updated 06:26 pm EST, Fri December 20, 2013
Agency pushes vulnerable encryption standard
The National Security Agency has been accused of paying computer-security company RSA $10 million to sell encryption software vulnerable to surveillance, unnamed sources have told Reuters. The agency's role in promoting a crackable encryption standard was exposed earlier this year in documents leaked by former NSA contractor Edward Snowden, however the latest report is the first to detail a formal contract and monetary compensation for compliance.
The NSA is said to have crafted its own pseudorandom-number generator to be used for data encryption, but with an undisclosed vulnerability that enabled backdoor access. Sources now claim the agency paid RSA to set the crackable standard as the default setting in the company's Bsafe security tools.
RSA, now owned by EMC, responded to the initial Snowden leak by notifying customers to stop using the vulnerable number-generator. The company has argued that it was unaware of the NSA's backdoor capabilities, however critics point to the alleged payment as evidence of complacence with government surveillance.
"RSA always acts in the best interest of its customers and under no circumstances does RSA design or enable any back doors in our products," the company said in a statement. "Decisions about the features and functionality of RSA products are our own."
Separate leaked documents appear to outline an NSA strategy that embraces collaboration with private-sector companies to minimize the effectiveness of security tools. A group of tech giants, including Apple and Google, recently met with President Obama to voice opposition to the agency's surveillance methods, however the government has yet to publicly announce any formal plans to rein in the programs.