Wednesday, April 9, 2014

To Support and Defend Heartbleed

I've seen flag officers testify about intelligence gathering techniques that involved spying on Americans. They've defended their possible Fourth Amendment violations by stating that they acted in the interest of national security and protecting the country.

My sticking point with these arguments is military officers take an oath of office that's similar to the Presidential Oath. These oaths make no mention of protecting the country. Rather, it's about protecting the Constitution. I have no doubt that Edward Snowden would argue that he acted in the spirt of this oath, more so than the NSA.

Here are some questions to consider:

1. If a criminal notices a security vulnerability at a bank, would you expect him/her to notify the bank? No.

2. If a security company, charged with protecting the bank, noticed the same vulnerability, would you expect them to notify the bank? Of course.

3. If the NSA had discovered the OpenSSL Heartbleed bug would you expect them to notify the U.S. in the interest of national security? Would you?

At what point should an agency or organization stop defending America in the interest of attacking or spying on others?

Perhaps a government agency did leak the details of this OpenSSL bug. Then again, perhaps they've been exploiting it in the interest of national security. But, I seriously doubt either is the case.

Author: Joe Moreno

No comments: