[Cryptography] Boing Boing pushing an RSA Conference boycott

Jerry Leichter leichter at lrw.com
Tue Jan 14 14:38:19 EST 2014 

On Jan 14, 2014, at 1:36 PM, Bear <bear at sonic.net> wrote:
>> If we can't make selling security pay, we can maybe make selling 
>> insecurity cost.  There are a lot of other suits watching this, seeing 
>> how RSA fairs.  I want them to see something gruesome, something that 
>> worries them.  (The same way I want a banker or two who nearly dumped us 
>> into DEPRESSION to go to jail, so others will think twice.)
> 
> I tend to agree.  If RSA doesn't go down in flames over its utter 
> failure, then people will learn from that fact that security is a 
> joke industry....
None of the above.

The RSA Conference has always been two things:  A technical conference on crypto, and a place to sell crypto wares.  At most, a boycott will kill the first.  The guys buying and selling won't care much.  They aren't the ones going to the technical talks.

It amazes me as I read this how little people even know about what RSA does.  It hasn't been a *cryptography* supplier in many years.  It's "the security division of EMC".  RSA sells security consulting - internally and externally. (http://www.emc.com/services/rsa-services/about.htm)  It sells fraud protetion.  It sells compliance mechanisms.  It's big on data leak prevention, risk management.  (http://www.emc.com/security/index.htm#Points-of-View).

BSAFE?  A big deal when there were still patent issues - what you were buying was protection from lawsuits (and a reasonable implementation).  Today, what you're buying is FIPS and such approval so that you can sell the governments, or clients that sell to governments, and need the stamp.  But it's a now so minor that it's hard to find on the web pages.  (Many of these are bullshit products that consultants sell to C-level execs.  But that only makes them all the less vulnerable to a pissing contest among "the little people" who do all that silly tech stuff.)

SecureID is still a nice business, but if you want to hurt RSA there, you have to provide a market alternative.  There already *are* a few market alternatives, but none has hurt SecureID.  RSA's issues with SecureID (there have been a couple of significant ones over the years) haven't hurt them much either.

If you want to make a point by boycotting the conference, go ahead and do so.  Personally I think you're aiming your complaint in the wrong direction, but I understand the feelings involved and certainly won't try to convince you otherwise.

But don't kid yourself into thinking that a boycott of the technical sessions at the RSA Conference will do much of anything to RSA.  They're already in a position of having to re-establish they position, especially outside the US - and a boycott will be a tiny little disturbance in a large amount of pre-existing noise.
                                                        -- Jerry

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4813 bytes
Desc: not available
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20140114/d8273770/attachment.bin>

More information about the cryptography mailing list