Tuesday, February 26, 2013

Speech codes are evil

As a child, I learned to read adult level books much to early, books like Fahrenheit 451. This has warped me. I don't see "book burning" with the nuanced perspective of an adult, but with the fiery passion and black-and-white certainty of an 8 year old child. Book burning is intrinsically evil, and all right minded people should oppose it. All that distopic science fiction from Ray Bradburry to George Orwell has made me unreasonable on such "free speech" issues.

Consider back in 2010 when Islamists threatened to kill Trey Parker and Matt Stone (the creators of South Park) over their cartoon depictions of Mohammad. They were singled out for a threat because they stand alone, as everyone else keeps quite fear of offending violent extremists. Being the unreasonable free speech advocate that I am, this left me with no choice: I had to draw my own picture of Mohamed so they so that those like Parker/Stone don't stand alone. You can see my cartoon and a more complete reasoning here.

The hacking/cybersecurity community is full of speech codes where people try to control speech. You don't see it that way, because you didn't read distopic scifi as an 8 year old.

Take the word "hacker" itself. If you use the word as most people do, you'll get constant hate from those seeking to control your speech and how you "should" use this word. They are wrong, you "should" use the word "hacker" any way you damn please. It's one thing to correct somebody and point out that members of a Linux conference are probably going to misunderstand your use of the word. It's quite another to attempt to control speech by being offended by it. I occasionally blog about the "any way you damn please" use of "hacker", such as in these posts here and here.

Another speech code goes by the name "responsible disclosure". The concept is that however you (the discoverer) want to disclose a vuln is wrong, you should instead be told by others how to do it. I speak out against this speech code occasionally, stressing that the only "responsible" disclosure is "any way you damn please" here, here, here, and here.

Not only do we "self-censor" disclosure, outsiders try to censor us as well. Canceled talks from speakers caving under pressure is a common occurrence at big conferences. I've personally been threatened by the FBI. My response was, of course, to start yelling at the FBI agents. I gave the talk anyway. I didn't mention the FBI's threats at the time because my talk partner felt the technical content should stand on its own, not get overshadowed by drama, but I've mentioned it many times since.

The best known "certification" in our industry is the CISSP. To become certified you need to agree to a bunch of speech codes, like "take care not to injure the reputation of other professionals". You can read their extensive speech codes here, and I've blogged out why they suck here.

The latest speech code is "sexism". This is a great way to control speech because it's something everyone is against. At least, I've never met a pro-sexism person in the community. All you have to do is call somebody "sexist", and it either shuts them down, or derails them into justifying why they aren't sexist.

Take for example the debate over Cryptocat. It had a flaw so serious that even its creator agreed and fixed it, and then became a leading critic of other software that has that same flaw. Yet the person who did most to highlight problem was called sexist for pointing it out.

The bigger problem is that conferences are adopting speech codes that bully people into self-censorship. The premise of these speech codes is that most people are motivated by evil, and therefore need to be threatened by strict rules in order to behave properly. As far as I can tell, people are good, and the sexism problem is due to stupidity, and what people really need is education rather than threats.

Most of you would ignore this, but of course, I'm unreasonable about speech. I had purchased to a ticket to fly to Belgium to attend the "Brucon" conference in 2012, but when they published fascist speech codes from the Ada Initiative, I promptly canceled my  flight. I seriously got the question "why don't you like the speech codes? do you want to harass women?". [Update: for 2013, Brucon changed their policy].

All this text is to explain yesterday's drama. The BSidesSF conference censored a talk by Violet Blue at the behest of the Ada Initiative (follow those thinks to the three accounts of the incident). I immediately tweeted that I was boycotting the BSides conferences (quickly amended to just BSidesSF [San Francisco event] as I realized this was a purely local decision). I wasn't the only one, but I contributed heavily to the classic cybersec-Twitter-drama.

The reason I'm writing this blog post is to point out that my intent isn't to cause drama over this one particular event, but that I'm always attacking speech codes. This isn't new for me. I'm going to boycott all conferences with fascistic speech codes. That's two down (BSidesSF and Brucon [Update: they changed their policy]), but I suspect eventually it's going to be all of them..

I started this post with a discussion of Fahrenheit 451. In his 50th anniversary edition he added an addendum where he says "There are many ways of burning a page", such as ripping out one page at at time when they are found to offend someone. What the Ada Initiative and BSidesSF did yesterday was book burning. I know you don't see it that way, because you are a reasonable adult, but I can't see it any other way.


Anonymous said...


Anonymous said...


Mark Roxberry said...

And that's why freedom of speech is the first enumerated, unalienable right in the U.S. Bill of Rights. I find it intolerable that anyone who is an American, or who believes in freedom of speech, would think to impose hate speech codes, a.k.a. political correctness. Say what you want, I will defend you to my death for that right.

Dave Aitel said...

INFILTRATE doesn't have a speech code, although speeches DO have to be in English. In conclusion, you should go to INFILTRATE this year in April. Also there will be BJJ to watch/participate in. And hackers.

Andrew Kalat said...

100% agree with you. I guess I'm not a reasonable adult either. I'm okay with that.

Penn Jillette had a great tweet rant about civility recently: "Fuck Civility. Hyperbole, passion, and metaphor are beautiful parts of rhetoric. Marketplace of ideas can not be toned down for the insane"

Michael Schearer said...

Actually, to be technically correct, the first enumerated right is the free exercise of religion. :-)

Anonymous said...

Brucon just changed their anti-harassment policy away from the Ada Initiative's. The new one makes a point of protection for speakers too. Will you reconsider?

Robert Graham said...

Yea, I updated the post to reflect that Brucon is off my boycott list.

Philip Loenneker said...

I read an article I really liked in a local newsletter a few years back that talked about taking offence. A lot of people don't notice the key word "taking" and concentrate on "offence". You can't make someone take offence at anything, it is a decision they make. If I am offended by something you write, then I am choosing to take offence. You can try to offend me, you can make comments about my mother or the like, but I can just as easily choose to not be offended. The fact is that everyone is unique (just like everybody else), and being tolerant of others peoples opinions, actions etc is the most sensible choice. There are things I don't like, ideas that I don't want people to try to impose on me, but if I tell them that they can't think or act like that, that they have to change their thinking to my point of view, I am just as bad or worse than them.

Good work standing up for your beliefs. I really enjoy reading your blog and your honesty in what you write.

bob said...

politically correct ??
what a strange statement, basically says it doesn't need to be the truth. not truth but whats politically allowed to be true.

Reminds me of 1984's "thoughtcrime"