Until just last week, the U.S. government kept up the charade that its use of a stockpile of security vulnerabilities for hacking was a closely held secret.1 In fact, in response to EFF’s FOIA suit to get access to the official U.S. policy on zero days, the government redacted every single reference to “offensive” use of vulnerabilities. To add insult to injury, the government’s claim was that even admitting to offensive use would cause damage to national security. Now, in the face of EFF’s brief marshaling overwhelming evidence to the contrary, the charade is over.
In response to EFF’s motion for summary judgment, the government has disclosed a new version of the Vulnerabilities Equities Process, minus many of the worst redactions. First and foremost, it now admits that the “discovery of vulnerabilities in commercial information technology may present competing ‘equities’ for the [government’s] offensive and defensive mission.” That might seem painfully obvious—a flaw or backdoor in a Juniper router is dangerous for anyone running a network, whether that network is in the U.S. or Iran. But the government’s failure to adequately weigh these “competing equities” was so severe that in 2013 a group of experts appointed by President Obama recommended that the policy favor disclosure “in almost all instances for widely used code.” [.pdf].
Group items matching
in title, tags, annotations or url
1More
3More
Editorial: Wikipedia fails as an encyclopedia, to science's detriment | Ars Technica UK... - 0 views
1More
Copyright in Europe: Minimal Reform to Avoid Crucial Questions | La Quadrature du Net [... - 0 views
2More
Trump Declares War On Silicon Valley: DoJ Launches Google Anti-Monopoly Probe | Zero Hedge - 0 views
2More
EU files antitrust charges against Amazon over use of data | The Seattle Times - 1 views
3More
Why Google search is your phone's default, and not easy to change - The Washington Post - 0 views
« First
‹ Previous
41 - 57 of 57
Showing 20▼ items per page