Some people are saying that RSA's denial of the accusations is weak. I am not sure what part of this is weak: "We also categorically state that we have never entered into any contract or engaged in any project with the intention of weakening RSA's products, or introducing potential 'backdoors' into our products for anyone's use."
What I find weak are the assumptions that have given rise to the outrage surrounding the RSA conference. Just to summarize: The NSA supposedly spent $10 million to get RSA to adopt an algorithm as its default random-number generator for BSafe two years after RSA had already done that voluntarily, and then it stood by silently as other government agencies and contractors made wide use of BSafe, making themselves vulnerable to spying by other governments. And RSA was complicit in all this because somehow it knew that the NIST-approved algorithm was actually flawed.
If, despite all that, you are convinced that RSA was complicit, I have to wonder how boycotting the RSA Conference is the right response. The RSA Conference team does not decide what algorithms to include in RSA products. The conference is a completely separate profit and loss center from the products division. Boycotting the conference is a symbolic act, at best, similar to boycotting the National Park Service because you don't like the NSA's warrantless wiretapping program.
I haven't seen any of the boycotters say that they are also boycotting RSA products. Is it because boycotting the conference is more of an attention-getter? Well, yes, I think it is, but I'll get into that later.
And if you buy that RSA was complicit and therefore should be boycotted, why aren't other companies in your sights? If RSA were guilty as the boycotters charge, would that make it the worst of the worst, deserving to be the one company singled out for a boycott?
Why aren't companies like Intel, Cisco, Juniper, HP, Dell and IBM — all of which provide the NSA with its infrastructure and provide far more active and ongoing support to intelligence collection efforts than embedding a flawed random-number generator in a relatively insignificant number of computers — also targeted for boycotts?
Does something that RSA allegedly did eight years ago, for the paltry sum of $10 million, really compare to what countless other companies are actively doing today to support intelligence collection and analysis efforts, to the tune of hundreds of millions of dollars a year? Remember, Edward Snowden was a contractor for Dell, assisting in NSA operations in Japan, before taking a job at NSA's Hawaii facility.
And it's not just the United States and U.S.-based companies that are involved in this sort of thing. Countries including China, Germany, Iran, Israel, France and South Korea all have robust foreign intelligence-collection efforts, and they are all actively supported by a wide variety of companies. Just about every computer manufacturer in the world has received hundreds of millions of dollars for selling hardware and services to actively maintain intelligence collection and analysis activities, and they knowingly participate in these activities. Potential companies to boycott would include Siemens, Lenovo, Huawei and Mitsubishi, but there are countless others. Why don't people boycott them as well?
Sign up for Computerworld eNewsletters.