The NSA paid security firm RSA $10 million to provide a workaround for its encryption systems, allowing the National Security Agency to gain access to supposedly encrypted communications all around the world.
In September it was revealed that the NSA may have had access to encrypted communications following further Snowden revelations reported in The Guardian and the New York Times newspapers. The newspapers then accused RSA of deliberately adding the flawed algorithm, but no link between the NSA and RSA was proven and RSA subsequently issued a warning to its customers.
However, according to an exclusive Reuters report, it has been revealed that a sum of $10 million was provided to RSA by the National Security Agency to keep "its back doors open".
Reuters said: "Undisclosed until now was that RSA received $10 million in a deal that set the NSA formula as the preferred, or default, method for number generation in the BSafe software, according to two sources familiar with the contract.
"Although that sum might seem paltry, it represented more than a third of the revenue that the relevant division at RSA had taken in during the entire previous year, securities filings show."
Neither the NSA or RSA have acknowledged the payment revelations, but Reuters claims to have heavily vetted the story with RSA secret sources.
In September, RSA said that it "always acts in the best interest of its customers and under no circumstances does RSA design or enable any back doors in our products. Decisions about the features and functionality of RSA products are our own."
But several RSA employees interviewed by Reuters said that RSA was "misled by government officials" who portrayed the formula as a secure technological advance.
"They did not show their true hand," one source said of the NSA.
NSA officials continue to defend the agency's actions, claiming it will put the US at considerable risk if messages from terrorists and spies cannot be deciphered.
But some experts argue that such efforts could actually undermine national security, noting that any back doors inserted into encryption programs can be exploited by those outside the government.
Qualys is the leading provider of on demand IT security risk and compliance solutions - delivered as a service. Qualys solutions enable...