When RSA Security's executive chairman, Art Coviello, stepped on stage at the company's recent conference, he was facing an audience that wasn't exactly friendly.
The cause: rumours that RSA had accepted $10 million from the U.S. National Security Agency (NSA) to make a flawed formula for generating random numbers (the Dual EC DRBG random number generator) the default in one of its security products, effectively giving the NSA a back door into encrypted files. Reuters broke the story last December, based on information released by Edward Snowden.
At the time, RSA, long a champion of security and privacy (its opposition to the Clinton administration's infamous Clipper chip, which would have allowed the US government to overcome encryption on phones and computers, is noteworthy), released a statement saying "RSA always acts in the best interest of its customers and under no circumstances does RSA design or enable any back doors in our products. Decisions about the features and functionality of RSA products are our own."
Some members of the security community were unconvinced, to the point that eight high-profile experts withdrew from their speaking engagements at this year's RSA conference in protest, choosing instead to hold a one-day conference of their own, TrustyCon, at the same time as the RSA event.
Coviello had been scheduled to discuss identity management during his keynote. However, the company chose for the first time to instead address the elephant in the room to the 25,000 attendees. Coviello said, "We spoke to this issue when the claims surfaced in December. But what’s hard to do in the fast moving swirl of today’s 140-character-based media dialogue is provide any broader context for the state of the industry at the time. Or the state and evolution of RSA’s business. And that’s what I hope I can do here today."
The story, he said, begins in the days when encryption was subject to US export restrictions. Because of this, RSA had no international patent protection, so its algorithms became incorporated into open source toolkits. Accepting the reality that proprietary standards were on their way out, RSA chose to back standards groups as a contributor to open encryption standards. One of those groups — the National Institutes of Standards and Technology (NIST) — approved the algorithm in question in 2006, a necessity for products sold to the U.S. federal government.
"Given that RSA’s market for encryption tools was increasingly limited to the US Federal government and organizations selling applications to the federal government, use of this algorithm as a default in many of our toolkits allowed us to meet government certification requirements," Coviello noted.
However, according to the Reuters report, an unnamed source told it that RSA had included the offending algorithm in products before NIST approval, and that the NSA cited its use as part of the justification for its approval.
Are you sensing a "he said, she said" scenario?
Moving on to 2007, some security experts expressed doubts about the algorithm's security, but nothing was done until reports of a possible backdoor surfaced in September of 2013. NIST then recommended against its use, and RSA followed suit with its customers, removing the code from its products. And it continues to categorically deny building backdoors into any of its products.
I suspect there's more that could have been said, but that legalities such as confidentially agreements hamstrung Coviello's response.
As for the NSA connection, that's a matter of public record. However, Coviello pointed out, the NSA has two arms, one of which, the Information Assurance Directorate (IAD), deals with the security of US critical digital infrastructure, not with intelligence-gathering. This defensive arm is the one with which RSA, and many other security organizations, primarily deal. And that, according to Coviello, is a key point.
"Regardless of these facts, when or if the NSA blurs the line between its defensive and intelligence gathering roles, and exploits its position of trust within the security community, then that’s a problem," he said. "Because if, in matters of standards, in reviews of technology, or in any area where we open ourselves up, we can’t be sure which part of the NSA we’re actually working with, and what their motivations are, then we should not work with the NSA at all."
A US Presidential task force established to look at surveillance reforms is recommending splitting the two arms of the NSA into separately governed organizations, a move that RSA supports. Coviello noted that the IAD's good work is being lost in the furor, which, he believes, is dangerous for the country. Separation from the NSA would go a long way towards rebuilding trust within the industry.
But Coviello doesn't only direct his criticism at the NSA. "It has become clear they're not alone," he said. "All intelligence agencies around the world need to adopt a governance model that enables them to do more to defend us and less to offend us."