Security company denies secret $10 million deal with NSA

A major tech security company denied claims it received millions to weaken computer security standards through a secret contract with the National Security Agency.

“We categorically deny this allegation,” RSA, The Security Division of EMC, said in a blog post over the weekend.

ADVERTISEMENT
Late last week, Reuters reported that the company had received $10 million “as a key part of [the NSA’s] campaign to embed encryption software that it could crack into widely used computer products.”

Reuters called RSA “one of the most influential firms in the computer security industry.”

According to reports from earlier in the year based on documents from former NSA contractor Edward Snowden, the NSA developed a flawed formula to get easier access to encrypted products, and RSA used that formula in its security tools.

According to Reuters, RSA was paid $10 million to rollout that flawed formula in its security tools. 

“Although that sum might seem paltry, it represented more than a third of the revenue that the relevant division at RSA had taken in during the entire previous year, securities filings show,” according to the Reuters report.

In its Sunday blog post, RSA defended its relationship with the NSA, saying that it has “never kept this relationship a secret and in fact [has] openly publicized it.”

RSA said that by using the formula, which was not known to be flawed at the time, the company was following security industry standards as set by the NSA.

“At that time, the NSA had a trusted role in the community-wide effort to strengthen, not weaken, encryption,” the company wrote.

Additionally, the company pointed to recent efforts to update its security tools in accordance with newer standards set by the National Institute of Standards and Technology. 

The company said it has “never entered into any contract or engaged in any project with the intention of weakening RSA’s products, or introducing potential ‘backdoors’ into our products for anyone’s use.”