RSA is the singular case. The Snowden leaks make us suspicious of other companies, like Google, Yahoo, Apple, Microsoft, and Verizon, but only with RSA do we have a "smoking gun". In some cases the companies had no choice (Verizon). In other cases, it appears that rather than cooperating with the government, the companies may in fact be yet another victim (Google). RSA is the standout that deserves our attention.
I mention this because people on Twitter are taking the stance that instead of boycotting RSA that we should attend their conference, to represent our views, to engage people in the conversation, to be "ambassadors of liberty". This is nonsense. It doesn't matter how many people you convince that what the RSA did is wrong if that doesn't change their behavior. If everyone agrees with you, but nobody boycotts RSA's products/services, then it sends the clear message to other corporations that there is no consequence to bad behavior. It sends the message to other corporations that if caught, all that happens is a lot of talk and no action. And since the motto is that "all PR is good PR", companies see this as a good thing.
The word to describe those who do business with the RSA, even while criticizing their backdoor, is "collaborator". This was the word used by the French ("collabo") to describe the members of the Vichy government who aided the invading Germans. Instead of giving up their positions of power, wealth, and prestige, members of the French government just kept doing their same job. Their reasoning was that they were really anti-German, but that they could do more good for the French people inside the occupation government than without. The French didn't buy this reasoning, and neither should you. Speakers who claim they can do more good collaborating with RSA, while speaking out against RSA, are still enjoying
Sadly, I haven't spoken at RSA in many years. Had I been accepted to talk this year, I'd certainly be canceling it. Moreover, I won't be talking or attending any future conference labeled "RSA" ever.
The reason isn't that I'm upset at RSA, or think that they are evil. I think RSA was mostly tricked by the NSA instead of consciously making the choice to backdoor their products. Instead, what I care about is sending the message to other corporations, that they should fear this sort of things happening to them. If you are a security company, and you get caught backdooring your security for the NSA, you should go out of business.
Comments: there are more comments to this post over at Y Combinator.
Confirmed speakers/trainers who have canceled their RSA Conference talks are:
- Mikko Hyponnen
- Josh Thomas
- Jeffrey Carr
- Chris Palmer
- Adam Langley
- Chris Soghoian
- Alex Fowler
- Marcia Hofmann
- Eoin Keary
- Jim Manico
- Jon Callas
- David Kearns