It’s an early and sunny Saturday after the week-long RSA, perhaps the largest computer security conference in the world. A small group of weary and conference-hungover hackers, information security professionals and activists is gathering at the new San Francisco office of Yahoo, in the neighborhood of South of Market, or SoMa, a quickly gentrifying and hip neighborhood filled with tech startups.
Alex Stamos, the man who for more than a year now has been in charge of securing Yahoo, the sometimes forgotten internet giant that boasts more than 1 billion users, was opening the doors of the company’s office for something called the “Trust Unconference.” This event was in part inspired by another one-day event he helped organize last year, when several high-profile speakers who were supposed to talk at the RSA conference pulled out after the explosive revelation that the National Security Agency had reportedly paid the company RSA $10 million to put a backdoor into one of its popular security products.
For many, that was a watershed moment in the history of the security industry: a giant, well respected company had been successfully bribed to make life easier for the NSA—at the expense of all users and customers of the company.
In front of a group of around 200 people, Stamos tucked his hands in his pockets. He started to bounce on his toes, perhaps uneasy at what he was about to say.
“I’m not very happy with where we are as an industry,” he said, with a grim look on his face. “We’re really focusing on the 1%,” he added, referring to the small number of companies that can afford to spend on cybersecurity teams and products, and the minority of internet users who are literate enough to jump through the hoops that are needed to be safer online.
That, according to Stamos, is not going to cut it as the internet adds a billion new users in its expansion in developing countries all over the world.