Here’s how it works when a big company believes that its power is in its girth: They enter this bizarre world that leads them to believe that what comes from their PR organs is enough to float their troubles away. It’s all about denial and avoiding any potential shareholder backlash. And so we come to the sad state of affairs at RSA, the security division of EMC, one of the big-bellied enterprise kings that apparently made a deal with the National Security Agency.
It’s a deal that is now affecting the trust that people have in the company and raises questions about other technology companies and how they have profited from their relationships with the government. It’s fine enough for technology executives to sit down with President Barack Obama like they did last week and say how awful the NSA is behaving. But the RSA’s work with the NSA shows that technology companies need scrutiny as well. The reality: mistrust is spreading, writes security expert Bruce Schneier.
I think about this all the time with respect to our IT systems and the NSA. Even though we don’t know which companies the NSA has compromised — or by what means — knowing that they could have compromised any of them is enough to make us mistrustful of all of them. This is going to make it hard for large companies like Google and Microsoft to get back the trust they lost. Even if they succeed in limiting government surveillance. Even if they succeed in improving their own internal security. The best they’ll be able to say is: “We have secured ourselves from the NSA, except for the parts that we either don’t know about or can’t talk about.”
There’s proof that RSA made a deal with the NSA to use the spy agency’s random number generator as the preferred or default formula in Bsafe, its software for enhancing security on personal computers and other technologies, Reuters reports. This has put RSA in the bright light of scrutiny. The $10 million deal looks especially bad, considering the connection it has to documents released by Edward Snowden and reported by the New York Times in September. In those documents it was revealed that the NSA formula was actually flawed and had been used by the NSA to create a backdoor into encryption products.
RSA said in a blog post on Monday that it does not ”ever divulges details of customer engagements, but we also categorically state that we have never entered into any contract or engaged in any project with the intention of weakening RSA’s products, or introducing potential ‘backdoors’ into our products for anyone’s use.” But many in the security profession are just not buying it. Here’s a tidbit from an awesome rant and good summary of what happened from Melissa Elliott, a security analyst and novelist:
September 2013: Revelations derived from the Snowden leak show
View the Original article
0 comments:
Post a Comment