RSA, a leader in encryption software used throughout the technology industry, has been accused of having accepted $10 million from the National Security Agency (NSA) so the government could gain a “backdoor” into computer networks using RSA’s product.

Reuters reported that RSA included in its BSAFE software a flawed formula for generating random numbers developed by the NSA. In exchange, the company received $10 million.

The disclosure of RSA’s “entanglement with the NSA” apparently “shocked some in the close-knit world of computer security experts,” according to Reuters’ Joseph Menn.

After all, the company built its reputation on protecting privacy and security, and even rejected NSA attempts in the 1990s to require a special chip in computers and communications devices so the government could more easily spy on individuals, groups, or companies.

EMC Corp., which now owns RSA, informed customers to stop using the NSA formula after leaks by whistleblower Edward Snowden revealed its vulnerability.

RSA has “categorically” denied the allegation that it had secret deal with the NSA involving the random number generator, known as the “Dual Elliptic Curve Deterministic Random Bit Generator” (Dual EC DRBG).

“We made the decision to use Dual EC DRBG as the default in BSAFE toolkits in 2004, in the context of an industry-wide effort to develop newer, stronger methods of encryption. At that time, the NSA had a trusted role in the community-wide effort to strengthen, not weaken, encryption,” the company wrote on its blog.

-Noel Brinkerhoff

To Learn More:

Exclusive: Secret Contract Tied NSA and Security Industry Pioneer (by Joseph Menn, Reuters)

RSA Denies Link with US Spying Agency (BBC News)

RSA Response to Media Claims Regarding NSA (RSA)

NSA Teamed with U.K. and Tech Companies to Override Global Internet Privacy (by Danny Biederman and Noel Brinkerhoff, AllGov)

U.S. Government Employs 35,000 to Break and Decrypt Codes (by Noel Brinkerhoff, AllGov)