Anti-RSA TrustyCon draws packed house seeking modern security know-how

Security conference organized in reaction to RSA's NSA tie-ups focuses on making technology safe and trustable

Disgusted by the possibility that RSA took $10 million in NSA money to use a deliberately flawed encryption algorithm, a small contingent of folks originally slated to appear at the 2014 RSA Conference decamped and staged their own security-themed get-together: TrustyCon.

The conference's stated mission: "[to] prioritize and refocus trust in technology and technology companies during a time of cynicism and contempt towards consumer security and privacy." Based on the first year's roster of events and speakers, there's at least as much emphasis on the politics as on the technology itself. That's no surprise given how one of TrustyCon's supporters is the Electronic Frontier Foundation, never shy to speak out about the political implications of any technology.

Though small -- only 400 seats to RSA's 25,000 -- the entire event, held in the AMC Metreon multiplex across the street from the Moscone Center -- sold out in three days, with tickets going for $50 each. In fact, according to the Register, 300 additional people were waitlisted for the show but couldn't get in, a good sign that curiosity about the show and demand for its roster of speakers was running high. For those who couldn't make it, a live stream of the event has been archived on YouTube.

The exodus from the RSA show, and to TrustyCon, began when Finnish security firm F-Secure's CTO Mikko Hyppönen declared he was canceling his talk at RSA (the conference) over the NSA flap, for which he's publicly lambasted RSA (the company). Hyppönen's talk at TrustyCon was entitled "The Talk I Was Going to Give at RSA," and in it he warned that the destruction of trust in companies like RSA or even his own F-Secure, due to under-the-table collusions or lack of transparency, would ruin the security industry as a whole.

Another major name at TrustyCon, and presumably a big draw for conference attendees, was Bruce Schneier. Schneier's reputation as an expert in security is hard to dispute, even if he's had some major brickbats flung his way for his more radical suggestions -- for example, that the NSA's functions be broken up or redistributed. While on stage at TrustyCon, he put out a call for better, less cumbersome encryption tools, where the encryption doesn't require any effort on the part of the end-user.

Encryption was, predictably enough, a major theme at the show. Other speakers included Garrett Robinson and Yan Zhu of the SecureDrop project, used by media organizations to allow whistleblowers to safely and anonymously deliver sensitive documents via an encrypted store. Chris Palmer of Google and Stanford University Professor of Computer Science and Electrical Engineering Dan Boneh's ran a panel called "New Frontiers in Cryptography" that revolved around the practical, nitty-gritty problems of certification authorities and DNS security.

Some panels touched on the social side as well. Black Hat and Def Con founder Jeff Moss's "Community Immunity" examined how tough it is to protect the big, complex systems that have come into existence. He employed the analogy of protecting public health: The point isn't to, say, cure cancer (or to make any network perfectly secure), but rather to mitigate the damage that any particular disease (or vulnerability or DoS attack) causes.

Despite this only being the first time around for TrustyCon -- conference co-organizer Alex Stamos promised the show would return in future years -- the theme of the show appears to have taken shape above and beyond "we don't like RSA" and toward how tough it is to deliver the kinds of security solutions the modern world needs.

This story, "Anti-RSA TrustyCon draws packed house seeking modern security know-how," was originally published at Get the first word on what the important tech news really means with the InfoWorld Tech Watch blog. For the latest developments in business technology news, follow on Twitter.