View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
January 9, 2014

RSA talkers dropping like flies

Influential speakers are withdrawing from upcoming conference following allegations of NSA collusion.

By Ben Sullivan

A list of speakers due to appear at the upcoming RSA Conference have withdrawn themselves from the event after stories appeared implicating the RSA in NSA surveillance projects.

Although the eight representatives who have withdrawn so far are a small portion of the total speakers due for the massive event, the list does include some rather big names.

The RSA Conference is one of the largest cyber-security conferences held every year in the United States. Last year’s event pulled in more than 24,000 attendees. This year’s event is scheduled for February in San Francisco, and had the usual list of influential industry leaders due to present.

However, late last year came allegations originally unearthed by Reuters of RSA-NSA collusion, pointing the finger at a certain $10 million being passed to RSA so it could install a back door to its encryption software for the NSA to peer through.

The allegations say that a number of years ago, RSA made a compromised Dual EC DRBG random number generator the default choice for the company’s BSAFE crypto library, a move that lined RSA’s pockets with the money, and gave the NSA an advantage as they had deliberately weakened Dual_EC in its development process.

RSA denied any secret contact with the NSA.

Content from our partners
Unlocking growth through hybrid cloud: 5 key takeaways
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape

"Recent press coverage has asserted that RSA entered into a ‘secret contract’ with the NSA to incorporate a known flawed random number generator into its BSAFE encryption libraries. We categorically deny this allegation," RSA said in a statement.

Josh Thomas from Atredis Partners pulled out just before Christmas. He said that it was his "moral imperative" that drove him to cancel the talk. Thomas was followed by Chris Palmer and Adam Langely, two of the chief security experts at Google. This pair was then followed by Mikko Hyponnen from F-Secure.

F-Secure penned an open letter to RSA, and its parent company, EMC.

"Eventually, NSA’s random number generator was found to be flawed on purpose, in effect creating a back door," he wrote. "You had kept on using the generator for years despite widespread speculation that NSA had backdoored it…Aptly enough, the talk I won’t be delivering at RSA 2014 was titled ‘Governments as Malware Authors."

Also to then drop were Chris Soghoian, a technologist from the American Civil Liberties Union; Electronic Frontier Foundation special counsel Marcia Hoffman; Jeffrey Carr, CEO of Taia Global security consultancy; and Mozilla’s global privacy and public policy leader Alex Fowler.
Carr actually wrote on his blog that:

"Granted, I’m not Mikko Hyponnen and my talk was a mere 20 minutes on the last day of the RSA conference, but I think it’s vitally important that those of us who profoundly object to RSA’s $10 million secret contract with the NSA do more than just tweet our outrage," he wrote. "We need to take action."

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.
THANK YOU