24 December 2013

NSA Kills RSA Workers

Related: http://cryptome.org/2013/12/nsa-kills-rsa.htm

Date: Tue, 24 Dec 2013

I have to say that the latest news makes me both heartbroken and angry.

I worked at RSA for 10 years, starting at Security Dynamics in 1997, when RSA Data Security Inc. was a recent acquisition. I was hired largely through the work I'd done in creating the Symmetric Key Cryptography contests.

Let's not forget that RSA, for many years, strove to bring strong cryptography to the world (modulo requiring licensing of the algorithm). RSA opened an office in Australia so that independently developed crypto could be sold without export restrictions, and the symmetric key contests contributed to the relaxation of crypto export laws. For a very long time, the relationship between RSA and Federal agencies was far from cozy.

While I was there, I saw RSA Labs (which RSA DSI became) get moved from Silicon Valley to Bedford, MA, and gradually shrink in size and lose independence. When I left in early 2008, it was a not-very-long row of offices on one floor. The company culture changed greatly over time, first when Coviello took over from Bidzos, and then with the purchase by EMC.

The BSAFE library was at one point one of the most widely distributed pieces of software in the world, present in every copy of Windows, as well as most browsers. This is the library in which the compromised PRNG was made default (a process in which I had no part whatsoever; I'm not qualified in that area).

Despite the brave words of marketing, after the RSA patent expired in 2000, BSAFE sales plummeted. I just checked, and it looks like my current Windows system no longer has a copy.

I'm heartbroken, because I was proud to have worked there, and now I find that they sold their birthright for a mess of pottage.

I'm angry, because the next time I interview for a position, this is going to come up.