Head of security company linked to NSA places blame on agency for public mistrust
By End the Lie
The CEO of RSA, the major security company that reportedly took a $10 million contract form the NSA to create a backdoor in their security software, criticized the agency and said it was guilty of creating public mistrust.
In December, Reuters reported that RSA secretly accepted a $10 million contract in exchange for making an easily cracked encryption method the default in their widely used software.
In his keynote speech on Tuesday’s RSA Conference, RSA CEO Art Coviello defended the decision to adopt the formula. He said they did it because they believed they were dealing with NSA officials who were “trying to improve protection for the government and critical security industry,” according to Reuters.
He argued that the NSA should split into two different agencies, separating the cyber-defense work from surveillance.
“When or if the NSA blurs the line between its defensive and intelligence-gathering roles and exploits a position of trust, that’s a problem,” Coviello said.
A similar recommendation was made by the White House advisory panel last year, but it was not picked up by Obama or the leaders of the NSA, Reuters pointed out.
He laid out four major guidelines for the cybsersecurity industry, as John Fontana pointed out in an article for ZDNet:
- Renounce cyber weapons
- Cooperate in investigation and prosecution
- Ensure economic activity and intellectual property rights
- Ensure privacy
He argued that the entire industry must advocate for these principles while acknowledging that many might think he is naïve.
During his speech Coviello acknowledged that RSA has indeed worked for the NSA.
“Has RSA done work with the NSA? Yes,” he said. “But the fact has been a matter of public record for nearly a decade.”
He said that most security companies have worked with the NSA’s Information Assurance Directorate.
Coviello argued that the dual activities of securing systems and breaking in to them have made it difficult for companies to know what agenda they’re part of when working with the agency, Wired reported.
His statements against cyber warfare were especially surprising.
“Unlike nuclear weapons, cyber weapons are easily propagated and can be turned on the developer,” Coviello said. “We must have the same abhorrence to cyber war as we do nuclear and chemical war.”
This is no minor statement given that the United States is now reportedly the world’s largest buyer of malware. Furthermore, documents leaked last year showed that American spy agencies launched 231 offensive cyber-operations in 2011.
Several security experts who were scheduled to speak at this year’s RSA conference backed out in protest and announced plans to boycott the event.
“Those who backed out include Adam Langley and Chris Palmer from Google; Chris Soghoian, principal technologist for the American Civil Liberties Union; and Mikko Hypponen, chief research officer for the Finnish security firm F-Secure,” Wired reports.
TrustyCon, a one-day conference for those who don’t want to support the RSA conference, will be held on Thursday. Some of the speakers boycotting RSA will be featured at TrustyCon.
Interestingly, Bruce Schneier, who will be speaking at TrustyCon, expressed sympathy for RSA. He also called on people to frustrate the NSA by leveraging “economics, physics and maths to make the Internet secure, to make surveillance more expensive.”
Juniper Networks Senior Vice President Nawaf Bitar flippantly addressed the boycott during his keynote, which immediately followed Coviello’s talk.
Bitar likened the effectiveness of the boycott to people “liking” or giving something a thumbs up or thumbs down on the Internet.
We would love to hear your opinion, take a look at your story tips and even your original writing if you would like to get it published. Please email us at [email protected]