January 9, 2014
Security Firms Backing Out Of RSA Conference Over NSA Controversy
Peter Suciu for redOrbit.com - Your Universe Online
Following last month’s news that security firm RSA had worked with the National Security Agency to provide a digital backdoor in its encryption technology, eight computer security research firms have announced that they will not attend a security conference sponsored by RSA, reported the Washington Post.
Despite the response from RSA that it had not provided the NSA with any such technological advantage to break its encryption, there was steady and continued outrage throughout the security community. The Post reported that within days of the story breaking last month there were “rumblings of a boycott of the RSA Conference,” which is scheduled for next month.
The RSA Conference has been a major cyber security industry event, and it reportedly attracted more than 24,000 attendees in 2013. According to online reports, the calls for speakers had been very competitive – with more than 2,000 submissions for just the 300 to 400 sessions.
Josh Thomas of Atredis Partners was apparently one of the first to pull out, and he announced on December 22 that he could pull his talk due to a “moral imperative,” the Washington Post noted.
Soon after, Mikko Hypponen, chief research officer at Finnish cyber security firm F-Secure, also announced that he would cancel his aptly titled “Government as Malware Authors” speech. In an open letter last month, Hypponen expressed serious concerns over the allegations that RSA had worked with the NSA.
“I don't really expect your multibillion dollar company or your multimillion dollar conference to suffer as a result of your deals with the NSA. In fact, I'm not expecting other conference speakers to cancel,” Hypponen wrote. “Most of your speakers are American anyway – why would they care about surveillance that's not targeted at them but at non-americans [sic]. Surveillance operations from the US intelligence agencies are targeted at foreigners. However I'm a foreigner. And I'm withdrawing my support from your event.”
This week he updated his open letter and announced that he would not even attend the program and wrote, “Initially I only canceled my talk, as I didn't want to punish the FTC which had nothing to do with the events I was protesting about. However, partial participation sends mixed messages. I don't want to send mixed messages, so I have canceled all my appearances at RSA 2014. I'm sure the FTC will understand. I can also confirm that F-Secure is not speaking, sponsoring or exhibiting at RSA Conference USA 2014.”
Other security experts, including Chris Palmer, security engineer at Google, and Jeffrey Carr, founder and CEO of security firm Taia Global, announced they would cancel their talks at the RSA Conference. This week Christopher Soghoian, principal technologist with the ACLU’s Speech, Privacy and Technology Project announced via Twitter that he had withdrawn from his panel. Google’s Adam Langely also withdrew from the event, along with Marcia Hofmann and Alex Fowler.
In December, documents leaked by former NSA contractor turned whistleblower Edward Snowden suggested that the government agency and security firm had arranged a secret agreement that created and promulgated a flawed formula for generating random numbers” called Dual Elliptic Curve. This reportedly allowed the NSA to crack encryption codes and gain entry to a number of computer products.
Reuters reported last month that there was a secret $10 million contract between the NSA and RSA, an encryption maker that is now owned by EMC.
Soon after the allegations were made, the company responded that it had worked with the NSA as a vendor but didn’t provide a secret backdoor to its software for government spying.
“We have never kept this relationship a secret and in fact have openly publicized it,” the company posted on its website. “Our explicit goal has always been to strengthen commercial and government security.”