| SAN FRANCISCO
SAN FRANCISCO Feb 25 The U.S. National Security
Agency blurred its spying and cybersecurity missions, and that
led to a broad collapse in trust between the private security
industry, its customers and the government, the head of security
pioneer RSA said on Tuesday.
RSA has come under criticism after a Reuters report in
December revealed the company had secretly accepted a $10
million contract from the NSA to make a now-discredited
cryptography system the default in software used by all manner
of Internet and computer security programs.
The system was based on a formula for generating random
numbers that was created by the NSA to embed "back doors" in
encryption products that the spy agency could then crack,
according to documents leaked by former NSA contractor Edward
RSA Executive Chairman Art Coviello said on Tuesday that his
company, a unit of EMC Corp, had adopted the formula
because it thought it was dealing with NSA officials trying to
improve protection for the government and critical security
"When or if the NSA blurs the line between its defensive and
intelligence-gathering roles and exploits a position of trust,
that's a problem," Coviello said in the opening speech of the
RSA Conference, the world's largest gathering of cyber security
professionals, in San Francisco.
Coviello said the spy agency should spin off its cyber
defensive work to another body to avoid pollution of the mission
and distrust. A White House advisory panel had recently made a
similar recommendation, though it was not endorsed by President
Barack Obama or NSA leaders.
The speech was by far RSA's most expansive remarks on the
subject since the Reuters report prompted more than 10 speakers
to withdraw from the RSA conference. Still, the
event is drawing a record 25,000 attendees.
Coviello said RSA's core cryptographic patents had expired
by the time of the NSA deal and that it had turned to standards
put forward by industry and government groups, including the
National Institute of Standards and Technology. NIST supported
the NSA formula for generating random numbers, called Dual
Elliptic Curve, until the Snowden documents suggested it allowed
the agency a back door.
Snowden, who is living in temporary asylum in Russia, set
off a global furor last year when he exposed some of the U.S.
government's most secretive electronic espionage programs. The
leaks led to Obama announcing in January a ban on U.S.
eavesdropping on the leaders of close allies, and other reforms
to rein in the NSA's surveillance practices.
While Obama's proposals were designed to fend off concerns
that U.S. surveillance has gone too far, the measures fell short
of dismantling electronic spying programs.
Coviello said the United States and all other countries
should renounce the use of cyber weapons, likening the severity
and the stakes of the burgeoning digital arms race to the Cuban
Washington and other powers have embraced military computer
programs such as Stuxnet, which stealthily destroyed Iranian
nuclear centrifuges, because they are cost-effective, avoid
bloodshed and deniable.
Coviello said the industry should push to reverse that trend
because criminals ultimately benefit from such tools and the
vulnerabilities in software that are left in place so that the
weapons can be deployed.
"Those who seek military advantage riding on the back of
this tiger will end up inside," Coviello said.