NSA whistleblower Thomas Drake and academic Dr Suelette Dreyfus removed from schedule

The cancellation of two prominent speakers has overshadowed Australia's premier cybersecurity conference

The cancellation of two prominent speakers has overshadowed Australia’s premier cybersecurity conference in Melbourne.

National Security Agency (NSA) whistleblower Thomas Drake and academic Dr Suelette Dreyfus were reportedly told a week before the event that their talks were “incongruent” with the conference program.

The Australian Cyber Conference is a government supported event led by the non-profit Australian Information Security Association (AISA).

Sponsors include the Australian Cyber Security Centre (ACSC) and the Australian Signals Directorate, one of the country’s intelligence agencies.

The initial choice to have Drake speak at such an event is somewhat surprising.

Drake is a former NSA senior employee who spoke out against the agency’s costly Trailblazer surveillance project.

He was indicted under the US Espionage Act in 2010, as a result of his actions – charges that were later dropped.

“Silencing voices in cybersecurity undercuts democracy,” Drake wrote on Twitter.

Shutting down the conversation

In a separate talk at this week’s CyberCon, Dreyfus was due to focus on secure and anonymous digital drop boxes, in line with an EU-funded project that will soon mandate safe channels for public interest reporting within organizations across member states.

“Most of the content would have been about the growth in these digital drop boxes and different settings and models of use,” Dreyfus told The Daily Swig.

“Obviously it’s related to protected disclosures as it is a tool than can be used to secure those disclosures.

“But this is hardly shocking,” she added. “Government agencies, anti-corruption agencies, anti-corruption NGOs based in Europe use these drop boxes.”

Australia-based cryptography researcher Vanessa Teague decided not to attend this year’s Australian Cyber Conference after learning of the removal of Drake and Dreyfus.

“Australia is a well-functioned democracy,” Teague told The Daily Swig.

“It’s not normal for a government authority to get rid of speakers, particularly since she [Dreyfus] wasn’t going to discuss government law breaking.”

Teague said that the move will only shut down conversation between government and security researchers.

“I’m a cryptography researcher and there has always been a strong belief within this area that openness is good for security,” she said.

“What we see in Australian government policy is exactly the opposite of that, the belief that if we have secrecy, then that’s how we create safety.”

Assistance and Access

The removal of the speakers from the security event has appeared to send shockwaves through certain academic and information security circles, at a time when the country is already a source of controversy due to the passing of a so-called anti-encryption law.

In December of last year, Australia passed its Assistance and Access Act – legislation that would require tech companies to provide law enforcement with access to encrypted data.

The majority of the tech industry – at home and abroad – has hit out against the bill, saying that it looks to undermine the security of their products and indeed trust held by consumers.

Both the Australian Government’s 2020 Cyber Security Strategy and the Assistance and Access Act were discussed in presentations at this year’s conference.

Alex Woerndle, deputy chair of AISA, told The Daily Swig that the last-minute speaker cancellation would be explored in more detail following the event, which concluded yesterday (October 9).

“AISA supports and encourages diversity of views however it’s important to note we work with a number of partners, including Government, and as such need to manage a variety of views to deliver an event catered for all our stakeholders,” Woerndle said.

Now in its second year, the Australian Cyber Security Conference attracted approximately 3,500 delegates from both business and cybersecurity industries.

The three-day event included presentations predominately focused on cybersecurity defenses in protecting against threats to the digital ecosystem – from DNS attacks and IoT security, to ‘shift left’ software testing and organization hiring practices.

The planned talks from Drake and Dreyfus are available online.

YOU MIGHT ALSO LIKE Australian cybersecurity industry reels over anti-encryption law