Security experts flee the RSA Conference – signs of increased sensitivity with regard to the NSA scandalSecurEnvoy 21/01/2014 Industry News
Appearances can be deceptive: The interest in the NSA scandal, and the resulting reactions, have not ceased, even if the media is now reporting about them less (prominently). It was recently announced that a number of IT security experts had cancelled their firmly planned commitments to participate in the RSA Conference, including Mikko Hypponen, Head of Research at the Finnish antivirus company F-Secure, as well as security specialists Adam Langley and Chris Palmer from Google. The reason: It is believed that RSA, a security company and organiser of the well-established congress, has worked directly with the NSA. This is apparent from documents leaked by the NSA whistle-blower Edward Snowden.
RSA denies that it has received any payments from the NSA although the company has not explicitly ruled out collaboration with the secret service. According to documents supplied by Snowden, RSA has integrated one of the Dual_EC_DRBG random number generators developed by the NSA into its BSAFE product and activated this by default, for which the company has received a payment of around ten million dollars from the NSA. The generator is said to have been manipulated in such a way that a pattern discernible for NSA experts can be introduced into seemingly random numbers. This could make it possible to crack encryption standards based on the generator.
There is of course another way
In particular with regard to American products in the area of IT (security), companies are therefore now harbouring concerns: “even if we have nothing to hide, could we become “transparent” to the NSA thanks to a back door that they have installed?“
“Customers can be sure that they are protected against NSA spyware when using SecurEnvoy solutions,” explains Andy Kemshall, Technical Director at SecurEnvoy. “Anonymity, privacy and security are paramount for us and we guarantee that nobody – including ourselves as the developer – can at any time see or manipulate the cryptographic key that is used.”