Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Sunday, 24 September, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

EFF's zero-day information requests gets no response from NSA

by The Gurus
July 3, 2014
in Editor's News
Share on FacebookShare on Twitter

The Electronic Frontier Foundation (EFF) has filed a Freedom of Information Act (FOIA) lawsuit against the NSA and the Office of the Director of National Intelligence (ODNI).
 
In an effort to gain access to documents showing how intelligence agencies choose whether to disclose zero day flaws, the movement comes a year after Edward Snowden’s revelations, and mark a time when online freedom advocates are taking their fight to legal cases.
 
In this case, the EFF has filed an FOIA request for records related to these processes, but said that since it was filed on May 6th it has not yet received any documents. “This FOIA suit seeks transparency on one of the least understood elements of the U.S. intelligence community’s toolset: security vulnerabilities,” EFF Legal Fellow Andrew Crocker said. “These documents are important to the kind of informed debate that the public and the administration agree needs to happen in our country.”
 
Commenting, Toyin Adelakun, VP at Sestus, said that were the EFF’s lawsuit to succeed, the NSA and other agencies might be compelled to divulge their decision-making processes in respect of zero-day disclosures to vendors and the public — in other words, to explain the workings of the Vulnerabilities Equities Process.
 
“Let us assume that the public can, crudely speaking, be classed into three groups: those who believe the Government and its agencies constitute a bunch of malevolent connivers; those who believe the Government and its agencies are benevolent strivers for the common good; and those who have no strong beliefs on the matter (i.e. are apathetic, ignorant and/or neutral),” he said.
 
“Disclosure of the decision-making process might shift some ‘neutrals’ into the ‘Government-is-malevolent’ end of the spectrum, and will obviously entrench in their beliefs those already in that area — but may also shift some opinions in the other direction.”
 
Will Semple, VP of research and intelligence for Alert Logic, said: “While this certainly is a tricky subject; my personal position is controlled disclosure with a right to exclude if you’re in the national security business. This is more from a ‘I’ve seen what can happen’ position than a freedom of information one.
 
“It’s how we structure our thoughts on what a vulnerability can achieve in the wrong hands, rather than if should it be made available to the public. There will be a lot of maturity in this topic over the next year or so.”
 
He said that the use of security vulnerabilities by intelligence agencies, not just in the US, introduces a different type of ethical question, and questions should be asked on why agencies such as the NSA have a program to discover zero day vulnerabilities and what they use them for.
 
He said: “As with all modern espionage or security agencies, they are a tool in an evolved set of tradecraft. They introduce a mechanism or avenue for information gathering that was not previously available. Spy satellites in the 80’s and 90’s introduced a way to track physical assets that was not available in the 60’s and 70’s. In a world where the physical assets leave a digital footprint it is natural for agencies such as the NSA to develop tools and techniques to track these assets.”

FacebookTweetLinkedIn
ShareTweet
Previous Post

Surrey Centre for Cyber Security to open at University

Next Post

900,000 Danes face data breach worry

Recent News

The Journey to Secure Access Service Edge (SASE)

The Journey to Secure Access Service Edge (SASE)

September 22, 2023
WatchGuard

WatchGuard acquires CyGlass for AI-powered network anomaly detection

September 21, 2023
'open' sign on window ledge

SME Cyber Security – Time for a New Approach?

September 21, 2023
Keeper Security Logo

Keeper Security Named a Market Leader in Privileged Access Management (PAM) by Enterprise Management Associates

September 21, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information