A tale of two cybersecurity conferences: Mistrust at TrustyCon and RSA USA

Researchers to the rescue?
After explaining his reasons for his boycott, Hypponen gave the talk he was once scheduled to give at the RSA event. He discussed government sponsored malware -- both the development of offensive cyber weapons by governments and deployments more close to home.
Ten years ago, he said, the thought that governments would be regularly deploying malicious code against their own citizens was science fiction. But now he says, "cops are infecting their own citizens with viruses." Another TrustyCon speaker, American Civil Liberties Union technologist and security researcher Christopher Soghoian, noted that the practices of technology companies are intimately linked to government capabilities. "If the service exists, the government can come and ask to use it."
EFF Activism Director Rainey Reitman struck a similar cord while accepting $20,000 on behalf of the organization from the conference. "The technology community and the security community play an incredibly important and unique role in the NSA speech -- and first and foremost that's in the engineering decisions you make," she said. "The daily decisions you make on the daily basis about how you build technologies will affect the privacy of millions of people not only today but for years to come potentially."
Reitman also praised engineers in technology companies who speak up about privacy issues, calling them the "unsung heroes" of a fight against the NSA. She called on the cybersecurity community to engage in educating the public and congress about the ways technology company behaviors affected consumer privacy and security. "One of the things we need to solve is how do we get our knowledge about technology to Congress, so that they aren't writing laws in a dark world without any understanding of the ramifications of what they're trying to do."
"We don't have a community, we have communities."
Corman partnered with B-Sides for a conference also in San Francisco on Feb. 23 and 24. There he says he got more attention than at RSA. "We have very different demographics," he explained noting that RSA is geared more towards security practitioner, "so for them it was the very first introduction."
But that, he thinks, helps illustrate the divide in the space. "We don't have a community, we have communities. And there's some pretty deep schisms within them."
Public opinion polls about NSA programs have showed people are divided on whether government spying activities go too far. And in cybersecurity circles, where many of those revelations hit even closer to home, opinions -- and actions -- are similarly divided.
"Some of these researchers can have a beer together at a bar, but one of them thinks that you're a horrible person if you sell exploits to the government, and the other one is actively selling exploits to the government," says Corman. "There are some pretty deep rifts that are resurfacing,"
"We the people voted for the Patriot Act. We voted for the people who reauthorized it, and re-reauthorized it. The American people have spoken," Colbert said, adding jokingly, "you don't change horses in mid-wiretap." And the RSA conference, despite serious discussion of government spying programs, came to represent a sort of unspoken acknowledgement of the status quo.
And while tens of thousands attendees circled hundreds of vendors at the RSA conference, it was hard not to marvel at the sheer scale of the industry that has emerged to combat cybersecurity threats. The $20,000 donation TrustyCon collected for EFF would barely cover the rental and staffing costs of modest booth on the RSA's conference show room floor.
But the low buzz of shared grievances under the surface of the RSA conferences and public interest cybersecurity research advocacy like Corman is working to organize may suggest that the rebellious energy at TrustyCon is infecting more and more in the broader industry. But the tone of both events suggested that there is a lot of trust that needs to be rebuilt between government leaders, Internet advocates, and the cybersecurity industry moving forward.
Full Article