Yet another revelation from the Edward Snowden files came at the end of last week. Reports said that NSA paid $10 million to security firm RSA to weaken the BSAFE encryption technology that is bedrock of security in PCs and many other devices.
RSA has now categorically denied all these allegations in a statement released on its blog. “We have worked with the NSA, both as a vendor and an active member of the security community. We have never kept this relationship a secret and in fact have openly publicized it. Our explicit goal has always been to strengthen commercial and government security.”
RSA says it has no deal with NSA
The post went on to explain RSA’s work in BSAFE and laid down the chronology of events. When RSA started working on BSAFE, the company says NSA “had a trusted role in the community-wide effort to strengthen, not weaken, encryption.”
About the specific algorithm that’s alleged to have a back door written into it, RSA says “This algorithm is only one of multiple choices available within BSAFE toolkits, and users have always been free to choose whichever one best suits their needs.”
In conclusion the company says it has never revealed any customer engagement data to third parties and maintained it has “never entered into any contract or engaged in any project with the intention of weakening RSA’s products, or introducing potential ‘backdoors’ into our products for anyone’s use.”