“We hope to find out the current scope and nature of the Five Eyes intelligence sharing agreement – and how much has changed since the 1955 version,” Privacy International legal officer Scarlet Kim tells WIRED. “We’d also like to know the US rules and regulations governing this exchange of information – what safeguards and oversight, if any, exist with respect to these activities?”
People inside the NSA are quick to discount these studies, saying that the data don’t reflect their reality. They claim that there are entire classes of vulnerabilities the NSA uses that are not known in the research world, making rediscovery less likely. This may be true, but the evidence we have from the Shadow Brokers is that the vulnerabilities that the NSA keeps secret aren’t consistently different from those that researchers discover. And given the alarming ease with which both the NSA and CIA are having their attack tools stolen, rediscovery isn’t limited to independent security research.
Bruce Schneier in Foreign Affairs: Why the NSA Makes Us More Vulnerable to Cyberattacks »
It appears the NSA finally engaged in the Vulnerabilities Equity Process — not when it discovered the vulnerability, but rather when it became apparent the agency wouldn’t be able to prevent it from being released to the public. (…)
Officials called it “fishing with dynamite.” The exploit gave the NSA access to so much on compromised computers, the agency obviously couldn’t bear the thought of voluntarily giving up such a useful hacking tool. But when it was first deployed, some inside the agency felt the vulnerability might be too powerful to be left undisclosed.
What happens when intelligence agencies go to war with each other and don’t tell the rest of us? I think there’s something going on between the US and Russia that the public is just seeing pieces of. We have no idea why, or where it will go next, and can only speculate.
Schneier on Security: Who is Publishing NSA and CIA Secrets, and Why? »