President Obama’s biased stance on exploiting online security bugs
President Barack Obama has deemed that when a cyber-security vulnerability has been discovered by any federal agency, it is the government’s duty to report the issue instead of exploiting it for intelligence gains. However, there are exceptions to this ruling, such as in cases where national security is at stake or action from law enforcement agencies is required. It means that if the U.S. National Security Agency (NSA) or any government agency finds a cyber vulnerability, they can exploit it with just cause.
Despite Obama’s public stance on security loopholes, the recent revelation of the Heartbleed bug has only spurred more skepticism from the public. Heartbleed allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of OpenSSL’s cryptographic software library, compromising the secret keys used to identify service providers and encrypted personal data. Did the National Security Agency know about the bug all along, leveraging it to spy on people?
The Office of the Director of National Intelligence (ODNI) denied the allegations stating that the “NSA or any other part of the government” had no prior knowledge of the Heartbleed vulnerability that caused many netizens to panic regarding the implications of the bug in question. The debacle prompted action from the White House, though its decision is unlikely to settle the nerves of worrisome web users. The ODNI shares the following statement:
“In response to the recommendations of the President’s Review Group on Intelligence and Communications Technologies, the White House has reviewed its policies in this area and reinvigorated an interagency process for deciding when to share vulnerabilities. This process is called the Vulnerabilities Equities Process. Unless there is a clear national security or law enforcement need, this process is biased toward responsibly disclosing such vulnerabilities.”
The statement is in line with the position by President Obama’s Review Group on Intelligence and Communications Technologies, merely reiterating the intended limitations on what the NSA can and cannot do to gain intel. The ODNI statement offers netizens no new information, and raises more questions about the security of web users.
The NSA denied any involvement or knowledge of the security flaw, though one report insinuates that the NSA is delving into practices that could lead to more vulnerabilities in the future. The Washington Post writes that the agency designs most of its security implants, but devoted $25.1 million in 2013 to ‘additional covert purchases of software vulnerabilities’ from private malware vendors, a growing gray-market industry based largely in Europe.
photo credit: powtac via photopin cc
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
