Wow this blog post makes djb sound like such a scumbag. The idea that he would ask people to consider the allegations "false" is absurd (there's a difference between presuming innocence vs presuming the the allegations are false).
tl;dr DJB was approached with a complaint, and thought it was a situation where he would give advice and his counterparty expected he would maintain his confidence. After he heard about the frustration the complainant was experiencing, asked the person to file a formal complaint, or at least send a self-contained email (explicitly acknowledged as not confidential) that he could use to move forward, in order to not break that confidence.
Seems that's where things broke down. There's another complaint related to Tanja that seems separate (he says that she urged him to not file a complaint immediately), but that's orthogonal to DJB's side of this, I think.
EDIT: It seems, from context, that the complainant wanted the confidence revoked, and everything put on the record (not unreasonable). But DJB doesn't _keep_ records of confidential things -- hence his insistence that they start from the beginning.
EDIT2: I'm trying to summarize "What is DJB's side of this (as communicated in the linked emails)?" not the whole scenario. I don't know anything about this situation directly.
> But DJB doesn't _keep_ records of confidential things -- hence his insistence that they start from the beginning.
I call BS on this, if we're talking about adults at university positions. The reasonable response in that case is: "I do not have any archives. Please resend everything you've got.", not starting from the beginning without communicating that fact clearly. If someone fails to act properly in that position, they shouldn't be overseeing other people.
He should not stop because of a technicality on his side in that situation.
(Edit: reasonable response == absolute minimum here, he could do much more)
I don't disagree -- presumably some of their conversation happened verbally, so the claim 'I don't take notes or have records of confidential things' makes more sense? Seems likely, I frequently discuss things in person first.
I also agree with your characterization of the other side of this -- that it seems like he's using a technicality to excuse not doing something important. I'm not advocating anything, just trying to summarize a pretty long email chain.
You're talking about a crypto researcher here. Their behavior absolutely does include a much higher level of awareness around the handling of confidential information. He may well have a policy that all confidential communication is treated separately, including being automatically wiped after some period of time. This would need to be standard for his work as it relates to investigating 0day and other vulnerabilities that must be confidentially disclosed to third parties.
This does not make him a nice guy, and he would likely have been in violation of Title IX, which means any US govt funding for his lab is potentially at risk as a result of this case.
What do you think crypto researchers are? It's not a cloak and dagger field. It's applied mathematics research. You've never seen a group of people less wrapped up in spycraft than the attendees of an academic crypto workshop. That's one of the things that made Appelbaum's admission to Dan and Tanja's research group so weird.
I don't care who he is, or what his daily email routine is. It doesn't matter. At any level, if someone you're superior to in your organisation comes to you and reports abuse from another person in the org, you either follow up immediately, or you shouldn't be superior to them. Any kind of follow up should produce report of that. If the person taking to you doesn't want you to report it further, then it's your business to have a record of that and never lose it. I know it from normal decency and numerous company trainings and I've never even been a manager.
His research topic, or even whether the report is true don't matter. It's in his interest to follow up on his own and keep records. If not because it's right, at least to protect the university and himself from what's happening right now.
Sometimes your best protection is a policy that all electronic communications are automatically deleted after a retention period. Many companies have such policies, and they have them on advice of their legal council, specifically to avoid discovery issues in the event of a suit. You can argue this doesn't apply here from a moral perspective and I would agree with you, but IT and legal policies often do not follow an ethical code.
Crypto research exacerbates this because the likelihood of such suits is higher than with other kinds of research, sometimes rising to the level of nation states getting grumpy at you with all that could entail. Finally, while I can't make any excuse for the behavior, he would be far from the first graduate advisor to have less than stellar management training or skills.
That's pretty disgusting, and the kind of "sneaky" you'd expect from an overly precocious child. Then again, it actually does match the combination of passive aggression and thwarted control-freak that I've come to expect from academia.
The emails don't show djb as a scumbag, just a little bit cold and rule-oriented. The kind of guy that is generally regarded as writing the most secure unclassified crypto code is going to be rule-oriented. Think of Immanuel Kant, who (roughly) said that the golden rule was the ultimate law, and required him to always tell the truth, even if a murderer showed up at his door, and asked whether his target was upstairs. DJB is simply saying he's willing to be the guy's confidant, but if he wants him to act in a formal, legal way, he wants him to tell him all the things he's willing to have exposed to a legal process. He doesn't want to assume that just because he's filing a complaint, that everything that his friend has told him in confidence is now potentially public record, and so he wants him to repeat what he wants to be on the record. To me, that's the mark of a good friend.
Both of them describe Bernstein as a manager, not a friend.
I think Bernstein may simply have meant that the written complaint had to be specific, but that took a close reading and some charity. His direction to leave out "any reference to the previous conversation" first struck me as wanting to pretend there hadn't been one.
That's not the impression I got. It sounded to me like there had been a long, confidential conversation, perhaps spanning different media, and he just wanted an authoritative email laying out the full issue, which he could then act on, without needing to try to accurately recall all past conversation and determine which parts should be confidential or not.
I'm not saying it was the ideal response, just that if we give the benefit of the doubt it doesn't appear to be a malicious one.
The author of the article published what he claims were emails sent by Bernstein. If the entire story is fabricated, Bernstein's side is "I never sent those emails".
Did you read the post? The accuser did make several "formal statements", most of which went ignored.
> On my return, with an alternate way to stay in the EU secured, I prepared a written complaint and sent it to our department secretary on the 22nd of August...
...
> At the beginning of September, I spoke to two people in HR for nearly two hours, answering their follow-up questions about the complaint I had sent them.
...
> While in North America, an HR rep contacted me to tell me that I needed to personally meet with yet another person at the university, who is in charge of scientific integrity. I sent this person a copy of the same written complaint I had already sent to HR, and arranged a meeting.
So that's four or five people who received a formal, written statement from the accuser, and did nothing in response.
Bernstein told the author not to mention their prior conversation in his complaint. The author found this suspicious and filed a complaint with the department secretary instead.
You know one thing about the author's mental health: he had panic attacks during a very stressful time in his life. Any psychologist can tell you that this has no bearing on someone's truthfulness. Continuing to speculate about his mental health is in very poor taste.
I would love to hear his side of the story.