Civil Liberties

NSA Connection Has Attendees Fleeing Encryption Company's Conference


Back door
GFDL and CC-BY 2.5 granted by photographer

The National Security Agency continues to wield its commercial kiss of death, causing business to flee from American firms that have, inadvertently or deliberately, been involved in the snooping. Last month, Boeing lost a multi-billion dollar contract with Brazil over the NSA's shenanigans. More billions in European business are at risk for U.S. companies feared as direct conduits to the spies. And now attendees are dropping out of the cybersecurity-oriented RSA Conference after sponsoring company, RSA Security LLC, was revealed to have accepted millions of dollars in return for building a backdoor into its encryption software.

Just before Christmas, DailyTech reported:

Former U.S. National Security Agency (NSA) contractor Edward Snowden has brought many NSA secrets to light this year, the most recent being a "secret" contract between the agency and security industry leader RSA. 

According to more documents leaked by Snowden, the NSA entered into a $10 million contract with RSA to place a flawed formula within encryption software (which is widely used in personal computers and other products) to obtain "back door" access to data. 

The RSA software that contained the flawed formula was called Bsafe, which was meant to increase security in computers. The formula was an algorithm called Dual Elliptic Curve, and it was created within the NSA. RSA started using it in 2004 even before the National Institutes of Standards and Technology (NIST) approved it.

RSA insists it was duped and that using a flawed algorithm supplied by the NSA was not deliberate. But the damage was done. Now CNet reports:

Mikko Hypponen, chief technology officer of F-Secure with decades under his belt as a security researcher, canceled his annual presentation at the American-hosted RSA Conference, to be held in San Francisco in February. …

The day before Hypponen canceled his talk in December, Josh Thomas, the "Chief Breaking Officer" at security firm Atredis, canceled his scheduled talk via Twitter.

Jeffrey Carr, another security industry veteran who works in analyzing espionage and cyber warfare tactics, took his cancellation a step further. Yesterday, he publicly called for a boycott of the conference, saying that RSA had violated the trust of its customers.

Other prominent cybersecurity figures have followed suit, seeking to punish the company and, no doubt, wishing to distance themselves from the black hole of ethical choices and commercial opportunities that surrounds the intersection of the NSA with anything. Expressing the sentiments of the cybersecurity community regarding RSA's actions, Carr said, "I can't imagine a worse action, short of a company's CEO getting involved in child porn."

Truly, government has a magic ability to ruin everything it touches.

If you're going to be a back door man, this is how you do it: