> I mention this because people on Twitter are taking the stance that instead of boycotting RSA that we should attend their conference, to represent our views, to engage people in the conversation, to be "ambassadors of liberty". This is nonsense. It doesn't matter how many people you convince that what the RSA did is wrong if that doesn't change their behavior. If everyone agrees with you, but nobody boycotts RSA's products/services, then it sends the clear message to other corporations that there is no consequence to bad behavior. It sends the message to other corporations that if caught, all that happens is a lot of talk and no action. And since the motto is that "all PR is good PR", companies see this as a good thing.
DO BOTH. This is the real world. People have to compromise to send a unified message. Don't refuse to help one group who shares your goals because they have a different idea of how to achieve it. If you are in a position where you can boycott and voice your opinion to their faces, do it. Maybe you're right and they don't give a shit about what you say. Who cares? Let the other people there know, and let them know that there are more of you out there.
It would take too much secret coordination, but the coolest thing would be if all the world's encryption experts/academics colluded to talk at RSA's conference with seemingly-plausible topics, but then have everyone just deliver a speech on RSA's actions before leaving the podium. Then again, getting in would require writing legitimate papers that RSA could still publish in their proceedings to make the conference look successful.
I can't imagine anyone voluntarily using any of RSA's products after the patent expired. RSA SecurID was pretty mediocre, too (acquisitions being the way of horrible companies with cash and no products).
They had a huge brain drain as soon as the market picked up at all post-dotcom period, too.
I think it may be useful to think in terms of contract law as well, where companies looking to integrate with each other set restrictions on the security technologies that each other is allowed to use under the terms of the contract. This could cover both interoperability and end-user and admin access (e.g. SecurID).
DO BOTH. This is the real world. People have to compromise to send a unified message. Don't refuse to help one group who shares your goals because they have a different idea of how to achieve it. If you are in a position where you can boycott and voice your opinion to their faces, do it. Maybe you're right and they don't give a shit about what you say. Who cares? Let the other people there know, and let them know that there are more of you out there.