[Cryptography] Boing Boing pushing an RSA Conference boycott
Kent Borg
kentborg at borg.org
Mon Jan 13 14:16:25 EST 2014
On 01/13/2014 10:23 AM, Phillip Hallam-Baker wrote:
> Unless someone shows evidence that RSA actually knew they were being
> punked, the boycott makes no sense. And I can't believe that evidence
> exists because there was absolutely no need to tell RSA they were
> being punked to get the outcome they wanted.
Two points.
First, RSA knew--or certainly should have known--that they were in the
business of selling security, yet they failed in that. Worse, thewy
failed spectacularly and sold something not just broken, but something
with a backdoor specifically designed to defeat security. As you well
know, this is serious business.
I don't think the suits knew what they were doing, I think they were
just chasing money, they didn't ask too many questions that might get in
the way of that money. Businessmen do that. We all know (suits, too),
security doesn't sell, buzzwords sell. They sold the buzzwords without
the security. Nearly everyone does it to some degree. They did it
worse, they were in a position of trust.
If we can't make selling security pay, we can maybe make selling
insecurity cost. There are a lot of other suits watching this, seeing
how RSA fairs. I want them to see something gruesome, something that
worries them. (The same way I want a banker or two who nearly dumped us
into DEPRESSION to go to jail, so others will think twice.)
Second, I don't see a political groundswell to change what the NSA does.
A very cynical public has learned things only a few of us cranks
imagined (and didn't full believe), but they are shrugging their
shoulders, and wondering about their meal and sports entertainment.
The only political force I see with any real interest and clout are
American high tech businesses. They need motivation and ammunition.
RSA is a little fish, and they are likely going to die, and that is
appropriate. Their name once-valuable is dirt, and it isn't even the
name of a prestigious tech conference--right?? Little companies have to
do a lot of "just going along with the flow", we need to change this
flow. We need an example even someone from marketing can understand.
At my day job this morning, I asked a meddlesome question at a meeting.
The nerds in the room reacted like the cynical public. The marketing
person looked up and started thinking. The graphic and gory example of
RSA made this possible. If they get away with it because they didn't
know what they were doing...this lesson will be lost.
-kb
More information about the cryptography
mailing list