The RSA/NSA controversy concerns you!

This controversy impacts everyone (and here's what we can do about it)

As a cyber security author and CEO of a security consulting company, I was personally shocked by the RSA’s attitude about the alleged secret payments it received from the NSA as well as its willingness to weaken its BSAFE product; especially after the weakness became public in 2006. I was even more shocked by the lack of outrage shown by many security bloggers, analysts, and security company executives.

The speaker-in-protest count has reached 13 speakers who have canceled talks they were scheduled to give at the RSA Conference (RSAC) next week, first and most notably, Mikko Hypponen, who published this open letter. A few outraged others have also spoken out about their decision to cancel their talks, including Dave Kearns and, via Twitter, Adam Langley and Josh Thomas.

Screen Shot 2014-02-13 at 11.15.20 PMScreen Shot 2014-02-13 at 11.06.37 PM

Those who have pulled out:

Mikko Hypponen
Christopher Soghoian
Josh Thomas
Morgan Marquis-Boire
Marcia Hoffman
Adam Langley
Alex Fowler
Chris Palmer
Eoin Keary
Jim Manico
Jon Callas
Dave Kearns
Roel Schouwenberg

RSAC has become the world’s largest security conference. It was started in 1991 (by RSA CEO Jim Bidzos) as a forum for security engineers and privacy advocates to discuss how to combat the U.S. government’s efforts to dictate encryption standards for commercial companies.

Today, it is where the world’s security products companies come to do business with each other, whether or not they actually do business with RSA Security, a division of EMC—so for many, a boycott of the conference was either not possible or irrelevant. Some speakers said that they were planning to discuss RSA’s actions during their RSAC talks, which the conference organizers had previously approved for a different topic. Still others said they were waiting to make a decision until more facts were revealed, and many more just kept completely silent about the incident because their company has government and/or NSA contracts.

Back When the RSA was the NSA’s ‘Enemy’ 

If you understand what RSA Security has come to represent today, you may understand my outrage. The two following quotes were made almost 20 years apart by different people at RSA Security, and illustrate the changing relationships between the RSA and NSA. This first quote is from RSA’s former CEO James Bidzos and the second quote was written by RSA lawyers and PR people.

James Bidzos, President of RSA Data Security, in a 1994 interview published in The New York Times regarding their relationship to the NSA (a.k.a., Fort Meade):

“For almost 10 years, I’ve been going toe to toe with these people at Fort Meade. The success of this company (RSA) is the worst thing that can happen to them. To them, we’re the real enemy, we’re the real target.”

This one, written by corporate communications people at RSA in 2013, tells a very different story about how the RSA interacts with and regards the NSA:

“We have worked with the NSA, both as a vendor and an active member of the security community. We have never kept this relationship a secret and in fact have openly publicized it. Our explicit goal has always been to strengthen commercial and government security.”

Carefully worded denials make me nervous. The above was published on December 22, 2013, on the heels of an article published two days prior by Joseph Menn. Menn’s article discussed the RSA’s questionable dealings with the NSA. (This is the RSA’s full statement to the media, and Menn’s full article, “Secret Contract Tied NSA and Security Industry Pioneer.”)

Clearly, a significant culture shift occurred within the RSA in the nine years spanning 2004 and 2013.

What Did You Say, Exactly?

Unfortunately a careful examination of Menn’s article and RSA’s denial shows that RSA rephrased Reuter’s charge and then denied the rephrasing.

The RSA’s statement:

“Recent press coverage has asserted that RSA entered into a “secret contract” with the NSA to incorporate a known flawed random number generator into its BSAFE encryption libraries. We categorically deny this allegation.”

Yet Menn never wrote that the NSA told RSA that the algorithm was flawed. In fact, the Reuters article and RSA’s media statement, both agree that the NSA was promoting Elliptic Curve Cryptography at the time as strong and secure. This begs the question: why would RSA find it necessary to invent something to deny rather than simply deny the charge as it was written? Such an action implies that either the RSA has something to hide, or simply has a very poor crisis response team. (Recalling the way that they handled their PR after announcing their disastrous SecurID breach of 2011, it might be both.)

A section from the NSA’s public report on elliptic curve crypto:

Screen Shot 2014-02-14 at 10.49.41 AM

Companies and individuals rely on encryption to protect their sensitive data from prying eyes. Since 99% of us aren’t cryptanalysts, we expect companies like RSA and others to develop products that perform the encryption for us and we expect that encryption to be hard to break. It’s the same level of trust that we give to the home builders who construct our homes, to the automobile manufacturers whose cars we drive, and to the aircraft manufacturers whose planes we fly in. We trust that those products are safe to use because bad things happen when a company cuts corners in an effort to increase sales. People are harmed when companies cut corners and don’t deal honestly with end-users, and the companies responsible are inevitably punished. Why should it be different when it comes to security companies? This is why I am outraged, and you should be, too.

Can We Parse the Facts? 

A careful examination of the facts using press releases from the companies involved shows that the Menn article is probably correct with the exception of the $10 million payment. There’s no public corroboration for that as of yet so while the payment may indeed have been made, there’s no way to tell for sure.

Here’s a timeline that I’ve constructed from public sources:

Dual_EC_DRBG Timeline

I have spent not a few hours parsing verifiable fact from speculation and opinion; everything in the next two paragraphs can be documented:

Classified NSA documents describe a plan to collaborate with U.S. and foreign technology companies with the intention of defeating encryption used in network communication technologies. NSA used its relationship with Canada’s Communications Security Establishment to finesse the encryption standards and licensed new Elliptic Curve Cryptography technology from Canadian company Certicom. NSA and Certicom cryptanalysts were members of the ANSI X9.82 standardization committee and helped NIST write the standard that was used for Dual_EC_DRBG. According to John Kelsey, one of two authors of NIST SP 800-90, no one knew of a backdoor although he acknowledged:

“…it was possible Dual EC DRBG had its P and Q values generated to insert a trapdoor.”

In order to help gain NIST’s approval for the new algorithm, the NSA first convinced RSA to set its preferred encryption algorithm (Dual_EC_DRBG) as the default for its BSAFE product—allegedly for a $10 million contract. RSA agreed in 2004 and the classified NSA memos, un-named sources and official RSA statement all indicate that RSA most likely did not know that Dual_EC_DRBG had a backdoor. Considering that an NSA sale in 2006 followed RSA’s adoption of Dual_EC_DRBG in 2004, the $10 million payment was most likely exactly what the Reuters article said it was: earnest money towards a future NSA sale for RSA’s BSAFE software with the Dual_EC_DRBG encryption algorithm set as the default.

Well-Meaning Intentions?

My assessment of what happened is that both parties involved did what they each believed was right. The NSA acted consistently within its mandate to find a way to break encryption and RSA saw an opportunity to maximize its profits by expanding into government sales. In spite of what we all initially felt, the worst that RSA probably did was to make two really bad decisions:

  • They did not to question why the NSA was pushing one particular encryption algorithm over another.
  • They ignored the repeated disclosures by security researchers about weaknesses in Dual_EC_DRBG in 2006 and 2007.

The challenge now is this: assuming that both sides acted more or less properly and the outcome was flawed, how should we change the current norms?

Let’s Talk  

Intelligence collection reform is on the table in Washington DC. What’s missing is a way for the public to get involved by learning about the relevant issues and speaking with experts from both sides of the debate: the intelligence community and privacy advocates.

To that end, I’ve launched a Security Town Hall under the name of the Suits and Spooks conference series. Assembled there will be: a broad spectrum group of experts from the intelligence community (two former NSA legal counsels), privacy advocates from the ACLU and EFF as well as the co-founder and CEO of Silent Circle, one of the country’s top journalists on cyber security, and Silicon Valley VCs. Attendance is open to anyone willing to pay the admission, 100% of which goes to one of four charitable foundations, two supporting the intelligence community and two supporting privacy issues.

This issue should not and cannot be left to Congress and the White House to decide. However, it’s vital that both sides be heard in a forum that strives toward finding innovative solutions rather than criticizing past decisions. There’s already been too much polarization, and I’ve been as responsible for that as anyone.

What You Can Do

  1. Attend the Security Town Hall to learn what the issues are in balancing privacy interests with national security concerns.
  2. Send a letter to EMC’s Board of Directors saying that you will boycott RSA products until they address these issues. Here’s how to contact the Board.
  3. Write your congressman and senators demanding that the NSA stop their practice of weakening commercial encryption products. Here’s how to find and contact your representatives.


tags: , , , , ,