EFF Sues NSA Again Over Failure To Release Procedures For Dealing With Zero Days
from the eff-may-need-a-whole-floor-devoted-to-nsa-lawsuits dept
Another day, another lawsuit filed by the EFF against the NSA. As you may recall, back in April there was some discussion about how the NSA deals with zero day exploits it discovers, and (specifically) whether or not it reveals them to relevant parties or keeps them for its own ability to exploit them. The NY Times revealed that President Obama had put in place an official rule that said the NSA should have a "bias" towards revealing the flaws, but left open a gaping loophole in saying the NSA could exploit those zero days for "a clear national security or law enforcement need." That's a pretty big loophole -- especially when you consider how law enforcement has been abusing every opportunity of late.EFF filed a FOIA request to find out about the NSA's process for determining whether to exploit or reveal a zero day... and hasn't received a response, despite a promise by the government to "expedite" the request. Hence: the new lawsuit.
"This FOIA suit seeks transparency on one of the least understood elements of the U.S. intelligence community's toolset: security vulnerabilities," EFF Legal Fellow Andrew Crocker said. "These documents are important to the kind of informed debate that the public and the administration agree needs to happen in our country."These days, it really does seem that the only way to get the government to cough up these kinds of documents is to file a lawsuit, which really defeats the purpose of the whole FOIA process. Perhaps the government should just admit it's a charade and let people go straight to the lawsuit filing process instead.
Over the last year, U.S. intelligence-gathering techniques have come under great public scrutiny. One controversial element has been how agencies such as the NSA have undermined encryption protocols and used zero days. While an intelligence agency may use a zero day it has discovered or purchased to infiltrate targeted computers or devices, disclosing its existence may result in a patch that will help defend the public against other online adversaries, including identity thieves and foreign governments that may also be aware of the zero day.
"Since these vulnerabilities potentially affect the security of users all over the world, the public has a strong interest in knowing how these agencies are weighing the risks and benefits of using zero days instead of disclosing them to vendors," Global Policy Analyst Eva Galperin said.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: cybersecurity, exploit, foia, james clapper, nsa, odni, surveillance, zero days
Companies: eff
Reader Comments
Subscribe: RSS
View by: Time | Thread
Better Solution
Perhaps we should stick an amendment in the constitution to allow the recall of any government official for cause, including obstructing existing law, failure to up hold the oath of office, lying (including by omission) maybe a few more; to include all three branches, including the supreme court, and initiated by any citizen that thinks they probably have probable cause.
Whatever legal standard is used, it should be no different than that used for the common person.
[ link to this | view in thread ]
[ link to this | view in thread ]
We have laws on the books about illegal access to computers. We have laws on the books about FOIA and when they are to be responded to. Yet we have a government willing to take to court anyone that does what they do and their employees are unaccountable to the same laws. What's wrong with this picture?
I can't but believe there is an end to this. Either the government changes it's ways (which it won't do voluntarily) or a revolt is coming. If it is a revolt, then it is a matter of when the trigger event comes.
Today it is easy to see as long as the bread and circuses keep coming that it will be a while. But I think too many things are coming down the pipes all at once and that trigger will be on our doorsteps far sooner than we anticipate.
You take the roof over peoples heads, the ability to pay for food, medicine, take their possessions for taxes they can't pay due to the economy, and suddenly you have a whole different thing staring you in the face.
[ link to this | view in thread ]
This could shorten the time between the beginning of the process and the time when they have to reveal something. The FOIA process allows them to delay ad eternum, present heavily redacted stuff and the likes thus dragging it for months or even years before the people decide to go for a lawsuit that will then last a few more months/years.
This is on purpose.
[ link to this | view in thread ]
[ link to this | view in thread ]
Re:
While there may not be specific laws there are serious implications when such flaws are withheld from the public since they might not be fixed before crooks start using them for real crimes.
Ordinary people would be prosecuted and jailed for exploiting those flaws. Now when the Government does it for surveillance and without warrants then it's way worse.
[ link to this | view in thread ]
Re:
And that has never happened before with any other president ever.
[ link to this | view in thread ]
Re: Re:
While true, there have been many other media outlets (besides just TechDirt) that have pointed out that this lack of transparency has happened much more now than with any other President. And it is still no excuse for it happening now, or to be tolerated any less.
[ link to this | view in thread ]
"Ordinary people would be prosecuted and jailed for exploiting those flaws."
No, ordinary people would be prosecuted and jailed for what they do in exploiting those flaws. You rarely see someone prosecuted for injected a "hello your machine is infected" message on someone's computer, but they sure would get in trouble for adding in a key logger and stealing their credit card numbers and bank information.
So it's back to the start: Show that the "surveillance" is specifically illegal, and perhaps you have a case. Otherwise it's a legal dead end - the type of space the EFF seems to enjoy playing in.
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re:
"Surveillance" is NOT illegal in public places, but once you have moved into any form of hacking into communications, a private citizen would have broken the law.
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re:
Indeed. Which is not as simple as what the NSA does. Let us not forget that it engaged even in industrial espionage.
Otherwise it's a legal dead end - the type of space the EFF seems to enjoy playing in.
Ah the ignorance. Keep throwing it. EFF has scored more victories last year than you in your entire life probably.
[ link to this | view in thread ]
Re:
A king would likely prefer walking around with less egg on his face.
Obama rather is a pawn, and the laws he needs to follow are not the laws and constitution of the U.S.A. Whether or not he is able to word-smith a justification for the things the government agencies are doing, they will carry on.
[ link to this | view in thread ]
Re:
It is suing because the government does not tell what they are doing regarding exploits.
This is a republic, not a monarchy. The people are the overseeing authority, and they cannot control the government unless the government tells the people what it is doing.
[ link to this | view in thread ]
Re:
There isn't any law. But the gov't has stated that it has a policy on that, and EFF has properly asked for it under a FOIA.
[ link to this | view in thread ]
Re:
No, as is pretty clearly stated in the article and the filings, they are suing over a failure of the gov't to properly respond to a FOIA filing.
[ link to this | view in thread ]
...ask me no questions...
Well, they might do that if it were not for the Standard Government Policy laid down by the Bush administration - know as the "Rules", that states - tell them a lie first, then tell another if that one does not work, then make them ask for proof, then, after they've asked (roll a 6 sided die and multiply by 2 and add 3) times, make them get a court order, then blackmail the judge to deny the order, and make them go through the whole process again from the beginning, and then lose the documents in question, through a. storeroom fire, b. computer malfunction, c. dog ate them, d. tornado damage, e. flood damage, f. termites, or g. make something up.
You see, they can't ever admit to you that the FOIA is a charade, because, well, that would be telling the public something it simply does not need to know.
And telling the public something it does not need to know is against the Rules.
[ link to this | view in thread ]
Re: Better Solution
Err.... would that not take some access to government?
I mean, who would write these new rules into law?
I'd think the current members of the Federal Government would simply say a unanimous "no", and then laugh their collective asses off at the audacity of some peasant telling them to restrict their activities in such a manner.
First, methinks, it might behoove us to figure out some way to gain control of this runaway federal government before we try and get it to do something diametrically opposed to its members' current practices, habits and desires - none of which has anything remotely to do with honesty, obedience or disclosures to the public.
Unless of course, you think the Federal Government is simply "confused" and "unguided", and not at all being purposely obtuse, deceptive, or secretive, and a simple wrist slap will bring them all back in line....
Good luck with that then.
[ link to this | view in thread ]
Re:
While having no money will exclude you from membership in the Ownership Society and eliminate any "rights" that must be shored up via lawyers, and make you pretty much a voiceless member of the peasant class in modern America, I'm pretty sure that nobody can actually sue you for the crime of having no money.
[ link to this | view in thread ]
FTFY
It was a run-on sentence.
[ link to this | view in thread ]
Re: ...ask me no questions...
[ link to this | view in thread ]
Re: Re: ...ask me no questions...
The Never To Be Written Secret History of the USA.
Bush Junior was the first fully effective corporate POTUS, placed into office through vote fixing, bribery, blackmail and coercion.
His job was to rewrite as many laws as possible, in order to remove the restrictions faced by Banks, Wall Street and the Top 500 MAFIA controlled corporations, due to regulations that prevented them from doing such things as cheating, lying, stealing, racketeering, forming monopolies, etc..
Since he was not fully successful - he had to do a lot of other things like end a ton of law suits against various supporter institutions like the tobacco industry and bury all the records of his family's support of Hitler prior to and during WW2 - they needed to place a new corporate POTUS in power to finish the task.
Since placing a Known Republican back in the Oval Office was impossible after Bush, it was necessary to create a ringer - a Republican sympathizer who could masquerade as a Democrat.
9/11 allowed the forces of Wall Street and the MAFIA to almost entirely eliminate the Democratic Party through a combination of blackmail, bribery and coercion, made possible by the new War Time Laws secretly enacted after 9/11 due to the manufactured Terrorist Problem.
This made it easy to foist the ringer on the public without exposure by other democrats.
Obama was the perfect choice for the New Republican POTUS, because, due to his being black and a silver-tongued con-artist, the public could be easily fooled into believing he was a democrat and trust-worthy.
Because everyone expected all the American Blacks to vote for Obama, the vote was easily fixed and the election was a cake walk.
Naturally, the nutcase Republican Pundits publicly poo pooed the Ringer endlessly in order to insure the public's continued belief in his Democrat-hood, in the face of his republican friendly activities and corporate administration members.
Obama has since finished off all the work that was started by Bush and added a few new twists that his handlers have always wanted, such as reverse copyright reform and the beginnings of the end of the internet.
Wall Street is now fully in control of the Federal Government, as can be seen easily by the way the NSA, FBI, IRS, CIA and every other branch of the Federal Government has been behaving since 9/11, not to mention Hollyood, the RIAA and MPAA law creation, or the Trade Agreement Group's secrecy.
If it were not for Snowden, almost none of this would have been known by the few Americans who have been able to see through the smoke screen put up by the Truth-Free Press.
Sadly, the vast majority of American citizens continue to ignore reality, due mainly to embarrassment at being made fools of, and their misguided patriotism.
[ link to this | view in thread ]
[ link to this | view in thread ]