SAN FRANCISCO - In an atmosphere of distrust and anger, the CEO of security giant RSA took the stage this morning to address recent controversies around his company's work with the NSA, and its years-long support of an algorithm suspected of containing an NSA backdoor.
But RSA Security CEO Art Coviello, speaking at the RSA Security Conference here, addressed the controversy only obliquely.
It isn't disputed that RSA made the controversial Dual_EC_DRBG algorithm the default random number generator in a toolkit used by developers. But a recent Reuters story reported that RSA's motives for that decision were tainted. The report suggested that RSA signed a $10 million contract with the NSA that provided, among other things, for RSA to make the weak algorithm the default random number generator in one of its BSafe toolkit.
Coviello didn't discuss the $10 million contract directly or the issue of the backdoor, instead offering an innocent explanation for why RSA chose the algorithm for its default, reiterating comments the company’s chief technology officer told WIRED last year that elliptic curve algorithms like the Dual_EC_DRBG algorithm were all the rage at the time, and RSA chose it as the default because it provided certain advantages over hash-based random number generators, including better security.
Coviello also said that his company made the algorithm its default at the time because the federal government was its primary encryption customer, and the customer wanted it.
"Given that RSA’s market for encryption tools was increasingly limited to the U.S. Federal government and organizations selling applications to the federal government, use of this algorithm as a default in many of our toolkits allowed us to meet government certification requirements," Coviello said.
Coviello then switched the focus of his talk to address the trust issues that have arisen in the wake of recent revelations disclosed in documents released by Edward Snowden, such as assertions that the NSA has been engaged in a years-long program to undermine cryptographic systems.
Coviello said the NSA's dual activities -- securing systems and breaking them -- has undermined trust and made it difficult for companies to know, when working with the spy agency, which side and which agenda may take precedence.
He therefore called on the U.S. government to split the NSA into two organizations -- one for intelligence collection and the other for developing defense mechanisms to secure data.
Coviello was expressing support for a recent proposal from a president-appointed review board to divide the NSA into two distinct groups.
"When or if the NSA blurs the line between its defensive and intelligence gathering roles, and exploits its position of trust within the security community, then that’s a problem," he said. "Because if, in matters of standards, in reviews of technology, or in any area where we open ourselves up, we can’t be sure which part of the NSA we’re actually working with, and what their motivations are, then we should not work with the NSA at all."
Additionally, he called on the U.S. and other nations to renounce the use of cyber weapons and to establish norms of behavior on the internet that will preserve its value as a means of communication and commerce.
"Unlike nuclear weapons, cyber weapons are easily propagated and can be turned on the developer," Coviello noted. "We must have the same abhorrence to cyber war as we do nuclear and chemical war."
Coviello's remarks, a manifesto of sorts for preserving trust in the internet, were politely received by the audience, who seemed more enthralled by the surprise appearance of actor William Shatner before his talk, who was "beamed" into the auditorium and did a comedic bit on security to the tune of "Lucy in the Sky with Diamonds."
Coviello's more somber tone followed.
Coviello opened his remarks with a brief address about the controversy around the Dual_EC_DRBG algorithm.
For years, RSA had made the algorithm its default for generating random numbers in BSafe. RSA added the algorithm to its libraries in 2004 or 2005, before NIST approved it for the standard in 2006 and before the government made it a requirement for software purchased for federal agencies. The company then made it the default algorithm in BSafe and in its own key management system after the algorithm was added to the standard.
But last year, RSA Security, whose parent company runs the annual RSA Security conference, publicly renounced the Dual_EC_DRBG algorithm, following a New York Times story that asserted that the NSA inserted a backdoor into the algorithm and then pushed it into a standard sanctioned by the National Institute of Standards and Technology in 2006.
Following the Times story, NIST withdrew support of the algorithm, and RSA sent an advisory to developer customers “strongly” urging them to change the default to one of a number of other random number generator algorithms RSA supports. RSA also changed the default on its own end in BSafe and in an RSA key management system.
Then earlier this year, Reuters published its story asserting that RSA had made the algorithm its default under a $10 million contract with the NSA.
RSA, a subsidiary of EMC, says it's prohibited from discussing the nature of its contracts with customers and only told Reuters at the time that "RSA always acts in the best interest of its customers and under no circumstances does RSA design or enable any back doors in our products. Decisions about the features and functionality of RSA products are our own."
Following publication of the Reuters story, however, a number of security experts scheduled to speak at the RSA conference pulled out of their talks and announced plans to boycott the event. Those who backed out include Adam Langley and Chris Palmer from Google; Chris Soghoian, principal technologist for the American Civil Liberties Union; and Mikko Hypponen, chief research officer for the Finnish security firm F-Secure.
An alternative one-day conference is being held on Thursday as an alternative for those who don't want to support the RSA conference. TrustyCon, as it's been dubbed, will include some of the speakers who boycotted RSA.
Nawaf Bitar, a senior vice president at Juniper Networks, addressed the boycott in his keynote, which followed Coviello's. Bitar likened the boycott in effectiveness as people on the internet "liking" something or giving it a thumbs up or thumbs down.