Company Sues Blackhat Because People Mocked Their Sponsored Presentation And Called It Snake Oil
from the good-luck-there dept
Sean Gallagher, over at Ars Technica, has a story about yet another bizarre lawsuit. A company called Crown Sterling, which claims it's disrupting the entire encryption business, is suing the Black Hat conference organizers after it paid $115,000 to be a "gold sponsor," only to find their presentation widely mocked. You can read the complaint here. It's quite something.
Gallagher's article does a nice job summing up the presentation and the background in a single paragraph:
Grant's presentation, entitled "Discovery of Quasi-Prime Numbers: What Does this Mean for Encryption," was based on a paper called "Accurate and Infinite Prime Prediction from a Novel Quasi-PrimeAnalytical Methodology." That work was published in March of 2019 through Cornell University's arXiv.org by Grant's co-author Talal Ghannam—a physicist who has self-published a book called The Mystery of Numbers: Revealed through their Digital Root as well as a comic book called The Chronicles of Maroof the Knight: The Byzantine. The paper, a slim five pages, focuses on the use of digital root analysis (a type of calculation that has been used in occult numerology) to rapidly identify prime numbers and a sort of multiplication table for factoring primes.
Even from that description, you might be rolling your eyes. There's also a response paper from Mark Carney from the University of Leeds who basically debunks many of the claims in Grant's paper. The summary is pretty straightforward:
A recent publication by Grant et al. [2] has revealed some innovations with respect to the checking and generation of prime numbers with which to crack cryptographic keys. We argue that their method is minimal, and go on to prove some general cases of the mathematics they present - specifically refuting two of their claims. We also present more computationally efficient methods, and use these as a spring board to refute the existence of any practical efficiency improvements coming from this methodology.
Some, of course, were a bit less academic in their criticism, speaking out against the presentation on Twitter and heckling Grant during the presentation itself. PC Mag published an article quoting a cryptography expert who said it had "all the signs of 'snake oil' crypto." That's from Jean-Phillippe Aumasson. He also noted:
"The content of the paper and the so-called discoveries are either 1) obvious, well-known mathematical properties that any high school student would easily find, or 2) plain wrong."
Aumasson also had quite the Twitter thread going during the talk.
Either way, all of this resulted in Crown Sterling suing Black Hat. According to the lawsuit, part of paying Black Hat $115,000 to get a "sponsored talk" slot also meant people aren't supposed to criticize them:
In the face of all of this, Black Hat USA, as the Black Hat conference organizer and party with whom Crown Sterling entered the Sponsorship Agreement, had an obligation both to conference attendees and to Crown Sterling to ensure that Crown Sterling, as a participant and a sponsor, was treated only with respect and dignity. Black Hat USA also had an obligation to provide Crown Sterling the benefit of its bargain, which was to be able to use its exhibitor booth and its sponsored session as means to invite fair, open, considerate and non-abusive dialog regarding its technology breakthrough, and to attract prospective clients, collaborators and business partners.
Good luck with that theory.
There may be a slightly stronger argument that Black Hat then did breach its contract by removing any mention of Crown Sterling from its website and then refusing to return the sponsorship money. That... gets a bit more iffy. There is some issue here in that Black Hat probably should review its sponsors a bit more carefully. And, if it's going to recognize that it was had and pull a sponsor's name off the website, it does seem like perhaps they should have given some money back. But, the flip side to that is that, until Black Hat realized what was going on, Crown Sterling appeared to get what it paid for -- a booth, promotion, and a speaking slot. It's only after all of that when Black Hat removed their name from the site.
Crown Sterling never could have anticipated what happened instead: Black Hat USA itself, rather than enforcing its own Black Hat protocol and Code of Conduct, and rather than renouncing the abusive conduct and demanding civility and decorum, instead made good on that detractor’s threat to “take Crown Sterling down” by publicly stating that it had taken down Crown Sterling’s presentation materials from its event website. In fact, this statement was false. Black Hat USA had never posted the Crown Sterling materials on its website, and presumably did not know its contents when it subsequently purported to have screened them after the fact, and based on this screening which never occurred, taken them down. What Black Hat USA did do, however, is take down any mention of Crown Sterling’s participation in the event from its website, essentially disavowing their presence and vitiating the very essence of the Sponsorship Agreement.
But... even that seems weak. As does arguing that Black Hat telling the press about this decision is somehow defamatory. That ain't how defamation works, guys.
Black Hat also sided with the detractors in the most public of ways, providing a statement for the very PC Magazine article that served as a mouthpiece for those conference detractors. In its statement, Black Hat USA confirmed that it would take down Crown Sterling’s content from its website, and it disavowed Crown Sterling as a sponsor. By doing so, Black Hat USA unfairly and inappropriately placed its imprimatur on the abusive sponsored session disruption and the defamatory smear campaign that followed shortly thereafter.
Notably, the lawsuit itself is not for defamation -- just breach of contract and breach of "implied covenant of good faith and fair dealing." It seems likely that this lawsuit is a long shot for a variety of reasons. But, it also isn't going to do much to improve Crown Sterling's reputation among cryptographers.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: breach of contract, encryption, prime numbers, robert grant
Companies: black hat, crown sterling
Reader Comments
Subscribe: RSS
View by: Time | Thread
What on earth did they think would happen? The company name is essentially trashed in the industry now. That has nothing to do with Black Hat and everything to do with Crown Sterling's presentation and published data.
So... Black Hat should have vetted the sponsor better, and should have a policy set up for when a sponsor is found to be peddling snake oil. Beyond that, there's not much here.
[ link to this | view in chronology ]
Even if they'd figured out how to break RSA encryption and their brand new encryption method worked, why would anyone go with their new encryption method when Elliptic-curve cryptography is already available?
[ link to this | view in chronology ]
Re:
If they'd done that, it would be easy for them to prove it.
[ link to this | view in chronology ]
Because ECC is vulnerable to quantum attack.
Nobody has yet built a quantum computer sufficiently large to do this, but it is assumed by many that this will come.
[ link to this | view in chronology ]
So, instead of actually demonstrating that their mathematics works by decrypting same samples, they launch a law suite. That is a sure sign of snake oil selling.
[ link to this | view in chronology ]
Is it Defamation?
Wow, seems like we need a good breakdown article similar to Ken Pope's "Is it Rico" that we can keep pointing at.
Perfect example of how tin foil hats try to "disrupt" science - it isn't their methodology to blame, it's the bad press preventing them from explaining why the Earth is flat.
[ link to this | view in chronology ]
Strange.
So you bring a Product out to be seen and maybe purchased..
In front of all these people Who seem to be Professionals.
And they deride and abuse you of this idea/concept..
You paid to be represented? Or you paid for a booth to show off your new toy? Did any other group have anything to say? Because this seems to only point to the group that gave you the booth.
[ link to this | view in chronology ]
I already think they're a group of crazies just for the lawsuit.
The excerpts from the filing posted here confirm that. Torturous sentences, contradicting themselves from one sentence to the next - all the hallmark of crazy litigants who actually believe in what they're peddling. Its sad.
[ link to this | view in chronology ]
Just what did BlackHat sell for $115,000.00?
What do you mean we can't buy respect and dignity?
[ link to this | view in chronology ]
Re: Just what did BlackHat sell for $115,000.00?
[ link to this | view in chronology ]
Jim Sterling should sue them for defamation by association~.
[ link to this | view in chronology ]
Going to argue in court that their attempted bribe didn't work....bold strategy, Cotton.
[ link to this | view in chronology ]
did they think only stupid people attend blackhat
If you are going to try and peddle something, why would you try to fool the professionals first. Real professionals are very serious about what they do and are going to vet the crap out of whatever you present.
Their response to whatever you are peddling is going to be proportional to the level of stuff you say. If you say crap they will mock you like the turd you are.
[ link to this | view in chronology ]
Re: did they think only stupid people attend blackhat
[ link to this | view in chronology ]
$115,000
Money stupidly spent.
[ link to this | view in chronology ]
There are just some internet hornet's nests you really shouldn't stick your dick into just to annoy them.
Reddit, both Chans, and any Hat conference top the list.
[ link to this | view in chronology ]
Re:
Don't tug on Superman's cape.
Never go in against a Sicilian when death is on the line.
And never, ever try to use sleight of hand against a roomful of card experts in black hats.
[ link to this | view in chronology ]
Re: Re:
Though the latter is basically the premise of Penn & Teller's Fool Us.
[ link to this | view in chronology ]
Re: Re: Re:
The difference being that no one is so arrogant as to think that P&T won't spot that it's all illusion, misdirection, and sleight-of-hand; best-case scenario is that they won't spot exactly what illusion, misdirection and sleight-of-hand you're using.
Crown Sterling's presentation is more like trying to use a stage magician's tricks to convince James Randi to award you the prize for the One Million Dollar Paranormal Challenge.
[ link to this | view in chronology ]
Re: Re: Re: Re:
So Crown Sterling is the Uri Geller of blackhat.
Checks out.
[ link to this | view in chronology ]
'Now, to ensure you fight to the legal death...'
In the face of all of this, Black Hat USA, as the Black Hat conference organizer and party with whom Crown Sterling entered the Sponsorship Agreement, had an obligation both to conference attendees and to Crown Sterling to ensure that Crown Sterling, as a participant and a sponsor, was treated only with respect and dignity.
Yeah, even if their interpretation of that was correct(and I don't believe for one second that it is), that by being a sponsor Black Hat was supposed to ensure that no-one talked bad about them, they'd have pretty much ensured that Black Hat would fight that claim into bankruptcy, since caving on that point would utterly destroy the event's credibility by making clear that 'respect' could be bought.
Were Black Hat to agree that being a sponsor shielded a person/company from criticism then they'd have turned their event into nothing more than PR show, useless except for companies to brag with 'credibility' tied not to the strength of the claims/discoveries/arguments but whoever had the biggest wallet.
[ link to this | view in chronology ]
Definitely something you do when you're confident in your product.
[ link to this | view in chronology ]
Streisand
Paging Streisand, paging Barbara Streisand...
[ link to this | view in chronology ]
Oh no... they forgot to energize their lawsuit but resting it above their energy crystals...
(Look at where the money comes from... magic crystals that can energize water... but don't get them wet)
We here at Crown Sterling wanted to make sure the world knew our name, little did we know suing a hacker convention might offend some hackers. Our servers are on fire, all of our emails have been published (including the ones where we mocked you idiots buying our magic crystals)...
We think this will be a win for us as we meditate with our crystals.
[ link to this | view in chronology ]
They Probably Have it Right
Not a lawsuit for defamation, that is a good sign right there. The atty recognizes that there is no untruthful statement by the defendant for which damages can be shown.
I would certainly expect that an action for breach of contract would lie. Without verifying all the facts, it would appear that (a) Black Hat offered a ``gold sponsor'' package including web site and other promotions (b) Crown Sterling paid for such a package (c) Black Hat failed to provide at least part of the normal package (d) Black Hat refused to return any money.
The lawyers, in their first draft, may have gotten a little silly by looking for civility and respect. However, under the silliness, it does appear that there is a claim for breach of contract.
[ link to this | view in chronology ]