Exclusive: Secret contract tied NSA and security industry pioneer

[Jim Bell]

http://news.yahoo.com/exclusive-secret-contract-tied-nsa-security-industry-pioneer-001729620--finance.html


By Joseph Menn 
SAN FRANCISCO (Reuters) - As a key part of a campaign to embed encryption software 
that it could crack into widely used computer products, the U.S. 
National Security Agency arranged a secret $10 million contract with 
RSA, one of the most influential firms in the computer security 
industry, Reuters has learned.
Documents leaked by former NSA contractor Edward Snowden show that the 
NSA created and promulgated a flawed formula for generating random 
numbers to create a "back door" in encryption products, the New York 
Times reported in September. Reuters later reported that RSA became the 
most important distributor of that formula by rolling it into a software tool called Bsafe that is used to enhance security in personal 
computers and many other products.
Undisclosed until now was that RSA received $10 million in a deal that 
set the NSA formula as the preferred, or default, method for number 
generation in the BSafe software, according to two sources familiar with the contract. Although that sum might seem paltry, it represented more 
than a third of the revenue that the relevant division at RSA had taken 
in during the entire previous year, securities filings show.
The earlier disclosures of RSA's entanglement with the NSA already had 
shocked some in the close-knit world of computer security experts. The 
company had a long history of championing privacy and security, and it 
played a leading role in blocking a 1990s effort by the NSA to require a special chip to enable spying on a wide range of computer and 
communications products.
RSA, now a subsidiary of computer storage giant EMC Corp, urged 
customers to stop using the NSA formula after the Snowden disclosures 
revealed its weakness.
RSA 
and EMC declined to answer questions for this story, but RSA said in a 
statement: "RSA always acts in the best interest of its customers and 
under no circumstances does RSA design or enable any back doors in our 
products. Decisions about the features and functionality of RSA products are our own."
The NSA declined to comment.
The RSA deal shows one way the NSA carried out what Snowden's documents describe as a key strategy for enhancing surveillance: the systematic 
erosion of security tools. NSA documents released in recent months 
called for using "commercial relationships" to advance that goal, but 
did not name any security companies as collaborators.
The NSA came under attack this week in a landmark report from a White 
House panel appointed to review U.S. surveillance policy. The panel 
noted that "encryption is an essential basis for trust on the Internet," and called for a halt to any NSA efforts to undermine it.
Most of the dozen current and former RSA employees interviewed said 
that the company erred in agreeing to such a contract, and many cited 
RSA's corporate evolution away from pure cryptography products as one of the reasons it occurred.
But several said that RSA also was misled by government officials, who portrayed the formula as a secure technological advance.
"They did not show their true hand," one person briefed on the deal 
said of the NSA, asserting that government officials did not let on that they knew how to break the encryption.
STORIED HISTORY
 View gallery    
A National Security Agency (NSA) data gathering facility is seen in Bluffdale, about 25 miles (40 km …
Started by MIT professors in the 1970s and led for years by ex-Marine Jim Bidzos, RSA and its 
core algorithm were both named for the last initials of the three 
founders, who revolutionized cryptography. Little known to the public, 
RSA's encryption tools have been licensed by most large technology 
companies, which in turn use them to protect computers used by hundreds 
of millions of people.
At 
the core of RSA's products was a technology known as public key 
cryptography. Instead of using the same key for encoding and then 
decoding a message, there are two keys related to each other 
mathematically. The first, publicly available key is used to encode a 
message for someone, who then uses a second, private key to reveal it.
From RSA's earliest days, the U.S. intelligence establishment worried 
it would not be able to crack well-engineered public key cryptography. 
Martin Hellman, a former Stanford researcher who led the team that first invented the technique, said NSA experts tried to talk him and others 
into believing that the keys did not have to be as large as they 
planned.
The stakes rose 
when more technology companies adopted RSA's methods and Internet use 
began to soar. The Clinton administration embraced the Clipper Chip, 
envisioned as a mandatory component in phones and computers to enable 
officials to overcome encryption with a warrant.
RSA led a fierce public campaign against the effort, distributing 
posters with a foundering sailing ship and the words "Sink Clipper!"
A key argument against the chip was that overseas buyers would shun 
U.S. technology products if they were ready-made for spying. Some 
companies say that is just what has happened in the wake of the Snowden 
disclosures.
The White House abandoned the Clipper Chip and instead relied on export controls to 
prevent the best cryptography from crossing U.S. borders. RSA once again rallied the industry, and it set up an Australian division that could 
ship what it wanted.
"We became the tip of the spear, so to speak, in this fight against government efforts," Bidzos recalled in an oral history.
RSA EVOLVES
RSA and others claimed victory when export restrictions relaxed.
But the NSA was determined to read what it wanted, and the quest gained urgency after the September 11, 2001 attacks.
RSA, meanwhile, was changing. Bidzos stepped down as CEO in 1999 to 
concentrate on VeriSign, a security certificate company that had been 
spun out of RSA. The elite lab Bidzos had founded in Silicon Valley 
moved east to Massachusetts, and many top engineers left the company, 
several former employees said.
And the BSafe toolkit was becoming a much smaller part of the company. By 2005, BSafe and other tools for 
developers brought in just $27.5 million of RSA's revenue, less than 9% 
of the $310 million total.
"When I joined there were 10 people in the labs, and we were fighting the NSA," said Victor Chan, who rose to 
lead engineering and the Australian operation before he left in 2005. 
"It became a very different company later on."
By the first half 
of 2006, RSA was among the many technology companies seeing the U.S. 
government as a partner against overseas hackers.
New RSA Chief Executive Art Coviello and his team still wanted to be 
seen as part of the technological vanguard, former employees say, and 
the NSA had just the right pitch. Coviello declined an interview 
request.
An algorithm called Dual Elliptic Curve, developed inside the agency, was on the road to 
approval by the National Institutes of Standards and Technology as one 
of four acceptable methods for generating random numbers. NIST's 
blessing is required for many products sold to the government and often 
sets a broader de facto standard.
RSA adopted the algorithm even before NIST approved it. The NSA then 
cited the early use of Dual Elliptic Curve inside the government to 
argue successfully for NIST approval, according to an official familiar 
with the proceedings.
RSA's 
contract made Dual Elliptic Curve the default option for producing 
random numbers in the RSA toolkit. No alarms were raised, former 
employees said, because the deal was handled by business leaders rather 
than pure technologists.
"The labs group had played a very intricate role at BSafe, and they were basically gone," said labs veteran Michael Wenocur, who left in 1999.
Within a year, major questions were raised about Dual Elliptic Curve. 
Cryptography authority Bruce Schneier wrote that the weaknesses in the 
formula "can only be described as a back door."
After reports of the back door in September, RSA urged its customers to stop using the Dual Elliptic Curve number generator.
But unlike the Clipper Chip fight two decades ago, the company is 
saying little in public, and it declined to discuss how the NSA 
entanglements have affected its relationships with customers.
The White House, meanwhile, says it will consider this week's panel 
recommendation that any efforts to subvert cryptography be abandoned.
(Reporting by Joseph Menn; Editing by Jonathan Weber and Grant McCool)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 11189 bytes
Desc: not available
URL: <http://lists.cpunks.org/pipermail/cypherpunks/attachments/20131222/be175a00/attachment-0001.txt>