
At the RSA Security Conference, Things Get Testy - gregcohn
http://bits.blogs.nytimes.com/2014/02/28/at-the-rsa-security-conference-things-get-testy-and-then-they-get-awkward/
======
naaaaak
_Around San Francisco this week, some were seen sporting Electronic Frontier
Foundation T-shirts featuring a retooled N.S.A. logo with an eagle using its
talons to plug into the American telecom network, symbolized by AT &T. Asked
about the T-shirts, one AT&T executive, who asked not to be named, said they
had a chilling effect.

“There are many of us at AT&T who are disturbed by what we’ve been hearing
about the N.S.A.,” this person said. “But when you see that,” he said,
pointing to the T-shirts, “a conversation becomes impossible.”_

\----

The conversation became impossible when your company decided to willingly give
up everything and anything about its customers for a fee. Were it not for
customer apathy, I'd like to think your entire shitty company would have been
fucked out of existence by now for what they continue to do. But not really,
because your company probably would have just been given a bailout for failing
at everything but sucking government dick.

Fuck you nameless executive. I wish I could request anonymity as easily as you
can. Your shitty company brought this upon itself and there is nothing to
discuss until it stops being the NSA's bitch.

~~~
weland
This is the first thing that crossed my mind. Ten years ago we could have had
a conversation. AT&T _and_ NSA decided we shouldn't. What exactly is it to
talk about now?

Also, no matter how much we dislike such arguments, there's no such thing as
"many of us at AT&T were disturbed by what we've been hearing about the NSA".
The people who work for AT&T _are AT &T_. They all share the burden of what
AT&T did.

This isn't some insensitive, extremist whining. I know, from personal
experience, how hard it is to reflect on the ethics of the bigger picture you
fit in. I'm not insinuating we should now start lynching AT&T employees, since
we can't get at the bigger fish. However, a lot of employees who are
disgruntled at the social and ethical behaviour of their company actually have
an option to leave; this would be a correct approach, not complaining about
not being able to talk to bystanders.

"Collective" responsibility is, by no means, absolving of personal
responsibility. Even AT&T imply it on their careers page:

> At AT&T, we’re connecting the world like never before. Ready to get in on
> the action? Together we’ll do great things.

~~~
insensible
An AT&T staffer giving me a data center tour circa 2006 told me only one of
the VPs knew who the client was for one of the areas in the room. What is a
staffer going to do to influence that kind of situation?

~~~
weland
Switch jobs. AT&T wouldn't be a top partner for the NSA without competent
people.

This isn't an option for a lot of people; the folks doing tech support or
working in the shops and barely get along on minimum wage don't have that
option. The decision makers and tech leads do.

I'm not talking out of my ass. I have resigned from a very well-paid position
because of ethical reasons, and there was far, far less at stake than general
privacy matters.

------
a3n
> The organizers of a rival conference, called TrustyCon, which was organized
> following revelations that RSA had been paid by the N.S.A., said they had
> spent much of the past weekend persuading executives from the Metreon —
> another big, downtown center next to the Moscone — not to kick them out of
> their conference space. The Metreon was set to house the TrustyCon
> conference on Thursday but Metreon’s management began to grow concerned
> after they received calls from RSA’s conference organizers.

> The RSA organizers warned the Metreon that TrustyCon attendees were
> arranging a huge boycott on their premises. In the end, the TrustyCon
> conference was able to proceed Thursday without a hitch.

So RSA tried to suppress free speech (which is what TrustyCon amounts to) by
planting FUD to kill a business deal (the contract with TrustyCon's venue).

Your security dollars at work.

~~~
mwfunk
This is not suppression of free speech (that's a very loaded term). If it was,
we never would have heard about this incident in the first place.

~~~
a3n
"tried to"

------
zmanian
Restore the Fourth SF participated in the protests with several other
organizations.

We don't know who the other participants in BULLRUN are. We don't know if
companies or standards bodies are compromised from the top down like RSA or
the bottom up through subverted employees.

It was important to protest RSA because imposing a cost on RSA provides an
incentive to companies to resist BULLRUN through stronger internal security
and extracting a higher price for C-Level cooperation.

\- RSA security tried to force some of our members off the public sidewalk.
([https://restorethefourthsf.com/rsa-thinks-as-little-of-
the-f...](https://restorethefourthsf.com/rsa-thinks-as-little-of-the-first-
amendment-as-they-do-of-the-fourth-amendment/))

\- Most of our volunteers had positive interactions with conference
attendees([https://restorethefourthsf.com/the-rsa-conference-
protestvol...](https://restorethefourthsf.com/the-rsa-conference-
protestvolunteer-experiences/))

There were some lovely photos of the event from the independent press.

[https://secure.flickr.com/photos/ari/tags/rsac/](https://secure.flickr.com/photos/ari/tags/rsac/)

~~~
a3n
> imposing a cost on RSA provides an incentive

Exactly. And that's the potential effectiveness of boycotting US businesses,
and infrastructure like undersea cables. Of course the NSA can get at data
almost anywhere in the world. You can't stop their technical ability.

But you can hurt US business by not using them. If that loses US business
serious money, then the "heavily lobbied" Congress will change the NSA.
Harumphs will be heard throughout the halls of Congress.

~~~
zmanian
Simply raising awareness and suspicion of the American government's attempt to
subvert the security features of US products is step in the right direction.

------
higherpurpose
> _Representative Mike Rogers, Republican of Michigan and the chairman of the
> House Intelligence Committee, said in an interview that he would spend much
> of the week meeting with venture capitalists and young entrepreneurs to try
> to rebuild Silicon Valley’s trust in the intelligence community._

How? By lying to them some more? I haven't seen one truth spoken by Mike
Rogers about NSA so far. And they thought he's the perfect guy to rebuild
trust with Silicon Valley? Do they imagine that if he's the guy that lies the
most about NSA, that also means Silicon Valley will buy it?

> _Thursday but Metreon’s management began to grow concerned after they
> received calls from RSA’s conference organizers._

I don't get it. Why would they care what RSA thinks? Unless they got some
calls from some Congressmen/NSA, too?

> _As one put it, “If you’re not here, you’re shutting yourself out of the
> conversation, which helps nobody.”_

To backdoor or not to backdoor. Yeah, that's some conversation. So from all
the people who said that, and went to RSA, did they actually "have that
conversation"? Or did they just sit quietly in their chairs and waited to be
spoonfed some more lies? Something tells me most of those didn't even care if
they put a backdoor. They're just there to get more business.

From what I hear, RSA didn't even bother to alleviate concerns about their
backdoor. Probably because trying to do that would mean admitting to it, and
that's rather keep people confused. This way they may get to keep some fans.

> _“There are many of us at AT &T who are disturbed by what we’ve been hearing
> about the N.S.A.,” this person said. “But when you see that,” he said,
> pointing to the T-shirts, “a conversation becomes impossible.”_

Poor AT&T. People are so unfair to them. I mean so what they let NSA tap into
their cables and gave them whatever data they wanted? That doesn't mean people
should be mean to them by wearing T-shirts describing exactly what they did.
It reminds me of GEMA complaining about Youtube telling its viewers that the
videos were taken down by GEMA.

~~~
nitrogen
Both of those quotations refer to "conversation", apparently in an attempt to
frame the public discussion in terms of being shut out by the privacy
advocates. Where was this "conversation" when the backdoors and exploits were
being developed? A victim of a privacy violation doesn't want a "conversation"
with the perpetrator -- they want the violation to stop and the perpetrator
prosecuted.

------
blisterpeanuts
The market will solve the problem as it always does. Customers the world over
will cease relying on American software and data services, which will cause
enough pain in the U.S. that pressure will finally be brought to bear on
Congress to act, and the surveillance will be reined in, albeit probably too
little too late to lure back much of the business.

Ultimately, we'll have a more dispersed and diversified industry with more
infrastructure and offices in places that are beyond the reach of government
spies. New cryptographic techniques will help protect data, and there will be
a new transparency among companies that guarantee data privacy: they'll need
to prove it to increasingly skeptical customers.

The internet will map around this problem as it always has.

~~~
Zigurd
This is the correct answer.

People have made fun of the first steps: the undersea cable that avoids the
US, for example. Yeah, yeah, we have multi-billion-dollar titanium submarines
to tap that. It's not the first such cable that's significant. It's when the
cables to the US don't get replaced it will start to sting.

But the real break with the US will happen when you can buy telecom
infrastructure and enterprise gear that runs buildable open source software,
and when Internet portals start offering secure-by-default communications
products like Tox for their customers (or customers adopt such products with
or without support from their service providers).

~~~
gregcohn
An economist would like this answer, but I would like to think a little
document called the Constitution could also -- eventually -- put a stop to
things.

~~~
Zigurd
The US government and people seem to be capable of deluding themselves that
they are world-class in a wide range of endeavors where they actually rank
below relatively poor, relatively new republics like Lithuania.

The technology industry, despite being far larger, has been led by the nose by
a corrupt old-school rent-seeking content publishing industry. What chance do
you give it against the Security State and the revenue gravy train behind it.
Nobody fought back. Are there any YC startups making secure services for end-
users?

As for the Constitution? That's been sidelined. Only the naive think it still
offers any protection. There will be no meaningful change until collapse
and/or insurrection break the current system. At best we might swerve at the
brink.

~~~
hga
" _As for the Constitution? That 's been sidelined._"

Mostly agree ... but in your native Illinois, they just mailed the first 5,000
shall issue concealed carry licenses:
[http://www.chicagotribune.com/news/local/breaking/chi-
illino...](http://www.chicagotribune.com/news/local/breaking/chi-illinois-
first-concealed-carry-licenses-in-the-mail-5000-of-
them-20140228,0,696877.story)

That's because the Supremes finally got past the post-Civil War keep guns from
blacks and other official undesirables (like your non-Anglo-Saxon immigrant
parents, although that burst of gun control was back around the turn of the
previous century vs. none I know of post-WWII till the '60s), took the 2nd
Amendment seriously (e.g. 9-0 an individual right), and then applied the 14th
Amendment to it. And then a 7th Circuit Court panel led by a judge who
dislikes the Right to Keep and Bear Arms, but who's honest, enforced shall
issue on the whole state.

Same thing's happening right now in California
([https://en.wikipedia.org/wiki/Peruta_v._San_Diego](https://en.wikipedia.org/wiki/Peruta_v._San_Diego)),
and San Diego and Orange Counties have surrendered. No doubt San Francisco and
other counties will engage in Massive Resistance, but the Supremes seem to be
supremely disinterested in the subject, or at least they've denied cert in 2
of the 4 possible Circuits that went the other way, with the New Jersey and
Massachusetts cases still in progress. We'll see.

" _There will be no meaningful change until collapse and /or insurrection
break the current system. At best we might swerve at the brink._"

I'm certainly hoping for the latter, but in the meanwhile, we're getting
_really_ well armed for the former two, as you note not mutually exclusive,
options. Hard to see how things won't get ugly when the Feds can no longer
borrow money at negative real interest rates or thereabouts or debase the
dollar so much it doesn't matter.

~~~
Zigurd
Don't underestimate the possibility, and the horror, of just muddling through.
The US is in an oil boom, which would feel like an actual boom if it wasn't
propping up an economy that was really very badly damaged by the 2008 bust.
That means we can pay down the wars without learning that we're on track to
get dragged down by a bloated security state. Heck, we managed to spend ten
years in the Graveyard of Empires and all we learned were some cheesy
anecdotes in a fraudulent book about tea drinking. And that generals shouldn't
date their hagiographers.

~~~
hga
" _Don 't underestimate the possibility, and the horror, of just muddling
through._"

Indeed, and I don't, for that's the worst case I'm likely to survive for
medical reasons. I label it "Argentina".

I do think you obsess a bit too much on the costs of our 21st Century foreign
adventures. To take FY 2007 as an example,simply because Wikipedia provides
some details and the Iraq war was hot, that was famously the year of the
"surge":
[https://en.wikipedia.org/wiki/2007_United_States_federal_bud...](https://en.wikipedia.org/wiki/2007_United_States_federal_budget),
the total Defense and Iraq and Iran war costs were less than Social Security +
Medicare ... which can't get "turned off" like these, and which are going to
rise dramatically as the Baby Boomers continue to retire.

Near the end of that fiscal year the CBO _" estimated that "war-related
defense activities" in 2007 were "roughly $115 billion."_ (Or call it 230
Solyndras.) You have more than a passing familiarly with WWII and the Cold
War, and their costs. We aren't talking about Maximum Efforts like the former
where, I just randomly looked up yesterday, we peaked at building a B-24
Liberator heavy bomber every hour, 650 per month (curiously close the total
number of all airplanes Imperial Japan could make in a month), and 18,482
total units (" _it still holds the distinction as the most-produced American
military aircraft._ ")

The "surge" itself wasn't that big in historical terms (although this is more
expensive volunteer army), 18,400 troops in 5 Army brigades, 4,000 Marines had
their stays extended, etc., evidently 28,000 "additional troops"
([https://en.wikipedia.org/wiki/Iraq_War_troop_surge_of_2007#O...](https://en.wikipedia.org/wiki/Iraq_War_troop_surge_of_2007#Operations)).

Unless the CBO was smoking something powerful, this wasn't a budget buster;
not a small cost, but I can't see how you can reasonably claim it's a
proportionally bankrupting cost, unless everything I've heard from secondary
or worse sources is wrong, plus what I just looked up.

------
lotsofmangos
Colbert at least ended it in reasonable style...

part 1 -
[https://www.youtube.com/watch?v=f7gGtVScrQo](https://www.youtube.com/watch?v=f7gGtVScrQo)

part 2 -
[https://www.youtube.com/watch?v=j3QH4d4qNOQ](https://www.youtube.com/watch?v=j3QH4d4qNOQ)

 _" I'm sure that under enhanced liberty you can have all the privacy that you
want, just like under enhanced interrogation you can breathe all the water you
want."_

------
alexqgb
“When or if the N.S.A. blurs the lines between its defensive and intelligence-
gathering roles, and exploits its position of trust within the security
community, then that’s a problem.”

That's Arthur W. Coviello Jr, RSA's Executive Chairman, who is not doing
himself or his company any favors. Seriously, "IF"?! Who does he think he's
trying to fool?

------
smoyer
Does anyone else see the irony in a politician saying “If you have two
different agencies, it becomes a bureaucracy,” Mr. Rogers added. “I think that
would be a mistake.”?

I think he needs to understand a few things from the constituent's
perspective:

1) The government is already too much of a bureaucracy.

2) The NSA is also a bureaucracy ... and doesn't have enough
oversight/transparency as it is.

3) He's not really in a position to say what's right since he's part of the
problem.

------
diminoten
It's over, isn't it? Let's just be honest with ourselves for a moment -
privacy is dead. The steps one would have to take in order to remain anonymous
today are on the level of complete and utter self-ostracization. Not even
hyperbolically, not even metaphorically, _literally_ every significant thing a
person does each and every day is determinable through the analysis of data
that gets generated by said act.

It's too late, we can't unwind this clock. So what now? I feel like everyone's
trying to unbreak the glass, unring the bell, whatever metaphor you'd like,
but no one's trying to think of how to live in this world.

What does a person do, when everything there is to do leaves a trace, and the
rules for what is and isn't acceptable behavior are constantly in wild flux?

~~~
atmosx
We fight at the only ground it ever mattered: Politics!!!

We put _privacy_ on the forefront of the agendas of our MPs. We become more
_active_ in the _democratic process_ than before.

Fighting organizations with larger amount of money that _we_ will ever have,
was always a dead end. You can't fight _fire with fire_. If you create a new
powerful encryption tool, you're starting an decryption race from Americans,
Chinese, Russians and who-ever-has the power to pursuit it. If they can't
break it, they will try to bend it, etc.

So the only thing that was ever going to work, is to held them accountable.
Make Keith Alexander and the others who made unwarranted mass surveillance
possible, accountable. Press towards that direction.

Snowden gave a huge leap towards that direction to the masses. He managed to
stir discussion to topics that were never discussed before.

All we need to do is let our MPs know that privacy matters, for our own good.

And by "we" I mean the entire technology community. Fighting for privacy on
the front of politics is the only meaningful way.

And once again, only through education people can reach enlightenment.

~~~
diminoten
Politics is the answer I expected and the answer I fully, completely, and
entirely reject.

The EFF, IDL, and other technology advocacy groups are _terrible_ at getting
legislation passed in the US. Just plain awful. The _only_ thing they can do
effectively is say no.

This is exactly the kind of response I'm talking about when I say, "unring the
bell". Our lives are out there, already. You, me, anyone with a Facebook
account, an email address, a cell phone - we're exposed, and the options
before us are to either eschew all technology entirely, or to figure out how
to live without privacy.

The ability to track the movements and activities of everyone in the world is
the kind of tool that sits on the same level as nuclear weapons, as jet
engines, as automatic weapons. We're never going to experience a world where
systemic and universal surveillance is not happening again.

The question I think we should start asking ourselves is, how do we live in
this world?

~~~
atmosx
EFF and IDL are terrible because they don't have money to lobby, neither do
you (I assume) and the industry that does, want's possibly even less privacy
(Faceboo, Google, Twitter, FourSquare, etc).

The thing is that I don't want to erase or use a fake name in my StackOverflow
or Twitter account. I know perfectly well that at any time my data could be
exploited by a third party.

That's why I'm saying that the only way to get over this, is to make large
part of the population _aware of the issue_.

And the more people use the internet the easier will become.

You can reject it, but in a democratic country that's the way things work:
Politicians want (and sell themselves easily) for more votes. Exchange your
vote for privacy, the administration might want to control our lives using
espionage, but if MPs don't get votes they can't support the administration
and I believe they will turn their back to the administration way more easily
if they know that they will gain more votes (more _raw power_ ).

So all you have to do, is put the issue high on the agenda, nothing more. I'm
not saying it's easy, but it's not impossible either.

Once an NSA executive goes in jail for mis-conduction will have set a
precedent. Same thing will happen in Germany, etc. Then you can say that you
are _relatively safer_ because everyone who is going to exploit our data,
could face prison. And that's not an entertaining thought, especially for
politicians and executives.

~~~
Intermernet
Although I agree completely with your recommended course of action, and indeed
your sentiment, I find it frightening to see our reliance on the emergent
properties of democratic process so bluntly demonstrated.

We _don 't really know_ how to live in this society yet! No one has a definite
solution, but greater public awareness will definitely accelerate the outcome,
whether it be a solution for the general populous, or a "solution" for those
in power.

------
ForHackernews
> American officials were quick to rebut the idea that foreign data would be
> more secure outside American borders. “There’s a big call for data
> localization,” said Richard A. Clarke, the former United States
> counterterrorism czar. He pointed to the announcement this week between the
> European Union and Brazil that they would run a new undersea fiber-optic
> cable between Brazil and Portugal to thwart American spying.

> “First of all, who doesn’t think the U.S. can’t listen in?” Mr. Clarke said.
> “Could it possibly be that these countries are trying to take business away
> from U.S. carriers?”

Anyone want to try and parse the double-negatives here? "who doesn’t think the
U.S. can’t listen in?"

So he's saying, "It's not worth building your own networks, because we'll just
tap those too?" Is that the official US government position now?

~~~
dsuth
I guess that would technically mean "Who thinks the US can listen in?", which
would mean that he's attempting to downplay the possibility that the US
tapping things is a relevant concern, and all these international competitors
are just using the NSA as a convenient scapegoat, to drum up business.

Which actually makes sense when you consider that he's part of the machine,
and just toeing the party line.

------
cinquemb
It seems like the conversation on HN in general oscillates back and forth
about fighting fire with fire and not acknowledging there can be many ways to
put out a fire...

People upset about the corporate-governmental surveillance state ever-present
_globally_ want those in power to change without changing their own collective
behaviors seems to crowd out any discussion about other ideas that probably
would be eaiser/more effective to implement by taking advantage of such
realities and less focus on imposing crypto fantasies that go against the flow
of current collective human behavior...

Here's an idea seldom mentioned here: have you thought about removing the
oxygen that enables the fire to burn?

------
a3n
> Around San Francisco this week, some were seen sporting Electronic Frontier
> Foundation T-shirts featuring a retooled N.S.A. logo with an eagle using its
> talons to plug into the American telecom network, symbolized by AT&T. Asked
> about the T-shirts, one AT&T executive, who asked not to be named, said they
> had a chilling effect.

> “There are many of us at AT&T who are disturbed by what we’ve been hearing
> about the N.S.A.,” this person said. “But when you see that,” he said,
> pointing to the T-shirts, “a conversation becomes impossible.”

When you see Person C over there wearing a Tshirt, it makes an easy excuse not
to have a conversation with Person B who has nothing to do with the Tshirt.

------
ra
I seriously hope that this whole episode blows up in the form of an implosion
of RSA's top line.

That's the only message that will resonate with other NSA conspirateurs and
make them think again.

------
us0r
"Let's have a conversation"

Keith Alexanders talking points seem to be working just perfectly. Business as
usual.

------
gregcohn
>German executives and intelligence officials called Mr. Snowden a hero and
said his disclosures had been a boon for business, as N.S.A. suspicions
prompted global companies to look for alternatives to American products and
services.

I found this tidbit interesting -- the idea that setting aside legalities and
popular opinion, NSA policies are having a real (negative) effect on american
tech companies.

------
alextingle
The RSA brand is now irredeemably toxic. End of story.

