Pages

Freedom of information pages

Freedom Pages & understanding your rights

Wednesday, July 2, 2014

NSA and Director of National Intelligence Sued for Zero Day Disclosure Process

NSA and Director of National Intelligence Sued for Zero Day Disclosure Process

Government Needs to Reveal Decision-Making Process for Publicizing Vulnerabilities




The Electronic Frontier Foundation (EFF) today filed a Freedom of Information Act (FOIA) lawsuit against the NSA and the Office of the Director of National Intelligence (ODNI) to gain access to documents showing how intelligence agencies choose whether to disclose software security flaws known as "zero days."
http://www.eff.org/

A zero day is a previously unknown security vulnerability in software or online services that a researcher has discovered, but the developers have not yet had a chance to patch. A thriving market has emerged for these zero days; in some cases governments—including the United States—will purchase these vulnerabilities, which they can use to gain access to targets' computers.

In April 2014, Bloomberg News published a story alleging that the NSA had secretly exploited the "Heartbleed" bug in the OpenSSL cryptographic library for at least two years before the public learned of the devastating vulnerability. The government strongly denied the report, claiming it had a developed a new "Vulnerability Equities Process" for deciding when to share vulnerabilities with companies and the public. The White House's cybersecurity coordinator further described in a blog post that the government had "established principles to guide agency decision-making" including "a disciplined, rigorous and high-level decision-making process for vulnerability disclosure." But the substance of those principles has not been shared with the public.


 

EFF filed a FOIA request for records related to these processes on May 6 but has not yet received any documents, despite ODNI agreeing to expedite the request.

"This FOIA suit seeks transparency on one of the least understood elements of the U.S. intelligence community's toolset: security vulnerabilities," EFF Legal Fellow Andrew Crocker said. "These documents are important to the kind of informed debate that the public and the administration agree needs to happen in our country."

Over the last year, U.S. intelligence-gathering techniques have come under great public scrutiny. One controversial element has been how agencies such as the NSA have undermined encryption protocols and used zero days. While an intelligence agency may use a zero day it has discovered or purchased to infiltrate targeted computers or devices, disclosing its existence may result in a patch that will help defend the public against other online adversaries, including identity thieves and foreign governments that may also be aware of the zero day.

"Since these vulnerabilities potentially affect the security of users all over the world, the public has a strong interest in knowing how these agencies are weighing the risks and benefits of using zero days instead of disclosing them to vendors,"
Global Policy Analyst Eva Galperin said.

For the complaint:
https://www.eff.org/document/eff-v-nsa-odni-complaint

Contacts:

Andrew Crocker
   Legal Fellow
   Electronic Frontier Foundation
   andrew@eff.org
Eva Galperin
   Global Policy Analyst
   Electronic Frontier Foundation
   eva@eff.org

Related Case:
EFF v. NSA, ODNI - Vulnerabilities FOIA
https://www.eff.org/cases/eff-v-nsa-odni-vulnerabilities-foia

No comments:

Post a Comment

Anyone is welcome to use their voice here at FREEDOM OR ANARCHY,Campaign of Conscience.THERE IS NO JUSTICE IN AMERICA FOR THOSE WITH OUT MONEY if you seek real change and the truth the first best way is to use the power of the human voice and unite the world in a common cause our own survival I believe that to meet the challenges of our times, human beings will have to develop a greater sense of universal responsibility. Each of us must learn to work not just for oneself, ones own family or ones nation, but for the benefit of all humankind. Universal responsibility is the key to human survival. It is the best foundation for world peace,“Never be afraid to raise your voice for honesty and truth and compassion against injustice and lying and greed. If people all over the world...would do this, it would change the earth.” Love and Peace to you all stand free and your ground feed another if you can let us the free call it LAWFUL REBELLION standing for what is right