NSA Paid RSA $10 Million to Install Encryption Backdoor

Dec 21, 2013 | Abuses of Power, Leaks, News

NSA and RSA logos illustrating the 10 million dollar backdoor encryption deal

In December 2013, a Reuters investigation revealed that the National Security Agency paid security firm RSA $10 million to deliberately weaken its encryption products — a transaction that raised fundamental questions about the integrity of commercial cryptography and the extent of government infiltration into the technology industry.

The $10 Million Deal

According to two sources familiar with RSA’s BSafe software, the company accepted the payment in exchange for making an NSA-designed cryptographic formula the default method for encrypted key generation in BSafe. The flawed algorithm, known as Dual EC DRBG, had been identified months earlier through documents leaked by Edward Snowden as containing intentional weaknesses that could allow the NSA to decrypt protected communications.

The revelation transformed what had been a technical cryptographic debate into a concrete case of a government agency paying a private company to compromise its own security products.

Security Experts Sound the Alarm

Cryptography expert Bruce Schneier, who had been involved in analyzing the Snowden documents, was blunt in his assessment. He characterized the payment as a bribe and said he would not trust RSA going forward, particularly given the company’s public statements about prioritizing customer security.

More troubling, Schneier argued, was what the RSA deal implied about broader NSA operations. If the agency was willing to pay one company to weaken its encryption, the logical question was how many other firms had received similar offers. Major encryption providers including Symantec, McAfee, and Microsoft all built widely used security tools, and there was no way for users to know which companies might have made comparable arrangements.

RSA’s History with Government Surveillance

The payment was particularly ironic given RSA’s own history. In the 1990s, the company had been instrumental in defeating the government’s Clipper Chip proposal — a plan to install surveillance-capable hardware in consumer computers. RSA had positioned itself as a defender of privacy against government overreach, making the $10 million backdoor deal a stark reversal.

RSA, which was acquired by EMC Corporation in 2006 for $2.1 billion, had also experienced previous security breaches. Its authentication algorithms had been compromised by hackers, and RSA-connected VeriSign had suffered a data theft in 2010.

The Bigger Picture: Erosion of Trust in Encryption

The NSA-RSA arrangement exposed a systemic vulnerability in the commercial encryption ecosystem. The $10 million figure was relatively small — representing roughly 2 percent of what EMC’s RSA division would generate in annual revenue — which suggested that compromising encryption standards could be achieved cheaply by intelligence agencies with large budgets.

RSA declined to comment on the Reuters report. The incident became a landmark case in the ongoing debate over government backdoors in encryption technology, demonstrating that the threat to secure communications came not only from external hackers but from the very companies users trusted to protect their data.

Related Posts

The Fall of the Cabal – 10 Part Documentary

The Fall of the Cabal – 10 Part Documentary

by | Aug 4, 2020 | , ,

This documentary was made by researcher and author Janet Ossebaard from the Netherlands with the aid of countless anons across the world. It Contains thousands of hours of research. Accept nothing as the truth. DO your own research, and double-check everything presented. This is the only way we become independent thinkers.

read more