Company Sues Blackhat Because People Mocked Their Sponsored Presentation And Called It Snake Oil
from the good-luck-there dept
Sean Gallagher, over at Ars Technica, has a story about yet another bizarre lawsuit. A company called Crown Sterling, which claims it's disrupting the entire encryption business, is suing the Black Hat conference organizers after it paid $115,000 to be a "gold sponsor," only to find their presentation widely mocked. You can read the complaint here. It's quite something.
Gallagher's article does a nice job summing up the presentation and the background in a single paragraph:
Grant's presentation, entitled "Discovery of Quasi-Prime Numbers: What Does this Mean for Encryption," was based on a paper called "Accurate and Infinite Prime Prediction from a Novel Quasi-PrimeAnalytical Methodology." That work was published in March of 2019 through Cornell University's arXiv.org by Grant's co-author Talal Ghannam—a physicist who has self-published a book called The Mystery of Numbers: Revealed through their Digital Root as well as a comic book called The Chronicles of Maroof the Knight: The Byzantine. The paper, a slim five pages, focuses on the use of digital root analysis (a type of calculation that has been used in occult numerology) to rapidly identify prime numbers and a sort of multiplication table for factoring primes.
Even from that description, you might be rolling your eyes. There's also a response paper from Mark Carney from the University of Leeds who basically debunks many of the claims in Grant's paper. The summary is pretty straightforward:
A recent publication by Grant et al. [2] has revealed some innovations with respect to the checking and generation of prime numbers with which to crack cryptographic keys. We argue that their method is minimal, and go on to prove some general cases of the mathematics they present - specifically refuting two of their claims. We also present more computationally efficient methods, and use these as a spring board to refute the existence of any practical efficiency improvements coming from this methodology.
Some, of course, were a bit less academic in their criticism, speaking out against the presentation on Twitter and heckling Grant during the presentation itself. PC Mag published an article quoting a cryptography expert who said it had "all the signs of 'snake oil' crypto." That's from Jean-Phillippe Aumasson. He also noted:
"The content of the paper and the so-called discoveries are either 1) obvious, well-known mathematical properties that any high school student would easily find, or 2) plain wrong."
Aumasson also had quite the Twitter thread going during the talk.
Either way, all of this resulted in Crown Sterling suing Black Hat. According to the lawsuit, part of paying Black Hat $115,000 to get a "sponsored talk" slot also meant people aren't supposed to criticize them:
In the face of all of this, Black Hat USA, as the Black Hat conference organizer and party with whom Crown Sterling entered the Sponsorship Agreement, had an obligation both to conference attendees and to Crown Sterling to ensure that Crown Sterling, as a participant and a sponsor, was treated only with respect and dignity. Black Hat USA also had an obligation to provide Crown Sterling the benefit of its bargain, which was to be able to use its exhibitor booth and its sponsored session as means to invite fair, open, considerate and non-abusive dialog regarding its technology breakthrough, and to attract prospective clients, collaborators and business partners.
Good luck with that theory.
There may be a slightly stronger argument that Black Hat then did breach its contract by removing any mention of Crown Sterling from its website and then refusing to return the sponsorship money. That... gets a bit more iffy. There is some issue here in that Black Hat probably should review its sponsors a bit more carefully. And, if it's going to recognize that it was had and pull a sponsor's name off the website, it does seem like perhaps they should have given some money back. But, the flip side to that is that, until Black Hat realized what was going on, Crown Sterling appeared to get what it paid for -- a booth, promotion, and a speaking slot. It's only after all of that when Black Hat removed their name from the site.
Crown Sterling never could have anticipated what happened instead: Black Hat USA itself, rather than enforcing its own Black Hat protocol and Code of Conduct, and rather than renouncing the abusive conduct and demanding civility and decorum, instead made good on that detractor’s threat to “take Crown Sterling down” by publicly stating that it had taken down Crown Sterling’s presentation materials from its event website. In fact, this statement was false. Black Hat USA had never posted the Crown Sterling materials on its website, and presumably did not know its contents when it subsequently purported to have screened them after the fact, and based on this screening which never occurred, taken them down. What Black Hat USA did do, however, is take down any mention of Crown Sterling’s participation in the event from its website, essentially disavowing their presence and vitiating the very essence of the Sponsorship Agreement.
But... even that seems weak. As does arguing that Black Hat telling the press about this decision is somehow defamatory. That ain't how defamation works, guys.
Black Hat also sided with the detractors in the most public of ways, providing a statement for the very PC Magazine article that served as a mouthpiece for those conference detractors. In its statement, Black Hat USA confirmed that it would take down Crown Sterling’s content from its website, and it disavowed Crown Sterling as a sponsor. By doing so, Black Hat USA unfairly and inappropriately placed its imprimatur on the abusive sponsored session disruption and the defamatory smear campaign that followed shortly thereafter.
Notably, the lawsuit itself is not for defamation -- just breach of contract and breach of "implied covenant of good faith and fair dealing." It seems likely that this lawsuit is a long shot for a variety of reasons. But, it also isn't going to do much to improve Crown Sterling's reputation among cryptographers.
Filed Under: breach of contract, encryption, prime numbers, robert grant
Companies: black hat, crown sterling
