Welp, now that the U.S. of A. is in full-on retail frenzy, some of the ickier tales of wrongdoing are seeping out to the press. It’s one of those Christmas traditions like the creepy elf that watches you all the time and completely undermines the supposed meaning of the holiday. I guess they figure that, if they let this stuff out when folks are distracted, the outrage won’t be nearly as great. Given that they’ve been doing this for many years, they must find it effective.
So, here’s a little coal for your stockings:
The NSA paid RSA $10,000,000 U.S. to make a broken encryption algorithm their default. This is a Very Big Deal. This isn’t like bribing one company to put a back door in their systems to give the government access. This is like bribing the company that makes all the key locks in the country to provide the government with a skeleton key that opens all of ’em. RSA is the most trusted, most used provider of encryption services out there and it turns out that, not only have they been compromised, they’ve took cash and did it willingly (if not knowingly). Granting that there’s no such thing as completely unbreakable encryption, this is still a massive breach of trust. While RSA may not have known that the algorithm was compromised, the NSA was very much aware of what it was doing.
But hey, at least the NSA has been foiling nefarious terror plots, right? In a word: No. Not a one. The NSA has not stopped a single attack and yet its authority keeps growing and its budget keeps growing and…well, someone thinks they’re doing a good job. The question, then, is “What exactly is the job that they’re doing so well?” I don’t know the answer, and I don’t mean to imply anything sinister by that. I am, however, not terribly encouraged by stories like this.