23rd of December 2013


An Open Letter to:
Joseph M. Tucci - Chairman and Chief Executive Officer, EMC
Art Coviello - Executive Chairman, RSA



Dear Joseph and Art,

I don’t expect you to know who I am.

I’ve been working with computer security since 1991. Nowadays I do quite a bit of public speaking on the topic. In fact, I have spoken eight times at either RSA Conference USA, RSA Conference Europe or RSA Conference Japan. You’ve even featured my picture on the walls of your conference walls among the 'industry experts'.

On December 20th, Reuters broke a story alleging that your company accepted a random number generator from the National Security Agency, and set it as the default option in one of your products, in exchange of $10 million. Your company has issued a statement on the topic, but you have not denied this particular claim. Eventually, NSA’s random number generator was found to be flawed on purpose, in effect creating a back door. You had kept on using the generator for years despite widespread speculation that NSA had backdoored it.

As my reaction to this, I’m cancelling my talk at the RSA Conference USA 2014 in San Francisco in February 2014.

Aptly enough, the talk I won’t be delivering at RSA 2014 was titled "Governments as Malware Authors".

I don’t really expect your multibillion dollar company or your multimillion dollar conference to suffer as a result of your deals with the NSA. In fact, I'm not expecting other conference speakers to cancel. Most of your speakers are American anyway – why would they care about surveillance that’s not targeted at them but at non-americans. Surveillance operations from the US intelligence agencies are targeted at foreigners. However I’m a foreigner. And I’m withdrawing my support from your event.

Sincerely,

Mikko Hypponen
Chief Research Officer
F-Secure