Allegations that security firm RSA is colluding with the National Security Agency (NSA) have led several security professionals to cancel their talks at February’s RSA Conference in San Francisco. Now, some are calling for a complete boycott of the EMC-owned company’s technology.
Jeffrey Carr, author and founder of security firm Taia Global, was outraged by a Reuters article in December that alleged RSA had accepted $10 million from the NSA to include a deliberately-weakened encryption scheme, based on Dual Elliptic Curve Deterministic Random Bit Generation (Dual-EC-DRBG) in its products.
After leaks from Edward Snowden revealed the NSA had placed a backdoor in Dual-EC-DRBG, the security firm removed the standard from its product line.
But Carr, who had already pulled out of the RSA Conference alongside F-Secure’s Mikko Hypponen and Josh Thomas from Atredis Partners, said changes needed to be forced at the EMC division, which was responsible for some of the most widely-used, effective encryption standards in the world.
“RSA cannot escape responsibility for offering a compromised BSafe product for the last 9 years by saying ‘we just followed NIST’ and ‘our customers had a choice’,” Carr said in a blog post.
“This is a gross violation of its own mission statement not to mention its own illustrious history of defending the integrity of encryption against government attempts to weaken it.
“There needs to be an industry-wide boycott of RSA products. It’s not enough to just talk about how bad this is.”
Professor Ross Anderson, head of cryptography at Cambridge University, told TechWeekEurope a boycott of RSA technology was “absolutely fair”. “If you find your wife has been selling sex on the side, then your next call may be to a divorce lawyer,” he said.
“There is abundant precedent. At the end of the Iran-Iraq war, it emerged that the NSA secretly owned Crypto AG, a Swiss firm that sold cipher machines to non-aligned governments. The Iranians worked this out after they noticed that the Iraqis were reading all their traffic (Rumsfeld was a good friend of Saddam in those days). As a result, some governments changed suppliers.”
Anderson pointed to the claim of security researcher and activist Jake Appelbaum that NSA Trojans have been spotted using ciphers from RSA, RC6, to encrypt the data they steal. RC6 is still owned by RSA and is not open source. Anyone who uses it may have to pay a fee.
Peter Sommer, a digital forensics expert, told TechWeek “it is only right that security researchers demand answers from RSA – I’d put Cisco in the same category.”
Security evangelist at Akamai Martin McKeay, speaking on his personal blog not expressing the views of his employer, said anyone who wanted to send RSA a message should “quit buying their products and tell them why” adding: “That’s a message they’ll hear loud and clear.”
Yet he said the RSA Conference is actually a different company from RSA, so boycotting the event will do little.
“It has its own management structure, its own bottom line, its own profit and loss reporting. And it’s only a small fraction of the overall revenue stream of the corporation,” McKeay wrote. “As such, any impact that boycotting the conference might have is going to be highly diluted when it reaches the management of the central corporation.
“It would take a huge number of attendees failing to show up in order to make an impact.”
RSA had no comment on the calls to boycott its technology and conference.
Are you a security expert? Try our quiz!
Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…
Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…
Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…
Welcome to Silicon In Focus Podcast: Tech in 2025! Join Steven Webb, UK Chief Technology…
European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…
San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…
View Comments
The dystopian fantasies of yesteryear are now a reality. We’ve allowed the coming of an age where the civil liberties our forefathers fought so hard for are being eroded by the day. Freedom of Press, Freedom of Speech and Freedom of Assembly are mere ghostly images of their original intent. We’ve woken up to an Orwellian Society of Fear where anyone is at the mercy of being labeled a terrorist for standing up for rights we took for granted just over a decade ago. Read about how we’re waging war against ourselves at http://dregstudiosart.blogspot.com/2011/09/living-in-society-of-fear-ten-years.html
A boycott seems soft: they pretty much credibility once they decided to start doing what they used to prevent.