NIST invested in protest-hit RSA Conference

The US National Institute of Standards and Technology has paid $16,500 for a booth at the protest-hit RSA Conference 2014, it has emerged

The US National Institute of Standards and Technology (NIST) has paid $16,500 for a booth at the protest-hit RSA Conference 2014, it has emerged.

So far, eight high-profile speakers and attendees have pulled out of the event in protest against the security firm RSA after allegations of a deal with the National Security Agency (NSA) to use a purported backdoor in a NIST-approved encryption standard.

These include eight-time speaker Mikko Hypponen (pictured), chief research officer for security firm F-Secure.

"Aptly enough, the talk I won’t be delivering at RSA 2014 was titled ‘Governments as Malware Authors,” he wrote in a blog post.

Finland-based Hypponen said he did not expect US security professionals to follow suit, but participants from some US companies have said they intend to boycott the conference, according to reports.

There have also been calls for a boycott of the EMC-owned company’s technology after a Reuters article in December alleged RSA had accepted $10m from the NSA to enable a backdoor in its products.

RSA removed the NIST-approved Dual-EC-DRBG encryption standard from its products after a whistleblower claimed the NSA had inserted a backdoor.

But the company issued a statement saying that it would never “design or enable any backdoors” in its products, but has not explained why it accepted $10m from the NSA.

RSA said it had continued to use the standard in its BSafe products despite concerns in the industry because NIST had not recommended any changes to the algorithms.

Now it has emerged that NIST planned to increase its presence at the RSA Conference based on the results achieved by its management team at the 2013 event, reports Nextgov.

According to 2013 contracting documents, NIST’s representatives at last year's conference "cultivated key relationships with peer-to-peer executives at companies and government agencies.

“Our attendance at RSA offered our leadership team to speak on panels that reinforced NIST's position as a technical thought leader and policy advisor,” the documents state.

NIST has been a regular RSA Conference attendee since 1995, and this year planned to promote a new lab in Maryland, called the National Cybersecurity Center of Excellence.

RSA officials acknowledged working with NSA, both as a supplier and an active member of the security community.

"Our explicit goal has always been to strengthen commercial and government security," the statement said.

"When NIST issued new guidance recommending no further use of this algorithm in September 2013, we adhered to that guidance, communicated that recommendation to customers and discussed the change openly in the media.”

The NSA is not listed as an exhibitor on the RSA Conference website, but agency officials are scheduled to speak at the event, including NSA Information Assurance Director Debora Plunkett.

Read more on Privacy and data protection