Security experts boycott conference over NSA interference

RSA contract with Security Agency causes outrage

NSA

At least eight computer security researchers have withdrawn from a major security conference in a protest against the conference's sponsor, security firm RSA.

Last month it was reported that a secret contract had been signed between the RSA and the US National Security Agency (NSA) where the company took a $10 million (£6 million, AU$ 11 million) payment for making a specific NSA-developed algorithm the default for their security products.

Documents leaked by former NSA contractor Edward Snowden suggest that the NSA included a flaw in the formula that effectively gave them a backdoor for content encrypted by RSA's programs.

In a statement posted after the Reuters report about the NSA contract, RSA stated that it had never hidden the fact that it had a relationship with the NSA. The company also asserted that it had not intended to weaken the cryptographic capacity of its software products. But it didn't directly deny Reuters's central charge: that it had accepted the $10 million to use the NSA's algorithm.

The revelations triggered outrage among security professionals. Within days of the original story, rumblings of boycott on the RSA conference began. The conference is a major cybersecurity event that attracted over 24,000 attendees in 2013.

A question of morality

Josh Thomas, of Atredis Partners, announced on December 22 that he was pulling his talk due to a "moral imperative." Mikko Hypponen, chief research officer at Finnish cybersecurity company F-Secure, followed suit and revealed that he would be cancelling his talk via an open letter on December 23.

They have been joined by Chris Palmer, software security engineer at Google, Jeffrey Carr, founder and CEO of Taia Global, Christopher Soghoian, principal technologist with the ACLU and another Google security engineer, Adam Langley.

Hugh Thompson, the event committee chair, said he was "disappointed" before adding: "Security has risen in the agenda of almost every company and every government in a way that we've never seen before. I think that the security dialogue is more intense than it has ever been."