More researchers join RSA conference boycott to protest $10 million NSA deal

More security researchers are pulling out of next month's RSA security conference in protest of recent revelations that the event's namesake, EMC-owned subsidiary RSA, received $10 million to make an NSA-favored random number generator the default setting in its BSAFE crypto tool.

By Tuesday afternoon, there were eight previously scheduled RSA participants who had publicly cancelled their engagements. They included Adam Langley and Chris Palmer, both on various security teams at Google; Chris Soghoian, principal technologist for the American Civil Liberties Union; EFF special counsel Marcia Hoffman; Mozilla Global Privacy and Public Policy Leader Alex Fowler; Josh Thomas, who is listed as "chief breaking officer" at Atredis Partners; and Jeffrey Carr, CEO of security consultancy Taia Global. They joined F-Secure Chief Research Officer Mikko Hypponen, who announced his plans to withdraw two weeks ago.

"I've become convinced that a public stance serves more than self-aggrandizement, so I've pulled out of the Cryptographers Panel at RSA 2014," Langley wrote on Twitter Tuesday. "(I had already decided not to do it, but I pondered for a while whether I should say anything in public)," he wrote in a follow-up tweet.

Read 3 remaining paragraphs | Comments

NSA employee will continue to co-chair influential crypto standards group

Rein it in, report says.

A National Security Agency employee will continue to co-chair an influential group that helps to develop cryptographic standards designed to protect Internet communications, despite calls that he should be removed.

Kevin Igoe, a senior cryptographer with the NSA's Commercial Solutions Center, is one of two co-chairs of the Crypto Forum Research Group (CFRG), which provides cryptographic guidance to working groups that develop widely used standards for the Internet Engineering Task Force (IETF). On Sunday, the chair of the group that oversees appointments to the CFRG rejected a recent call that Igoe be removed in light of recent revelations that the NSA has worked to deliberately weaken international encryption standards.

"Widespread wiretapping by nation-state adversaries is a threat unlike any other in the history of the Internet, but I do not believe that preventing interested people from participating in the IRTF or IETF based solely on their affiliation will help us combat that threat," Lars Eggert, chair of the Internet Research Task Force (IRTF), wrote in an e-mail. The IRTF focuses on long-term research and is responsible for the CFRG and eight other research groups. Meanwhile, the IETF is a parallel organization that focuses on shorter term engineering standards that are crucial for the Internet, such as the Transport Layer Security (TLS) protocol for Web encryption.

Read 8 remaining paragraphs | Comments