/// Talk of an RSA Boycott Grows After Reports It Colluded With the NSA

December 24, 2013  |  All Things Digital


A boycott may be brewing against security company RSA’s annual conference, in the wake of reports that the company used encryption technology that had been created by the U.S. National Security Agency in its products in order to create a “back door” in them. A well-known security researcher has announced that he is boycotting RSA’s annual security industry conference in San Francisco early next year, and will no longer deliver a scheduled talk at that event. In an open letter addressed to Joe Tucci, the CEO of EMC, of which RSA is a unit, and Art Coviello, the head of RSA, Mikko Hypponen, chief research officer at F-Secure, said he is “withdrawing his support for the event.” (See the full text of the letter below.) In a story on Friday, Reuters reported that RSA had accepted a $10 million payment from the NSA to use a random-number generator created by that agency in a widely used security product called BSafe. After being developed by NSA, the technology, known as Dual EC DRBG, which stands for Dual Elliptic Curve Deterministic Random Bit Generator , was recommended by the National Institute of Standards and Time (NIST) as an algorithm to create random numbers, a key part of the process of encrypting and securing data communications. RSA has issued a carefully worded denial of what Reuters described as a “secret contract” with the NSA. The company said that it has long worked with the NSA openly for what it described as an “effort to strengthen, not weaken” security products. RSA’s annual conference, scheduled Feb. 24-28, 2014, at San Francisco’s Moscone Center, is a significant event for large and small companies in the computer security industry, and is also widely attended by independent researchers. The conference boasts attendance of about 15,000 people. Hypponen has worked for F-Secure, based in Helsinki, since 1991. He’s a sought-out speaker on security topics, and is frequently quoted in the media (such as this example from AllThingsD in 2011 ), and has spoken at the influential TED conference. He has also has worked with law-enforcement agencies around the world. His research into the SoBig virus was the subject of a lengthy 2004 feature in Vanity Fair magazine. The name of the talk that he won’t be giving: “ Governments as Malware Authors .” Others in the security industry are talking about boycotting the RSA event, too.

Read the original post:
Talk of an RSA Boycott Grows After Reports It Colluded With the NSA


Leave a Reply