Security wonks put one of those fingers on each hand up.
May I have your attention, please? Next month’s huge RSA security conference is in the spotlight over a growing number of boycotts by high-profile speakers. The conflab, run by EMC’s (NYSE:EMC) RSA division is the lightening-rod for disquiet over alleged NSA backdoors inserted into RSA crypto software.
As you may recall, the smell of it is that RSA agreed to the NSA’s request to use a default random-number generator that made it easy to crack customers’ encrypted data.
In IT Blogwatch, bloggers repeatedly ask, “He didn’t just say what I think he did, did he?”
I repeat, your real, humble blogwatcher curated these bloggy bits for your entertainment. [We're gonna have a problem here -Ed.]
I’ve been working with computer security since 1991. Nowadays I do quite a bit of public speaking. … I have spoken eight times at…RSA Conference[s].
On December 20th, Reuters broke a story alleging that your company accepted a random number generator from the National Security Agency, and set it as the default. … You have not denied this particular claim [and] you had kept on using the generator for years despite widespread speculation that NSA had backdoored it.
As my reaction to this, I’m cancelling my talk at the RSA Conference. … I’m withdrawing my support from your event. MORE
Granted, I’m no Mikko…but I think it’s vitally important that those of us who profoundly object to RSA’s $10 million secret contract with the NSA do more than just tweet our outrage.
RSA has issued the weakest of denials possible…failed to address most of the troubling points raised in Joe Menn’s article for Reuters. This on top of RSA’s horrible handling of its 2011 SecureID breach has shattered any remaining trust in the company. … I hope that RSA and EMC’s leadership will eventually rise to the occasion and be fully transparent.
However unless and until RSA fully addresses this…I won’t be speaking at any RSA events nor will I accept RSA as a sponsor. MORE
I’ve given up waiting for RSA to fess up. … I’ve just withdrawn from my panel at the RSA conference.
The program chair of the RSA conference is a senior exec at infamous censorship tech firm Blue Coat. MORE
I’ve decided to back out of my panel at RSA, too. No longer speaking on “The Boundary Between Privacy and Security: The NSA Prism Program.” MORE
I’ve become convinced that a public stance serves more than self-aggrandisement, so: I’ve pulled out of the Cryptographers Panel at RSA 2014.
(I had already decided not to do it, but I pondered for a while whether I should say anything in public.) MORE
Add me; I won’t be talking about public key pinning. MORE
I think jury is still out on whether RSA was negligently hoodwinked or deliberately sold out, but either deserves condemnation. MORE
[I] just backed out of the “Hot Topics in Privacy: A Dialog with Facebook, Google, Microsoft, Mozilla & Twitter” panel at RSA. MORE
Yes, my RSA talk is 100% pulled as a moral imperative.
The company and then con are not actually tightly coupled fwiw, but I don’t feel the need to lend my name to that ****. … This is a battle worth standing up for. MORE
I don’t think boycotting will do much. … RSAC is, for all intents and purposes, a side company. … It would take a huge number of attendees failing to show up in order to make an impact.
If you think that NSA has been behaving badly and you really want to have an impact, go to the event and talk to people at the event…change your talk to include a slide or ten about what you believe RSA has done wrong…tell them why you think the RSA Corporation has crossed the line and spread the word.
Quit buying their products and tell them why. Now that’s a message they’ll hear loud and clear. MORE
There are several motives at play in this, some honest, some not. Neither side has a monopoly on hypocrisy. MORE
Fugue on a theme of Eminem, by Syd R Duke
Subscribe now to the Blogs Newsletter for a daily summary of the most recent and relevant blog posts at Computerworld.