The Reuters story reveals that the NSA paid RSA a sum of $10 million to incorporate a “flawed” random number generator into its encryption products.


The NSA is still reeling from the effects of Edward Snowden’s high-profile leak from earlier this year. The latest story to break through about the disgraced governmental division was presented on Friday by Reuters, and suggests that NSA partnered with a major computer security firm to gain back door access to all manner of internet encryption products. The security company in question is called RSA, a Utah-based firm that has been a major player in the computer security industry since it was founded by MIT processors in the 1970s.
The Reuters story reveals that the NSA paid RSA a sum of $10 million to incorporate a “flawed” random number generator into its encryption products. NSA’s idea was that the broken random number formula would then serve as a Trojan Horse of sorts and give the government greater access to private internet communications normally kept secure by encryption.
That the NSA had developed this “back door” formula was revealed all the way back in September, when the New York Times discovered an outline of the anti-encryption plan in one of the Snowden documents. Now, Reuters has discovered that RSA was the company the government used to hoist its Trojan Horse upon the general public. RSA edited the back door access formula into a software product called Bsafe, which is used for security and encryption on personal computers and other electronic devices. In other words, while customers buying Bsafe thought they were protecting themselves from prying eyes, they were actually doing the opposite.
This isn’t the first time the NSA and RSA have shared newspaper headlines. In the 1990s, the Clinton administration wanted to introduce what they called a “Clipper Chip,” which would have been a mandatory component in computers, phones, and other electronic communication devices. The Clipper Chip would have allowed government officials to break through encryption. Supposedly, that power would only have been used with a warrant, but it was a privacy breach so wrought with potential for abuse that many ardently protested its implementation. RSA was at the forefront of the protest efforts, and eventually helped to derail the proposal altogether.
However, the government wasn’t ready to give up the dream of wide-scale citizen surveillance. After 9/11, the NSA had the power it needed to implement sweeping spy programs, and as RSA changed CEOs and team members, the company lost its protective stance on privacy. Precisely why RSA joined with the NSA’s efforts to break encryption – especially for the relatively low sum of $10 million – has not yet been made clear. However, RSA has advised its customers to stop using Bsafe, hoping to at least correct its misstep in aiding government surveillance.