Friday, January 3, 2014

Joining Mikko in Protest, I've Cancelled My Talk at RSA

Granted, I'm no Mikko Hyponnen and my talk was a mere 20 minutes on the last day of the RSA conference, but I think it's vitally important that those of us who profoundly object to RSA's $10 million secret contract with the NSA do more than just tweet our outrage. We need to take action.

RSA has issued the weakest of denials possible on Dec 22nd and hasn't made any attempt to clarify its position since. The company's denial failed to address most of the troubling points raised in Joe Menn's article for Reuters. This on top of RSA's horrible handling of its 2011 SecureID breach has shattered any remaining trust in the company as far as I'm concerned.

Obviously, I hope that RSA and EMC's leadership will eventually rise to the occasion and be fully transparent about what happened and why. However unless and until RSA fully addresses this apparent breach of trust, I won't be speaking at any RSA events nor will I accept RSA as a sponsor at any future Suits and Spooks events.

UPDATE (Jan 3, 2014): I just learned that Josh Thomas of Atredis also pulled his talk from RSA back on December 26th. That makes three of us as of today.

UPDATE (Jan 7, 2014): Christopher Soghoian announced that he has canceled his RSA talk and Adam Langley announced that he's withdrawing from his panel.

Related

NSA's $10M RSA Contract: Origins
An Open Letter to the Chiefs of RSA and EMC by Mikko Hyponnen
Exclusive: Secret contract tied NSA and security industry pioneer by Joseph Menn

4 comments:

  1. Perspective from Former Volunteer Officer Engineering Organizations.
    (formerly attained licensed Professional Engineer) and yes, I used BSD.

    I (only my opinion) suggest an independent organization,
    2.)independent 'review'
    3.)'face saving' and additional and CORPORATE FUNDING which must
    be diversified
    4.)recognition that if YOU 'organized it' and have YOUR CORPORATE NAME
    on it... is this a lot like NUCLEAR ENERGY? you have a HIGHER and
    some say MUCH HIGHER RESPONSIBILITY.

    5.)call for dialogue and a chance to improve

    I appear to have 'no confllict of interest. Do not presently plan to go to the
    conference. Have NOT gone in the past.

    PPS. of course, there appears no need for extensive BOYCOTT and
    declarations of economic sanctions, since some organizations ALLEGEDLY
    1.)not partner of RSA, etc
    2.)not USA
    3.)not 'other'
    4.)not 'consultant' directly contracted to 'see above'
    5.)other conflicts of interest in even Standards Organizations with
    likely FORCE OF LAW - THAT IS THE LAW like A.S.M.E. - American
    Society of Mechanical Engineers that cover 'power plants' and NUCLEAR
    ENERGY.
    6.)SEE the Supreme Court Case - 'Hydrolevel Decison' - putting corporate
    and some 'self-interest' above the PUBLIC INTEREST (including the
    industry).... ref is not given here. IT IS THE SUPREME COURT.

    PPS. Thanks at least for your bringing up the issue... and/or alleged
    bravery.

    PPS. no endorsement of BSD or even of the peer process; however
    small, self-collusion and/or 'conflict of interest'' or LACK OF MERITOCRACY
    appears to be a common pattern throughout history.

    ReplyDelete
  2. PPS. the reason in industry conferences for
    in my opinion (and I am no expert in sociology or organization development):
    personal opinion only

    1.)limited elections and often only one slate of candidates run.
    the industry is small and IMPORTANT PEOPLE have limited time
    2.)tendency toward BIG CORP like RSA and others to send alleged
    'volunteers.'
    3.)could be 'failure bias.' the consultant or someone not in the RSA (for
    illustrative example only) could be forced to decline THE IMPORTANT MEETING, because of another client and/or obligation.

    4.)alternative CONFERENCE and even virtual conferences are possible.

    8.)Showing up in person and even SHAKING THE HANDS OF TOP
    OFFICIALS in South Africa during the apartheid era could be
    a relevant consideration. Note: this is not a political commentary about
    South Affrica, etc. For those ORGANIZATIONS and even those
    INSTITUTIONS in organizational form that have allegedly FAILED
    the measures of TRUST and accountability and even mission statement
    of 'willingness to improve' there is ..... FILL IN THE BLANK.


    Due to your alleged bravery... and or willingness to talk... alas, I must
    say a somewhat private matter.

    As honors/awards/ former licensed professional engineer/ president commendation DUTY above and beyond the call of duty electric/gas company
    etc...

    I organized many tours/events and activities for 'the member interests'
    at that time, I was a bit 'shy by personality' and obviously the few and
    ONLY ASIAN AMERICAN at that level.

    I HEREBY PUBLICLY SAY, I CO"NFESS! I deliberately did not
    run specialty areas of the nuclear power /fossil fuel power plants.
    Yes, I was alert (some may say fearful) I WAS ALERT TO THE
    questions about the possible SKELETONS NI THE CLOSET.

    IN ORGANIZATIONS, we pas the torch on. quote - by building the road
    we build ourselves (it is not the road that is important; it is the conversation,
    the fellowship and the ALTERNATIVE RSA conference at a local
    community college. Where yes, the session about RSA as an organization
    is ON THE CALENDAR.

    It is a question of Trust, of 'due process', of careful listening to everyone
    including Mr. Jeffrey Carr (who I learned off about 20 minutes ago).

    It is 'governance - hear that CEO?. It is dependence vs. independence
    vs. INTERDEPENDENCE.

    Some may call it 'boycott' which has a connotation of ECONOMIC WARFARE.
    some call it shunning. Please refer to the book called Scarlet Letter,
    required reading for English Majors and Computer Science. LOL.
    some call it personal - I WILL NOT MOVE TO THE BACK OF THE BUS..
    some call it ... fill in the blanks.

    thanks for listening... and will the HYDROLEVEL non-profit and
    the ENGINEERS OF THE GRID have the HIGHEST reputation, even
    above 'telephone engineers - ATT - what? another story....

    HOW MANY HYDROLEVEL CASES are there in the industry conference
    areas?????

    ReplyDelete
  3. Hi Jeffrey,

    I'd like to bring to your attention that Phillip Hallam-Baker is slandering your name and making insinuations that you are corrupt and trying to promote your own rival conference. Phillip Hallam-Baker says you shouldn't be making statements against the RSA since you have a corrupting conflict of interest.

    He's making these claims at the prominent Boing Boing website here:

    http://bbs.boingboing.net/t/petition-stephen-colbert-dont-speak-at-the-rsa-conference/19255/55

    Here's the quote:

    "... If you are going to accuse people of conflict of interest, Jeffrey Carr's company runs a rival conference 'suits and spooks' that has been trying to make a niche in the cyber-engagement world so if you are going to dismiss my comments on the presumption that someone who disagrees with you must have a conflict I think you need to quote from people who don't have an actual conflict. ... "

    Phillip Hallam-Baker:
    http://www.rsaconference.com/speakers/phillip-hallam-baker

    I thought you should be aware of these statements made against you there by Phillip Hallam-Baker.



    Thank you for your ethical stand against the RSA,

    Cowicide

    ReplyDelete
  4. Thanks for the heads-up, and for your support. I just responded to Hallam-Baker in the comments thread.

    ReplyDelete