RSA accused of secret deal to include flawed encryption in security software
24 Dec 2013
The US National Security Agency (NSA) paid $10 million to vendor RSA in a ''secret'' deal to incorporate a deliberately flawed encryption algorithm into widely used security software, Reuters reported
The agency reported Friday, that the contract formed part of an NSA campaign to weaken encryption standards in order to aid the agency's surveillance programmes, Reuters reported on Friday.
The report, quoting two sources familiar with the contract, led to a series of headlines that served to add fuel to the ongoing debate about the surveillance tactics of the agency.
Meanwhile, RSA, which initially declined to comment, denied late on Sunday any secret pact with the NSA.
"We have worked with the NSA, both as a vendor and an active member of the security community. We have never kept this relationship a secret and in fact have openly publicized it. Our explicit goal has always been to strengthen commercial and government security," RSA said in a statement.
"We have never entered into any contract or engaged in any project with the intention of weakening RSA's products, or introducing potential 'backdoors' into our products for anyone's use," the RSA said.
Meanwhile, the immediate fallout from the allegation that RSA helped the NSA undermine crytpography standards was that F-Secure excused itself from the 2014 edition of RSA's conference.
F-Secure's chief research officer Mikko Hypponen, denounced RSA as an imperialist running dog. His strongly-worded letter addressed to EMC's Joe Tucci and RSA's Art Coviello said he would not attend a forthcoming RSA conference and would not deliver his planned speech titled "Governments as Malware Authors" at RSA 2014.
He offered the folllowing reasons for the cancellation, ''I don't really expect your multibillion dollar company or your multimillion dollar conference to suffer as a result of your deals with the NSA. In fact, I'm not expecting other conference speakers to cancel. Most of your speakers are american anyway – why would they care about surveillance that's not targeted at them but at non-americans. Surveillance operations from the US intelligence agencies are targeted at foreigners. However I'm a foreigner. And I'm withdrawing my support from your event.''
The Register points out that Hypponen was being a little disingenuous, as the wider Snowden-derived scandal revealed that the US has conducted surveillance on its own citizens as well as foreigners.