EFF sues the NSA to disclose use of software security flaws

The EFF filed suit against the NSA and ODNI Tuesday, seeking information about zero-day flaws

The Electronic Frontier Foundation, a prominent digital privacy rights group, has filed a lawsuit against the U.S. National Security Agency to get it to specify the extent to which it might exploit software security flaws.

The EFF said Tuesday it had filed a Freedom of Information Act lawsuit against the NSA and the Office of the Director of National Intelligence to gain access to documents showing how intelligence agencies choose whether to disclose software security flaws known as "zero days." These early stage flaws are typically discovered by researchers but are not yet patched by developers or the company. A market has even sprung up around the flaws, in which governments will purchase the vulnerabilities to gain access to people's computers, EFF said.

Not disclosing zero-day flaws jeopardizes people's data and communications, the EFF has argued.

The suit comes amid concerns and accusations that government agencies, including but not limited to the NSA, may be exploiting these vulnerabilities for intelligence-gathering processes without the public's awareness.

In April, Bloomberg News reported that the NSA had used the then-recently disclosed "Heartbleed" security bug to gather intelligence for at least two years before it was discovered by others. The NSA said the report was incorrect.

The EFF had filed a Freedom of Information Act request in May related to these processes, but still has not received any documents, despite Intelligence Director James Clapper's office agreeing to expedite the request, the group said Tuesday.

"This [suit] seeks transparency on one of the least understood elements of the U.S. intelligence community's toolset: security vulnerabilities," said Andrew Crocker, EFF legal fellow, in a statement. "These documents are important to the kind of informed debate that the public and the administration agree needs to happen in our country."

A spokeswoman for the NSA declined to comment. The intelligence director's office did not immediately respond to comment.

Following disclosures made last year by former NSA contractor Edward Snowden, intelligence agencies' techniques have come under much scrutiny. In addition to their possible exploitation of software vulnerabilities, whether agencies can exploit weaknesses in encryption has also sparked concern.

As a result many large companies like Google and Microsoft have bolstered their use of encryption technology in recent months.

Zach Miners covers social networking, search and general technology news for IDG News Service. Follow Zach on Twitter at @zachminers. Zach's e-mail address is zach_miners@idg.com

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection

Tags securityinternetdata protectionElectronic Frontier Foundationprivacy

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Zach Miners

IDG News Service
Show Comments

Cool Tech

SanDisk MicroSDXC™ for Nintendo® Switch™

Learn more >

Breitling Superocean Heritage Chronographe 44

Learn more >

Toys for Boys

Family Friendly

Panasonic 4K UHD Blu-Ray Player and Full HD Recorder with Netflix - UBT1GL-K

Learn more >

Stocking Stuffer

Razer DeathAdder Expert Ergonomic Gaming Mouse

Learn more >

Christmas Gift Guide

Click for more ›

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?