Slashdot Mirror
'Obnoxious' RSA Protests, RSA Remains Mum
An anonymous reader writes "By 'buying out' the most obvious lunch spot nearest the RSA conference yesterday, opponents and truth-seekers regarding RSA's alleged deal with the NSA raised awareness amongst attendees in the most brutal way possible: by taking away tacos and tequila drinks. Robert Imhoff, Vegas 2.0 co-founder, says, 'RSA could begin to fix this by going on the record with a detailed response about the accusations.'" I tried to get attendees of the conference to comment on camera — even a little bit — on what they thought of the NSA spying revelations, and not a single person I approached would do so. The pained facial expressions when they refused were interesting, though, and reflect the problem with a surveillance society in a nutshell. Especially at a conference where the NSA is surrounded by vendors who sell the hardware and software that enables your "mere" metadata to be captured and sifted, plenty of the people on the floor know that the companies they work for are or might one day be seeking contracts to do all that capturing and sifting, even if they'd rather not be subject to it personally, so their don't want their face shown saying so.
> 'RSA could begin to fix this by going on the record with a detailed response about
> the accusations.'"
Which we'd all of course believe.
As if the NSA doesn't already know what they really think.
An anonymous reader wants people to feel comfortable with him shoving a camera in their faces and asking for their comments for him to use as he will.
I wonder what "pained facial expressions" an anonymous reader might display in such circumstances.
If some pushy dude comes up to me and starts pestering me with questions, he's gonna get a knuckle sandwich!
of my times in communist country in which I grew up. This is the very common thing - people do not want to talk about certain subjects. This is of course not a one way street and it does not mean you are there yet but the beginning is made. Waves of BS and intimidation. Yet another sign of decay and decline of Western civilization one may argue.
First, they came for my tacos. But I did not speak out because I was not a taco...
Then they came for my tequila drinks. But I did not speak out because I was not a tequila drink...
Do not look into laser with remaining eye.
I don't think this little stunt has anything to say about a "problem with a surveillance society"; they have something to say about a problem with some a$$hole ambushing some geeks at a tech conference that just want to get their lunch and get back to the conference sessions.
And the RSA did go on record. They said it wasn't true. As far as going into the gory details of the contract? Contract details of any contract, with any customer, are generally not something a security company is ever going to disclose. That's not surveillance-state paranoia or evidence of evildoing; it's routine business practice.
Watered down margaritas and fall-apart fail-tacos seems ironically appropriate here.
Stupid reasoning. There are plenty of other reasons these people might not want to publicly comment. The most likely is that they're not authorized to speak for their employers, and fear rebuke or dismissal at their workplaces if they speak publicly on the topic.
If the contract is such that you are abetting the government in unconstitutional searches, then well, it seems worthy of getting pissed off about and definitely worthy of being labeled "surveillance state".
As a long time (and lazily anonymous, sue me) reader of slashdot I'm always amazed at how many commenters seem willing to give companies/corporations/government a pass because it's just "routine" business practice.
If it's routine for a company not to tell me how it makes it's product, okay fine (maybe).
If it's routine for a company to give away all my information to the government (who yes , absolutely is supposed to have a warrant) then I say, "fuck routine."
Jesus christ are these people serious?
The RSA has already explicitly said the contract doesn't say what they are accused of it saying. What else do you want them to do? They can't go and release the details of a confidential contract simply because somebody thinks it contains something it doesn't have.
Now, I'm not saying that RSA isn't lying, but if they were, would you believe that any contract they produced was an accurate one? Probably not. Talk about "Damned if you do, damned if you don't."
WTF is the "Classic" link now?
Though sometimes I wish they did, as the life expectancy in a vacuum is rather short, maybe 2 minutes tops?
They were accused of taking a $10M bribe to backdoor an encryption algorithm. RSA says it's not true. There's zero evidence that RSA knew about the weakness when accepting the money to include the algorithm in their products.
If they truly were going to compromise the security of every one of their customers, why would they have agreed to accept a paltry $10M?
Do you think that the bomber would cease dropping the artillary if he or she could see the faces of the burning people on the ground? Or do you think that nightmares of an eternity in a firey hell would prevent a commander from sending his troops mercilessly into a suicidal slaughter? Do you think that just because an entire nation sits on the precipice of collapse created by the decisions of a few who do not share the same loyalties would stop their plans when they know it will result in the destruction of that nation? Then you do not understand the fact that as long as they all can pass the responsibility for their own actions onto something greater than their own cowardice, this world will never be a safe place. As long as they believe that it is for the greater mankind, the bulk of mankind will never rest easily or assuredly. That is the nature of the way it has to be. For the rebellious nature of man will soon be overwhelmed by a universal change that ~no one will stop.
I had a similar thought, though without seeing video of the author's behavior it is impossible to tell how much of their reaction was due to the subject vs the person doing the asking. Given that the blogger in question has built a bit of a brand and pride around being obnoxious, I would not be surprised if the latter played a role.
Jeffrey Carr has a good point from the RSA Conference keynote:
> "When, last September, it became possible that concerns raised in 2007 might have merit as part of a strategy of exploitation, NIST as the relevant standards body issued new guidance to stop the use of this algorithm. We immediately acted upon that guidance, notified our customers, and took steps to remove the algorithm from use." - Art Coviello RSAC 2014 Keynote speech
So up until then, they apparently considered all the criticism of RSA security without merit? On what basis? The research was obviously right.
http://jeffreycarr.blogspot.dk...
If you read a bit more in the actual keynote, there is actually an unexpectedly frank explanation:
> "Recognizing that [after year 2000, open source, non-patented encryption was widely available], and encryption's inevitable shrinking contribution to out business, we worked to establish an approch to standards setting that was based on the input of the larger community rather than the intellectual property of any one vendor. We put our weight and trust behind a number of standards bodies - ANSI X9 and yes, the National Institute of Standards and technology (NIST). We saw our new role, not as the driver, but as a contributor to and beneficiary of open standards that would be stronger due to the input of the larger community."
But they ignore most of the input of the larger community, in favor of taking $10,000,000 from NSA to use their backdoored algorithm.
What we have seems to be standard exploitation of a valuable acquired brand which is no longer profitable. Take a high-quality brand with an outstanding reputation for independent quality checking. Fire everybody skilled (and expensive), and sell as many cheap commodity products under that brand as you can get away with, with as little expensive quality control as possible. Their claim is that they expected to get the quality control for free from NIST, which they knew was dominated by the NSA. Meanwhile, RSA Security choose to totally ignore any contradicting independent research.
Personally I believe the amount of incompetence and cluelessness claimed by RSA Security as defense strains credulity beyond breaking point.
While I support this kind of excellent awareness-based protest and non-violent resistance, I don't believe it will be in the least bit effective. Preaching to the sheep as it were.
But this all begs the question of what encryption methods, algorithms and ciphers are still strong? Anything? Not a damn thing? With as far back as some of this seems to go and more nonsense coming up every week, everyone is wondering if this has been going on since NIST starting approving things in encryption or even before.
I'm sorry, do you have a problem with the FREE MARKET ?!! you probably kiss girls, you foggot
Maybe the author was wearing Google Glass.
I come here for the love
I'm at RSA. I've been asked by multiple people to comment on this all week. At first I had insightful things to say. At this point though "get the hell out of my way and leave me alone" is the answer I'm giving because I'm tired of dealing with assholes trying to score points off of me.
Look, the NSA has already done more damage to the United States technology industry than any other enemy. RSA and the rest are just private branches of the state. Fuck them.
Most of the attendees at a tech conference are front-line IT grunts (and their managers) sent their by their boss to learn about new products, techniques, etc. Most of them don't work for RSA, nor will most have been in charge of the buying decision to purchase RSA products.
This isn't a "veil of contractual secrecy" being thrown... this is some more-or-less random schmoe having a complete stranger asking him questions on camera on something on which he doesn't have enough information to make an intelligent reply.
You're still guilty, though, and you can't walk away from that...
CAP = 'fetching'
+1 to this.
It's fairly common for companies to have required IT products, such as RSA. Then they send their employees out to improve their knowledge of the "blessed" product(s).
The employees are often obligated to attend the conference, and are also (due to corporate policy) unable to say much, just in case those comments can be construed as company opinion.
So yeah... you have these poor attendees who are pretty much like "Look, I don't know anything anyway, my attendance was mandated by someone else. Why are you harassing me?"
-- Sometimes you have to turn the lights off in order to see.
You mean, you'd like some privacy? You do get the horror of that, don't you?
"The pained facial expressions when they refused were interesting ..."
In many cases I suspect this was just their "Who are you and why are you bugging me now go away" expression.
The defense and intelligence parts of the budget have very large parts that are a "black box". As well they should be. It's a bit difficult to carry out secret projects if all your contracts are open to anybody that wants to read them.
Yes, such contracts are vulnerable to abuse and oversight problems. But that doesn't mean that the RSA even has the ability to release the contract if they wanted to.
cops are bad. All of them are enablers making them all bad.
"Plain old tech" people get paid conference passes all the time. Your company buys X amount of stuff from Y vendor (or a business partner), the vendor account rep provides your company with Z full conference passes gratis, and most of those passes end up in the hand of front-line IT grunts (they are the ones most of the education classes are targeted for.) These grunts are no more likely to be familiar with the particular facts of what they were getting interrogated on than any other geek.
Also, it IS a tech conference; RSA just happens to be a security vendor; pretty much every single large tech vendor runs one of these conferences. A "security conference" would be something like DEFCON, one of the several conferences the IEEE runs on security, etc.
And quit with your paranoia about how much RSA is bribing me. I work from home, so it'd be pretty tough for RSA to buy me lunch. The organization I work for (part of a larger IT company) is not an RSA customer. Not everyone that voices vocal disagreement is a sock-puppet; I thought the whole point of the Slashdot comment section was to comment.
All my so-called "pro-RSA" talk on this topic has been motivated by the obnoxious tactics of these protestors, and the knee-jerk silence-equals-guilty attitude. You'd get the same reaction from me if this was a story about PETA sticking microphones in the face of somebody trying to buy some chicken for dinner.