Skip to main content

NSA paid $10m to create 'back door' encryption software

The National Security Agency allegedly paid $10 million (£6.1 million) to the security software provider RSA to create a "back door" in its encryption products to give the NSA access to data protected by RSA products like Bsafe, according to a new report from Reuters.

The former NSA contractor Edward Snowden, who in late 2012 began leaking documents about the nature and scope of computer spying by the US security agency, served up evidence in September that "the NSA created and promulgated a flawed formula for generating random numbers to create a 'back door' in encryption products," the news agency noted.

Reuters reported that month that RSA, a subsidiary of EMC, "became the most important distributor of that formula by rolling it into a software tool called Bsafe that is used to enhance security in personal computers and many other products."

But Reuters said Friday that a $10 million contract the agency had with RSA to "set the NSA formula as the preferred, or default, method for number generation in the BSafe software" was a new development in the ongoing story.

RSA securities filings showed that the contract represented "more than a third of the revenue that the relevant division at RSA had taken in during the entire previous year," Reuters added.

Questions remain as to whether RSA knew whether it was building a way for the NSA to spy via its flawed encryption formula.

"RSA always acts in the best interest of its customers and under no circumstances does RSA design or enable any back doors in our products. Decisions about the features and functionality of RSA products are our own," RSA said in a statement Friday in response to the Reuters report.

The security software vendor also warned customers to stop using products with the NSA code after the Snowden leaks revealed that they were compromised.

Reuters sources claimed that RSA "was misled by government officials, who portrayed the formula as a secure technological advance" and that the NSA "did not show their true hand" to the security firm upon brokering the $10 million contract.

Snowden's revelations have strained diplomatic relations between the United States and countries spied on digitally by the NSA. The US government has attempted to assuage anger over the revelations, which have also sparked an internal debate in this country about how much government snooping at home and abroad is acceptable.

For the full story of the NSA saga, check out part two of our overview of how the NSA hacked the world.