Site   Web

January 9, 2014

Security Experts Pulling Out of RSA Conference Over NSA Ties

National Security Agency photo

A number of leading security experts have pulled out of an RSA conference over concerns the security firm may be in a little too tight with the National Security Agency.

The NSA is said to have paid RSA $10 million to give the agency back door access to encryption-protected products, according to an exclusive report from Reuters last month.

The RSA, a holding of EMC Corp, has denied the allegations, saying it has never “entered into any contract or engaged in any project with the intention of weakening RSA’s products, or introducing potential ‘backdoors’ into our products for anyone’s use.”

The security firm’s denial, however, was not enough to prevent at least eight computer security researchers from bowing out of the February conference.

One such expert is F-Secure chief research officer Mikko Hypponen, who penned an open letter to RSA executive chairman Art Coviello and EMC CEO Joseph Tucci to cancel his appearance at the conference.

Below is an excerpt from his letter:

On Dec. 20, Reuters broke a story alleging that your company accepted a random number generator from the National Security Agency, and set it as the default option in one of your products, in exchange of $10 million. Your company has issued a statement on the topic, but you have not denied this particular claim. Eventually, NSA’s random number generator was found to be flawed on purpose, in effect creating a back door. You had kept on using the generator for years despite widespread speculation that NSA had backdoored it.
As my reaction to this, I’m cancelling my talk at the RSA Conference USA 2014 in San Francisco in February 2014.
Aptly enough, the talk I won’t be delivering at RSA 2014 was titled Governments as Malware Authors.

CEO of cyberesecurity company Taia Global Jeffrey Carr announced his decision on his blog to cancel his talk at the conference.

“Obviously, I hope that RSA and EMC’s leadership will eventually rise to the occasion and be fully transparent about what happened and why,” Carr wrote. “However unless and until RSA fully addresses this apparent breach of trust, I won’t be speaking at any RSA events nor will I accept RSA as a sponsor at any future Suits and Spooks events.”

Christopher Soghoian, principal technologist with the ACLU ‘s Speech, Privacy and Technology Project has also pulled out.

“I’ve given up waiting for RSA to fess up to the truth re: the NSA and Dual_EC. I’ve just withdrawn from my panel at the RSA conference,” Soghoian said in a tweet.

Google software security engineer Chris Palmer tweeted that he would no longer take part as did his colleague Adam Langley.

“I’ve become convinced that a public stance serves more than self-aggrandisement, so: I’ve pulled out of the Cryptographers Panel at RSA 2014,” Langley tweeted.

Program committee chairman Hugh Thompson told The Washington Post he was “disappointed” by the cancellations.


Jennifer Cowan is the Managing Editor for SiteProNews.