The NSA are in a lot of hot water now. Not only have we found out about the extent of their spying on the American public — including our World of Warcraft playing sessions — but now, more documents released by the famed whistleblower Edward Snowden show that RSA, the company responsible for the strongest encryption code on the market, signed a secret $10 million deal with the agency to leave a backdoor in its code open so they could access computers using it.
RSA’s encryption software, BSafe, is one of the most widely used forms of encryption on PCs. The company created the Dual Elliptic Curve Deterministic Random Bit Generator and embedded it into BSafe. According to RSA, this was just a random number generator meant to increase encryption. However, there were many security holes in the generator that eventually allowed NSA agents access to products protected by the BSafe software.
So the question is, did RSA deliberately create the holes in the generator for payment or did they just take the NSA’s money and look the other way when the holes were discovered? Considering that these holes were known as far back as 2001, when security expert Bruce Schneier said that the random bit generator “can only be described as a back door,” RSA’s role seems fishy. Also, it wasn’t until this year that the RSA publicly asked its customers to stop using the generator, although they haven’t said much about how their relationship with the NSA has already affected those they’ve done business with.
It’s a safe bet that we’ll hear more in the coming months about the NSA partnering with agencies responsible for computer security. As Snowden releases more documents, expect more Orwellian surveillance news to surface.
Via The Guardian