NSA Paid Security Company to Adopt Weakened Encryption Standards


A few months ago, we learned via the Snowden leaks that the NSA had been busily at work trying to undermine public cryptography standards. One in particular was a random number generator used for creating encryption keys in RSA’s BSafe software. But Reuters reports there’s more to the story:

Undisclosed until now was that RSA received $10 million in a deal that set the NSA formula as the preferred, or default, method for number generation in the BSafe software, according to two sources familiar with the contract. Although that sum might seem paltry, it represented more than a third of the revenue that the relevant division at RSA had taken in during the entire previous year, securities filings show.

….Most of the dozen current and former RSA employees interviewed said that the company erred in agreeing to such a contract, and many cited RSA’s corporate evolution away from pure cryptography products as one of the reasons it occurred.

But several said that RSA also was misled by government officials, who portrayed the formula as a secure technological advance. “They did not show their true hand,” one person briefed on the deal said of the NSA, asserting that government officials did not let on that they knew how to break the encryption.

Well, look. There are a very limited number of reasons that the NSA would be so eager for you to use their encryption software that they’d be willing to pay you $10 million to do it. Surely someone at RSA must have had some inkling of what was going on.

Probably more than an inkling, if I had to guess. But this certainly goes to show just how serious and relentless the NSA has been about crippling the public use of cryptography. The president’s surveillance commission recommended on Friday that this stop, and since trustworthy encryption is critical to trust in the internet as a whole, it would sure be nice if President Obama put a stop to this.

DOES IT FEEL LIKE POLITICS IS AT A BREAKING POINT?

Headshot of Editor in Chief of Mother Jones, Clara Jeffery

It sure feels that way to me, and here at Mother Jones, we’ve been thinking a lot about what journalism needs to do differently, and how we can have the biggest impact.

We kept coming back to one word: corruption. Democracy and the rule of law being undermined by those with wealth and power for their own gain. So we're launching an ambitious Mother Jones Corruption Project to do deep, time-intensive reporting on systemic corruption, and asking the MoJo community to help crowdfund it.

We aim to hire, build a team, and give them the time and space needed to understand how we got here and how we might get out. We want to dig into the forces and decisions that have allowed massive conflicts of interest, influence peddling, and win-at-all-costs politics to flourish.

It's unlike anything we've done, and we have seed funding to get started, but we're looking to raise $500,000 from readers by July when we'll be making key budgeting decisions—and the more resources we have by then, the deeper we can dig. If our plan sounds good to you, please help kickstart it with a tax-deductible donation today.

Thanks for reading—whether or not you can pitch in today, or ever, I'm glad you're with us.

Signed by Clara Jeffery

Clara Jeffery, Editor-in-Chief

payment methods

We Recommend

Latest