132 comments

[ 5.5 ms ] story [ 239 ms ] thread
non amp links would be nice.
Usually removing "amp" from a URL yields the correct website. When that doesn't work, you can find the URL in the page's source: Look in <HEAD> for a <LINK> element with a "type" attribute of "canonical"
The introduction basically says: "You can't treat security people like this.

I'd personally say that you shouldn't treat anyone like this.

Maybe Defcon should just go somewhere else next year.
DEFCON has always been in Las Vegas. That would be a difficult change.
Maybe they could do it CCC-style, somewhere more "wild". It could make it more expensive (and involved) to be there unless somebody is willing to offer some form of lodging. That would also change things, one of the nice things about going to DEFCON is being able to stroll off premises to a bar or what have you, being able to arrive by cab and get everywhere you're needed by monorail.
> That would also change things, one of the nice things about going to DEFCON is being able to stroll off premises to a bar or what have you, being able to arrive by cab and get everywhere you're needed by monorail.

You can more or less do this at CCC, too. The Hamburg convention centre was quite central, and the Leipzig one has a regular all-night tram service to the central train station (or did last year, anyway).

I'm sure there are some large well-located convention centres in the US that could be used.

Also, CCC event management was given discretion in handling any situations short of maybe cases where they did not fix a problem. This led to a surprising calmness inside, due to the mutual understanding.
I know nobody reads anything anymore, so people might book and then fail to realize it's somewhere else, because everyone, especially detailed oriented hackers are lazy morons thanks to the Internet, and don't discuss things amoung each other in response to privacy violations and how to try and fix it next time around...

As I was reading this my wife was actually just looking at a craftshow event announced as a FB event where the first sentence literally said the location and someone commented "Where is this show being held".

"In January of 2018, the DEF CON China [Beta] event was announced. The conference will be held May 11-13, 2018 in Beijing, and it marks DEF CON's first conference outside the United States."
...because the Chinese security people will definitely respect the privacy rights of DEF CON attendees.
From what I can see in this article, they respect the privacy of DEFCON attendees more than the US.
Is everyone staying at the same hotel or is this coordinated between hotels?
The majority of the hotels on the Vegas strip are owned by only two companies, Caesars and MGM.

https://en.wikipedia.org/wiki/List_of_Las_Vegas_Strip_hotels

That's why the few which are not owned by these two ... are by far better. Tropicana, Treasure Island, Venetian are recommended.
Or just don't go to Vegas? It's a shithole anyway.
Of course. But if you have to avoid the MGM and Cesar's hotels like the plague. Conferences...
Let's remember that is has been < 12 months since the Vegas shooting, and the biggest question people have been asking (aside from motive) is how a man managed to bring that much firepower into his hotel room and keep it there for so long. Now you have a large and diverse group of counter-culture oriented people bringing large padlocked hard cases to their rooms and declining maid service for days at a time. What did they expect? Of course hotel security is going to be all over that. Its a destination resort for gambling and drinking, have some perspective.
So in other words, this is a government initiative. Maybe run through the police, maybe run directly through the government itself.

That would explain "incredibly unprofessional and heavy handed about security".

That's not "in other words". That's an ocean away jump to a conclusion.

Turns out it's not just the government who have an anti-tragedy agenda.

If you want to be cynical about it you could say it's bad PR for the hotel. But really, the people making these decisions are actually human beings who don't want their fellow human beings to be murdered.

Someone explain to a non-American here; given the second amendment, would/does the hotel actually have a policy against guns in rooms?

> large and diverse group of counter-culture oriented people

Ironically this is the exact opposite of the mass shooter "profile".

Yes. The Constitution primarily limits the powers of state/federal government (in a few narrow cases it can apply to private entities as well). A hotel would be able to set whatever restrictions it wants on guns and not be hindered by the second amendment.
Rules related to Firearms on private property vary state to state. In Nevada and Las Vegas explicitly, 'Gun Free' zones on private property are not legally enforced. Casinos do not allow you to carry firearms openly or concealed on their property and while it's not illegal to do so, they can/will ask you to leave. If you don't then it's trespassing.

They do allow you to have firearms in your hotel room, but request that they are kept secured in locked containers. Many firearms industry trade events take place in Las Vegas, including Shot Show. I have personally been in hotel suites during that show that had several dozens of firearms on display.

From what I understand the big change to security now at vegas hotels is an increased awareness of people who refuse maid service for days at a time, as this specifically allowed the mass shooter to prepare his room without alerting anybody.

As a non-American, I find the idea that the right to bring weapons to a hotel room trumps your privacy within that room a very counter-intuitive proposition.
Who said that was the case? This hasn't gone to court yet.
Well it's private property so it's kind of up to the owner to decide that.
Nevada is a weird place, it sort of balances the near libertarian natives with the demands/requirements of the casinos that keep the money flowing.
I mean in general, that the very fact that you can carry weapons at all (subject to local regulations) implies a system whereby guards can ransack your room for fear that you might actually use your guns. Pretty much everywhere else on the planet carrying around weapons designed to kill are simply illegal, and therefore there isn't the worry that they might be used. Simply having weapons would get you locked up.

I know this is a right dear to many Americans -- certainly not all though -- but hn is a global forum and I'm giving an outsider's perspective. Wouldn't have thought that'd merit downvotes?

nb: that was a reply to vageli, but there wasn't a reply button yet.

Guns aren't as illegal and uncommon "in the rest of the world" as people think.
Both are important.

Britain didn't know to be on the extreme lookout for any signs of armed rebellion in the 13 Colonies; by the time they positively knew what was going on, their best hope was to try to take the militia's arms.

As such, the Founding Fathers didn't learn first-hand the value of privacy in quite the same way as they learned the value of arms-bearing.

Concealed means concealed. I have never seen a casino in Vegas signed in a way that bans concealed carry is off limits, either in a legally binding way or not.
Since signs are not legally enforceable in Nevada they don't plaster the doors with them, but trust me, Casinos explicitly ban concealed carry and if they see you printing they will escort you out.
If there's no signs, no notice to guests, and no obvious policy a random person coming off the street would see, I'm not sure that counts as "explicitly banned"
Some states have gone so far as to limit this right, but typically you have the right to declare that you won't allow guns on your property and enforce such a rule
> is has been < 12 months since

For clarification, do you mean that after more time

- the hotel will forget about the shooting,

- shootings will become less likely, or

- secret privacy invasions that people were never meant to know about will stop being such good PR.

I think maybe closest to the first? That we should be understanding in the short term around overreaction because those businesses have suffered trauma and just need time to get back to a normal state of mind.

Of those three reasons I have the most sympathy for the second, though still not a lot. Perhaps all of them can be phrased more even-handedly, though, and maybe there are better reasons why the passage of time might matter. I'm happy to listen.

> What did they expect?

I think they expected respect, privacy and professionalism from their hotel at their conference. They wanted to feel safe, not invaded and bullied.

This kind of thing will drive more people to Airbnb -- security is worse, but trust is higher.

I'm sure Caesars Palace is far less concerned about driving a few people to Airbnb than the lawsuits/fallout from another mass casualty incident. It's in their best interest to be overly careful here, even if it does strike us as invasive and paranoid.
To me it seems moronic to have a procedure to prevent a rare incident, AFTER one has happened: https://en.wikipedia.org/wiki/Black_swan_theory

Just like checking shoes before boarding a plane after 1 shoe bomber...

Or are they afraid of copycats?

Honestly they should just invest in a bit more tech. How about modifying their lifts to detect large amounts of metals, or explosives? (Well, there's your next security technology goldmine). But of course hiring muscles is cheaper, never mind that maybe party goers will stop coming to Vegas if they get harassed.

Your technocentrism approach to security is contradictory. On the one hand you say shoes shouldn't be checked with tech (even though there were many AQ/ISIS bomb makers trying to use the technique) and then you say modify lifts (at enourmous cost and dubious enhanced security - what about stairs? etc) to detect explosives.

Reality is that the searches of peoples stuff was a heavy handed and unclear policy that the hotels didn't make clear to the customer so that they could have an informed choice. However a Mark 1 eyeball is in this case probably the most effective choice for a security mitigation.

The slight difference is that a tech solution in the lift would actually apply to everybody. "Mark 1 eyeballs" very likely have a big bias regarding who needs checking.
It seems pretty rational (even if quite cynical) to me. The covering your ass liability for a similar repeat of a black swan event must be way higher than it was the first time around.

You can't claim surprise or lack of precedent for the second time, and it really does look like negligence to the circling lawyers if you didn't react to it.

In risk management terms, the likelihood of a repeat might not have changed, but the consequence of a repeat sure has.

It’s ironic that the ability to enjoy your freedom to gamble and drink is being ‘secured’ by heavily breaching your privacy.
I dunno, I don't think a cursory search of your room at a hotel is a "[heavy] breach of privacy". I'd be more concerned with them being followed and their data searched.
Do you really think someone going through all your bags and then confiscating things they find objectionable is a "cursory" search, or did you just not read the article?
It's bizarre that the right to bear arms (important to some), means many other people will have to give up some privacy.
> What did they expect?

Maybe such simple things as having identity verification in place for their security people?!

If they were just entering the rooms, or even entering and rifling through their stuff, maybe, but what does Steven Paddock have to do with confiscating lock picks?
The idea that the only way to be 'safe' is to break into people's room and go through their stuff is setting up a false choice.

This kind of 'emotional' logic is dangerous and can be used to justify a police state and tyranny.

It's quite possible to ensure security without being a tyrant, and setting up processes upfront and being transparent about it. This is sinister, more associated with a police state.

As a thought experiment think of the Chinese security services doing this at an international security conference and it becomes clear why this kind of apologism doesn't work, no one would justify that.

>>people have been asking (aside from motive) is how a man managed to bring that much firepower into his hotel room and keep it there for so long

I don't understand - have those "people" never been to a hotel? Or do they visit hotels where luggage searches are somehow normal/acceptable? What do they want? Airport-style luggage searches for people who stay at hotels?

"Luggage searches" is a strawman description

That being said, if your things are being actually rummaged through and arbitrarily confiscated, I'm completely in disagreement with it. Especially being done by "security people" with no ID.

Ok, ok I get it, Vegas hotels probably have to deal with way more crap from guests than your average hotel, still, this is uncalled for.

Still, hotel rooms are serviced, nobody should be going through regular suitcases, it's a different thing to turn away room service for days at a time and have big boxes and crates that don't look like something ordinary

> have those "people" never been to a hotel?

I have. Hotels are not rentals. A degree of privacy is expected, surely, but it's not "free for all"

What they want is for dangerous criminals to be found out before they kill people. This is complex because of competing wants (like not wanting to subject oneself to airport-like security at a hotel).

This is just the nature of public discourse. The newreading public is not going to withold forming an opinion, tweet or somesuch until they've thought through all implications. They are going to have general, simplified opinions. This is normal. It is kind of disingenuous taking this to mean "people want __insert totalitarian implications__.

Hote security want similar things. They have a more nuanced understanding, being professionals after all. They particularly don't want to be blamed after-the-fact for having overlooked (in retrospect) danger signs. The type of people with the kind of stuff that go to to defco probably alert all sorts of "common sense" danger signs.

Lisbeth Salander walks through the lobby towing a 150kg box....

> What they want is for dangerous criminals to be found out before they kill people.

Typically a mass shooter is not a criminal until he starts shooting people. Correct me if I’m wrong but what you sound like you are saying people want “pre-crime.”

I don’t want to live in a place where I might be arrested for something someone guesses I might do.

No sorry, that's an apologist position. Six months ago the shooting was an even fresher memory. Did the hotel work with Defcon to communicate their concerns? Did the hotel implement procedures that minimise the risk while respecting customers? Were Defcon guests informed that cancelling servicing would trigger ad-hoc searches? Did the hotel do anything that suggests they care at all? No.
> What dis they expect?

Well for one thing they likely expected that the hotel change their policies to reflect that they are going to go through guests luggage, and to clearly state that security guards are going to go through their rooms.

The outrage isn’t that hey are doing this, it’s that they are doing so without proper information and without following their own policy.

> how a man managed to bring that much firepower into his hotel room and keep it there for so long.

Which is completely irrelevant. He could have done the same thing with a single suitcase containing one rifle and a bunch of magazines. The whole 20+ (I don't know the exact figure) guns thing was not in any way necessary for what he did. Do people think he was some kind of eight armed octopus firing umpteen guns at the same time?

Barrels overheat. The number of guns he brought probably was excessive, but he did shoot 1,100 rounds over a period of about 10 minutes.
That’s a pretty sad excuse.

Even after 9/11, I didn’t have goons busting into my N.Y. hotel rooms just in case I had lockpicks in my luggage.

If these people are a security threat, call the real cops. The only time I’ve seen this sort of behavior is in circumstances when rent-a-cops are given police/peace officer status.

9/11 wasn't caused by lockpicks in luggage. The Vegas shooting had guns in luggage as a key factor.
So why are you allowed to enter the hotel with luggage?

Most big hotels provide a vault or will hold luggage locked in a secure area as well. They won't open it for insurance/liability purposes and do not require access to the contents. A person could trivially store contraband in the hotel's direct custody and not throw a red flag by keeping the cleaning lady out.

This is just security bozos throwing their weight around.

Let's remember that DEFCON has been happening there for quite a few years, so the hotel should know what to expect, and what the customers expect, and either decline the business or accept that they're going to have a large and diverse group of counter-culture oriented people bringing large padlocked hard cases to their rooms and declining maid service for days at a time while expecting privacy.
This isn’t happening specially for Defcon, it’s been standard practice for a while.
The big piece you have to add to that is that MGM is being sued for billions of dollars when you put together the 1,000+ lawsuits against them for "failing to keep guests safe".

It's not just the memory, but a direct consquence of our insurance and civil litigation norms.

"What did they expect?"

To have privacy in their hotel rooms; to not have their lock picks stolen by hotel staff; to have some way of distinguishing these "security" guards from random strangers trying to take advantage of the situation; to tell the staff "not now" and have them listen; etc.

None of that is unreasonable. I would have canceled the remainder of my reservation if a hotel treated me like that, and I would not bother going to conferences held at those properties.

This just confirms that Casinos companies are mentally more gang/mafia than business with "customer first" approach. Best "lesson" for hotels would be to move DEFCON to some more pleasant place.
Don't be naive. There is no reason to think that the same thing could not happen in some other city.
There's no reason to think the same thing could not have happened in some other city, but if it became common knowledge amongst hotels that doing this will potentially cost your city this business opportunity, it would be very unlikely to happen afterwards.
On the other hand, if this is simply standard procedure at any hotel you could use, what choice do you have?
airbnb
Yes, wonderful, they can host the event in the Airbnb convention center
I wasn't aware it was a problem with the convention center; I thought it was an issue with people's hotel rooms.
Generally when you hold a big event like this you use a large hotel with an attached convention center.
Except if the event is in say, San Diego, LA, San Francisco or New York.
Right, but people have to leave their hotel rooms and meet in some central location, otherwise it's not a conference :-)
But it's not standard procedure at any hotel. So far it has only been reported of it happening in Vegas.

Move DEFCON to somewhere else next year in protest. Then they might learn their lesson.

I guarantee other hotel chains will be watching this situation with great interest. If Caesars suffers no consequences, then they will all see it as a green light that they can also treat their customers this way, and soon it will be normalized.
I'm surprised more people aren't saying this, but: I've had this happen over the years at multiple large, "upscale" hotels belonging to national chains across the US.

I usually leave the "Do Not Disturb" sign up the entire time I'm in a hotel. (I'm paranoid about having my electronics stolen when I leave for meals, and I usually work during the day in my hotel room when housekeeping is coming in, and I don't want to be interrupted. Besides, I bring my own towels and toiletries so I don't need anything from them.)

I've always been told it's a safety thing and that makes sense to me -- usually, it's a manager who calls and requests just to stick their head in every five days, while I'm there, and they're completely understanding of my fear of theft.

Seems like all it would take to resolve this is a viral story about someone getting robbed or raped by people pretending to be security and breaking into rooms. Defcon people should be able to easily stage something like that and spread the news. "Fake news" used for good I guess.
What a spectacularky bad idea. Maybe after that, don't respond to any reports of room invasions.
There we go. What an absolutely horrible idea, which shows clearly the direction of this kind of "activism". Because if the "good people" are using "fake news" - it's fine! But it's unacceptable if "the other" people are using fake news to push their ideas.

Just because you think your ideas are nobel, righteous or inherently good, it still does not allow you to use any means possible in order to push them.

What's next? Stage a murder and frame someone you think is evil?

"Let's piss off a large, drunken gathering of red teamers, and the blue teamers who've probably designed some of the underlying systems we use! What could go wrong?"

This is how you get your speaker system stuck on 24hrs of wpic sax guy radio.

If that happens, fire the employee who set up the prank and sue for as much damage as you can. No more pranks.
Why would a casino fire an employee after non-employees execute a prank?
Epic Sax Guy? I'd either run Never Gonna Give You Up or the My Little Pony G4 Intro.

Alternatively there is always the Tetris Brainworm or Bob Ross sessions.

All I know about "My Little Pony" is that it is a cartoon based on a line of toys, is written for little girls, has been around for a long time, for some reason attracts a lot of adult male fans (called "bronies"), and HN user nickthemagician suggested that a blogger using an MLP avatar lost credibility and HN user tern delivered the perfect response that I'm still chuckling over 5 years later [1].

A bit of Googling turned up a video on the evolution of the MLP theme from 1984-2014 [2], and contained therein was the G4 theme. But also in there or in the subsequent Googling it inspired I learned 3 other interesting things:

1. Some of the earlier themes would probably be more cutely annoying than G4 for this application,

2. Sandy Duncan and Tony Randall were voice actors in the earliest MLP stories in 1984. They were both pretty well established, critically and popularly acclaimed, actors. I would not have expected such big names in this kind of cartoon in 1984.

3. That's nothing...the 1986 movie had Randall, Danny DeVito, Rhea Perlman, Madeline Kahn, and Cloris Leachman. Either I'm totally misremembering the state of animation in 1986, or MLP was a way bigger deal then I remember.

[1] https://news.ycombinator.com/item?id=6042590

[2] https://www.youtube.com/watch?v=5vI3YypGhnA

Surprisingly enough, I know the guy that wrote the blogpost in [1] and talked to him this morning.
On the other hand, fucking with a Vegas casino is how you end up bloody in an alley somewhere.
This is how you end up with "f* you" settlement money.

Today's Vegas is not your parent's Vegas. It’s all professional investors now, very little mob left.

Yes, not to mention that nearly every casino/hotel on the Strip is owned by either Caesar's Entertainment or MGM Resorts. They are huge publicly-traded companies who want to minimize risk.

MGM Resorts Properties: Bellagio Circus Circus CityCenter (50% joint venture with Dubai World) Aria Resort & Casino Mandarin Oriental Excalibur Luxor Mandalay Bay MGM Grand The Mirage New York-New York Park MGM

Caesars Entertainment Corp: Bally's Caesars Palace Harrah's The Cromwell Flamingo Las Vegas The Linq Las Vegas Planet Hollywood Rio All Suite Hotel and Casino

In most hotels I've been to in more volatile parts of the world they just search bags on entry to the property - which would seem an easier and more thorough approach. If security are so concerned why aren't they doing that here?

If hotel security forced their way into my room in any property I stay at at I'd be checking out immediately and would be doing a credit card charge back on any charges.

I would also have done that, but I don't see how.

How do you perform a credit card charge back yourself?

I think he means he would call the credit card company and get them to refund the charges.
as @nickthemagicman says - except (at least in Europe) you have to write to the merchant (hotel) asking them to refund all charges and explain why.

If they refuse or don't reply you call your credit card company and tell them you dispute the charges; they usually immediately refund you and take it up with the hotel.

This should probably say "some parts of Europe", or a specific country. At least in the UK, the reversal can be initiated with a single call to the bank. They contact the merchant then and give you the money back immediately. In good banks it actually works with both credit and debit cards.
Almost all credit card companies in the US allow you to dispute charges. Some even allow you to do it online. Typically it's then up to the merchant to prove the charges are legitimate. And from what I've heard that's very difficult sometimes. Most larger companies simply eat the cost. And it's a significant problem for small businesses as some folks use this to cheat the system and get free things.
Many international hotels outside the USA search bags on entry. I just went to such a hotel in Africa, and they required the valet to bring bags to the room. I'm assuming they x-rayed the bags behind closed doors to keep it discrete. Perhaps this approach would be more tolerable in the states. (We still had to go through a metal detector on the way in)
Why? It's not illegal or even against policy in many parts of the US to bring in all sorts of dangerous things.

For instance - while moving from Arkansas to Virginia in 2013, I had a rifle with me in the U-Haul, and didn't want to leave it in the vehicle for it to be stolen. I just slung it barrel-down over my shoulder and carried it with all of my family's bags to the room, right past the front desk. It was a folding AK variant, which I chose for the trip because it was easy to keep accessible behind the seats' headrests, so if they were going to have an issue with a rifle that would probably be the one.

Not only is this sort of thing fairly typical in many places, in some (most?) states a hotel room is considered a domicile, and it's illegal to ban firearms as a condition of renting the room.

(comment deleted)
Time to do the conference somewhere else
Not a directly related comment, but Snowden's backed Haven is an Android app that can monitor a room. It's activated by motion or sound and notifies the user on another end. I've never tested it myself (iOS user), but found it very interesting.

https://guardianproject.github.io/haven/

If the Haven phone is stolen - I think it's hard to recover the recorded video. So, I opt for Alfred, which is more of a managed Dropcam-style service.
Wasn't aware of Alfred. Thanks for sharing!
Surely, the hotel must have some reason to justify this.

Can someone please tell us why the hotel might choose to do this to some guests? (Be fair in your statement, please. I'm just looking for the 'other side of the coin' out of curiosity.)

So in the US police doesn't need a warrant to storm hotel rooms? Terrifying indeed.
These are not police. These are private security for the owners of the property.

Generally speaking police do require a warrant to search hotels in the states but it is an area with nuance.

Police need a warrant (or probable cause) to search basically any private, locked space.

Hotel security are not police. They are more like landlords. So the 4th Amendment does not apply to them (which every security professional on Twitter is currently experiencing collective amnesia about, apparently).

However, like landlords, state/local jurisdictions usually set rules on hotel tenant rights. I'm not sure what those rules are in Nevada, but I would bet that they are much more lenient there than elsewhere due to regulatory capture, since gambling is such a lucrative industry.

This is the dirty secret behind calls for "privatization", "let the market decide", and "small government". You have no rights against an oppressive corporation that you would against an oppressive government. You didn't have a strong financial advantage and upper head against a large multi-national corporation in getting them to agree to not violate your human rights? No? You lose.
Hotel security are not police.
Playing devil's advocate, I do wonder if attendee's are being well behaved or trying to exploit hotel systems and other guests as typical hackers do trying to show off and prove their mental superiority. If I happened to be in Vegas at the same time as the conference, I'd think to myself, welp, can't use my laptop here.
Okay hardly anyone on this thread of 84 comments is even discussing the article. Half the comments are just people going back and forth about the Vegas shooting.

What this hotel(s) did was unacceptable. I hope some lawsuits come out of it for the more egregious violations. No one was worried about some hackers going off the deep end, this was a heavy handed display of power over guests. I'm surprised none of the intruders had guns drawn on them. These were unidentifiable goons seemingly breaking into rooms. DEFCON is the most important security event of the year, I do hope there is a boycott after this event and all of these hotels are blacklisted by the security community.

https://www.the-parallax.com/2018/08/12/vegas-hotel-room-sec...

"In a statement released to reporters, Caesars says DefCon organizers were informed before the conference of the new policy ... .. Marc Rogers, DefCon’s head of SecOps and vice president of cybersecurity strategy for identity management company Okta, said the conference is aware of the room problems and is working with Caesars on reducing conflicts for next year. “These changes represent the new reality that all hotels have to face in their work to keep guests safe,” he said at the conference’s closing ceremony Sunday. Caesars is “working closely with DefCon management to figure out the best way forward for next year.”

Some DefCon attendees are claiming on Twitter that they will refuse to attend the conference next year, if it returns to Las Vegas. Of the more than 1,650 votes in response to an informal poll started by Twitter user @notdan, a security researcher at a tech company in the San Francisco Bay Area who requested anonymity, 35 percent said they would not return to DefCon over room privacy concerns ... Moussouris emphasized a similar concern: that hotel room privacy is of paramount importance, especially for female travelers. “No matter whether DefCon moves or stays put, all hotels should have basic protocols for allowing any guest to easily authenticate a supposed hotel employee,” she wrote."

> “These changes represent the new reality that all hotels have to face in their work to keep guests safe,”

"Now we have an excuse to violate your privacy and steal your shit we're going to take it and make you accept it".

That logic has worked for the TSA going on 17 years now.
I don't have a viable alternative for flying 99% of the time, I do for hotels.
At some point hotel employees will start "taking advantage" of this policy by stealing stuff and other even more malicious things. It doesn't look good.
Why work with the hotel to reduce problems next year, when you could just hold the event elsewhere? Conferences move from time to time, and this seems like a pretty solid reason to do so. What does DEF CON owe to any of these hotels that should make them want to return next year?
In a gathering with many of the top social engineers nothing went wrong and there was zero possibility that a social engineer exploited this security and impersonated it's personnel to hack other attendees... /s

Maybe the best way to deal with this would be to make fun of and exploit security theatre.

I agree with their stance, but why do women get emphasized in this situation? Isn't it equally as unacceptable when a man gets a "security check" in the middle of the night by multiple people?

But the whole thing seems like security theater to me. There's no way this is going to prevent anything other than people actually going to those hotels.

I'm probably going to get downvoted for this, but I think this was a good move by the hotel. I'm glad that if people are bringing suspicious looking material into the hotel, and declining maid service for days on end that they are searching the rooms. One search like this could have prevented the Vegas shooting, and its worth it. There is a line we shouldn't cross as far as privacy / safety, but if you're staying in a hotel, you're on their property in a shared public space -- same as on an airplane or mass transit.

Edit: we already have the counter-example where the search didn't happen and saw the result. Lets agree that there shouldn't be any unknown contraband / dangerous items in the hotel for everyone's sake.

> if people are bringing suspicious looking material into the hotel, and declining maid service for days on end that they are searching the rooms

The Vegas shooter bough all his armaments in suitcases. Suitcases in hotels are suspicious now?

I'll skip maid service for a the duration of my trip if it's a week or less, and let them in once a week if longer. I don't have new towels and bed sheets daily at home why would I need them changed daily in a hotel?

> One search like this could have prevented the Vegas shooting, and its worth it.

And one search of any mass shooters house would have likely stopped them as well. Should we encourage them as well. I mean WON'T SOMEBODY THINK OF THE CHILDREN?

> There is a line we shouldn't cross as far as privacy / safety, but if you're staying in a hotel, you're on their property

Then let me verify the security staff, and don't have them steal my shit. If I have "objectional material" you ask me to leave or ditch the stuff, you don't take it.

> in a shared public space -- same as on an airplane or mass transit.

No it's really not.

> Lets agree that there shouldn't be any unknown contraband / dangerous items in the hotel for everyone's sake.

Let's not. Knives are dangerous, vodka is dangerous, hell water is dangerous, lets ban that to.

Let's also agree that violating the right of innocents just because you might eventually accidentally catch a bad actor is completely unacceptable.
This is most certainly a show of force by the hotel. I recall a visit to a $500+ per night hotel by a colleague participating in a high-level industry conference, representing an 'open' side of the negotiating table. The conference leadership had committed to paying perhaps four nights of the bill. On the third day, a hotel representative unlocked and walked into the room unannounced to "see what was going on" and refused to leave when asked. This was not a goon, but a smiling mid-level lackey. After ten minutes of "looking" it was over. When checkout time came, the bill was not pre-paid, but instead an unexpected two days were not paid, resulting in a surprise thousand dollar balance due. It was obviously harassment by someone. My point is that this is not new, and you are not safe from harassment at an expensive event.
As a former DEFCON attendee I remain confused why the hotels feel there is enough cost/benefit to host this event. I remember one year at the Rio attendees pwn'd most of their systems, took down the POS systems of most of the retailers, installed fake ATMs and even set up a rogue cell phone tower in someone's room that pwned everyone's Android phone with a side loaded poisoned Android update.

It was great fun. But if I had been staying as a non-DEFCON guest I would be furious.

There's an article on security weekly that gives some tips on staying safe at hacker conferences. Most people there do not do anything malicious, but there's always a few ass hats who are trying to prove themselves by doing illegal things. I don't think a lot of them understand, you get caught doing something like that as an adult and any career you thought you might have in the security industry is over.
Summer is not usually a popular time to visit Vegas, so it's a tonne of business in the off-season when the rooms would otherwise not be booked. Also, hackers have money these days, it's probably pretty lucrative overall despite the shenanigans.
This article asserts the fourth amendment applies to hotels. The ruling the article cites is about police entering a hotel room, not about private security hired by the hotel entering the room. I'm not a lawyer, but I wouldn't recommend relying on 4th amendment protections in a hotel. Pretty much have to treat a hotel room as compromised space, especially if you're not in the room.
I stayed at a hotel in Santa Monica last week, and declined cleaning services. They left a card that said they would enter the room every other day, regardless of the sign I put on the door. It was annoying to make sure I packed up all of my valuables and carried them with me the next day, but as far as I could tell they didn't actually enter the room the next day. There was another identical card under the door when I got back, and my "tells" weren't disturbed.
Of course I want to skip maid service.

It is disgusting. They just mopped the room next door, where people are vomiting everywhere, and then they drag that mop around my room. I'll have to disinfect it again, as I do every time the maid has been in. This is such a pain. (wiping every switch/knob/handle with Lysol or similar)

Then there is theft and breakage. So now I have to lug my stuff around instead of leaving it in the room.

Then there is me. Maybe I like to do things in private that might be embarrassing. Maybe I want to sleep during the day.

For all these reasons, maid service should be opt-in. I should have to leave the room unlocked; there should be no maid key. Entry without my permission should require a boltcutter, prybar, breaching round, battering ram, or saw. (and yes, guests who needlessly cause this should be charged for the damage) For the time during which I am paying for the room, it should be mine alone.