Caesars Palace not-so-Praetorian guards intimidate DEF CON goers, seize soldering irons

Enlarge / This sign is an invitation for a room search at some Las Vegas hotels.

In the wake of the mass shooting in Las Vegas in October of 2017, hotels in the city started drafting more aggressive policies regarding security. Just as Caesars Entertainment was rolling out its new security policies, the company ran head on into DEF CON—an event with privacy tightly linked to its culture.

The resulting clash of worlds—especially at Caesars Palace, the hotel where much of DEF CON was held—left some attendees feeling violated, harassed, or abused, and that exploded onto Twitter this past weekend.

Caesars began rolling out a new security policy in February that mandated room searches when staff had not had access to rooms for over 24 hours. Caesars has been mostly tolerant of the idiosyncratic behavior of the DEF CON community, but it’s not clear that the company prepared security staff for dealing with the sorts of things they would find in the rooms of DEF CON attendees. Soldering irons and other gear were seized, and some attendees reported being intimidated by security staff.

And since the searches came without any warning other than a knock, they led, in some cases, to frightening encounters for attendees who were in those rooms. Katie Moussouris—a bug bounty and vulnerability disclosure program pioneer at Microsoft, an advocate for security researchers, and now the founder and CEO of Luta Security—was confronted by two male members of hotel security as she returned to her room. When she went into the room to call the desk to verify who they were, they banged on the door and screamed at her to immediately open it.

In another case, a hotel employee—likely hotel security—entered the room of a woman attending DEF CON without knocking:

Beau Woods, cyber policy activist and co-founder of I Am The Cavalry, hacked the “Do Not Disturb” sign in an attempt to stave off searches:

Ars attempted to reach Caesars for comment but received no response. After Ars reached out to DEFCON, the organizers posted this statement:

We understand that attendees want a statement from DEF CON about the Caesars room search policy. We are actively engaged with the hotel, seeking answers and a clear policy document we can share with you. Please know that we hear your concerns and we’ve shared them with Caesars. We expect a venue where our attendees are secure in their persons and effects and a security policy that is codified, predictable, and verifiable. Thank you for your patience while we work this out.

There is a long history of legal precedent surrounding the expectation of privacy in hotel rooms—overnight hotel guests are recognized to have an expectation of privacy under the Fourth Amendment. But things become murkier when the search is conducted by the property owner. Still, Moussouris’ concern was for her physical safety more than her privacy; despite the new security policies, Caesars doesn’t control access to its elevators by room key, and there is largely uncontrolled public access to the hotel’s towers.

DEF CON won’t be at Caesar’s Palace next year—but not because of these incidents. The conference has a multi-year contract with Caesars Entertainment to host DEF CON, and Caesars’ convention center will be undergoing renovations in 2019. Moussouris said this was her last DEF CON.

Update, 7:45 PM: Caesars Entertainment issued a statement today claiming that the room search policy had been implemented in January—and that  DEF CON organizers had been briefed on the searches, which “involve only a visual review of the bedroom, bathroom and additional seating area, if any.”  Marc Rogers, a well-known security researcher who leads DEF CON’s security team and initiated the conference’s transparency report on incidents, contradicted this in an open letter he posted to his blog today:

If I had received this, in the interest of transparency, I would have informed you all. After all, that’s EXACTLY why I started the DEF CON transparency report. The timing of it looks odd.

I do not support or endorse these room searches or how they are executed. I sympathize with the challenge these hotels are facing but believe they need to take a harder look at the efficiency, impact and long term cost of this strategy.

We MUST NOT let our hotels become like our airports. If we do, then the terrorists win.

Rogers also tendered his resignation from the DEF CON team.

Related Post

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.