NSA Paid Security Company to Adopt Weakened Encryption Standards


A few months ago, we learned via the Snowden leaks that the NSA had been busily at work trying to undermine public cryptography standards. One in particular was a random number generator used for creating encryption keys in RSA’s BSafe software. But Reuters reports there’s more to the story:

Undisclosed until now was that RSA received $10 million in a deal that set the NSA formula as the preferred, or default, method for number generation in the BSafe software, according to two sources familiar with the contract. Although that sum might seem paltry, it represented more than a third of the revenue that the relevant division at RSA had taken in during the entire previous year, securities filings show.

….Most of the dozen current and former RSA employees interviewed said that the company erred in agreeing to such a contract, and many cited RSA’s corporate evolution away from pure cryptography products as one of the reasons it occurred.

But several said that RSA also was misled by government officials, who portrayed the formula as a secure technological advance. “They did not show their true hand,” one person briefed on the deal said of the NSA, asserting that government officials did not let on that they knew how to break the encryption.

Well, look. There are a very limited number of reasons that the NSA would be so eager for you to use their encryption software that they’d be willing to pay you $10 million to do it. Surely someone at RSA must have had some inkling of what was going on.

Probably more than an inkling, if I had to guess. But this certainly goes to show just how serious and relentless the NSA has been about crippling the public use of cryptography. The president’s surveillance commission recommended on Friday that this stop, and since trustworthy encryption is critical to trust in the internet as a whole, it would sure be nice if President Obama put a stop to this.

THANK YOU.

We recently wrapped up the crowdfunding campaign for our ambitious Mother Jones Corruption Project, and it was a smashing success. About 10,364 readers pitched in with donations averaging $45, and together they contributed about $467,374 toward our $500,000 goal.

That's amazing. We still have donations from letters we sent in the mail coming back to us, so we're on pace to hit—if not exceed—that goal. Thank you so much. We'll keep you posted here as the project ramps up, and you can join the hundreds of readers who have alerted us to corruption to dig into.

We Recommend

Latest

Sign up for our newsletters

Subscribe and we'll send Mother Jones straight to your inbox.

Get our award-winning magazine

Save big on a full year of investigations, ideas, and insights.

Subscribe

Support our journalism

Help Mother Jones' reporters dig deep with a tax-deductible donation.

Donate

Share your feedback: We’re planning to launch a new version of the comments section. Help us test it.