One of the most respected cybersecurity firms in the business, RSA, has reportedly accepted money from the NSA to push a flawed security product. This latest news comes from a report by Joseph Menn, an investigative reporter with Reuters. It’s connected to earlier revelations about the National Security Agency building back doors into encryption to help its surveillance programs, which has had even the most capable cryptologists very worried.
The new report cites two unnamed sources that say the NSA gave $10 million to the cybersecruity firm in order to make a random number generator (often used in encryption) the default security setting in the product. Since RSA is a trusted security source, it was effectively an arrangement–paid for by the spy agency — for the company to help establish the flawed encryption tool to be accepted by thousands of people who were building software. Some of the sources speaking to Menn said that RSA wasn’t fully aware of what it was doing, but the suggestion is that the company should have known better, having a history of fighting things like the government’s Clipper Chip.
RSA released a statement in response, which Ars Technica called a non-denying denial. It is interesting to read through it and try to parse the language; the part with the words “categorically deny” could refer to the suggestion that the contract with the NSA was “secret,” or that there was a contract, or even that the flaw was known.
However you feel about the report or the response from the RSA (the NSA declined comment), the story brings an uncomfortable truth to light: for years, the NSA has worked in concert with cybersecurity experts. That’s a good thing when it comes to national security–the U.S. government has expertise in the area of fighting a broad spectrum of cybercrime that has a very real impact on Americans. But as revelations about secret government surveillance continue, questions grow about whether online security is totally broken — and who, exactly, can help fix it.
If you’re a member of your local public radio station, we thank you — because your support helps those stations keep programs like Marketplace on the air. But for Marketplace to continue to grow, we need additional investment from those who care most about what we do: superfans like you.
Your donation — as little as $5 — helps us create more content that matters to you and your community, and to reach more people where they are – whether that’s radio, podcasts or online.
When you contribute directly to Marketplace, you become a partner in that mission: someone who understands that when we all get smarter, everybody wins.