24 December 2013
NSA Kills RSA Workers
Date: Tue, 24 Dec 2013
I have to say that the latest news makes me both heartbroken and angry.
I worked at RSA for 10 years, starting at Security Dynamics in 1997, when
RSA Data Security Inc. was a recent acquisition. I was hired largely through
the work I'd done in creating the Symmetric Key Cryptography contests.
Let's not forget that RSA, for many years, strove to bring strong cryptography
to the world (modulo requiring licensing of the algorithm). RSA opened an
office in Australia so that independently developed crypto could be sold
without export restrictions, and the symmetric key contests contributed to
the relaxation of crypto export laws. For a very long time, the relationship
between RSA and Federal agencies was far from cozy.
While I was there, I saw RSA Labs (which RSA DSI became) get moved from Silicon
Valley to Bedford, MA, and gradually shrink in size and lose independence.
When I left in early 2008, it was a not-very-long row of offices on one floor.
The company culture changed greatly over time, first when Coviello took over
from Bidzos, and then with the purchase by EMC.
The BSAFE library was at one point one of the most widely distributed pieces
of software in the world, present in every copy of Windows, as well as most
browsers. This is the library in which the compromised PRNG was made default
(a process in which I had no part whatsoever; I'm not qualified in that area).
Despite the brave words of marketing, after the RSA patent expired in 2000,
BSAFE sales plummeted. I just checked, and it looks like my current Windows
system no longer has a copy.
I'm heartbroken, because I was proud to have worked there, and now I find
that they sold their birthright for a mess of pottage.
I'm angry, because the next time I interview for a position, this is going
to come up.