Amid an Anti-RSA Boycott, a Rival Security Conference Rises
Late last year, when documents leaked by Edward Snowden suggested the existence of a secret deal between the U.S. National Security Agency and the computer security company RSA, the response by several key people in the industry was quick and unified: They withdrew from plans to speak at RSA’s annual conference to be held next month in San Francisco.
The first to withdraw was Mikko Hypponen, chief research officer at F-Secure, who published an open letter to RSA and its parent EMC saying he was “withdrawing my support for your event.” Others soon followed: Jeffrey Carr, the CEO of security research firm Taia Global; Christopher Soghoian of the American Civil Liberties Union.
It wasn’t long before enough people had withdrawn that calls for a rival conference morphed into reality. The result is TrustyCon, a one-day event that will take place on Feb. 27 at the AMC Metreon in San Francisco, adjacent to the Moscone Center where the RSA Conference will be on its fourth day.
“We wanted the people who had dropped out of RSA not to be silent,” says Alex Stamos, TrustyCon’s lead organizer. He’s the CTO of Artemis Internet, a San Francisco-based domain hosting firm, and a co-founder of iSEC Partners, a security services and consulting firm.
Demand, it turned out, was pretty strong. Within 10 days of deciding to hold a rival conference, its organizers were selling tickets. About 400 seats sold out in three days, and plans are under way to provide live video streaming for those who cannot attend in person. Sponsors also materialized quickly: SpiderOak and the Web security company CloudFlare were among the seven companies offering to help with sponsorship funds. The event is nonprofit, with proceeds going to the Electronic Frontier Foundation.
Speakers were also easy to land. Hypponen was among the first of the RSA boycotters to agree to speak at TrustyCon. The title of his session: “The Talk I Was Going to Give at RSA.” Christopher Soghoian of the ACLU agreed to give a joint talk with Marcia Hofmann, an attorney with the Electronic Frontier Foundation. Other speakers who have signed on include security researcher Bruce Schneier and Jeff Moss, the founder of the DEF CON and Black Hat conferences.
The point of it all, Stamos says, is to start a dialogue within the security industry about trust, something he believes has been lost in the wake of the Snowden disclosures. “American technology companies have to build products that people around the world can trust,” he said. “We talk a lot about security, but by itself that’s inefficient.”
By trust, he means showing customers around the world that decisions about how products work are made with sound ethical and legal guidelines. “If we don’t do this, the economic fallout resulting from the loss of trust is going to be pretty bad,” Stamos said.
The backlash emerged after Reuters reported in December that RSA used encryption technology that had been created by the U.S. National Security Agency in its products in order to create a “back door” in them in return for a secret $10 million payment. RSA, which is a division of the IT giant EMC, has since denied the report, but the denial hasn’t been sufficient for numerous security experts who have said its explanation so far is incomplete.
Once the conference is over, Stamos says his plan is to not only make it an annual event, but to hold other conferences under the TrustyCon name in other cities.