Slashdot Mirror
Security Experts Call For Boycott of RSA Conference In NSA Protest
Hugh Pickens DOT Com writes "ZDNet reports that at least eight security researchers or policy experts have withdrawn from RSA's annual security conference in protest over the sponsor's alleged collaboration with the National Security Agency. Last month, it was revealed that RSA had accepted $10 million from the NSA to use a flawed default cipher in one of its encryption tools. The withdrawals from the highly regarded conference represent early blowback by experts who have complained that the government's surveillance efforts have, in some cases, weakened computer security, even for innocent users. Jeffrey Carr, a security industry veteran who works in analyzing espionage and cyber warfare tactics, took his cancellation a step further calling for a boycott of the conference, saying that RSA had violated the trust of its customers. 'I can't imagine a worse action, short of a company's CEO getting involved in child porn,' says Carr. 'I don't know what worse action a security company could take than to sell a product to a customer with a backdoor in it.' Organizers have said that next month's conference in San Francisco will host 560 speakers, and that they expect more participants than the 24,000 who showed up last year. 'Though boycotting the conference won't have a big impact on EMC's bottom line, the resulting publicity will,' says Dave Kearns. 'Security is hard enough without having to worry that our suppliers — either knowingly or unknowingly — have aided those who wish to subvert our security measures.'"
"'Though boycotting the conference won't have a big impact on EMC's bottom line"... not buying their products because there's a f-cking backdoor in it will.
Some people die at 25 and aren't buried until 75. -Benjamin Franklin
you can defend them all you want.
at this point, anything that comes to light about NSA and shows them in a bad light, I will fully believe until THAT is proven otherwise.
given the reputation, it sounds more likely than not. we're seeing the true color of the 'security' industry, here, and its about time!
and anyone who defends the nsa or rsa, well, you've shown YOUR true colors, as well.
--
"It is now safe to switch off your computer."
Privacy in America is complicated. The majority argument in the Supreme Court decision that legalized abortion, Roe v. Wade, was based on a right to privacy. Since then (1973), the Republican Party has refused to accept that a right to privacy exists, because that would imply that Roe v. Wade is based on a sound principle and therefore abortion has to remain legal. This puts us in the unfortunate position of privacy rights being collateral damage in the culture war. Any Federal court nominee is going to get asked in his/her confirmations hearings whether there exists a right to privacy, and an affirmative answer means the Republicans will block that nominee. Most nominees prevaricate.
It's not the only reason privacy is a suppressed issue in mainstream American politics. Both parties have an authoritarian streak a mile wide (manifested in slightly different ways, so they can hate each other anyway) and privacy is the enemy of authority.
A lot will have to change before America is willing to make privacy a priority. What I find encouraging about Snowden's relevations is that it looks like enough people are talking about privacy that the issue might not crawl away to die again. Give it time.
[Sir Garlon] is the marvellest knight that is now living, for he destroyeth many good knights, for he goeth invisible.
I was also skeptical when I first saw the news articles (like this one) that said that RSA had published a statement where they supposedly refuted the existence of that NSA deal. The existence of the deal was originally broken by Reuters in this article, where they cite "two sources familiar with the contract" as their sources. But then, after more in-depth analysis of the RSA blog post where they supposedly "denied" the existence of the deal, it was revealed that actually RSA neither denied nor acknowledged that such deal existed in their statement. They are just using general wording to give an impression, that they would certainly never do such thing. But they are not directly denying the existence of the deal.
Now, thinking logically, it's pretty damn clear that they would have denied that such a deal was ever made, if they were in the position of making such a claim. But given they don't directly deny the claims presented by Reuters, it would seem a much more logical explanation that the deal indeed was made, and RSA just went into damage control mode after the publication of the Reuters article. Lying to the public would have meant more damage if Reuters would have later been able to present the actual paper of the deal, so I suppose we can take their lack of directly denying this deal's existence as an admission of sorts. This is also the reason why speakers are canceling their appearance in the conference ("Your company has issued a statement on the topic, but you have not denied this particular claim.")
So, I think we have grounds to believe that there is actually quite much truth to the original story by Reuters. As they say, the deal was "handled by business leaders rather than pure technologists". I am pretty sure that this is a yet-another example of a major manager-level f*ck up. Tech companies very often have all the expertise on the technical personnel level, while managers are a "necessary evil" who often have much fewer insight into the technical field where the company actually operates. Of course, anyone with even the slightest idea of how the IT security field functions, would never ever endanger their company's credibility (at least for such little reward as $10 million), because deals like this tend resurface in the public sphere sooner or later. All we can assume that someone in the management made a very major f*ck-up and made this secret deal with NSA without much consulting from the technical folks. But I am pretty sure that now that this deal has surfaced in the public sphere, it will end up costing RSA a great deal more in lost sales than what the "business leaders" anticipated they could gain in short term from making the deal with NSA.