The RSA cybersecurity conference draws its name from the eponymous business and cryptographic protocol created by its founders: Ronald Rivest, Adi Shamir and Leonard Adleman. Well into its third decade, the conference provides a venue for private-sector vendors and professionals to mingle, talk shop and listen to presentations, including many from prominent government agencies. For the 2019 RSA conference in San Francisco, RSA cofounder Adi Shamir, who is Israeli, was denied a tourist visa and unable to attend.
Shamir’s absence loomed over the cryptographer’s panel, an annual session where he is a regular fixture. It could have served as an opportunity to question the future relationship of the conference to the United States government. The 2018 RSA conference included a keynote from Department of Homeland Security Secretary Kirstjen Nielsen. This year, the event on stage immediately following the panel was a fireside chat with FBI Director Christopher Wray. High member levels of the government regularly indicate by their presence that they see RSA as a worthy venue.
But the only questioning of that relationship during this year’s panel came in the form of a video sent by Shamir and played at the start of the session. Shamir said, in light of his inability to get a tourist visa in time for the conference, “Perhaps it’s time we rethink the question of how and where we organize our major scientific conference.”
After Shamir’s video played, the panelists discussed a range of issues facing the cybersecurity. Cryptographer and security expert Whitfield Diffie of Cryptomathic specifically called out an Australian law that mandates backdoors around encryption in private communication.
“Secret backdoors are like pathogens,” said cryptographic researcher Paul Kocher, before leading into an extended metaphor about the limitations of using a harmful pathogen to punish only narrowly targeted bad guys.
State power was clearly a concern for the group’s speakers especially when it came to state power operated in secret and online. Shafi Goldwasser, director of the Simons Institute for the Theory of Computing, noted that while many judge-issued surveillance orders on individuals are supposed to expire, those expiration orders never come, instead leaving the orders sealed and the surveillance ongoing.
As the power of the state, at least in cyberspace, was questioned, the role of cyberspace in damaging the smooth functioning of states also came under scrutiny.
“In 2000 we learned that our voting system is fragile,” said Ronald Rivest, an RSA cofounder. “In 2016 we learned that we have adversaries.”
Rivest specifically pointed to election audits as a tool for election security, with the hope that widespread and well-executed audits will build trust in ballots. This is especially important, he noted, for convincing the loser in an election. There are already pilot programs underway in some states.
Talk then turned to catastrophic events. Kocher noted the dangerous and inextricable interdependability of cybersecurity systems on the architecture they are built to protect.
“Doomsday is always temporary,” Goldwasser replied, trying to bring in a moment of hope into a panel mostly about the dire state of durable and possibly catastrophic threats. She pointed out that computer scientists are more literate all the time, and that teaching crypto early is a way to ensure the future built is more secure than today.
“If anything, this field is about a sort of magic,” said Goldwasser.
And online, it certainly is. But it’s a kind of magic that can still hit hard obstacles in physical space. The absence of Adi Shamir underscored the way in which state power still constrains the movement of people.