yoshi

    Having never attended DefCon, I was less than thrilled to read your report of the EFF's behavior there. I'm a long time member of and contributor to EFF, and am greatly disappointed to hear of this.

    I just now composed this email to their general contact address, info@eff.org. I would urge other EFF members to likewise express their disapproval:

    Folks:

    I am a long time contributor to and member of EFF, and I greatly admire and support the work that you do and support the policies and education efforts made through this organization.

    However, I recently heard a report of some less than desirable behavior from the EFF, reported here: https://www.schneier.com/blog/archives/2012/08/sexual_harassme.html#c846060

    Specifically, it was reported that the EFF offered a prize at a DefCon fundraiser, a photograph with a stripper, that I consider to be both sexist and offensive.

    I feel this is an important issue: we cannot stand in support of greater privacy and individual rights online while taking actions that reduce rights and/or support offensive stands in other areas.

    If this report is accurate, then I am greatly disappointed that an organization I otherwise admire greatly would indulge in such actions. Please address this issue.

    Sincerely,
    -- Patrick Spinler

    Posted by: Pat at August 15, 2012 10:34 AM


    Why are you giving the red cards to the offender (as a possible collectable)? Just have the bystanders show it to him, like a referee in soccer would. It's important to humble the offender there and than.

    Also, I guess a slap in the face by the harassed might be superior to any card game: it does not trigger collection habits, it makes pretty sure, the right one is laughed at afterwards.

    Getting groped or interrogated about ones breasts justifies that kind of self-defence (IMHO).

    Posted by: vwm at August 15, 2012 10:35 AM


    I've attended defcon off and on since DefCon 6, and am friends with many women there. Most of them find the characterization of DefCon by Ms. Aurora to be belittling to them. They feel like reducing women to victim status diminishes their own accomplishments. This issue is not as black and white as Ms. Aurora makes it out to be.

    Posted by: Zach at August 15, 2012 10:35 AM


    DefCon has always been a frat party, and it's only gotten worse. I can only assume that those who are surprised have never been to one before.

    The idea of geeks as awkward zit-faced kids with pocket protectors was never true, and believing it only creates a cover for the brogrammers who have always been the real geeks (well, since the mid-80s, anyway).

    Want to fix DefCon? Don't have it in the strip club/hooker capital of the world.

    Posted by: michael at August 15, 2012 10:37 AM


    @Scott : Women deserves respect as do any human-being, not only in the technologic field.

    Posted by: Denis at August 15, 2012 10:41 AM


    The curious thing about those colour cards (and I've noted this before) is, by nature, any time you hand them to somebody else you're due at least a 'yellow' one yourself, since you're clearly breaking reasonable social boundaries. If you weren't, you wouldn't feel the need to take a contrived way to go about it, in the form of handing out cards.

    I like the concept, the idea that people should be speaking out if they feel offended - but the cards are just a cheesy proxy which actually make the situation worse. You're not just expressing you're offended, you're also implicitly insulting the person you're handing it to by saying "I can't actually speak to you as a fellow human being, so here's a passive-aggressive card so I don't have to socially interact with you". It's a poor substitute for simply speaking up, which has all the same benefits and doesn't share this problem.

    Perhaps the 'cutesy' factor will work in its favour as a way of invoking a crowd to act, at least until the novelty wears off.

    Posted by: Danny Moules at August 15, 2012 10:42 AM


    Were these examples during the conference sessions or the evening/late night social events? I'd expect boorish behavior in any alcohol fueled event with a big gender imbalance. These just happen to be defcon attendees, but doesn't this sort of stuff happen at any random bar anywhere? A drunk guy asks to see your boobs or asks to lick your tattoo. Geez call in the lawyers and scream harassment. Don't like it, walk away from the guy. It's a social event, people will say anything, but it's probably not a great idea to label it harassment and put it into the same category as more serious, real harassment.

    Posted by: nycman at August 15, 2012 10:47 AM


    Another alternative (or complement) to the red/yellow/green cards is the Backup Project, born out of similar issues at SF cons: http://backupproject.org/

    Posted by: Rowan at August 15, 2012 10:48 AM


    I understand the plight of the original author but I wonder if there is a disconnect between what DEFCON is (A giant party for a community) and what some people think it is (A professional conference).

    DEFCON is a social gathering/party for hackers (It just happens to have security talks) and because of that you going to have drinking, parties, etc. The chance to run into individuals who are unsavory characters is probably pretty high. It's not really a professional conference.

    BlackHat is the professional conference designed around networking, security talks, vendor demos etc.

    DEFCON is like going to a club/party but one designed for the hacker community. Expecting everyone to behave in a professional manner is probably expecting too much. Just like a club/party you gonna have some stupid drunk individuals.

    Posted by: sl@ck at August 15, 2012 10:51 AM


    how sad. :/ this behaviour is unacceptable, lets create a wallofshame for them, and make their photos public. >:T

    Posted by: XJ at August 15, 2012 10:52 AM


    "Also, I guess a slap in the face by the harassed might be superior to any card game: it does not trigger collection habits, it makes pretty sure, the right one is laughed at afterwards.

    Getting groped or interrogated about ones breasts justifies that kind of self-defence (IMHO). "

    Anybody touches me and I don't care what their gender and what they're reasons are - you've just escalated an awkward social situation into the potential of physical threat and completely changed the rules of engagement. I won't necessarily wait for a hand to strike me (and thereby be in a position to judge its intent) before reacting to it, unless I have some other means to determine I'm not in danger. Only an idiot would assume a person isn't a threat solely because of their gender.

    The idea that physical contact is acceptable when it's from an offended woman is a throwback to the days of 'gents and ladies'. It has no utility in an equal society - it's actually the people who support and practice gender equality who are going to react badly to it.

    Posted by: Danny Moules at August 15, 2012 10:52 AM


    Every lout (regardless of gender) should be asked the question:

    If you cannot respect others' rights, why should anyone respect yours?

    Posted by: Geoffrey Kidd at August 15, 2012 10:54 AM


    Geoffrey u got the point. agree

    Posted by: XJ at August 15, 2012 10:57 AM


    This isn't limited to the hacker community. Witness ReaderCon among many others.

    sl@ck seems to imply that since DEFCON is a big party, you should expect this behaviour. This kind of behaviour should be unacceptable everywhere and we men need to speak out about it, everywhere.

    Posted by: Steve Boyko at August 15, 2012 10:59 AM


    @XJ How do you ensure due process?

    Or do you just label anyone who is accused of a certain type of unacceptable social interaction and then arbitrarily subject them to another type of unacceptable social interaction as 'punishment'?

    If you do that, the community's self-protecting behaviour suddenly becomes at least as bad as, probably worse, anything its individual members are doing in this context. The cure becomes worse than the problem and the community hemorrhages members.

    Posted by: Danny Moules at August 15, 2012 10:59 AM


    "They are either feds or posers." - Doktor Jeep

    "no true scotsman". Being a legitimate, respected member of the hacker community does not magically prevent you from also being a sexist or from having exceptionally poor behavior around women.

    I'm not saying this has or hasn't happened at Defcon specifically, but it is a very common problem that the well-established members of a community who act inappropriately towards women are never strongly chastised for it by their employers/organization/convention they're speaking at/etc because they're too famous and the people who can do something about it don't want to alienate them. Their public reputation stays clean, or takes on a patina of "ladies' man", but the women around them warn each other to stay the hell away. Sad But True.

    Posted by: abadidea at August 15, 2012 11:02 AM


    @Danny how about security cameras? bait-girls? spot-the-harasser game? (lol?) i dunno, not my problem, but its not acceptable. be creative, find a solution. ^^

    Posted by: XJ at August 15, 2012 11:06 AM


    "I'm glad LittleBoyBrew brought up the similarity between this story and the issue of conference sexism reported by Rebecca Watson that has been shaking up the skeptic community for the past year."

    Feminists are hugely over-represented amongst skeptics. It makes it difficult to assumes other cons are necessarily going to behave in the same way. I feel, personally, the hacker community is probably handling this more cautiously/logically than the femi-skeptics did.

    "If Watson's experience is repeated, Valerie Aurora is in for a backlash of sexist slurs and accusations that will make the behavior of conference attendees seem pleasant by comparison. I would be extremely pleased if the InfoSec community could instead respond professionally and respectfully."

    You're conflating the skeptical/InfoSec communities and the wider internet community. You don't see anyone at QEDCon coming out with those kinds of slurs. As for accusations, I'd hate to see a skeptical society where all manner of accusations weren't welcome - because that's rather the point!

    Posted by: Danny Moules at August 15, 2012 11:12 AM


    @XJ Ah, the 'it's really quite difficult so I'll delegate it to some authority and hope for the best' approach. The attitude of budding serfs everywhere.

    Posted by: Danny Moules at August 15, 2012 11:16 AM


    At the comedy jam event they started off by making fun of harassment and saying that it shouldn't ever happen. They then went into a presentation where it included a hilarious picture of a woman in a torn shirt and skirt tied to a server rack and blindfolded. In the case of Defcon, at least this year, they were participants in the harassment, from the events/descriptions/pictures in the official pamphlet to the actual sanctioned events. Hacker jeopardy included a female participant who helped their stripped take off some clothing, and the host hilariously responded "now it's your turn."

    If they want to solve the problem, they need to start with themselves. Leave the conference goers alone and reform the presenters, the events, and themselves. After that we can talk about the attendees if there's still a problem.

    Posted by: jday at August 15, 2012 11:16 AM


    The red/yellow/green cards are a good idea. If Defcon really wants to clean up its image, I would suggest that next year the ability to give these "cards" be integrated as voting into the Defcon badges.

    It'd be slick to have a green/yellow/red light on the card to tally votes: Should encourage good behavior.

    Posted by: Coyne Tibbets at August 15, 2012 11:23 AM


    @Danny ahaha :D it seems ur a smart one. good. we need smart people to find the solution :)

    Posted by: XJ at August 15, 2012 11:23 AM


    BTW, if the security staff really did those "exposure" punch-cards then a ban against that security provider, or reprimand/termination of an appropriate supervisor, should be seriously considered.

    Even if the cards were intended as nothing more than a type of "scavenger hunt", having an entry of that type on the cards invites harassment and is therefore incitement to harassment.

    Posted by: Coyne Tibbets at August 15, 2012 11:35 AM


    @Danny, I have to admit that I have never been at DevCon or even Vegas, so maybe I get the whole situation wrong.

    I never said, "physical contact is acceptable when it's from an offended woman". I said it is acceptable, when it's form a person that is being groped (i.e. physically contacted or threated herself/himself) or seriously insulted. As long as the attack is ongoing, that's plain self defense.

    And you are not entitled to counter attack a stranger that pushed you away after you started licking her/his tattoo, are you?

    Posted by: vwm at August 15, 2012 11:38 AM


    @vwm 'Acceptable' or 'legitimate' has nothing to do with it. Escalation through the use of physical force is only a good idea if you think you can end the scenario optimally through an escalation of physical force. In these instances the answer is very likely to be 'no', for the reasons I stated.

    If you want a crowd to act then start shouting. Make a fuss. Don't perform an action that increases your physical danger and muddy the waters about just who is the bad guy. If you're lucky, you'll find a crowd are much less likely to assist you and may choose to actively assume you're as part of the problem. If you're unlucky, the person you just attacked will interpret it as assault and react accordingly. Either way, not an optimal move.

    It's worth noting regardless that whilst perhaps self-defense is defined differently in the US, I don't believe what you're describing is self-defense where I come from. If my assumptions are correct, you would end up with a charge of assault and/or battery.

    Posted by: Danny Moules at August 15, 2012 11:51 AM


    I should add assaulting someone is response to being "seriously insulted" is patently not "plain self-defense".

    Posted by: Danny Moules at August 15, 2012 11:52 AM


    That such behaviour occurs when geeks gather is unfortunately not surprising -- but that it is tolerated by event organizers is surprising, disapppointing, and completely uinacceptable. (And all those self-proclaimed geeks still wonder why they can't get a date or meet someone who wants to get into a relationship with them - DUH!!!)

    In most jurisdictions such behaviours are considered criminal offences, and the DEFCON organizers should step=up and be responsible about addressing this. In fact, there should be flyers handed out at registration, mentions in the start of opening sessions, posters at all venues, etc., that DEFCON is a harrassment-free zone and ANY such behaviour will not be tolerated and offenders WILL be reported to the police.

    Posted by: Northern Realist at August 15, 2012 11:54 AM


    You're not just expressing you're offended, you're also implicitly insulting the person you're handing it to by saying "I can't actually speak to you as a fellow human being, so here's a passive-aggressive card so I don't have to socially interact with you". - Danny Moules

    That's not a bug, that's a feature. Not having to socially interact with harassers to get them to stop -- how could it be anything but a feature, if it works? The message to harassers should be "you need to stop". Any way to effectively send that message is good.

    More social interaction with harassers is not what someone being harassed wants. Escalation of the situation (i.e. some of the more extreme reactions, especially physical reactions) is also not what someone being harassed wants, it's probably what they fear.

    The card idea is at least on the right track. Shut down the situation, if possible.

    Posted by: x at August 15, 2012 11:57 AM


    Pat - Not that I am in support of any form of harassment, but I'd like to know how you found the photograph, which you have never seen, as you did not go to defcon to see it, sexist and offensive.

    Posted by: anon at August 15, 2012 12:01 PM


    @x Which is fine if we assume the person in question is always clearly guilty - but that's not the case. We have intricate social behaviour for a reason.

    If I see my friend getting insulted in that way and he/she hasn't done anything to deserve it the person who is doing the harassing is actually the party handing out the cards and they're going to open a can of worms. If they didn't like _that_ social interaction how are they going to feel about my immediate response? Or my blog post? Or my discussions with their friends about their behaviour? Or, perhaps I'm violent and just don't accept that behaviour towards my friends, it's zero-sum.

    (This is hypothetical, BTW. For those who aren't aware, when I use 'my' in these posts I'm not actually that person.)

    Not insulting people is a standard for all bad social situations because it allows a situation to die down. If you insult someone and aren't entirely, 100%, legitimate in doing so, you've done the opposite of what you intended to accomplish. You've escalated the situation. If it's a feature, it's a detrimental 'feature'.

    The idea that passive aggression is inherently better than, say, shouting is erroneous because it's trivial to misconstrue.

    Posted by: Danny Moules at August 15, 2012 12:12 PM


    @Danny we are clearly not talking about the same setting. Seems like I have a more serious offense in mind, while you envision the proposed reaction more serious, than I do.

    Posted by: vwm at August 15, 2012 12:15 PM


    If the cards bore the same consequences as they do in football (soccer), then someone receiving a red card, or two yellow cards, would be kicked out of the conference for a day. This would make it harder to "collect them all".

    Posted by: Joe Buck at August 15, 2012 12:18 PM


    i love allies. really, as a woman who's spent her adult life in the tech industry, i get a warm glow every time i see guys calling out bad behavior. you guys have to keep doing that, because they actually listen to you. it makes lots of us love you.

    it's frustrating, though, when allies propose simple solutions to complex problems. if insisting they respect our acheivements worked, don't you think we'd've done it by now? this is not fun for us, and if there were a quick and easy way to make it stop we'd've been all over it years ago.

    the only way to make it stop is to make that kind of behavior unacceptable in the community, and since women are not being heard by the community a lot of the time, we need men to do a lot of the heavy lifting. men who are behaving badly need to have people whom they respect say to them, "you are being an asshole." if they respected women we wouldn't have this problem. men have to take a stand.

    also? kicking people in the balls, screaming, etc, might sound potentially useful, but 1. women should not have to go to those lengths to have their personal space respected, 2. screaming and kicking people are not professional behavior, and 3. do you have any idea at all how much time some women would have to spend doing this? i'd like to think men are capable of modifying their behavior without the threat of physical pain. then again, given how little the situation has changed over the years, maybe some aren't.

    Posted by: sine nomine at August 15, 2012 12:18 PM


    @Steve Boyko

    Yes this type of behavior shouldn't be condoned and we should speak out when we see others do it but expecting DEFCON to be a professional security conference is foolish.

    There are many different groups that attend DEFCON and not all of them play by the "rules" so to speak. Beyond asking the conference goers to behave which can be done and probably should there is little enforcement mechanism that would prevent it completely. Also knowing some of the goons if someone went to them (like the dude who liked her shoulder) and complained that person would have been in trouble.

    In a conference of 13,000 you can't expect a volunteer staff of maybe 50 to catch everything.

    Posted by: sl@ck at August 15, 2012 12:19 PM


    There are many different groups that attend DEFCON and not all of them play by the "rules" so to speak. Beyond asking the conference goers to behave which can be done and probably should there is little enforcement mechanism that would prevent it completely. Also knowing some of the goons if someone went to them (like the dude who liked her shoulder) and complained that person would have been in trouble.

    Err liked really means licked (oops on spelling) and person = dude who assaulted her.

    Posted by: sl@ck at August 15, 2012 12:23 PM


    Sexism is endemic in InfoSec. Go to any exhibition or con and there's booth babes by the handful. I recently rejected a vendor for a $six figure partly due to their choice of a burlesque after show evening.
    I guess the reason Hacker cons and particularly Defcon is that there is an abundance of alcohol compared to other events. It doesn't excuse that sort of behaviour but it might go some way to explain in.

    Posted by: Bhaggy at August 15, 2012 12:24 PM


    Re: Figureitout

    "Ladies, ear-piercing screams combined with pepperspray should do the trick and as a last resort act like you're trying to kick a "field goal" inbetween the "goal posts" :)"

    He beat me to it. :) Temporary solution that should help quite a bit. Practice some groin kicks and throat shots before the trip. Pepper spray might hurt nearby people. Stun gun is better idea, esp if groin kick precedes it.

    Posted by: Nick P at August 15, 2012 12:30 PM


    The real issue is what michael at 10:37am pointed out:

    "The idea of geeks as awkward zit-faced kids with pocket protectors was never true, and believing it only creates a cover for the brogrammers who have always been the real geeks (well, since the mid-80s, anyway).

    Want to fix DefCon? Don't have it in the strip club/hooker capital of the world."

    Nobody goes to a frat party or social hangouts near strip clubs expecting proper behavior. Even stranger to expect respectable behavior from a crowd known to be full of hostile individuals. Put the two together and throw in some extra craziness, then you have DEFCON. Then women go there & are shocked when they are mistreated? It's expected at such a place, like it's expected at the aforementioned places.

    So, if you want respect toward women, you have to change the venue and whole setup like michael suggests. The target atmosphere or image should be more like a hackerspace than a strip club. Get women geeks involved in setting it up so it can be tweaked to attact both genders equally well. I vote Valerie Aurora & Jeri Ellsworth. ;) Have strong policies that are enforced regarding sexual harassment. I'd also suggest a quota that goes for a good gender mix, with the final talley a compromise based on who actually wants to show up. eg might not be enough women applying.

    Any thoughts or suggestions? Ladies, first. ;)

    Posted by: Nick P at August 15, 2012 12:47 PM


    While there is a clear end of the spectrum that is never ok, how would one go about dealing with the gray areas? I know more than one woman who would consider any complementing of their outfit/body harassment, how do you draw the line between legitimate harassment and failed flirting? Especially when the situation changes the divider. Walking up to a woman and complementing her dress in a bar is more clearly OK than doing so in the Q/A part of a security presentation.

    Posted by: Name is Alias at August 15, 2012 12:48 PM


    There is an easy solution. Give free passes to a dozen or so of these sort of women and let's see how many punks feel lucky, and how many of them can stomach the stress :)

    Posted by: Wael at August 15, 2012 12:50 PM


    I've been to Defcon many times, both as attendee and speaker, and I never noticed the problem until I went with my fiancee. Her experiences were not unlike those mentioned in the article, and made for an all-around unpleasant experience. I've not been back since, and have no desire to again.

    What really disturbs me is how the staff is part of the problem, and airing issues with them redirects you to the staff, ie, the problem itself. Its shameful.

    I also don't understand the "well what do you expect" opinion based on reputation/location/etc. That's not really an acceptable mindset at any time, anywhere, when discriminatory or downright criminal practices are being exhibited. The hacker world shouldn't bring itself down to the level of Augusta National Country Club.

    Posted by: br0wnd at August 15, 2012 12:50 PM


    The first and last time I will ever attend one of these hacker con's.
    I broke a guys finger because he couldn't keep his hands to himself.
    If these conventions want to be taken seriously they will seriously deal with this issue. Until then this is nothing more than a bunch of boys behaving badly.

    Posted by: Lynn at August 15, 2012 12:50 PM


    Never, ever kick a guy in the balls. You wouldn't recommend raping a woman to put her in her place.

    Posted by: Sean Palmer at August 15, 2012 12:51 PM


    @ Nick P

    Lets have a trial run of DefCon in Saudi Arabia. Rape = death penalty there ;)
    And it's done with a sword in a public square. And people are forced to watch it.

    Posted by: Wael at August 15, 2012 12:57 PM


    @ Nick P

    Any thoughts or suggestions? Ladies, first. ;)

    Sorry I replied before any of the ladies. How rude of me!

    Posted by: Wael at August 15, 2012 1:02 PM


    @Danny, oh, and, in Germany, self-defense does actually include defending ones honour (§ 34 BGB). So while (not afterwards!) someone is insulting you, you might take reasonable action to stop him (or her). Naturally, judges are quite picky on "reasonable" and on whether the insulting was still ongoing.

    Posted by: vwm at August 15, 2012 1:07 PM


    @sine nomine:

    i love allies. really, as a woman who's spent her adult life in the tech industry, i get a warm glow every time i see guys calling out bad behavior. you guys have to keep doing that, because they actually listen to you. it makes lots of us love you.
    it's frustrating, though, when allies propose simple solutions to complex problems. if insisting they respect our acheivements worked, don't you think we'd've done it by now? this is not fun for us, and if there were a quick and easy way to make it stop we'd've been all over it years ago.

    This is a great point, and I'm quoting it to help make sure that people see it.

    Generally, before you make a comment to explain that All You Need To Do Is...., please take some time to ask yourself these two questions:

    1. Is this such an original idea that it's unlikely anyone has thought of it before?

    2. If the answer to (1) is "no," what reasons might there be that this has not already happened?

    Actually, that could apply to a lot of threads, not just this one.

    Posted by: Moderator at August 15, 2012 1:08 PM


    I suppose I shouldn't be shocked that geeks can have the same problems as naval pilots, but it was a surprise. After the Tailhook scandal, the Navy tried a similar approach to the red cards with a traffic signal approach.

    http://www.nytimes.com/1993/06/19/us/.

    Posted by: John Hritz at August 15, 2012 1:14 PM


    Seeing as we're honoring the ladies of IT, I figure it would be a nice place to post this so readers can learn about a few of them.

    http://www.fastcompany.com/women-in-tech/2011/.

    Posted by: Nick P at August 15, 2012 1:15 PM


    Also, please make sure you actually are focusing on real-world problems and solutions rather than indulging revenge fantasies.

    Posted by: Moderator at August 15, 2012 1:17 PM


    What I find interesting are the number of suggestions for things *women* can do. When it is the *men* whose behavior needs to stop.

    Posted by: BEG65 at August 15, 2012 1:17 PM


    Kudos to Bruce for calling a spade a spade. First time Defcon attendee this year. The problem starts at the top. I was appalled at the sexist and homophobic language and gestures that permeated a number of the Defcon 101 presentations on day 1. And this came from some of the leaders of the event. It comes as no surprise to me to now read about occurrences of physical harassment. I cannot encourage young female students to attend this event until the culture changes. The culture change is needed at the top, and shame on the silent majority for tolerating this for so long.

    Posted by: ken at August 15, 2012 1:17 PM


    @ Wael

    "Lets have a trial run of DefCon in Saudi Arabia. Rape = death penalty there ;)
    And it's done with a sword in a public square. And people are forced to watch it."

    Haha. Nice idea. However, I only want the creeps to be paranoid: Saudia Arabia might make quite a bit of the crowd uncomfortable, esp. those working on privacy technologies. ;)

    "Sorry I replied before any of the ladies. How rude of me!"

    Well, none complained. So... (to the bouncers) "No, that won't be necessary guys"

    Posted by: Nick P at August 15, 2012 1:18 PM


    the man who tried to get me to show him my tits so he could punch a hole in a card that, when filled, would net him a favor from one of the official security staff

    Just... wow... That's a very serious problem. It is very sparse on details tho; was it sanctioned by the organization, or was it just someone on the staff doing it on his own accord? If its the former, then there needs to be backlash from the community against the organization. If its the later, then the organization needs to take steps, such as a reprimand or otherwise. I don't think we have all of the details on this.

    Also, don't do what the Skeptic community did... Positive messages, and none of this "everyone is sexist" bull. I would be willing to put money on the notion that 95%+ are perfectly well behaved and find this type of behaviour to be unacceptable. Messages of "guys, stop this" = bad. Messages of "guys, if you see this, stop them" = good. It's not accusatory, and is, instead, productive. But, I will be watching this intently to see how it plays out.

    you've just escalated an awkward social situation into the potential of physical threat and completely changed the rules of engagement.

    Some real TSA level commitment there... Violence is always the answer... *rollseyes*

    I also want to point out that you say its an issue in the community, but I don't think its a special case. It is an issue everywhere, but we are security professionals, we can do better. I fully expect the security community to come up with some good ideas and find a solution that works for everyone (who isn't just a groppy douche).

    Posted by: Brian M at August 15, 2012 1:21 PM


    This is a made-up controversy, brought by social activists who want to feminize the tech industry. No thanks.

    Posted by: Mark at August 15, 2012 1:23 PM


    @ Moderator

    real-world problems and solutions

    ???

    It starts by educating children and instilling in them morals and values. It has to do with changing TV shows and movies not to glorify this type of behavior. Sounds like a long term solution to me. Good luck!

    This reply is also a direct response to @ BEG65's

    What I find interesting are the number of suggestions for things *women* can do. When it is the *men* whose behavior needs to stop.

    Posted by: Wael at August 15, 2012 1:25 PM


    I'd like to hear Ping's thoughts on this. Ping... are you reading?

    Posted by: Ms. Somebody at August 15, 2012 1:32 PM


    My entire tech career has been to put up with inappropriate behavior. From teachers using near porn as part of the educational curriculum to the idea that I'm there for anything other than my career (addressed to the idea of failed flirtation).

    Several conferences I'd love to attend haven't been when I could go, and now seeing how wretched I'd be treated... seems unlikely I'd attempt it. Creepy, and kinda sad.

    @mark: Feminize the tech industry? You mean other humans who don't look just like you get a job? I find the fems who feel they are on a violent personal mission and in your face about sexism kind of ugly too, they are the yin to this bad behaviors yang. BOTH behaviors are disrespectful and gross to be any where near. The problem is ANYTHING but made up. It is VERY real.

    Posted by: Angelina at August 15, 2012 1:41 PM


    I was hit on by some blazingly drunk Defcon guys every night, but that's no different than any other time in Vegas, regardless of conference or if there for a leisure trip. I am not forgiving this behavior by any means, but it's not a professional atmosphere.

    Some encounters I had:

    The first night with coworkers I attracted a hacker from Spain to my table which turned into a huge argument about capitalism at 2:30am. I actually enjoyed that, but there was a lot of yelling and finger pointing. We had attracted the attention of four whole Pai Gow tables due to all the yelling, and somehow no security.

    The second night I attracted a guy from San Diego who was about 8 drinks overserved and couldn't walk. He looked like a zombie. Again, Vegas. He swore wouldn't tell us what he did. We got his business card. The third night I attracted an enlisted army guy who was coming on very, very strong.

    Nothing too bad for me personally and I never felt uncomfortable more than just average paranoia of not using my phone, laptop, or using a credit card. I'm sad to hear about the behavior but also want to say some of us didn't have any problems there as women. I saw plenty of women this year too, which was awesome!

    Bruce - saw your Q&A and it was great!

    Posted by: Rebecca at August 15, 2012 1:41 PM


    Wael, real solutions are indeed difficult, which is why I'm asking people to to focus on them seriously rather than posting unrealistic scenarios of punishment and revenge. Also, your comedy routine with Nick P. is not improving the thread either. I'd appreciate it greatly if you both would step away from the thread now and let other people talk.

    Posted by: Moderator at August 15, 2012 1:43 PM


    My last comment about DefCon:

    I never attended it, and never will after reading these comments. I was not impressed with their "achievements" anyways. Nothing there for me to learn. Overhyped event...

    Posted by: Wael at August 15, 2012 1:43 PM


    @ Moderator

    I'd appreciate it greatly if you both would step away from the thread

    Done!

    Posted by: Wael at August 15, 2012 1:44 PM


    @ Moderator

    "I'd appreciate it greatly if you both would step away from the thread now and let other people talk."

    Certainly. :)

    Posted by: Nick P at August 15, 2012 1:47 PM


    @ Scott

    Women in technology need respect.

    To be all it can be - and nothing it shouldn't - technology needs women.

    Posted by: mcb at August 15, 2012 1:47 PM


    Makes me wish some technological equivalent of the red-card system were feasible. Defcon attendees exhibiting inappropriate behavior would be given anti-achievements (denouncements) and once their CreeperScore passed a threshold they would face sanctions...

    Posted by: sprawl at August 15, 2012 1:50 PM


    This is endemic to the tech industry, *and* to the security industry - after nearly 20 years I've seen plenty of it across the board. Unfortunately, violence doesn't work. Slapping, kicking, throat-punching someone who gropes you is very likely to get you badly hurt. The most effective response I know is (in a loud, disgusted tone) "Get away from me, you PERVERT." That makes the offender into a laughingstock.

    The straw man argument of comparing assault and harassment to an overreaction to a compliment is easy to discredit. Guys, would you say to a colleague, "Hey, those jeans make your ass look great." "That t-shirt really brings out your eyes." "Beautiful tie, man." If not, then you simply should not use those remarks to a woman, either. Her dress, her hair, her eyes have *nothing* to do with her reason for being there. And are, quite frankly, none of your business. If you must compliment her, compliment her skills, her tech talk, her presentation style.

    Posted by: Irene at August 15, 2012 1:52 PM


    Nobody goes to a frat party or social hangouts near strip clubs expecting proper behavior.

    Re: Nick P

    He's right, that's like the cardinal rule of self-defense. Be aware of surroundings and situations you put yourself in. Last I checked, Las Vegas is known for its depravity; and it sounds like DEFCON attracts this behavior.

    Just because we're talking about geeky guys creeping out girls and licking shoulders (WTF?!) doesn't mean it doesn't go the other way. Anyone ever had a girl stalk you or "mistakenly" try to "touch" you? How about not even mistakenly and grabbing very blatantly for it? And if I say something, what would people say-"Oh, right. That's what every guy wants."--No, it's not; I want dignity and respect.

    Stay classy people, wait until you catch her (or his) eye. It makes for much more satisfaction.

    Posted by: Figureitout at August 15, 2012 1:54 PM


    Quick note on the Kickstarter incentives from the EFF Summit that @yoshi mentioned.

    First off, the pictures were not of "hired strippe