Another day, another National Security Agency revelation.
According to leaked documents, the NSA reportedly paid RSA Security, a key security firm in the U.S., to weaken the encryption technology, allowing for hacking into system for easier access to encrypted information.
The revelation will likely come as little shock to millions of Americans who are coming to the realization the the Top Secret intelligence agency has collect data on users for years. RSA, which provides encryption keys for smart phones all around the world, reportedly was paid upwards of $10 million by the NSA to insert bits of NSA-provided code, which in turn allowed the agency to more easily collect data on users.
Two people familiar with RSA’s BSafe software say that the company had received the money in exchange for making the NSA’s cryptographic formula as the default for encrypted key generation in BSafe, according to Reuters.
The revelation is part of an ongoing leak by by whistleblower Edward Snowden, an ex-NSA contractor now living in Russia. Snowden has spent the last several months providing documents to news agencies around the world, putting pressure on the NSA to reduce its monitoring of American civilians and key allies around the globe.
According to a study on the matter, the encryption was far from secure. Researchers from Tel Aviv University and the Weizmann Institute of Science recently discovered they could steal even the largest, most secure RSA 4,096-bit encryption keys simply by listening to a laptop as it decrypts data.
The RSA deal shows one way the NSA carried out what Snowden’s documents describe as a key strategy for enhancing surveillance: the systematic erosion of security tools. NSA documents released in recent months called for using “commercial relationships” to advance that goal, but did not name any security companies as collaborators.
The latest revelations will likely only add fuel to the debate over curtailing the agency’s power to spy on citizens. President Barack Obama has already said he plans to review a committee’s report on the agency’s practices over the holiday break, before announcing changes in early January.