Slashdot Mirror

← Back to Stories (view on slashdot.org)

'Obnoxious' RSA Protests, RSA Remains Mum

Posted by timothy on from the where-it-hurts dept.

An anonymous reader writes "By 'buying out' the most obvious lunch spot nearest the RSA conference yesterday, opponents and truth-seekers regarding RSA's alleged deal with the NSA raised awareness amongst attendees in the most brutal way possible: by taking away tacos and tequila drinks. Robert Imhoff, Vegas 2.0 co-founder, says, 'RSA could begin to fix this by going on the record with a detailed response about the accusations.'" I tried to get attendees of the conference to comment on camera — even a little bit — on what they thought of the NSA spying revelations, and not a single person I approached would do so. The pained facial expressions when they refused were interesting, though, and reflect the problem with a surveillance society in a nutshell. Especially at a conference where the NSA is surrounded by vendors who sell the hardware and software that enables your "mere" metadata to be captured and sifted, plenty of the people on the floor know that the companies they work for are or might one day be seeking contracts to do all that capturing and sifting, even if they'd rather not be subject to it personally, so their don't want their face shown saying so.

14 of 99 comments (clear)

  1. On the record by Threni · · Score: 2

    > 'RSA could begin to fix this by going on the record with a detailed response about
    > the accusations.'"

    Which we'd all of course believe.

    1. Re:On the record by thue · · Score: 4, Interesting

      Are you referring to this RSA's CTO Sam Curry's "defense", which Mathew Green and Matt Blaze has had so much fun ridiculing? http://blog.cryptographyengine...

      RSA Security really haven't made anything close to a coherent defense.

    2. Re:On the record by thue · · Score: 2

      For starters, they can come clean. All their press releases have been exercises in trying to say as little as possible, and be as misleading as possible whiile still not literally lying. For example, their non-denial of the $10,000,000 deal with NSA had half the press falsely reporting that RSA claimed there never any $10,000,000 deal.

      Dual_EC_DRBG has been documented since 2006/2007 to be an insecure CSPRNG, even without the backdoor. I knew about it for example, and I do not even work in that field. The only way nobody at RSA Security (a huge company specializing in security) could not have heard about it is by putting their hands over their ears and yelling LALALA. And they didn't put 2 and 2 together about why NSA paid them $10,000,000 when the possible backdoor was discussed in the media and the cryptographic community?

      I can accept that RSA Security might have been fooled in 2004. But they have not even tried to explain why they kept using Dual_EC_DRBG after 2006/2007. They have been caught with the hand in the cookie jar, and refuse to even try to defend themselves. Why should I try to invent explanations for their innocence for them?

      > what evidence could RSA show us that would reinstate our trust

      The point is that the circumstantial evidence is so hugely strong. This is not unfair - this is reality.

      It is like finding you standing over a corpse in a pool of blood and a knife in your hand, with a $10 million payment to your account from the victims worst enemy. And you refusing to talk about how you got there, or why the victim's worst enemy sent you the $10 million. Do you think I have no right to make assumptions in that case?

  2. It's not like saying nothing will be of any use by korbulon · · Score: 2

    As if the NSA doesn't already know what they really think.

  3. And when the came for me... by TWX · · Score: 2

    First, they came for my tacos. But I did not speak out because I was not a taco...

    Then they came for my tequila drinks. But I did not speak out because I was not a tequila drink...

    --
    Do not look into laser with remaining eye.
    1. Re:And when the came for me... by CyberKnet · · Score: 3, Funny

      First they came for the tacos, and I did not speak out -- because we had a CmDrTaCo.
      Then they came for the tequila drinks, and I did not speak out -- because I was more a fan of Wine.
      Then they came for the chips 'n dips, and I did not speak out -- because everyone had moved on to Slashdot
      Then they came for Slashdot, -- there was no one left to speak for it...

      ... because beta had already driven everyone away.

      --
      Video meliora proboque deteriora sequor - Ovidius
  4. What did you expect? by sirwired · · Score: 4, Insightful

    I don't think this little stunt has anything to say about a "problem with a surveillance society"; they have something to say about a problem with some a$$hole ambushing some geeks at a tech conference that just want to get their lunch and get back to the conference sessions.

    And the RSA did go on record. They said it wasn't true. As far as going into the gory details of the contract? Contract details of any contract, with any customer, are generally not something a security company is ever going to disclose. That's not surveillance-state paranoia or evidence of evildoing; it's routine business practice.

    1. Re:What did you expect? by fuzzyfuzzyfungus · · Score: 4, Insightful

      Pity the poor hatchetmen, cruelly interrupted during lunch. I, for one, fear for the future of a society that respects the privacy of others so little...

      Do I think that Our Fearless Correspondent is even remotely effective in his stated aims? Not with those tactics, he'd be hard pressed to get someone to tell him the time.

      Should we care about that? Do RSA's little minions deserve to throw a veil of contractual secrecy over their lunch hour, lest their delicate feelings be offended by the sight of disapproval?

      In a situation where legal redress is, in all probability, a fantasy; but displeasure is very real, isn't social disapproval an excellent response? Wouldn't it be delightful if admitting to working for a spook contractor was about as pleasant as admitting that you take the long way around that school zone because you are a convicted sex offender? Now, especially without good evidence tying individual people to individual pieces of work, you don't want to go overboard; but it would be downright wholesome if the penalty for collaboration was constant exposure to contempt.

  5. Bad inference by DoofusOfDeath · · Score: 4, Insightful

    The pained facial expressions when they refused were interesting, though, and reflect the problem with a surveillance society in a nutshell.

    Stupid reasoning. There are plenty of other reasons these people might not want to publicly comment. The most likely is that they're not authorized to speak for their employers, and fear rebuke or dismissal at their workplaces if they speak publicly on the topic.

    1. Re:Bad inference by Trepidity · · Score: 2

      Also, the pained facial expressions might be related to the lack of tacos and/or tequila drinks.

      --
      10 PRINT CHR$(205.5+RND(1)); : GOTO 10
  6. On what basis can you make this demand? by sirwired · · Score: 2, Insightful

    The RSA has already explicitly said the contract doesn't say what they are accused of it saying. What else do you want them to do? They can't go and release the details of a confidential contract simply because somebody thinks it contains something it doesn't have.

    Now, I'm not saying that RSA isn't lying, but if they were, would you believe that any contract they produced was an accurate one? Probably not. Talk about "Damned if you do, damned if you don't."

    1. Re:On what basis can you make this demand? by Goldsmith · · Score: 3, Insightful

      Sure, they can release the details of that contract. Government contracts are supposed to be public. Go take a look at usaspending.gov and fpds.gov There are plenty of security contracts posted there, just not any between RSA and NSA. It's not the easiest system in the world to navigate, you have to know a lot about government contracting to make sense of it.

      But, you'll see military hardware contracts, homeland security database contracts, all of them are published on federal websites as a matter of course (you have to get special approval to not post a contract publically). The government mandates this so that competing companies and the public can see that they're getting a "fair deal". Never mind that a lot of these show they weren't competed, no one actually takes advantage of government transparency when it's available.

    2. Re:On what basis can you make this demand? by Goldsmith · · Score: 3, Informative

      I worked as a government employee overseeing R&D contracts. It wasn't that long ago. We were required to post the contracts publically. They're on the websites I mentioned...

    3. Re:On what basis can you make this demand? by Arker · · Score: 2

      "The RSA has already explicitly said the contract doesn't say what they are accused of it saying."

      Link? Because what I remember reading from them was more of a very carefully calculated non-answer. Did not deny the elements of the crime, but very vaguely denied any intent. An evasive, lawyerly answer, not a straightforward denial at all.

      --
      =-=-=-=-=-=-=-=-=-=-=-=-=-=-
      Friends don't let friends enable ecmascript.