[Cryptography] Boing Boing pushing an RSA Conference boycott

Jonathan Hunt j at me.net.nz
Mon Jan 13 21:30:28 EST 2014


I agree with the conference boycott. RSA has failed the security
community badly - the most charitable interpretation is total
incompetence. The undisclosed money from the NSA coming to light leads
to even less charitable interpretations.

RSA has demonstrated it is not to be trusted and no longer makes sense
as a organizer of a major security conference. The boycott is a
manifestation of their erosion of trust in the community and will
hopefully lead to an alternative conference organized by a security
organization whose name is not mud. The boycott is valuable if it
gives RSA bad publicity and helps the public learn how little
credibility RSA now has in the security community.

In the short term, yes, some collateral damage. In the long term,
security companies should learn that accepting money from the NSA (and
being, again, at best totally incompetent) risks their business -
including the conference organizing business.

Jonny


On Mon, Jan 13, 2014 at 11:16 AM, Kent Borg <kentborg at borg.org> wrote:
> On 01/13/2014 10:23 AM, Phillip Hallam-Baker wrote:
>>
>> Unless someone shows evidence that RSA actually knew they were being
>> punked, the boycott makes no sense. And I can't believe that evidence
>> exists because there was absolutely no need to tell RSA they were
>> being punked to get the outcome they wanted.
>
>
> Two points.
>
>
> First, RSA knew--or certainly should have known--that they were in the
> business of selling security, yet they failed in that.  Worse, thewy failed
> spectacularly and sold something not just broken, but something with a
> backdoor specifically designed to defeat security. As you well know, this is
> serious business.
>
> I don't think the suits knew what they were doing, I think they were just
> chasing money, they didn't ask too many questions that might get in the way
> of that money.  Businessmen do that.  We all know (suits, too), security
> doesn't sell, buzzwords sell.  They sold the buzzwords without the security.
> Nearly everyone does it to some degree.  They did it worse, they were in a
> position of trust.
>
> If we can't make selling security pay, we can maybe make selling insecurity
> cost.  There are a lot of other suits watching this, seeing how RSA fairs.
> I want them to see something gruesome, something that worries them.  (The
> same way I want a banker or two who nearly dumped us into DEPRESSION to go
> to jail, so others will think twice.)
>
>
> Second, I don't see a political groundswell to change what the NSA does.  A
> very cynical public has learned things only a few of us cranks imagined (and
> didn't full believe), but they are shrugging their shoulders, and wondering
> about their meal and sports entertainment.
>
> The only political force I see with any real interest and clout are American
> high tech businesses.  They need motivation and ammunition. RSA is a little
> fish, and they are likely going to die, and that is appropriate.  Their name
> once-valuable is dirt, and it isn't even the name of a prestigious tech
> conference--right?? Little companies have to do a lot of "just going along
> with the flow", we need to change this flow.  We need an example even
> someone from marketing can understand.
>
>
>
> At my day job this morning, I asked a meddlesome question at a meeting. The
> nerds in the room reacted like the cynical public.  The marketing person
> looked up and started thinking.  The graphic and gory example of RSA made
> this possible.  If they get away with it because they didn't know what they
> were doing...this lesson will be lost.
>
>
> -kb
>
>
> _______________________________________________
> The cryptography mailing list
> cryptography at metzdowd.com
> http://www.metzdowd.com/mailman/listinfo/cryptography


More information about the cryptography mailing list