(By Juan Cole)
Reuters gets the scoop: the National Security Agency gave internet security firm RSA some $10 million to use an NSA encryption formula in its BSafe software. RSA is now a subsidiary of the EMC corporation, and they have urged customers not to use BSafe since the revelations by Edward Snowden made clear that the NSA’s formula in fact allowed the agency access to all the information supposedly encrypted with it.
This story should be a huge scandal, but I fear it won’t be. This is like the FDA paying a pharmaceutical company to carry a drug that does not work and could therefore leave patients open to dying from an untreated illness after taking medication they are assured will cure it. If the NSA could exploit weaknesses in the encryption formula, so could hackers. The NSA subverted the will of millions of customers around the world who used RSA software precisely in a quest to be safe from the prying eyes of government officials and other peeping Toms.
Moreover, the $10 million has to be seen as a bribe (it was a third of that RSA’s income that year). Isn’t it illegal for government officials to bribe private companies? Isn’t it moreover illegal for intelligence officials to give out money like candy to a private company in order to spy on Americans on American soil?
I’d like to know what NSA official or officials were involved in this sting operation on the American people. I’d like to know if Barack Obama knew about it. I’d like to know if the corporate officials who accepted the “contract” with these strings attached knew they were screwing us all over.
This Reuters story makes sense of the allegation emerging from the Snowden leaks three months ago that the NSA had spent $250 million on keeping access to encrypted data by working with firms that provided encryption services. Presumably they have just been ensuring that no one’s encryption formula actually shields things from them.
Increasingly, firms and governments abroad would be crazy to buy encryption products from American companies. Likewise, getting cloud services from US corporations is a way to ensure that the US government can steal your trade secrets.
The NSA’s grasping ambition to abolish all human privacy has endangered $35 billion a year in business for US internet giants such as Apple, Google and Cisco Systems. Cisco’s China orders fell off by 18% after this summer’s revelations from the NSA documents.
German politician Hans-Peter Uhl, from the ruling conservative coalition of Chancellor Angela Merkel, has urged that Germany boycott American firms such as Cisco because their security is compromised. Under the so-called PATRIOT Act, government agencies can demand information from companies without a warrant via a National Security Letter. In addition, the NSA routine demands access to company servers, and can compel compliance without having to go to a judge. Not to mention that the NSA has just arrogantly exploited its deep pockets and profound expertise to find weaknesses in corporate encryption and so to insert itself into server-to-server information transfers, without the knowledge of the corporations.
The NSA practices go so far as to endanger the internet itself, since most people don’t want creepy G-Men peeping in on their privacy, and many may simply disengage from the internet to regain their privacy.