Next month, one of the largest security conferences in the nation is scheduled to take place in San Francisco and it has become a lightning rod for the NSA snooping scandal.
Big-name computer security professionals are so angry at the company that hosts it, RSA, that they are cancelling their keynote speeches and conference sessions.
RSA is a security unit owned by EMC that makes encryption technology, the kind of tech that is supposed to make your computer safe from hackers.
At issue is a news story that broke last month in Reuters, which reported that the NSA had entered into a $US10 million agreement with RSA to influence the default method of encryption in a popular RSA product called BSafe, according to documents leaked by Edward Snowden.
The implication is that the agreement allows the NSA to break into computers and read documents, even if the data was encrypted.
RSA admitted it worked with the NSA but “categorically denied” that the partnership gave the NSA any “back door.”
Here’s its statement:
We have worked with the NSA, both as a vendor and an active member of the security community. We have never kept this relationship a secret and in fact have openly publicized it. Our explicit goal has always been to strengthen commercial and government security … we also categorically state that we have never entered into any contract or engaged in any project with the intention of weakening RSA’s products, or introducing potential ‘backdoors’ into our products for anyone’s use.
But some big names in the security industry aren’t buying RSA’s denial and have canceled their appearances at the conference in protest.
For instance, Mikko Hypponen, a famous security researcher from F-Secure and frequent RSA speaker, canceled his talk, explaining his decision in an open letter:
On December 20th, Reuters broke a story alleging that your company accepted a random number generator from the National Security Agency, and set it as the default option in one of your products, in exchange of $US10 million. Your company has issued a statement on the topic, but you have not denied this particular claim. Eventually, NSA’s random number generator was found to be flawed on purpose, in effect creating a back door. You had kept on using the generator for years despite widespread speculation that NSA had backdoored it.
As my reaction to this, I’m cancelling my talk at the RSA Conference USA 2014 in San Francisco in February 2014.
And now, weeks before the conference, there’s a running list of other speakers pulling out, including security professionals from Google and Mozilla, reports ComputerWorld’s Richi Jennings.
It’s probably a moot gesture. Last year, some 20,000 attendees flocked to the conference and this growing boycott probably won’t derail the conference now.
But it’s an interesting gesture all the same and by some of the smartest minds in the computer security business.