IN THE NEWS ~ Commons asked to review encryption following report NSA has back-door access

 

Published: December 23, 2013, 4:08 pm

OTTAWA — House of Commons security is being asked to review its continued use of a private encryption device amid media reports that the company that makes it took money from the National Security Agency to build in a back-door access point.

The request from the NDP caucus comes on the heels of a Reuters report that IT security company RSA made a secret deal with the NSA to weaken code in its encryption software that would grant the embattled spy agency the ability to access what users believed were secure files.

RSA received $10 million from the NSA to put the loophole in its product, Reuters reported Friday, citing two unnamed sources familiar with the deal. The report followed earlier stories from Reuters and The New York Times that the NSA created a flawed formula to generate random numbers that was then allegedly inserted into an RSA security product and gave the NSA access to multitudes of computers.

“As you are no doubt aware RSA provides encryption for the House of Commons, including RSA SecurID electronic keys,� NDP caucus chair Peter Julian wrote Monday in an official letter to Speaker of the House of Commons Andrew Scheer.

In the letter, a copy of which was obtained by Postmedia News, Julian asks Scheer to look into how much MPs and their staff rely on RSA to secure their devices, and “what steps have been taken to ensure that communication remains secure in light of this report.�

“Such a break in security has implications for the security and confidentiality of members and their staff to conduct business without being monitored by foreign governments or those who could exploit such a loophole,� Julian writes.

In a news release issued Sunday, RSA denied the Reuters report that it entered into a “secret contract� with the NSA “to incorporate a known flawed random number generator� into its devices.

“We have worked with the NSA, both as a vendor and an active member of the security community. We have never kept this relationship a secret and in fact have openly publicized it. Our explicit goal has always been to strengthen commercial and government security,� the statement read.

“RSA, as a security company, never divulges details of customer engagements, but we also categorically state that we have never entered into any contract or engaged in any project with the intention of weakening RSA’s products, or introducing potential ‘backdoors’ into our products for anyone’s use.�

Full text of NDP caucus chair Peter Julian’s letter to Speaker of the House of Commons Andrew Scheer:

Dear Mr. Speaker,

On Friday night, media reported that RSA, the computer security firm, had integrated a broken random number generator from the United States National Security Agency into some of its products. Reuters alleges that this was part of a $10 million payment from the NSA to the company. The NSA shares information amongst the Five Eyes signals intelligence agencies of the UK, the United States, Canada, Australia and New Zealand.

As you are no doubt aware RSA provides encryption for the House of Commons, including RSA SecureID electronic keys.

I would like to know to what extent the communications made by Members and staff of the House of Commons rely on security provided by RSA. In addition, I would like to know what steps have been taken to ensure that communication remains secure in light of this report.

Such a break in security has implications for the security and confidentiality of members and their staff to conduct business without being monitored by foreign governments or those who could exploit such a loophole.

Yours sincerely,

Peter Julian, MP

Burnaby-New Westminster

NDP Caucus Chair

 

twitter.com/jordan_press© COPYRIGHT - POSTMEDIA NEWS

Latest posts

FOR IMMEDIATE RELEASE - Liberals must come clean about vetting process

 

NDP Critic for Canadian Heritage Peter Julian issued the following statement:

"It has come to our attention that a consultant for a federally funded anti-racism project has a disturbing track record of spewing hate speech online against Jewish and francophone communities. This is completely unacceptable. We call on the Minister of Heritage to take drastic action and terminate his contract.

FOR IMMEDIATE RELEASE - Ragging the puck won't solve systemic problems at Hockey Canada

NDP Heritage Critic Peter Julian issued the following statement: 
 
“Today’s announcement by Hockey Canada is another attempt to delay the important and urgent work to deal with the toxic culture in this organization. While a former Supreme Court Justice is a credible appointment to conduct the review into Hockey Canada, this won’t be the first time the organization undergoes this process.

FOR IMMEDIATE RELEASE - NDP asks for ministers to come to the Heritage Committee

NDP critic for Canadian Heritage, Peter Julian, made the following statement: 

“Canadians are horrified by the incidents of sexual assault and by what they’re hearing from Hockey Canada. They are left with many questions about how this toxic culture is allowed to persist in our sports organizations and what the government is actually doing to ensure this doesn’t happen again.

Share this page

Are you ready to take action?

Attend an Event
Constituent Resources

Sign up for updates