A secret relationship between the National Security Agency (NSA) and EMC-owned RSA security company has left the company receiving a significant amount of high-profile backlash.
Despite RSA being accused by NSA whistle-blower Edward Snowden of being paid $10 million to include a backdoor in its software, the company has denied the accusation.
Specifically, RSA began using a flawed formula backdoor in the BSAFE software toolkit, which is used to increase PC security, with critics shocked that money was exchanging hands from the government to a private company. The Dual Elliptic Curve Deterministic Random Bit Generator (Dual_EC_DRBG) is a crypto random-bit generator that the NSA subverted so a backdoor can be easily included – and cyber security experts were shocked at its common use.
“We have worked with the NSA, both as a vendor and an active member of the security community,” RSA officials noted in a blog post. “We have never kept this relationship a secret and in fact have openly publicized it. Our explicit goal has always been to strengthen commercial and government security.”
The blog post also said that at the time, the NSA was active in reportedly trying to “strengthen” as opposed to trying to “weaken” encryption. Both the NSA and RSA remained relatively quiet regarding their clandestine relationship, as some former RSA employees claim the company was misled by the NSA when arranging the deal.
Following Snowden’s controversial information leaks, the NSA has faced widespread criticism from US citizens, foreign Internet users, and national governments. Companies that aided the government agency with its “secret” partnerships will continue to receive backlash from angry users. Regardless, the NSA and other federal branches will flood Internet service providers (ISPs) and other companies with legal warrants and subpoenas to collect information on users – while backdoor deals won’t be uncommon.