Internet security experts pull out of RSA conference in NSA spying row

PUBLISHED : Thursday, 09 January, 2014, 10:59pm
UPDATED : Thursday, 09 January, 2014, 10:59pm


At least eight researchers or policy experts have withdrawn from an internet security conference after the sponsor reportedly used flawed encryption technology deliberately in commercial software to allow the US National Security Agency to spy more easily on computer users.

RSA Security, owned by data storage giant EMC, has disputed claims that it intentionally introduced the flawed encryption algorithm, but declined to comment further on a report published last month on a US$10 million contract it has with the United States government.

The revelation supplemented documents leaked by former NSA contractor Edward Snowden showing that the NSA tried to weaken internet encryption.

The withdrawals from next month's highly regarded RSA Conference came after complaints by technology researchers and policy experts that the US government's surveillance efforts have, in some cases, weakened internet security even for innocent users.

It was not immediately clear whether any researchers who still intended to make presentations at the conference would discuss the subject. Dr Hugh Thompson, a conference organiser who works for security firm Blue Coat Systems, said the event was "an open venue where people can talk openly about security".

Christopher Soghoian, a researcher with the American Civil Liberties Union, wrote on Twitter that he withdrew from the conference after having "given up waiting for RSA to fess up to the truth" regarding its development of the Dual-EC-DRBG algorithm with the NSA.

RSA said in a statement last month that as a security company, it "never divulges details of customer engagements, but we also categorically state that we have never entered into any contract or engaged in any project with the intention of weakening RSA's products, or introducing potential 'backdoors' into our products for anyone's use".

The published report said RSA received the US$10 million contract from the NSA to use the agency's preferred method of number generation. The report said such a flawed algorithm in RSA's Bsafe software tool creates "back doors" into the company's encryption products.