RSA, a security firm operating under EMC’s control, has been accused of degrading its encryption standards in order to help the NSA. Although this involvement was bad enough, recent reports have stated that RSA actually received $10 million from the government spy agency in order to make sure that the encryption remained in a state that was easily crackable.
The first report regarding this secret trade came from Reuters, who said that they had talked to dozens of current and former RSA employees about the trade and had concluced that the $10 million deal was indeed factual and not just a rumor.
If these reports are correct, RSA signed the deal with the NSA in 2006 which means that the $10 million would have made up nearly one-third of the firm’s revenue for the year.
As these allegations are huge and could potentially ruin any sort of reputation that RSA still has, the firm has already ended up on the defensive and is denying any sort of involvement with the NSA to this extent. In particular, RSA says that it did not receive $10 million from the NSA.
RSA always acts in the best interest of its customers and under no circumstances does RSA design or enable any back doors in our products. Decisions about the features and functionality of RSA products are our own.– RSA
Assuming that the Reuters report is correct and RSA did accept the $10 million, the NSA would have backdoor access to anyone that is using RSA’s BSAFE software to protect their data. Considering that encryption is one of the last things that protects a person or corporation’s privacy, it is likely that many of RSA’s customers will be removing themselves from the company as soon as possible in order to better protect highly sensitive data.
RSA’s reputation took a hit in September following the release of a Snowden document revealing the NSA’s backdoor into the firm’s encryption standards. So, this most recent report is simply making the situation even worse.
It is not surprising that RSA is denying involvement to this extent but at the same time, there seems to be more than enough evidence for people to conclude that some sort of deal was made between RSA and the NSA.