I'm inclined to agree with the author about the legitimizing effect that sponsorship can have. In the case of Palantir it looks like a clear conflict of interest. I appreciate the deconstruction of the 'multi-stakeholder conference' into the realization that the stakes are indeed not equal – and in fact so unequal that the very existence of the conference hinges on the cooperation of the bigger stakes.
I'm a bit put off by the multiple references to Caspar (Bowden) supposedly "turning in his grave"; the author doesn't explain how he is so sure (that Bowden would disapprove). Especially since the CPDP event of 2015 was also sponsored by Palantir, and Bowden was on the organizing committee, a moderator and on a panel of that conference.
Agreed about Caspar Bowden. He worked at Microsoft for a while. And both before and after that, he was very active with the Computers, Freedom, and Privacy conference in the US (he once described CPDP to me as "a European attempt to replicate CFP"), whose sponsors include Microsoft, Google, and other companies that have similar conflicts of interest.
To me it seems that there's something to be said for both approaches. Conferences with corporate sponsorship aren't going to be revolutionary; balanced against that, they do provide places to engage and ways of getting different perspectives out more broadly. [The same's true for government speakers.] Purer conferences like Aral's talking about can have a different focus and I can certainly see why some people prefer them.
So, kudos to Aral for sticking to his principles and declining the invitation. I'm still looking forward to the panel, and don't think that Marc Rotenberg or Brigitta Johansen will limit what they have to say based on the sponsorship.
One thing I love about the Choas Communications Congress in Germany at the end of the year is how uncorporate it is. It's a massive, multiday, 10,000 attendee conference that has been going for decades and they manage it without corporate logos splashed all over the place.
The only reason why any conference needs sponsors is to help bring ticket prices down, besides that there's no real reason for sponsorship. Well, except maybe increasing profits for organizers (there are several strings of conferences organized by companies that do it for profit. Can't blame them either, the only costs involved in a lot of dev conferences are the venue, food and drink, and travel/lodging expenses for the speakers - usually the speakers do it for free or for marketing reasons (recognisable by the "evangelist" job title)
You have never organized a moderate or large conference. Your list doesn't even cover all major areas. No logistics? No electricity, network and video recording? None of the legally-required (depending on venue + number of attendees) professional personnel (event technicians, medical, fire, maybe an electrician. optionally security, cleaners). Not even insurance? Not even gaffer tape (not kidding, it's expensive)! (And I'm assuming your volunteers have enough time for all the time-intensive tasks.)
Attracting visitors is hard. Getting good speakers is harder. You can't just let the "evangelists" speak, or your talks will be advertisements. Worse than sponsors!
Low-cost, single-track, single-evening events for fifty people or so (= small event) are possible. They'll just not have any significant impact. (They'll definitely not have an impact without lecture recordings.)
I can say from experience that low-cost, non-profit, moderate (500+ people) events are possible even without listed sponsors or paid talks but have to be grown over many years and require goodwill from everyone (venue + various organizations and student groups) around.
And Congress is special, you can't duplicate it easily. It's grown over decades, it's the largest European hacker conference now (and btw: so that niche is filled now). They know in advance that they'll sell all tickets. It's prestigious. It attracts top-notch speakers. That would have attended anyway, of course. _Everyone_ _wants_ to help (time, money, equipment, and favors you can't just buy with money). It's not for profit. Dozens of volunteers begin working on it days to months before the Congress, a select few full time. Some are experts; you couldn't afford to pay them. Multiple hundreds of visitors volunteer on-site, working for the fun of it, free water and a special t-shirt. And it still costs 90€/ticket.
Thanks. I was about to chime in with how ridiculous events of all kinds are... They're just so hard and nothing ever goes according to plan.
One of my favorite phrases is "You can't spell 'party' without 'disaster'" which is something people only understand if they've thrown a big thing before.
> largest European hacker conference now (and btw: so that niche is filled now)
There are quite a few European hacker conferences and CCC's ties to hackers (in the computer security sense) are getting weaker as it gets more political and less technical.
Please name at least one conference which has a similar number of participants, ah forget that even 10% would surprise me. The CCC was political since its beginning.
Obviously nothing of the same scale, and yes it was always political, but the balance is shifting away from security to all of their other tracks, I counted up the talks from last year and only 25% were in the Security track vs 45% from 23c3.
There were 67 hacking talks at 23c3, and 29 Security tracks at 32c3, it's very clearly on the downhill as there are less talks, and people become less interested in submitting and attending.
The second largest European IT-related conference is FOSDEM (5000 participants); of course it has a different focus. But it's more productivity, less party.
Then there are conferences like HITB Sec Conf that are much smaller, but focus exclusively on security - many (probably most) Congress attendees don't really have a security/hacking background, so I'm not sure the total number of attendees is a good metric for "is it a good security conference?".
Though Congress does get all the high-profile talks. And there is no European hacker conference with nearly as much visibility as C3.
you speak of "the only costs" as if that's negligible. The eurucamp - a small to moderately sized nonprofit conference - had an operating budget of close to 90.000 euros in 2015. If you're interested in a breakdown of costs, they did a blog post about it http://blog.eurucamp.org/2015/05/24/eurucamp-finances/
The CCC tickets are about €90. Which is considerably cheaper than many other conferences, incl the CPDP conference. So why are sponsored-conferences so expensive?
CCC is so cheap because a ton of people put a ton of their time in without receiving compensation (or on a sponsoring companies time) and on top of that, other things are donated by companies (what do you think where the bandwith for the network comes from). Asking your question is akin to "The linux kernel is available for free, why does photoshop cost 1000 USD?" The congress is an outlier, so far out that it's off the chart.
Maybe I'm just out of the loop, but the author doesn't make it clear what exactly is objectionable about Palantir with respect to privacy issues. That's not to say that there isn't anything, but just that it would be helpful to have a synopsis of what exactly they're doing wrong.
I understand that they do work with governments, but that's as much as I've seen in the press. There has been far wider discussion of the privacy challenges facing Facebook and Google.
Among other things, Palantir enjoys exorbitant privilege due to its ties with the US government and its "intelligence" tentacles. It is stands to reason that there is little or no firewall between the taxpayer funded technology/data assets that Palantir has amassed and what they are marketing to private industry. As a state sponsored entity, the burden should be placed on them to ensure transparency, and they should not be given the benefit of the doubt if they fail to assuage such implications.
Additionally, it might be good to understand the mentality of an activist or even just a person that is passionate about something. For instance, if you are anti-war, there is no such thing as an ethical defense contractor. If you are an anarchist, there is no such thing as a just government. If you are an activist against "surveillance capitalism" it stands to reason that there is no "good" enterprise that comes out of In-Q-Tel.
They collect health and financial data on people to help health insurance companies deny claim to people who want their medical expense reimbursed. And they are suspected to be in the chain of data (probably phone data collection and mining) to drone people in Yemen and Afghanistan.
In this case, it's appropriate. Palantir doesn't "collect health and financial data on people", and I've never seen anything in the press that suggests they do.
Well, how do you do health care insurance fraud detection without data when your expertise is big data? they might technically just create and manage collection and storage tools for others, but the end goal is that grandpa can't get his cancer treatment reimbursed thanks to data that has been collected on him with the help of Palantir.
Sure. Palantir, like other successful enterprise software companies, has a variety of large, enterprisey customers. But saying that Palantir collects health and financial data on people sounds super scary, when in fact Palantir isn't in the data collection business in the first place.
It's not really though. The "citation please" is usually the first punch in a one-two of cite/attack-source. Palantir analyzes, yes, not collect. But what is done with that data is not exactly innocent either.
"Citation please" is a gentle reminder - that pops up whenever someone spouts some unfounded or unverifiable opinion - for people doing so in future to please save us all time and give a source upfront. And from what I've seen, it is usually only applied to comments that can't be backed up.
Maybe that was a kneejerk on my part. There are times its useful, and in the cold decontextualized space of "online" it can be hard to read. I just want to note it's also used as a kind of attack, often on things that, as the poster I was attempting to support noted, could be discovered with literally the time it takes to open another browser tab.
you know that precise documentation of the exact role of Palantir in the drone attacks could lead you to jail? Palantir works in Yemen, works with all the agencies involved in drone attacks, has the perfect tools to find a phone to lock a hellfire on according to the quite lax US definition of "terrorist", and is always bragging about its role in the US wars abroad. So yes, every time I hear about Palantir, I suppose they were involved in the bombing of a wedding or of an EMT crew in a far away country, if they did not want to be associated with that, they can cut all their ties with the US wars on brown people, or publicly declare that they are just managing the meals and cleaning supplies.
You're getting downvoted but this is a critique thats getting more and more valid, especially around topics that are more likely to provoke emotional responses, like politics, surveillance, etc.
Palantir started as a data intelligence firm focusing on predictive analysis, shopping its wares to the government. They have gotten really, really, really amazing at predictive data and are now moving into the private sector, selling predictive analysis tools to healthcare, insurance, security, etc for all kinds of applications.
Palantir has technologies that see everything, scrape everything, and store everything. They are not public with all of their products or capabilities, and their choice of bedfellows doesn't inspire confidence that they are altruistic with regards to who they do business with. From what I've heard by way of one-off comments and drunken bragging from people who work/have worked their, their capabilities are far beyond even the remotest of media speculation.
Palantir lives the realities of its customers: the NSA, the FBI and the CIA–an early investor through its In-Q-Tel venture fund–along with an alphabet soup of other U.S. counterterrorism and military agencies. In the last five years, Palantir has become the go-to company for mining massive data sets for intelligence and law enforcement applications, with a slick software interface and coders who parachute into clients’ headquarters to customize its programs. Palantir turns messy swamps of information into intuitively visualized maps, histograms and link charts. Give its so-called “forward-deployed engineers” a few days to crawl, tag and integrate every scrap of a customer’s data, and Palantir can elucidate problems as disparate as terrorism, disaster response and human trafficking.
Palantir’s advisors include Condoleezza Rice and former CIA director George Tenet, who says in an interview that “I wish we had a tool of its power” before 9/11. General David Petraeus, the most recent former CIA chief, describes Palantir to FORBES as “a better mousetrap when a better mousetrap was needed” and calls Karp “sheer brilliant.”
Among those using Palantir to connect the dots are the Marines, who have deployed its tools in Afghanistan for forensic analysis of roadside bombs and predicting insurgent attacks. The software helped locate Mexican drug cartel members who murdered an American customs agent and tracked down hackers who installed spyware on the computer of the Dalai Lama. In the book The Finish, detailing the killing of Osama bin Laden, author Mark Bowden writes that Palantir’s software “actually deserves the popular designation Killer App.” [1]
___________________________
Clients include the Los Angeles Police Department which used Palantir to parse and connect 160 data sets: Everyone from detectives to transit cops to homeland security officials uses Palantir at the LAPD. According to the document, Palantir provides a timeline of events and has helped the massive police department sort its records.
As of 2013, Palantir was used by at least 12 groups within the US Government including the CIA, DHS, NSA, FBI, the CDC, the Marine Corps, the Air Force, Special Operations Command, West Point, the Joint IED-defeat organization and Allies, the Recovery Accountability and Transparency Board and the National Center for Missing and Exploited Children. The Centers for Medicaid and Medicare Services were planning on pilot testing the use of Palantir in 2013 to investigate tips received through a hotline. A second test was run by the same organization to identify potentially fraudulent medical providers in the Southern region of the US.
The U.S. spy agencies also employed Palantir to connect databases across departments. Before this, most of the databases used by the CIA and FBI were siloed, forcing users to search each database individually. Now everything is linked together using Palantir. In fact, cyber analysts working for the now-defunct Information Warfare Monitor used the system to mine data on the China-based cyber groups GhostNet and The Shadow Network.[2]
From my vantage point, Palantir appears to be an amusing house of cards.
The gossip on this coast, where most of their government and corporate overlords live, is much less rosy.
Basically, any civilian agency that gets told it needs a "data science" or "predictive analytics" capability from the executive Cyber initiatives just buys what the law enforcement and intelligence guys bought. Silicon Valley is also widely believed to be superior to the local scene.
These factors drive a cycle of government purchase leading to sweetheart maintenance deals leading to product validation leading to more government purchases.
Their "forward deployed engineers" are what the rest of us call "software development consultants." Their tool stack is a series of pretty visualizations over a typical data lake setup.
It is designed to be accessed by techs (analysts) and not devs. The essential algos were forked from Paypal's fraud detection code. Their products (Gotham, Metropolis, etc.) are all derivatives of that initial decade-old effort.
Palantir is still just a $250 mil revenue, zero profit startup. It runs on private investment cash that it will never be able to afford to repay, absent continued infusions of revenue from a confused government patron.
Their CEO announced in 2013 they won't IPO because disclosure rules for public company reporting requirements would make "running a company like [Palantir] very difficult".
My sense is that they'll never IPO because it would collapse the company.
If they truly have insider government backing, they may never collapse for the same reason as GM, Lockheed Martin, Raytheon, etc. If your backer is a state with access to a printing press, failure is synonymous with either failure of said state or loss of political favor. Such entities are de-facto government agencies and are not subject to the normal rules of economics.
From the government's POV the advantage of creating and sustaining these kinds of private sector de-facto government agencies is that by being nominally private they escape reams of government red tape as well as FOIA and congressional oversight requirements. You get all the (ironically) privacy benefits of being private but are still more or less a government agency. It's basically a cut-out. The CIA is fairly well known to do this a lot since it also lets them conduct domestic operations that are technically forbidden to them. It's also done for a lot of black project government R&D to exempt said projects from disclosure requirements that would bust their secrecy.
As with all government activities, whether this practice is "evil" or not depends quite a bit on the details of what is being done and why. Federal red tape is so onerous that to some extent you have to escape it to get certain kinds of work done at all.
I don't know just how in bed Palantir is, but they certainly seem to be such an entity from an outsider's perspective.
If your backer is a state with access to a printing press, failure is synonymous with either failure of said state or loss of political favor. Such entities are de-facto government agencies and are not subject to the normal rules of economics.
Very true. It makes me sad when people continue to refer to the USA as a capitalist country, especially in the context of a criticism of capitalism.
I applaud everyone who sticks up for their principles. However like with most matters of principle it's really hard to draw the line (as the author outlines when it comes to corporations).
I'd add these questions...since state governments are major eavesdroppers and ignore privacy rather often, should I stay away from almost all scientific conference that are usually organized by state funded universities? Should I refuse to work as a scientist if it means working at a state sponsored university? Should I refuse to take state-funding?
I think participation under protest and a FU-Palatir etc. panel would have sent a stronger signal but that's debatable. It's a sorry state of affairs any way you look at it.
Don' exaggerate. His point is that you shouldn't allow sponsors that could lead to conflicts of interest, not all sponsors that do "bad".
In your example you can go to a symposium on quantum chemistry sponsored by the gov despite the gov eavesdropping. You shouldn't go to a converence on cancer research standards sponsored by the homeopathy league of gentlemen.
Just to clarify I'm talking about scientific research in the area of privacy/crypto etc.
The argument would be "this nation state is an evil eavesdropper thus I won't work for it when my area of expertise is privacy/crypto etc.". I think that's taking it a bit too far because "the state" is pretty big and its sole purpose isn't to eavesdrop (I'd hope) but I wouldn't say that position is unreasonable.
I would agree that as long as the specific arm of the gov that spies isnt involved in the conference, its fine. The articles argument does not say otherwise either. It highlights that palantir has opposed interests to the attendees of the conference.
Id say the author would be fine with a state department sponsorship as they repeatedly have backed secure communication for dissidents et al, but would oppose sponsorship of the nsa.
Its not just "on principle" either, but the dangrr that i terested sponsors can influence what gets presented and how. Like how the nsa would push an encryption standard theyve already broken.
What does accepting to be a speaker "under protest" accomplish? Clearly he would be told he is not allowed to make this protest public while speaking. If he cannot make his point public during the conference, then there is no noticeable impact from the so-called "protest".
The conference organizers want to have their cake and eat it too. They want to get all the speakers (and have them not make any waves), while also bowing to the almighty dollar from any sponsor willing to open their bank account.
The only ways to protest are to a) get the sponsor kicked, or b) refuse to attend. As he has been turned down regarding the first option, the only way for him to maintain his integrity is to not attend. Good for him for sticking to his principles and not caving in to the pressure to be an ass kisser.
Ostensibly it's the job of the state to balance the civil/privacy rights of its citizens with surveillance. It's the job of these companies to balance the monetary value of the data they collect with the backlash and loss of business they will get by collecting it, which is a very clear and explicit conflict of interest -- they benefit greatly by minimizing that backlash by, say, sponsoring conferences about protecting privacy while simultaneously eviscerating it.
Whats the purpose of a conference in the youtube era? I mean, medieval jousts are kind of obsolete so we don't do them either, outside renn faires. I have some theoretical reasons conferences still exist:
1) There's corporate money sloshing around to be soaked up in giveaways, free food, fancy rentals, honorarium payments...
2) The American obsession with uncivilized amounts of vacation is partially (only partially) made up for in som white collar fields by providing a fake vacation aka a conference. Of course some really cheap companies not only don't pay expenses to attend but don't even pay salary, which is off the charts cheap. But at least some attendees are getting conf week in place of civilized euro-style vacation schedules. Historically you take some brogrammers and give them a non-beach spring break at a conf, they act like they're back in the frat flirting on the beach, and next thing you know its social media meltdown mode, which is at least funny to watch.
3) Only that rare bird of very rich noob will attend to learn. Everyone else there "knows the score" and if the "bad guys" are buying lunch, we'll I'm glad to reduce shareholder value by eating their lunch. On the internet we have agreed we have to LARP that everyone is a noob, the public are all noobs, only noobs matter, but once in a while its OK to admit expensive conferences are for non-noobs, possibly even for experts. And its impolite to speak down to all the experts and tell them they're all idiots for not noticing what they probably noticed back when you still wore diapers. Sit back and listen to grandpa talk about military sponsorship of university research back in the hippie decade half a century ago.. This is only "news" if you're not observant.
4) I had the misfortune to have a presidential debate in my home town less than a mile from where I work, so at least some form of evil on earth was talking nearby while coworkers and I had those supposedly valuable "hallway conversations" at work. I'm seeing a parallel with letting the evil empire sponsor the official track which doesn't matter because conferences are all about meeting people in the halls or sitting at the (subsidized by the evil empire) bar.
This is a good example of the net loss to society caused by excessive social signalling on the internet. Yes he earns exactly 332515 whuffie by making an air tight politically correct (at least by our standards) accusation, but the big picture is it does nothing for anyone and doesn't matter. Even worse 332515 Whuffie and $7 will get you a cup of coffee at starbucks, its worthless and can't be converted into anything useful in general, or specifically it can't be converted into anything more useful than hanging out at a conference and talking to people.
"And its impolite to speak down to all the experts and tell them they're all idiots for not noticing what they probably noticed back when you still wore diapers. Sit back and listen to grandpa talk about military sponsorship of university research back in the hippie decade half a century ago.. This is only "news" if you're not observant."
So past evils dictate that we are to keep quiet, so as not to appear impolite?
Exactly, which is why it doesn't matter who's paying the rental bill on the hall, that you're not in, because you're making personal or business contacts at the bar.
Not particularly. His point isn't that you shouldn't do anything sponsored by a major corporation. It's that this is a privacy conference, and these specific major corporations make their money off of destroying privacy. That's a conflict of interest.
Anyway, lately Apple is the big institutional champion for end-to-end encryption, so they might be on the "allowable sponsors" list for a privacy conference.
Apple's mission isn't privacy advocacy, or serving as a platform for debate on privacy or human rights.
Yeah, they advertise some kind of privacy protection as a product feature, and you can debate whether or not those advertising claims have merit, but it's a long way off from the CPDP conflict of interest that Aral describes.
I'm a bit put off by the multiple references to Caspar (Bowden) supposedly "turning in his grave"; the author doesn't explain how he is so sure (that Bowden would disapprove). Especially since the CPDP event of 2015 was also sponsored by Palantir, and Bowden was on the organizing committee, a moderator and on a panel of that conference.