Follow Us

We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

EFF sues the NSA to disclose use of software security flaws

The EFF filed suit against the NSA and ODNI Tuesday, seeking information about zero-day flaws

Article comments

The Electronic Frontier Foundation, a prominent digital privacy rights group, has filed a lawsuit against the U.S. National Security Agency to get it to specify the extent to which it might exploit software security flaws.

The EFF said Tuesday it had filed a Freedom of Information Act lawsuit against the NSA and the Office of the Director of National Intelligence to gain access to documents showing how intelligence agencies choose whether to disclose software security flaws known as "zero days." These early stage flaws are typically discovered by researchers but are not yet patched by developers or the company. A market has even sprung up around the flaws, in which governments will purchase the vulnerabilities to gain access to people's computers, EFF said.

Not disclosing zero-day flaws jeopardizes people's data and communications, the EFF has argued.

The suit comes amid concerns and accusations that government agencies, including but not limited to the NSA, may be exploiting these vulnerabilities for intelligence-gathering processes without the public's awareness.

In April, Bloomberg News reported that the NSA had used the then-recently disclosed "Heartbleed" security bug to gather intelligence for at least two years before it was discovered by others. The NSA said the report was incorrect.

The EFF had filed a Freedom of Information Act request in May related to these processes, but still has not received any documents, despite Intelligence Director James Clapper's office agreeing to expedite the request, the group said Tuesday.

"This [suit] seeks transparency on one of the least understood elements of the U.S. intelligence community's toolset: security vulnerabilities," said Andrew Crocker, EFF legal fellow, in a statement. "These documents are important to the kind of informed debate that the public and the administration agree needs to happen in our country."

A spokeswoman for the NSA declined to comment. The intelligence director's office did not immediately respond to comment.

Following disclosures made last year by former NSA contractor Edward Snowden, intelligence agencies' techniques have come under much scrutiny. In addition to their possible exploitation of software vulnerabilities, whether agencies can exploit weaknesses in encryption has also sparked concern.

As a result many large companies like Google and Microsoft have bolstered their use of encryption technology in recent months.

Zach Miners covers social networking, search and general technology news for IDG News Service. Follow Zach on Twitter at @zachminers. Zach's e-mail address is zach_miners@idg.com



Share:

More from Techworld

More relevant IT news

Comments



Send to a friend

Email this article to a friend or colleague:

PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.

Techworld White Papers

Choose – and Choose Wisely – the Right MSP for Your SMB

End users need a technology partner that provides transparency, enables productivity, delivers...

Download Whitepaper

10 Effective Habits of Indispensable IT Departments

It’s no secret that responsibilities are growing while budgets continue to shrink. Download this...

Download Whitepaper

Gartner Magic Quadrant for Enterprise Information Archiving

Enterprise information archiving is contributing to organisational needs for e-discovery and...

Download Whitepaper

Advancing the state of virtualised backups

Dell Software’s vRanger is a veteran of the virtualisation specific backup market. It was the...

Download Whitepaper

Techworld UK - Technology - Business

Innovation, productivity, agility and profit

Watch this on demand webinar which explores IT innovation, managed print services and business agility.

Techworld Mobile Site

Access Techworld's content on the move

Get the latest news, product reviews and downloads on your mobile device with Techworld's mobile site.

Find out more...

From Wow to How : Making mobile and cloud work for you

On demand Biztech Briefing - Learn how to effectively deliver mobile work styles and cloud services together.

Watch now...

Site Map

* *