[Cryptography] Boing Boing pushing an RSA Conference boycott

[Kent Borg]

On 01/15/2014 03:33 PM, Salz, Rich wrote:
> Agree. So why is a boycott a good thing? Why punish someone for being 
> tricked? (Not specifically directed to Ian). It seems to me the better 
> object lesson is one of the strongest cryptography companies in the 
> world (at the time) was tricked into possibly making many of their 
> customers vulnerable. How can we move forward from this?

I want everyone to see blood (figuratively), and be afraid.  For their 
jobs, for their reputations.

Every few minutes some other business has a data breach, and it seems 
their big worry is always publicity ("Can we kill a messenger?").  Let's 
up the stakes.  I want to see a little operant conditioning, apply some 
pain to mistakes, and see people trying to avoid being part of blunders.

Security doesn't sell, let's at least make security blunders cost.

RSA needs to be seen as having paid dearly for their very bad mistake.  
People in corporations need to be able to invoke "RSA" and have others 
shudder.  I don't care if others have also done bad things, I want RSA 
made an example.  How much worse could they have behaved?  Make an 
example of them.

How much money did EMC pay for RSA?  I want EMC (and others) to see that 
a purchase can be destroyed if they misbehave and just cash the big 
check.  Did EMC managers encourage them to be profitable, praise them 
for the nice haul?  I think we can assume "yes".  Did EMC put /any/ real 
effort into policing RSA's integrity?  We don't know, but I guess "not 
really"; clearly it was not enough.  Make EMC pay for that.

Security doesn't sell.  At least make security blunders cost.

-kb

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20140116/38ed59bb/attachment.html>