Friday's report that RSA received $10 million to make an NSA-favored random number generator the default setting in its BSAFE crypto tool aren't yet creating any problems on Wall Street, with stock for parent company EMC rising two percent on Monday. That doesn't mean the revelations don't have important public relations fallout for the encryption software maker.
On Monday, Mikko Hypponen, chief research officer of Finland-based antivirus provider F-Secure, publicly canceled the talk he was scheduled to deliver at the RSA Conference USA 2014, which is slated for February. A highly sought-after security researcher who regularly speaks at Black Hat, Defcon, Hack in the Box, in addition to the more mainstream Ted and South by Southwest conferences, Hypponen said his cancellation was in protest of the recently revealed $10 million contract to make the NSA-influenced Dual EC_DRBG BSAFE's default pseudo random number generator (PRNG). Hypponen also cited RSA's decision to keep Dual EC_DRBG the default PRNG for more than five years after serious vulnerabilities were uncovered in it and Monday's non-denying denial from RSA in response to Friday's report from the Reuters news agency.
"I don’t really expect your multibillion dollar company or your multimillion dollar conference to suffer as a result of your deals with the NSA," Hypponen wrote in an open letter to Joseph M. Tucci and Art Coviello, the CEO of EMC and the executive chairman of RSA respectively. "In fact, I'm not expecting other conference speakers to cancel. Most of your speakers are American anyway–why would they care about surveillance that's not targeted at them but at non-Americans. Surveillance operations from the US intelligence agencies are targeted at foreigners. However I'm a foreigner. And I'm withdrawing my support from your event."