As governments increasingly find themselves needing information from networked sources for law enforcement, intelligence, and military purposes, one of the most difficult dilemmas they face concerns the use of so-called zero day vulnerabilities—previously unknown flaws or bugs that can sometimes be exploited to gain access to servers that house information or control networks and infrastructure. Governments often have researchers looking for these flaws, and sometimes, governments purchase them on the open market.
Latest in vulnerability disclosure
The Government Accountability Office last week published a report that, among other things, weighs in on the pros and cons of the NSA/CYBERCOM “dual-hat” system (pursuant to which the director of the NSA/CSS and commander of CYBERCOM are the same person). The report deserves attention but also some criticism and context. Here’s a bit of all three.
1. What is the “dual-hat” issue?
Ending The Endless Crypto Debate: Three Things We Should Be Arguing About Instead of Encryption Backdoors
Recently I participated in a fascinating conference at Georgia Tech entitled “Surveillance, Privacy, and Data Across Borders: Trans-Atlantic Perspectives.” A range of experts grappled with the international aspects of an increasingly pressing question: how can we ensure that law enforcement is able to obtain enough information to do its job in the twenty-first century, while also ensuring that digital security and human rights are protected?