RSA denies $10 million NSA payments for backdoor access
Security firm did not allow access to spooks in Bsafe software, it claims.


IT security firm RSA was forced to deny reports that it was secretly paid $10 million by the US National Security Agency (NSA) to allow a backdoor in its encryption software.
Accord to reports by Reuters, the company took payment from the NSA to use a flawed random number generator in its products, known as the Dual Elliptic Curve Deterministic Random Bit Generator (Dual EC DRGB). The technology has been part of some RSA products since 2004.
The Reuters' report alleged that the deal was part of a greater effort by the NSA to enhance surveillance by systematically eroding the effectiveness of security tools.
The sum of money represented around a third of its revenue for that year, according to the report. EMC acquired RSA in 2006 for $2.1 billion.
In a blogpost. RSA "categorically" denied all allegations. The firm said that is has "never entered into any contract or engaged in any project with the intention of weakening RSA's products, or introducing potential backdoors' into our products for anyone's use."
The vendor said that it included Dual EC DRBG as the default in BSAFE toolkits in 2004, in the context of an industry-wide effort to develop newer, stronger methods of encryption. "At that time, the NSA had a trusted role in the community-wide effort to strengthen, not weaken, encryption," the firm stated.
RSA added that the algorithm is only one of multiple choices available within BSAFE toolkits, and users have always been "free to choose whichever one best suits their needs."
Sign up today and you will receive a free copy of our Future Focus 2025 report - the leading guidance on AI, cybersecurity and other IT challenges as per 700+ senior executives
It said it only when the US National Institute of Standards and Technology (NIST) recommended no further use of this algorithm in September 2013, did it tell customers to stop using the encryption technology.
"We have worked with the NSA, both as a vendor and an active member of the security community. We have never kept this relationship a secret and in fact have openly publicised it. Our explicit goal has always been to strengthen commercial and government security," the company added.
Rene Millman is a freelance writer and broadcaster who covers cybersecurity, AI, IoT, and the cloud. He also works as a contributing analyst at GigaOm and has previously worked as an analyst for Gartner covering the infrastructure market. He has made numerous television appearances to give his views and expertise on technology trends and companies that affect and shape our lives. You can follow Rene Millman on Twitter.
-
Scania admits leak of data after extortion attempt
News Hacker stole 34,000 files from a third-party managed website, trucking company says
-
RSAC in focus: Key takeaways for CISOs
The RSAC Conference 2025 spotlighted pivotal advancements in agentic AI, identity security, and collaborative defense strategies, shaping the evolving mandate for CISOs.
-
RSAC in focus: Quantum computing and security
Experts at RSAC 2025 emphasize the need for urgent action to secure data against future cryptographic risks posed by quantum computing
-
RSAC in focus: How AI is improving cybersecurity
AI is revolutionizing cybersecurity by enhancing threat detection, automating defenses, and letting IT professionals tackle evolving digital challenges.
-
RSAC in focus: Collaboration in cybersecurity
Experts at RSA Conference 2025 emphasised that collaboration across sectors and shared intelligence are pivotal to addressing the evolving challenges of cybersecurity.
-
RSAC in focus: Considerations and possibilities for the remainder of 2025
As 2025 unfolds, RSAC explores the pivotal considerations and emerging possibilities shaping the cybersecurity landscape
-
RSAC Conference 2025: The front line of cyber innovation
ITPro Podcast Ransomware, quantum computing, and an unsurprising focus on AI were highlights of this year's event
-
RSAC Conference 2025: AI and quantum complicate security
Organizations are grappling with the complications of adopting AI for security