In theory, our government is supposed to keep us secure from attacks and crimes. You would think this would entail that, if someone in our government, getting paid by the taxpayers, would find some security flaw in the workings of the internet, that he would be obligated to tell people about it so the security flaw will be fixed.
But no; the job of the government is to exploit such security flaw in order to pursue some alleged need of national security or law enforcement, and thus to leave us exposed and vulnerable.
From the New York Times:
Stepping into a heated debate within the nation’s intelligence agencies, President Obama has decided that when the National Security Agency discovers major flaws in Internet security, it should — in most circumstances — reveal them to assure that they will be fixed, rather than keep mum so that the flaws can be used in espionage or cyberattacks, senior administration officials said Saturday.
But Mr. Obama carved a broad exception for “a clear national security or law enforcement need,” the officials said, a loophole that is likely to allow the N.S.A. to continue to exploit security flaws both to crack encryption on the Internet and to design cyberweapons.
The White House has never publicly detailed Mr. Obama’s decision, which he made in January as he began a three-month review of recommendations by a presidential advisory committee on what to do in response to recent disclosures about the National Security Agency.
But elements of the decision became evident on Friday, when the White House denied that it had any prior knowledge of the Heartbleed bug, a newly known hole in Internet security that sent Americans scrambling last week to change their online passwords. The White House statement said that when such flaws are discovered, there is now a “bias” in the government to share that knowledge with computer and software manufacturers so a remedy can be created and distributed to industry and consumers.
So, to sum up, the NSA will inform us of security vulnerabilities unless it decides not to. We have no idea what the NSA is working on because it is all kept secret. They will decide what they consider to be a “clear national security or law enforcement need.”
What is stunning about this is how easily they shrug off the security needs of millions of Americans. They would rather leave us all vulnerable to unknown attacks and threats than give up their self-given authority to spy on us.
And if they have the right to not report these flaws, how do we know they aren’t arranging them in the first place? After all, if a “clear law enforcement or security need” justifies one act, why not the other? In the meantime, the Snowden revelations have proven that the NSA can’t keep our information safe. Their activity itself constitutes a security vulnerability for the American people.