We're not in a hole. A lot of companies would like to be in our hole - Scott 'touch'n'feely' McNealy
SECURITY FIRM RSA has been accused of colluding with the US National Security Agency (NSA) and taking a $10m payoff from it.
Reuters has an exclusive on the story, and claims sources have informed it about the secretive deal. RSA replied to Reuters' probing directly, saying that it takes security very seriously.
"RSA always acts in the best interest of its customers and under no circumstances does RSA design or enable any back doors in our products," it said in a statement. "Decisions about the features and functionality of RSA products are our own."
Reuters said that the payout was uncovered in the Edward Snowden revelations, and saw an NSA formula become the default method for number generation in RSA's BSafe software.
The report talks of two sources for its information, and adds that the sum is worth about a third of the relevant RSA division's annual revenues.
The deft touch of the NSA has already been mentioned in relation to RSA, but the last time it came up the security firm was rather more distant about its alleged partner. That was when the US National Institute of Standards and Technology (NIST) warned about a weakness in cryptographic standards.
In a blog post today the firm denied allegations about the payoff, saying that it has no such relationship with the NSA.
"Recent press coverage has asserted that RSA entered into a 'secret contract' with the NSA to incorporate a known flawed random number generator into its BSAFE encryption libraries. We categorically deny this allegation," it said.
"We have worked with the NSA, both as a vendor and an active member of the security community. We have never kept this relationship a secret and in fact have openly publicized it. Our explicit goal has always been to strengthen commercial and government security." µ
Sign up for INQbot – a weekly roundup of the best from the INQ