Saturday, December 21, 2013

Is RSA Liable to Damages for Fraud?

According to a recent news story, the National Security Agency paid RSA, a major provider of encryption software, ten million dollars to promote a version of its software which the NSA could crack. Assuming the story is true, it would seem to put RSA at risk of being sued for deliberately selling its customers a product it knew to be defective.
"But several (RSA employees) said that RSA also was misled by government officials, who portrayed the formula as a secure technological advance."
It is hard to see why NSA would have to pay RSA to use more secure technology, hence equally hard to believe the claim.

It should also put RSA at risk of prosecution for criminal fraud, fraud being both a crime and a tort. But not much risk, since criminal prosecution is controlled by the government, the same organization a different branch of which, assuming the story is correct, bribed RSA to sell a deliberately crippled product.


Anonymous said...

nah bro, there can be a common law suite: all the plaintiff needs to do is convince the judge that RSA knowingly put the plaintiff's data security at great risk or even better if the plaintiff can show that he actually had security breaches because of RSA he could sue for damages.

don't worry, BIG corporations use RSA services, and they have BIG law firms on their side.

what will happen is there will be a bunch of out of court settlements!!!

Rohan said...

Historically, the NSA has offered changes to encryption methods which ended up increasing their strength against attacks which were unknown by the public cryptography community. See the history of DES and SHA-0.

The NSA didn't offer specific justification for these changes, other than stating that it made the algorithms stronger. Which, as public cryptography caught up with the NSA, turned out to be true.

I think that, in light of the NSA's past behavior, RSA might have reasonable grounds to conclude that the NSA was doing the same thing.

David Friedman said...

I think RSA could plausibly claim to take NSA's advice because they believed it was good, but that doesn't explain why they required a payment from NSA to do so.

And I gather, from a little googling, that experts in the field have been expressing reservations about the security of the approach for two or three years now.

Rohan said...

Admittedly, I have no information on what really happened. But here's a potential scenario that puts RSA in a better light:

The NSA contracts with RSA to provide some sort of encryption product for them. That's what the $10 million is for. As a condition of the sale, the NSA asks that the default method is changed to X because it is more secure. RSA believes that this is a situation similar to DES, and changes the default to X. After all, if the NSA is buying the product for their own use, they aren't going to want it to be weaker.

In RSA's eyes, changing the default is a condition of the sale, but the sale is actually for $10 million worth of product. From the NSA's point of view, the product purchase is merely bait to get RSA to change the default.

Again, no idea if that is true, but it's at least plausible. I don't think RSA would throw away its reputation otherwise.

David Friedman said...

RSA has now put out a statement denying that they deliberately made the default pseudorandom number generator a weak one. It does not deny, admit, or explain the ten million dollar payment that NSA is supposed to have made to RSA. The closest the statement comes to offering evidence in support of its denial is to explain the failure to stop using that particular generator as the default after experts raised serious concerns about it on the grounds that RSA relied on the NIST, which continued to approve it until September of this year.

No explanation is offered for making that generator the default rather than any of several alternatives.