[Cryptography] Boing Boing pushing an RSA Conference boycott

Kent Borg kentborg at borg.org
Mon Jan 13 14:16:25 EST 2014 

On 01/13/2014 10:23 AM, Phillip Hallam-Baker wrote:
> Unless someone shows evidence that RSA actually knew they were being
> punked, the boycott makes no sense. And I can't believe that evidence
> exists because there was absolutely no need to tell RSA they were
> being punked to get the outcome they wanted.

Two points.


First, RSA knew--or certainly should have known--that they were in the 
business of selling security, yet they failed in that.  Worse, thewy 
failed spectacularly and sold something not just broken, but something 
with a backdoor specifically designed to defeat security. As you well 
know, this is serious business.

I don't think the suits knew what they were doing, I think they were 
just chasing money, they didn't ask too many questions that might get in 
the way of that money.  Businessmen do that.  We all know (suits, too), 
security doesn't sell, buzzwords sell.  They sold the buzzwords without 
the security.  Nearly everyone does it to some degree.  They did it 
worse, they were in a position of trust.

If we can't make selling security pay, we can maybe make selling 
insecurity cost.  There are a lot of other suits watching this, seeing 
how RSA fairs.  I want them to see something gruesome, something that 
worries them.  (The same way I want a banker or two who nearly dumped us 
into DEPRESSION to go to jail, so others will think twice.)


Second, I don't see a political groundswell to change what the NSA does. 
  A very cynical public has learned things only a few of us cranks 
imagined (and didn't full believe), but they are shrugging their 
shoulders, and wondering about their meal and sports entertainment.

The only political force I see with any real interest and clout are 
American high tech businesses.  They need motivation and ammunition. 
RSA is a little fish, and they are likely going to die, and that is 
appropriate.  Their name once-valuable is dirt, and it isn't even the 
name of a prestigious tech conference--right?? Little companies have to 
do a lot of "just going along with the flow", we need to change this 
flow.  We need an example even someone from marketing can understand.



At my day job this morning, I asked a meddlesome question at a meeting. 
The nerds in the room reacted like the cynical public.  The marketing 
person looked up and started thinking.  The graphic and gory example of 
RSA made this possible.  If they get away with it because they didn't 
know what they were doing...this lesson will be lost.


-kb

More information about the cryptography mailing list