RSA Says It Didn't Receive Money From NSA

RSA Says It Didn't Receive Money From NSARSA, a security firm operating under EMC’s control, has been accused of degrading its encryption standards in order to help the NSA. Although this involvement was bad enough, recent reports have stated that RSA actually received $10 million from the government spy agency in order to make sure that the encryption remained in a state that was easily crackable.

The first report regarding this secret trade came from Reuters, who said that they had talked to dozens of current and former RSA employees about the trade and had concluced that the $10 million deal was indeed factual and not just a rumor.

If these reports are correct, RSA signed the deal with the NSA in 2006 which means that the $10 million would have made up nearly one-third of the firm’s revenue for the year.

As these allegations are huge and could potentially ruin any sort of reputation that RSA still has, the firm has already ended up on the defensive and is denying any sort of involvement with the NSA to this extent. In particular, RSA says that it did not receive $10 million from the NSA.

RSA always acts in the best interest of its customers and under no circumstances does RSA design or enable any back doors in our products. Decisions about the features and functionality of RSA products are our own. – RSA

Assuming that the Reuters report is correct and RSA did accept the $10 million, the NSA would have backdoor access to anyone that is using RSA’s BSAFE software to protect their data. Considering that encryption is one of the last things that protects a person or corporation’s privacy, it is likely that many of RSA’s customers will be removing themselves from the company as soon as possible in order to better protect highly sensitive data.

RSA’s reputation took a hit in September following the release of a Snowden document revealing the NSA’s backdoor into the firm’s encryption standards. So, this most recent report is simply making the situation even worse.

It is not surprising that RSA is denying involvement to this extent but at the same time, there seems to be more than enough evidence for people to conclude that some sort of deal was made between RSA and the NSA.

  1. RSA has denied any extra involvement with the NSA past what is necessary. It has denied working with the NSA to any extent which would influence the company’s security standards.

    From RSA:

    “We also categorically state that we have never entered into any contract or engaged in any project…”

  2. But they don’t deny receiving $10 million do they? That is something you read into their statement which they never said. And that is exactly what they were hoping journalists would do with this non-denial denial.

    Your quote is partial and out of context “we have never entered into any contract or engaged in any project with the intention of weakening RSA’s products, or introducing potential ‘backdoors’ into our products for anyone’s use.”. They dont deny entering a contract with, and receiving money from, the NSA. All they have really said with this statement is that they weren’t aware the PRNG was flawed when they set it as the default, however even that is suspect as reports came out in 2007 that it was weak and potentially an NSA backdoor yet they still kept it as the default for 6 more years until Snowdens revelations of NSA involvement finally forced their hand.

Please enter your comment!
Please enter your name here