Slashdot Mirror
TrustyCon was the 'Rebel Conference' Across the Street From RSA 2014 (Video)
RSA holds big-time annual security conferences. The 2014 U.S. edition had 25,000 attendees, Stephen Colbert as the closing keynote speaker, and a major controversy (and some anger) from potential speakers and attendees over RSA's reputed $10 million contract with NSA to make sure the company's encryption software had back doors the secretive agency could use to spy on people and companies that use RSA software. This is part of a story that might be called The Snowden Revelations if it is made into a movie, but right now it's still controversial, and enough of a bombshell in the IT security industry that F-Secure's Mikko Hyppönen decided not to speak at this year's U.S. RSA conference, followed by Bruce Schneier, DEFCON founder Jeff Moss, Princeton professor Ed Felten, and other security luminaries.
And so, TrustyCon -- the Trustworthy Technology Conference -- was born. It was a sellout, with 400 people attending at $50 a head, and another 300 on a waiting list who couldn't get in. Slashdot's Tim Lord managed to get in, and got to speak briefly with several people there, including one of the TrustyCon organizers, Joel Wallenstrom. These were crude interviews, done on a "catch as catch can" basis, and the sound in them is poor. (Google sent a camera crew and shot over seven hours of the conference speakers, which you can watch on YouTube if you want to view TrustyCon presentations in good HD with great sound.). Will there be another TrustyCon next year? According to The Register, "The conference organizers said that, at this point, the plan is to hold another get-together next year, but that a final decision will be made closer to the time."
And so, TrustyCon -- the Trustworthy Technology Conference -- was born. It was a sellout, with 400 people attending at $50 a head, and another 300 on a waiting list who couldn't get in. Slashdot's Tim Lord managed to get in, and got to speak briefly with several people there, including one of the TrustyCon organizers, Joel Wallenstrom. These were crude interviews, done on a "catch as catch can" basis, and the sound in them is poor. (Google sent a camera crew and shot over seven hours of the conference speakers, which you can watch on YouTube if you want to view TrustyCon presentations in good HD with great sound.). Will there be another TrustyCon next year? According to The Register, "The conference organizers said that, at this point, the plan is to hold another get-together next year, but that a final decision will be made closer to the time."
Even if it was for a "good cause". Let's for a moment even assume that the NSA is an all-holy entity that could never do anything wrong and that we trusted them implicitly, not because our software forces us to but because we genuinely wanted to.
Note the subjunctive.
Even then the security software would be a security hazard. Simply and plainly because there is (at least) one way to access data that is absolutely beyond your control. You cannot even audit the security level of the entity holding the additional key to your data.
If you need to give your non-tech boss a way to understand the severity, that's like having a general key to your office and the safe with all the highly classified and mission critical papers deposited at your local police force. While by itself not a problem (provided you trust your police), they are not required to give you any information concerning the key's storage or whereabouts. You will not be notified how they themselves will keep that key safe, nor do you get any kind of information should that key get stolen. You will not be notified if some potential attacker or burglar, or even a competitor, gets access to that key, legally or illegally.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.