The SafeLogic Blog

It’s not that we don’t appreciate the work of the National Security Agency here at SafeLogic.  Really, it’s quite impressive.  We certainly are thankful for the work of Homeland Security and the DoD.  And we absolutely, unequivocally, 100% support the men and women who have served in our national military.  We are red-blooded American patriots, who believe in life, liberty, and the pursuit of happiness.  And that is precisely why we do not work with the NSA.

Several significant events have come to light that call their ethics into question, and I’m not even talking about Snowden, Wiebe or any of the other whistleblowers.

Many are still reeling from the revelations surrounding the ten million dollar bribe that the RSA Security Corporation took from the NSA, in exchange for making Dual EC DRBG the default algorithm in RSA BSAFE, the most popular proprietary encryption module in the business.  This transaction, if known publicly at the time, would have raised eyebrows and questions would have been asked.  Instead, it remained in the shadows for years before Dual EC DRBG was exposed as a backdoor for the NSA to decrypt information at will and the connection was made.  It was a betrayal from both RSA and NSA, and disappointing to say the least.

More recent is the allegation that the NSA had knowledge of the Heartbleed bug, and leveraged the vulnerability since its creation, for approximately two years prior to the public identification of the flaw.

Ignore the political debate about whether or not the NSA has a right to, or ought to, spy on Americans in order to insure our safety.  They found the bug and didn’t tell anyone!  Even within their own denial was an implicit admission.  “Reports that NSA or any other part of the government were aware of the so-called Heartbleed vulnerability before 2014 are wrong.”

Ok… so they admit to hacking Heartbleed in January?  Best case scenario, the NSA took advantage of Heartbleed for only about 90 days.  Should we feel any less betrayed?

Look, I understand that it’s not in the NSA’s job description to fix problems created by private industry.  Heartbleed was certainly a black eye for the team of volunteers that rolled out the 2012 update to OpenSSL protocols.  No argument there.  But the NSA motto itself reads Defending Our Nation.  Securing The Future.  Doesn’t that include sounding the alarms when an estimated two-thirds of the world’s internet activity is at risk?  Doesn’t defending our nation include defending our intellectual property?  The assumption is that Securing the Future refers to the future of the American way of life, which is tightly aligned with our capitalist free market economy.  But that apparently was vulnerable for two years!  So no… I don’t think the NSA lived up to its mantra.

SafeLogic’s allegiance is to our customers, and our customers’ loyalty is to their own customers.  At the end of the day, our success is measured on whether we did everything possible to insure the security of the end users’ information.  Since our inception in 2012, the answer has been a resounding “Yes!” every single day.  Any partnership, association, or agreement with the NSA would undermine that singular goal.

That’s why we don’t sell our encryption to the National Security Agency.