❗Let's close the gap: We still need your help to raise $40,000 by April 1. Donate now

RSA and the NSA: Who is telling the truth?

Molly Wood Dec 24, 2013
HTML EMBED:
COPY

RSA and the NSA: Who is telling the truth?

Molly Wood Dec 24, 2013
HTML EMBED:
COPY

One of the most respected cybersecurity firms in the business, RSA, has reportedly accepted money from the NSA to push a flawed security product. This latest news comes from a report by Joseph Menn, an investigative reporter with Reuters. It’s connected to earlier revelations about the National Security Agency building back doors into encryption to help its surveillance programs, which has had even the most capable cryptologists very worried.  

The new report cites two unnamed sources that say the NSA gave $10 million to the cybersecruity firm in order to make a random number generator (often used in encryption) the default security setting in the product. Since RSA is a trusted security source, it was effectively an arrangement–paid for by the spy agency — for the company to help establish the flawed encryption tool to be accepted by thousands of people who were building software. Some of the sources speaking to Menn said that RSA wasn’t fully aware of what it was doing, but the suggestion is that the company should have known better, having a history of fighting things like the government’s Clipper Chip

RSA released a statement in response, which Ars Technica called a non-denying denial. It is interesting to read through it and try to parse the language; the part with the words “categorically deny” could refer to the suggestion that the contract with the NSA was “secret,” or that there was a contract, or even that the flaw was known. 

However you feel about the report or the response from the RSA (the NSA declined comment), the story brings an uncomfortable truth to light: for years, the NSA has worked in concert with cybersecurity experts. That’s a good thing when it comes to national security–the U.S. government has expertise in the area of fighting a broad spectrum of cybercrime that has a very real impact on Americans. But as revelations about secret government surveillance continue, questions grow about whether online security is totally broken — and who, exactly, can help fix it. 

There’s a lot happening in the world.  Through it all, Marketplace is here for you. 

You rely on Marketplace to break down the world’s events and tell you how it affects you in a fact-based, approachable way. We rely on your financial support to keep making that possible. 

Your donation today powers the independent journalism that you rely on. For just $5/month, you can help sustain Marketplace so we can keep reporting on the things that matter to you.