Joseph Menn on the NSA paying RSA $10 million to intentionally cripple their own security products (by utilizing the problematic pseudo-random number generator mentioned previously):
RSA adopted the algorithm even before NIST approved it. The NSA then cited the early use of Dual Elliptic Curve inside the government to argue successfully for NIST approval, according to an official familiar with the proceedings.
RSA’s contract made Dual Elliptic Curve the default option for producing random numbers in the RSA toolkit. No alarms were raised, former employees said, because the deal was handled by business leaders rather than pure technologists.
Maddening! This underscores what may be our country’s biggest woes: rampant, corrupt and unchecked capitalism and government, a complete lack of government transparency or cross-communication and a fully inadequate education system.
It should never be possible to purchase the weakening of tools that facilitate privacy. It should be trivial for one government agency to vet the claims of another agency, and to hold other agencies accountable. Businessmen (and congressmen!) should be required to have a technical understanding of the products (or jobs) they oversee.
The more I find out about the NSA and its overreach, the more I feel like I’m in a comic book with no hero.