Connect with us

Hi, what are you looking for?



NSA Spying Controversy Continues at RSA Conference

SAN FRANCISCO – Normally, the buzz around a RSA Conference is confined to talk of products and services and the challenge of improving enterprise security. This year however, it was different.

SAN FRANCISCO – Normally, the buzz around a RSA Conference is confined to talk of products and services and the challenge of improving enterprise security. This year however, it was different.

Controversy about the U.S. government’s electronic surveillance programs led to several speakers dropping out ahead of the conference, and sparked discussions about privacy and civil liberties. In his keynote, Art Coviello, executive chairman of EMC’s RSA security division, spoke about the balance between national security and individual liberty and called for the U.S. and governments around the globe to denounce the use of cyber-weapons and cooperate in the fight against cybercrime and the protection of economic and privacy rights on the digital world.

Art Coviello Keynote: RSA 2014

RSA found itself in the middle of this debate late last year, when it was reported that it accepted $10 million from the NSA to use Dual Elliptic Curve Deterministic Random Bit Generator (Dual_EC_DRBG) as the default in its BSafe products. It continued to do so until last September, despite the fact that concerns about its security were raised several years before.

According to Coviello, using the algorithm as default allowed the company to meet government requirements and stopped in September after the National Institute of Standards and Technology (NIST) issued guidance discouraging it. But he also spoke of the dangers of spy agencies blurring the lines between offensive and defensive work.

“If we can’t be sure which part of the NSA we are actually working with and what their motivations are, perhaps we should not be working with the NSA at all,” he told the crowd, adding that the agency’s defensive-minded Information Assurance Directorate (IAD) does valuable work and should be spun-out of the agency and run on its own.

In a separate talk, Richard Clarke, who served as special advisor to former President George W. Bush on cybersecurity and worked on the committee that recently recommended changes to the NSA’s surveillance program, said that it would be foolish for the American government to purposefully weaken an encryption standard in order to exploit it.

“We argued in the review report that if the united states government becomes aware of a vulnerability that can be turned into a zero-day exploit, its first obligation is to tell the American people about that so we can patch it,” Clarke said. “Not to run off and try to break in to the Beijing telephone system. We are so dependent in this country on cyber systems that when one of them is vulnerable we put ourselves at risk.”

Advertisement. Scroll to continue reading.

Former NSA Director Michael Hayden, who sat on the panel with Clarke, argued that public opinion on national security practices ebbs and flows as fear of attacks waxes and wanes. In the aftermath of an attack, agencies get criticized for not being aggressive enough; but in the absence of an attack, critics say the intelligence community goes too far, he said.

According to Clarke, transparency is key. The country will accept many things, as long as there is a general understanding of what is going on, he said. Ultimately, intelligence activities should pass what he called the “front page test” – meaning they can be explained in a way the country will accept if they become public. While he stated that America is far from a police state, it is important to have checks and balances in place to prevent it from coming into being given the advancements in the world’s technology.

“The technology is there- not just at NSA, your local police department with its surveillance cameras – the technology is there writ large for a police surveillance state; and not just in the United States, but in most of the modern world,” Clarke said. “That means we need now more roadblocks to the police surveillance state being turned on than we did in the past.” 

*This story was updated.

Related: Treaties, Multi-National Agreements Needed to Ban Cyber Weapons: RSA Chief

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


WASHINGTON - Cyberattacks are the most serious threat facing the United States, even more so than terrorism, according to American defense experts. Almost half...


Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet


The war in Ukraine is the first major conflagration between two technologically advanced powers in the age of cyber. It prompts us to question...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...


Iranian APT Moses Staff is leaking data stolen from Saudi Arabia government ministries under the recently created Abraham's Ax persona

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...


Russia-linked cyberespionage group APT29 has been observed using embassy-themed lures and the GraphicalNeutrino malware in recent attacks.


ENISA and CERT-EU warn of Chinese threat actors targeting businesses and government organizations in the European Union.