End the Lie

Head of security company linked to NSA places blame on agency for public mistrust

Decrease Font Size Increase Font Size Text Size Print This Page

By End the Lie

RSA CEO Art Coviello (Image credit: bocek.kevin/Flickr)

RSA CEO Art Coviello (Image credit: bocek.kevin/Flickr)

The CEO of RSA, the major security company that reportedly took a $10 million contract form the NSA to create a backdoor in their security software, criticized the agency and said it was guilty of creating public mistrust.

Read our latest: “Q-Warrior: the military’s Google Glass provides futuristic ‘situational awareness’” and “California senator charged in huge corruption case, could face almost 400 years in prison

In December, Reuters reported that RSA secretly accepted a $10 million contract in exchange for making an easily cracked encryption method the default in their widely used software.

In his keynote speech on Tuesday’s RSA Conference, RSA CEO Art Coviello defended the decision to adopt the formula. He said they did it because they believed they were dealing with NSA officials who were “trying to improve protection for the government and critical security industry,” according to Reuters.

He argued that the NSA should split into two different agencies, separating the cyber-defense work from surveillance.

“When or if the NSA blurs the line between its defensive and intelligence-gathering roles and exploits a position of trust, that’s a problem,” Coviello said.

A similar recommendation was made by the White House advisory panel last year, but it was not picked up by Obama or the leaders of the NSA, Reuters pointed out.

He laid out four major guidelines for the cybsersecurity industry, as John Fontana pointed out in an article for ZDNet:

  1. Renounce cyber weapons
  2. Cooperate in investigation and prosecution
  3. Ensure economic activity and intellectual property rights
  4. Ensure privacy

He argued that the entire industry must advocate for these principles while acknowledging that many might think he is naïve.

During his speech Coviello acknowledged that RSA has indeed worked for the NSA.

“Has RSA done work with the NSA? Yes,” he said. “But the fact has been a matter of public record for nearly a decade.”

He said that most security companies have worked with the NSA’s Information Assurance Directorate.

Coviello argued that the dual activities of securing systems and breaking in to them have made it difficult for companies to know what agenda they’re part of when working with the agency, Wired reported.

His statements against cyber warfare were especially surprising.

“Unlike nuclear weapons, cyber weapons are easily propagated and can be turned on the developer,” Coviello said. “We must have the same abhorrence to cyber war as we do nuclear and chemical war.”

This is no minor statement given that the United States is now reportedly the world’s largest buyer of malware. Furthermore, documents leaked last year showed that American spy agencies launched 231 offensive cyber-operations in 2011.

Several security experts who were scheduled to speak at this year’s RSA conference backed out in protest and announced plans to boycott the event.

“Those who backed out include Adam Langley and Chris Palmer from Google; Chris Soghoian, principal technologist for the American Civil Liberties Union; and Mikko Hypponen, chief research officer for the Finnish security firm F-Secure,” Wired reports.

TrustyCon, a one-day conference for those who don’t want to support the RSA conference, will be held on Thursday. Some of the speakers boycotting RSA will be featured at TrustyCon.

Interestingly, Bruce Schneier, who will be speaking at TrustyCon, expressed sympathy for RSA. He also called on people to frustrate the NSA by leveraging “economics, physics and maths to make the Internet secure, to make surveillance more expensive.”

Juniper Networks Senior Vice President Nawaf Bitar flippantly addressed the boycott during his keynote, which immediately followed Coviello’s talk.

Bitar likened the effectiveness of the boycott to people “liking” or giving something a thumbs up or thumbs down on the Internet.

We would love to hear your opinion, take a look at your story tips and even your original writing if you would like to get it published. Please email us at [email protected]

Please support alternative news and help us start paying contributors by donating, doing your shopping through our Amazon link or check out some must-have products at our store.

2 Responses to Head of security company linked to NSA places blame on agency for public mistrust

  1. wasntme February 26, 2014 at 11:38 AM

    If RSA made a backdoor into their security platforms for the NSA at the same time as saying people’s communications were secure by buying RSA products, seems like that’s a breach of contract and there needs to be a class action lawsuit against RSA.

  2. Jay Kenney February 26, 2014 at 12:39 PM

    This kind of idiocy by “our” national “intelligence” community is what makes me long for a Jack Ryan Universe. It is unfathomable to me that these decision makers are appointed, mustang their departments, are listened to, paid more than I could spend in a year, very, very rarely are held accountable for their fiascos and still keep their jobs. There is something very, very wrong here.


Leave a Reply

Your email address will not be published.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>