In Sunday's NY Times, journalist David Sanger reports that the National Security Agency (NSA) has been given a virtual license by the White House to exploit software, Internet and private network flaws--such as the Heartbleed Secure Socket Layers (SSL) security hole, widely publicized over the past week--without reporting upon its knowledge of same to to the public, whenever it
feels like it deems the matter to be an issue of national security.
However--"now"--since our surveillance state has been continually caught with their pants down, constantly lying through their teeth on these over-arching state surveillance issues since day one, the Times reports tonight that, "...there is now a 'bias' in our government to share that knowledge with computer and software manufacturers so a remedy can be created and distributed to industry and consumers."
That's a good thing, since there's a "bias" currently held by the U.S. public to not believe a damn thing our government's telling us as far as anything regarding the NSA's egregious behavior's concerned.
The U.S. National Security Agency knew for at least two years about a flaw in the way that many websites send sensitive information, now dubbed the Heartbleed bug, and regularly used it to gather critical intelligence, two people familiar with the matter said.The double-speak today, as reported by the NY Times, is truly beyond the pale...
The NSA’s decision to keep the bug secret in pursuit of national security interests threatens to renew the rancorous debate over the role of the government’s top computer experts. [...]
Putting the Heartbleed bug in its arsenal, the NSA was able to obtain passwords and other basic data that are the building blocks of the sophisticated hacking operations at the core of its mission, but at a cost. Millions of ordinary users were left vulnerable to attack from other nations’ intelligence arms and criminal hackers.
Obama Lets N.S.A. Exploit Some Internet Flaws, Officials Say
By DAVID E. SANGER
NEW YORK TIMES
APRIL 12, 2014 9:47PM
WASHINGTON — Stepping into a heated debate within the nation’s intelligence agencies, President Obama has decided that when the National Security Agency discovers major flaws in Internet security, it should — in most circumstances — reveal them to assure that they will be fixed, rather than keep mum so that the flaws can be used in espionage or cyberattacks, senior administration officials said Saturday.
But Mr. Obama carved a broad exception for “a clear national security or law enforcement need,” the officials said, a loophole that is likely to allow the N.S.A. to continue to exploit security flaws both to crack encryption on the Internet and to design cyberweapons.
The White House has never publicly detailed Mr. Obama’s decision, which he made in January as he began a three-month review of recommendations by a presidential advisory committee on what to do in response to recent disclosures about the National Security Agency...
Somewhat reiterating what I stated above, the article recaps what The Times reported on Friday (SEE: "U.S. Denies It Knew of Heartbleed Bug on the Web"), "...when the White House denied that it had any prior knowledge of the Heartbleed bug, a newly known hole in Internet security that sent Americans scrambling last week to change their online passwords. The White House statement said that when such flaws are discovered, there is now a 'bias' in the government to share that knowledge with computer and software manufacturers so a remedy can be created and distributed to industry and consumers."
The Times then refers to Caitlin Hayden, the current spokeswoman for the National Security Council. Sanger reports...
IMHO, it's rather quaint that the NSA's process, "now"--ever since Edward Snowden provided the means by which the MSM has been enabled to pull back the proverbial curtain on this travesty--is "biased toward responsibly disclosing such vulnerabilities."
...the review of the recommendations was now complete, and it had resulted in a 'reinvigorated' process to weigh the value of disclosure when a security flaw is discovered, against the value of keeping the discovery secret for later use by the intelligence community.
“This process is biased toward responsibly disclosing such vulnerabilities,” she said…
The Times' story continues...
…At the center of that technology are the kinds of hidden gaps in the Internet — almost always created by mistake or oversight — that Heartbleed created. There is no evidence that the N.S.A. had any role in creating Heartbleed, or even that it made use of it. When the White House denied prior knowledge of Heartbleed on Friday afternoon, it appeared to be the first time that the N.S.A. had ever said whether a particular flaw in the Internet was — or was not — in the secret library it keeps at Fort Meade, Md., the headquarters of the agency and Cyber Command.Going back to June 7th, 2013, a NY Times' editorial was published, titled: "President Obama's Dragnet," just days after Ed Snowden first went public with his NSA document leaks. It included the following, rather stark sentence: "The administration has now lost all credibility on this issue."
But documents released by Edward J. Snowden, the former N.S.A. contractor, make it clear that two years before Heartbleed became known, the N.S.A. was looking at ways to accomplish exactly what the flaw did by accident. A program code-named Bullrun, apparently named for the site of two Civil War battles just outside Washington, was part of a decade-long effort to crack or circumvent encryption on the web. The documents do not make clear how well it succeeded, but it may well have been more effective than exploiting Heartbleed would be at enabling access to secret data…
When our own government maintains the hubris to acknowledge, in public (such as it's doing right now), that it may (still) willfully jeopardize the personal-private information of virtually all of its citizens, en masse, all in the name of "fighting terrorism," I would argue that folks inside the Beltway are quite confused. It's become glaringly self-evident that the terrorists have already won.
# # #