EMC Security Arm Denies Government Spying Allegations

EMC Corp.'s headquarters in Hopkinton.

Write a Comment

The security division of Hopkinton-based EMC has refuted allegations that it allowed the National Security Agency to spy on users of its product.

A statement posted on Dec. 22 by Bedford-based RSA Security “categorically denied” claims from a Reuters report two days earlier that it received $10 million from the NSA to use a flawed random number generator in one of its products.

“We have worked with the NSA, both as a vendor and as an active member of the security community,” RSA wrote. “We have never kept this relationship a secret and in fact have openly publicized it. Our explicit goal has always been to strengthen commercial and government security.”

But security researcher Mikko Hypponen found RSA’s statement unconvincing, and penned an open letter Monday to EMC Chairman and CEO Joseph Tucci and RSA Executive Chairman Art Coviello.

Hypponen said the company failed to deny specific allegations that RSA received money from the NSA to accept the security agency's random number generator and use it in RSA products.

“NSA’s random number generator was found to be flawed on purpose, in effect creating a back door,” Hypponen wrote. “You had kept on using the generator for years despite widespread speculation that the NSA had backdoored it.”

In the letter, Hypponen cancelled his talk at an RSA security conference in San Francisco in protest.

The number generator has come under scrutiny after former NSA contractor Edward Snowden claimed it allowed the NSA to engage in back-door snooping.