chevron-down Created with Sketch Beta.
June 23, 2021 Feature

What Does the RSA Conference Have to Do with Law?

By Alice Albl and Nat Brown

In 1982, Ron Rivest, Adi Shamir, and Leonard Adleman founded RSA Security, a computer and network security company specializing in encryption and encryption standards. The first RSA Conference took place nine years later in 1991 and featured a single panel on digital signature standards used to authenticate message recipients and detect alterations to exchanged information.

Fast forward to 2021, the RSA Conference is now an “event central” to the worlds of cryptography, cybersecurity, and privacy. Its agenda now features over twenty topic themes (Tracks) ranging from the Internet of Things to Anti-Fraud. The RSA Conference attendance has also grown to number in the tens of thousands with executives, forensic data analysts, cryptographers, public servants, attorneys, and inventors from all corners of the tech world gathering to present their innovations, to network, and to learn.

The History of the ABA’s Involvement in the RSA Conference

At first blush, the connection between this seemingly niche conference and the largest association of legal professionals worldwide may not be apparent. Yet, the ABA has become integral to the growth of the RSA Conference as it moves from a forum concerned primarily with cryptography to one centered on building a culture of security and privacy presented through regulatory compliance programs. The participation of the legal community has become a critical facet of the RSA Conference, in part, because it is lawyers who advise and implement strategies to meet state, federal, and international data privacy and cybersecurity requirements; represent clients before regulatory bodies; and often assume responsibility for leading incident response teams.

The RSA Conference’s expansion into a hub for legal knowledge in data privacy and cybersecurity can in large part be credited to the ABA members responsible for its inaugural Law Track introduced in 2002. In the nineteen years since, the Law Track has not only persisted but expanded in lockstep with the growth of cyberspace and technology, providing a forum for the unlimited emerging legal issues that have accompanied technological innovation. As technology evolves, lawyers also have a personal stake in observing best practices in cybersecurity and protecting client data. Senior RSA Director and Conference Coordinator Britta Glade has observed the impact of cyber incidents across the legal profession, noting that “law firms are a big target. Now cybersecurity is the cool thing because everyone has their own story.”

Lawyers at the RSA Conference

The RSA Conference arms lawyers with the tools required to protect the privacy of their clients, mitigate cybersecurity risks, and oversee regulatory compliance. Lawyers in attendance also gain critical knowledge and insight into cutting-edge technologies and ideas that represent the building blocks of what is now a national effort to create a “defend forward” culture of cybersecurity.1 With recent events like the Colonial Pipeline ransomware attack highlighting the importance of this culture, the practical intersections that business, information technology, and national security all share with the legal profession are rapidly gaining attention.

The popularity of the RSA Conference’s yearly mock hearing program is emblematic of growing interest in cybersecurity and the law. The mock hearing attracts viewers from all backgrounds and is argued by two practicing attorneys and overseen by a sitting judge. This year’s hypothetical addressed the current issue of protected work status of a forensic investigation report commissioned in response to a ransomware attack.

Apart from the mock trial, RSA Conference participants have access to a full Law Track. This year’s Law Track offered a selection of twelve different sessions conducted over two days. Topics this year included the proper management of data breaches, the latest developments in cybersecurity case law and international data transfer protocol, and the prevention of “spear-phishing” attacks. Each of these programs featured an hour of insight from industry leaders followed by a Q&A. At the end of each program, attendees had the opportunity to apply for CLE credit and to download the resources used during the sessions.

In addition to CLE credits, attendees are also granted access to on-demand trainings, exclusive seminars, and the network of minds bringing it all together. The RSA Conference functions as a summit for some of the most prolific minds in the cybersecurity and privacy community. For example, in 2010 the U.S. federal government chose the RSA Conference as the forum to unveil the Comprehensive National Cybersecurity Initiative (CNCI). 2 In our increasingly digital world, the RSA Conference has also become a launchpad for the future of all business. As stated by former ABA SciTech Section Chair Stephen Wu (the former-Chair and current shareholder at Silicon Valley Law Group), “This is not an ordinary trade show; it’s looking at the whole of society, it’s raising questions that everyone should consider. If we didn’t have these things [cybersecurity and privacy] society would fall down.”

Wu sees the RSA Conference as a place for legal professionals to expand not only their technological prowess, but their networks as well. He recalled how his own attendance inspired a career-defining foray into the world of artificial intelligence (AI) and robotics law after an encounter with futurist Ray Kurzweil, the inventor of text-to-speech and the flatbed scanner.

In hearing of Wu’s Conference experience, RSA Conference Director Glade noted that stories like Wu’s are something that the RSA Conference prioritizes. “The generosity of the individuals in this community is awesome,” she said in an interview for the ABA SciTech Division, “[t]hat’s what RSA has created, a way and a means irrespective of person to connect. We benefit from diverse perspectives; we benefit from having people there.”

While the legal community constitutes a vital part of the larger data privacy and cybersecurity community present at the RSA Conference, it amply benefits from the generosity referred to by Glade. Increased regulatory obligations, government rules, and data privacy protections such as the European Union’s General Data Protection Regulation and the California Consumer Privacy Act have changed the ethical and professional roles and responsibilities of lawyers concerning security and compliance. With its uniquely curated content providing insight into all areas of technology, data privacy, and cybersecurity, the RSA conference provides legal professionals an extraordinary opportunity to learn from leaders in the information and cybersecurity field, to increase their technological proficiency, and to learn best practices to proactively mitigate risk and respond to cyber incidents.


1. Originally articulated in the 2018 Department of Defense Cyber Strategy, “defend forward” is a strategic concept of layered cyber deterrence that creates costs for adversaries conducting malicious behavior in cyberspace. The concept has since been reimagined as a unified national approach to cybersecurity.

2. Created in 2008, the Comprehensive National Cybersecurity Initiative established U.S. cybersecurity goals, including creating frontline defenses against network intrusion; supply chain risk management; defending the United States against threats through counterintelligence; and strengthening the future cybersecurity environment through research, coordination, and education. The initiative involves multiple agencies including the Department of Homeland Security, the Office of Management and Budget, and the National Security Agency.

The material in all ABA publications is copyrighted and may be reprinted by permission only. Request reprint permission here.

By Alice Albl and Nat Brown

Alice Albl is a 3L law student and Prince Scholar at Brooklyn Law School, where she concentrates her studies on legal developments in cybersecurity and financial technology. Alice holds degrees in World Economics and Japanese from time spent at both the Ohio State University and Waseda University in Tokyo, Japan. Nat Brown, MA, is a second-year law student at Loyola Law School’s evening program. She holds a master’s in Education Policy and a BA from the University of Virginia. Nat credits experience working with a California-based online education agency to manage legal risk associated with implementing EdTech as spurring her interest in information security and privacy law in the digital age.