A list of speakers due to appear at the upcoming RSA Conference have withdrawn themselves from the event after stories appeared implicating the RSA in NSA surveillance projects.
Although the eight representatives who have withdrawn so far are a small portion of the total speakers due for the massive event, the list does include some rather big names.
The RSA Conference is one of the largest cyber-security conferences held every year in the United States. Last year’s event pulled in more than 24,000 attendees. This year’s event is scheduled for February in San Francisco, and had the usual list of influential industry leaders due to present.
However, late last year came allegations originally unearthed by Reuters of RSA-NSA collusion, pointing the finger at a certain $10 million being passed to RSA so it could install a back door to its encryption software for the NSA to peer through.
The allegations say that a number of years ago, RSA made a compromised Dual EC DRBG random number generator the default choice for the company’s BSAFE crypto library, a move that lined RSA’s pockets with the money, and gave the NSA an advantage as they had deliberately weakened Dual_EC in its development process.
RSA denied any secret contact with the NSA.
"Recent press coverage has asserted that RSA entered into a ‘secret contract’ with the NSA to incorporate a known flawed random number generator into its BSAFE encryption libraries. We categorically deny this allegation," RSA said in a statement.
Josh Thomas from Atredis Partners pulled out just before Christmas. He said that it was his "moral imperative" that drove him to cancel the talk. Thomas was followed by Chris Palmer and Adam Langely, two of the chief security experts at Google. This pair was then followed by Mikko Hyponnen from F-Secure.
F-Secure penned an open letter to RSA, and its parent company, EMC.
"Eventually, NSA’s random number generator was found to be flawed on purpose, in effect creating a back door," he wrote. "You had kept on using the generator for years despite widespread speculation that NSA had backdoored it…Aptly enough, the talk I won’t be delivering at RSA 2014 was titled ‘Governments as Malware Authors."
Also to then drop were Chris Soghoian, a technologist from the American Civil Liberties Union; Electronic Frontier Foundation special counsel Marcia Hoffman; Jeffrey Carr, CEO of Taia Global security consultancy; and Mozilla’s global privacy and public policy leader Alex Fowler.
Carr actually wrote on his blog that:
"Granted, I’m not Mikko Hyponnen and my talk was a mere 20 minutes on the last day of the RSA conference, but I think it’s vitally important that those of us who profoundly object to RSA’s $10 million secret contract with the NSA do more than just tweet our outrage," he wrote. "We need to take action."