[LINK] An Open Letter

stephen at melbpc.org.au stephen at melbpc.org.au
Fri Dec 27 02:40:52 AEDT 2013 

An Open Letter to the Chiefs of EMC and RSA

23rd Dec 2013 <http://www.f-secure.com/weblog/archives/00002651.html>

An Open Letter to: Joseph M. Tucci - Chairman and Chief Executive Officer, 
EMC (and) Art Coviello - Executive Chairman, RSA


Dear Joseph and Art,

I don’t expect you to know who I am.

I’ve been working with computer security since 1991. Nowadays I do quite a 
bit of public speaking on the topic. In fact, I have spoken eight times at 
either RSA Conference USA, RSA Conference Europe or RSA Conference Japan. 
You’ve even featured my picture on the walls of your conference walls among 
the 'industry experts'.

On December 20th, Reuters broke a story alleging that your company accepted 
a random number generator from the National Security Agency, and set it as 
the default option in one of the your products, in exchange of $10 million. 

Your company has issued a statement on the topic, but you have not denied 
this particular claim. Eventually, NSA’s random number generator was found 
to be flawed on purpose, in effect creating a back door. You had kept on 
using the generator for years despite widespread speculation that NSA had 
backdoored it.

As my reaction to this, I’m cancelling my talk at the RSA Conference USA 
2014 in San Francisco in February 2014.

Aptly enough, the talk I won’t be delivering at RSA 2014 was titled 
"Governments as Malware Authors".

I don’t really expect your multibillion dollar company or your multimillion 
dollar conference to suffer as a result of your deals with the NSA. In 
fact, I'm not expecting other conference speakers to cancel. Most of your 
speakers are American anyway – why would they care about surveillance 
that’s not targeted at them but at non-Americans. Surveillance operations 
from the US intelligence agencies are targeted at foreigners. However I’m a 
foreigner. And I’m withdrawing my support from your event.

Sincerely,

Mikko Hypponen
Chief Research Officer
F-Secure
--

Ref: https://blogs.rsa.com/news-media-2/rsa-response/

"About RSA: The Security Division of EMC, is the premier provider of 
security, risk, and compliance- management solutions for business 
acceleration. RSA helps the world’s leading organizations succeed by 
solving their most complex and sensitive security challenges. These 
challenges include.. combining business-critical controls in identity 
assurance, encryption & key management, SIEM, Data Loss Prevention, and 
Fraud Protection with industry-leading GRC capabilities and robust 
consulting services, RSA brings visibility and trust to millions of user 
identities, the transactions that they perform, and the data that is 
generated."

Message sent using MelbPC WebMail Server

More information about the Link mailing list