RSA Conference 2016: What’s Old Security is New Again

BLOG: Kurt Stammberger, founder of the RSA Conference, sees the same issues in FBI vs. Apple as were brought to the fore in 1993 with Clipper Chip.

RSA Conference 2016, the world’s largest annual meetup of security professionals and product and service vendors, has opened its doors at Moscone Center in San Francisco and is expected to attract a record number of attendees, Feb. 29 through March 3.

Conferences come and go with the changing trends, but RSA has been a survivor, because: a) it is run very well, with excellent speakers, seminars and panels; b) it’s in an attractive location, and c) security never goes away as a Tier 1 issue.

When someone gets to the conference and sees the huge mass of international attendees that is expected to number more than the record 33,000 that came in 2015, it’s hard to conceive that the event started in 1991 with about 100 people in a Hotel Sofitel (Redwood City, Calif.) conference room.

But it did, and Kurt Stammberger, founder of the event and now Chief Marketing Officer at Fortscale, remembers it well.

Modest Beginnings for a Huge Event

RSA“We had modest beginnings, for sure,” Stammberger told eWEEK. “There weren’t all that many security professionals around at that time (years before the Internet), but we had fun talking, comparing notes, having a good time socially. We thought it was a huge success with 100 people! I don’t think any of us at that time thought that it would grow into the behemoth — or the industry force — that it is now.”

RSA will attract more than 33,000 attendees and more than 700 companies in attendance. Britta Glade, senior content manager for RSA Conference, said the top topic submissions this year were around the Internet of things, the Industrial Internet of things, industrial control systems, encryption, and artificial intelligence/machine learning.

There were about 1,700 session submissions on the topic of encryption alone.

Stammberger believes that the RSA Conference grew faster and larger than other, more well-established conferences because it did not target the specific audiences (criminology, insurance, government, etc.) that the others did.

“Pretty much, we started with technical security professional and cryptographers only. And that was it,” Stammberger said. “What we were realizing in the early ’90s at RSA is that cryptography and privacy and these other technologies were much broader-reaching than anybody understood before that. These technologies had huge implications for law and policy for standards, for personal technology.

Should Apple And Other Phone Makers Be Forced Unlock Devices For Law Enforcement?

View Results

Loading ... Loading ...

RSA Was a Conference of Firsts

“The innovation that RSA brought to the table and why it grew so fast was that we were the first conference to introduce this idea of different tracks for people that weren’t cryptographers or computer security professionals, but who were interested in computer security from other angles. We had a law and policy track, a markets tracks … so you would have bankers and traders and market analysts at the same conference with cryptographers and security admins. You’d have lawyers and elected officials at that same conference.

“We were mixing together all these communities of people who all had a stake in computer security and cryptography, but never really talked to each other before,” Stammberger said.

Despite the huge growth of the event over a span of 25 years, Stammberger hasn’t seen a whole lot change in the main problems with keeping data safe and available only for the appropriate people.

“With this whole FBI vs. Apple thing, I feel like we’re in a time warp,” Stammberger told eWEEK. “It seems like every five to seven years, the FBI and the NSA take another run at it, and they try some kind of proposal to slide in compulsory backdoors, or, in this case, saying a company can be compelled to do engineering work for us, without limit, on demand.”

A little background from Stammberger:

Apple security lock key backdoor security privacy ios © SynthManiac Shutterstock“The NSA, in 1993, was getting scared, because public key cryptography was really beginning to take off. They were worried about large portions of their signals’ intelligence capability going dark on them. So they forwarded their proposal for a chip, called Clipper, that would encrypt everything but it would have one set of backdoor keys that the FBI and the NSA would have. And that chip would go into every PC and every Mac that was sold in the world. That was their solution back then.”

It’s almost exactly the same thing we’re seeing with FBI vs. Apple today, Stammberger said. “They’re saying either build in backdoors for us, or we’re going to compel you to do work for us to help us decrypt it. It’s a time warp; it’s the exact same arguments that are being made over and over again. This is a battle we fought 22 years ago. It’s evergreen; it keeps coming up.”

RSA at the time joined a national campaign of security professionals against the Clipper proposal.

“We wore big buttons that said ‘Sink Clipper,’ rallying the troops and trying to inform people about it because back then. Not as many people were clued in about cryptography and security in general,” Stammberger said. “We were pretty worried that NIST (National Institute of Standards and Technology) and the NSA would kind of slide this through as a standard, while nobody was paying attention.”

Clipper Chip Now Long Defunct

The Clipper chipset was intended to be adopted by telecommunications companies for voice transmission. It was announced in 1993 and by 1996 was entirely defunct.

At the heart of the concept was something called key escrow. In the factory, any new telephone or other device with a Clipper chip would be given a cryptographic key that would then be provided to the government in escrow. If government agencies “established their authority” to listen to a communication, Stammberger said, then the key would be given to those government agencies, who could then decrypt all data transmitted by that particular telephone.

The Electronic Frontier Foundation, which was new on the scene, preferred the term “key surrender” to emphasize what they alleged was really occurring.

“We banged the drum pretty loudly to get people to understand the risk of building in a permanent government backdoor into every system, and how dangerous that was. NIST eventually withdrew the proposal because they couldn’t get any industry support for it,” Stammberger said.

Whether that will happen again now, in FBI vs. Apple, is unknown, and it appears to be headed to a high court showdown. But if history is a guide, this initiative, too, will crash and burn along with all the others.

Are you a security pro? Try our quiz!

Originally published on eWeek.