Chicago - A message from the station manager

EFF Sues NSA Over FOIA

By The Electronic Frontier Foundation

The Electronic Frontier Foundation on Tuesday filed a Freedom of Information Act lawsuit against the NSA and the Office of the Director of National Intelligence to gain access to documents showing how intelligence agencies choose whether to disclose software security flaws known as “zero days.”
A zero day is a previously unknown security vulnerability in software or online services that a researcher has discovered, but the developers have not yet had a chance to patch. A thriving market has emerged for these zero days; in some cases governments – including the United States – will purchase these vulnerabilities, which they can use to gain access to targets’ computers.


In April 2014, Bloomberg News published a story alleging that the NSA had secretly exploited the “Heartbleed” bug in the OpenSSL cryptographic library for at least two years before the public learned of the devastating vulnerability.
The government strongly denied the report, claiming it had a developed a new “Vulnerability Equities Process” for deciding when to share vulnerabilities with companies and the public.
The White House’s cybersecurity coordinator further described in a blog post that the government had “established principles to guide agency decision-making” including “a disciplined, rigorous and high-level decision-making process for vulnerability disclosure.”
But the substance of those principles has not been shared with the public.
EFF filed a FOIA request for records related to these processes on May 6 but has not yet received any documents, despite ODNI agreeing to expedite the request.
“This FOIA suit seeks transparency on one of the least understood elements of the U.S. intelligence community’s toolset: security vulnerabilities,” EFF legal fellow Andrew Crocker said. “These documents are important to the kind of informed debate that the public and the administration agree needs to happen in our country.”
Over the last year, U.S. intelligence-gathering techniques have come under great public scrutiny. One controversial element has been how agencies such as the NSA have undermined encryption protocols and used zero days. While an intelligence agency may use a zero day it has discovered or purchased to infiltrate targeted computers or devices, disclosing its existence may result in a patch that will help defend the public against other online adversaries, including identity thieves and foreign governments that may also be aware of the zero day.
“Since these vulnerabilities potentially affect the security of users all over the world, the public has a strong interest in knowing how these agencies are weighing the risks and benefits of using zero days instead of disclosing them to vendors,” global policy analyst Eva Galperin said.

Previously:
* Stand Against Spying.
* The NSA Revelations All In One Chart.
* U.S. Supreme Court Limits Cell Phone Searches.
* EFF To Court: There’s No Doubt The Government Destroyed NSA Spying Evidence.
* House Committee Puts NSA On Notice Over Encryption Standards.
* Which Tech Companies Help Protect You From Government Data Demands?
* Lawsuit Demands DOJ Release More Secret Surveillance Court Rulings.
* Human Rights Organizations To Foreign Ministers: Stop Spying On Us.
* What The Proposed NSA Reforms Wouldn’t Do.
* Technologists Turn On Obama.
* Dear Supreme Court: Set Limits On Cell Phone Searches.
* EFF Fights National Security Letter Demands On Behalf Of Telecom, Internet Company.
* Eighth-Grader Schools The NSA.
* You Know Who Else Collected Metadata? The Stasi.
* Today We Fight Back.
* The Day We Fight Back.
* FAQ: The NSA’s Angry Birds.
* Jon Stewart: The Old Hope-A-Dope.
* Four Blatantly False Claims Obama Has Made About NSA Surveillance.
* EFF To DOJ In Lawsuit: Stop Pretending Information Revealed About NSA Over Last Seven Months Is Still A Secret.
* Judge On NSA Case Cites 9/11 Report, But It Doesn’t Actually Support His Ruling.
* Edward Snowden’s Christmas Message.
* Jon Stewart: Obama Totally Lying About NSA Spying.
* Presidential Panel To NSA: Stop Undermining Encryption.
* The NSA Is Coming To Town.
* 60 Minutes We Can’t Get Back.
* Why Care About The NSA?
* NSA Surveillance Drives Writers To Self-Censor.
* Filed: 22 Firsthand Accounts Of How NSA Surveillance Chilled The Right To Association.
* Claim On ‘Attacks Thwarted’ By NSA Spreads Despite Lack Of Evidence.
* Obama Vs. The World.
* How A Telecom Helped The Government Spy On Me.
* UN Member States Asked To End Unchecked Surveillance.
* Government Standards Agency: Don’t Follow Our Encryption Guidelines Because NSA.
* Five More Organizations Join Lawsuit Against NSA.
* A Scandal Of Historic Proportions.
* Item: NSA Briefing.
* The Case Of The Missing NSA Blog Post.
* The NSA Is Out Of Control.
* Patriot Act Author Joins Lawsuit Against NSA.
* Obama’s Promises Disappear From Web.
* Why NSA Snooping Is A Bigger Deal In Germany.
* Item: Today’s NSA Briefing.
* NSA Briefing: It Just Got Worse (Again).
* Song of the Moment: Party at the NSA.
* It Not Only Can Happen Here, It Is Happening Here.
* What NSA Transparency Looks Like.
* America’s Lying About Spying: Worse Than You Think.
* Obama Continues To Lie His Ass Off About The NSA.
* The Surveillance Reforms Obama Supported Before He Was President.
* America’s Spying: Worse Than You Think.
* Has The U.S. Government Lied About Its Snooping? Let’s Go To The Videotape.
* Who Are We At War With? That’s Classified.
* Six Ways Congress May Reform NSA Snooping.
* NSA Says It Can’t Search Its Own E-Mails.
* Does The NSA Tap That?
* Obama Explains The Difference Between His Spying And Bush’s Spying.
* FAQ: What You Need To Know About The NSA’s Surveillance Programs.
* NSA: Responding To This FOIA Would Help “Our Adversaries”.
* Fact-Check: The NSA And 9/11.
* The NSA’s Black Hole: 5 Things We Still Don’t Know About The Agency’s Snooping.
* Defenders Of NSA Surveillance Citing Chicago Case Omit Most Of Mumbai Plotter’s Story.
* Obama’s War On Truth And Transparency.
* ProPublica’s Guide To The Best Stories On The Growing Surveillance State.

See also:
* Jimmy Carter: America’s Shameful Human Rights Record.
* James Goodale: Only Nixon Harmed A Free Press More.
* Daniel Ellsberg: Obama Has Committed Impeachable Offenses.
* Paul Steiger: Why Reporters In The U.S. Now Need Protection.

Comments welcome.

Permalink

Posted on July 2, 2014