Hey CIA, You Held On To Security Flaw Information -- But Now It's Out. That's Not How It Should Work (eff.org) 246
Cindy Cohn, writing for EFF: The dark side of this story is that the documents confirm that the CIA holds on to security vulnerabilities in software and devices -- including Android phones, iPhones, and Samsung televisions -- that millions of people around the world rely on. The agency appears to have failed to accurately assess the risk of not disclosing vulnerabilities to responsible vendors and failed to follow even the limited Vulnerabilities Equities Process. As these leaks show, we're all made less safe by the CIA's decision to keep -- rather than ensure the patching of -- vulnerabilities. Even spy agencies like the CIA have a responsibility to protect the security and privacy of Americans.
Who's Responsibility? (Score:5, Insightful)
Re:Who's Responsibility? (Score:5, Insightful)
Even spy agencies like the CIA have a responsibility to protect the security and privacy of Americans.
It's their job.
Re: (Score:3)
Says who?
Re:Who's Responsibility? (Score:5, Informative)
Says the CIA on their about page under responsibilities of the director.
Correlating and evaluating intelligence related to the national security and providing appropriate dissemination of such intelligence;
Re: Who's Responsibility? (Score:3)
And, in your mind, there will never be any problem deciding what is appropriate?
It seems to me to be a typical document meant to cast an 'appropriate' image of an agency whose very nature makes it impossible to easily explain its actions.
I find this action by Wikileaks to be disturbing by its timing. The contents shouldn't be a total surprise.
There's been plenty of hints going back years. In 2003 we had OnStar versus the FBI. A couple of years ago Verizon tried to patent an invention that made your TV bo
Re: Who's Responsibility? (Score:4, Insightful)
The problem with not having this released by Wikileaks is that until now, the people who claimed this capability existed were labeled as paranoid conspiracy theorists. Same thing with Snowden's leaks. I saw a column in the USA Today just now that said Americans don't need to worry because the CIA doesn't spy on Americans. Utter crap. They give the tools to European agencies to spy on us in the USA and we spy on their citizens for them.
National security does not justify whatever they want to do. They no longer fear prosecution because no one faced consequences after the Snowden leaks.
Basically, if nothing happens now except a manhunt for the whistleblower, we are all freaking doomed.
Re: (Score:2)
National security does not justify whatever they want to do.
But 9/11! We need to be protected!
Re: (Score:3)
Correlating and evaluating intelligence related to the national security and providing appropriate dissemination of such intelligence;
The definition of the word "appropriate" makes all the difference in that statement. Is it "appropriate" to sacrifice capabilities in the name of improving the public's general digital security?
Re: (Score:2)
Is it "appropriate" to sacrifice capabilities in the name of improving the public's general digital security?
That depends on what is more important. Protecting yourself or protecting the people. Lets face it, it hasn't been the latter for a long time.
Re: (Score:2)
Some parts of the USG have the mission to protect us: CERT for example.
Some parts have the mission to get evaluate and distribute information to the State dept and the rest of the executive branch. CIA/NSA/...
Anyone who claims that both are not needed and the USG should only "Protect us" are either lying or idealistic fools. Which are you?
Re:Who's Responsibility? (Score:5, Interesting)
Correlating and evaluating intelligence related to the national security and providing appropriate dissemination of such intelligence;
"intelligence" is government-speak for information they took from someone. If your desk safe has a factory combination that always works, that isn't "intelligence". The contents of what they found inside your safe when they used that combo is intelligence.
So no, its not their job to warn US citizens if they are vulnerable domestically. That's called "domestic counter-intelligence", and is explicitly the FBI's job.
Sure, it would be nice if the CIA did it anyway. But if that burns a method they are finding useful themselves to do things that ARE their job, I wouldn't hold my breath.
Re: (Score:2)
Re: (Score:2)
When the CIA/NSA/... is following the constitutional laws and directives of the executive branch they are performing the mission that they were created to do.
That mission does not include serving as Apples/Googles/Microsofts/ZTEs/Huaweis/Samsungs vulnerability assessment division.
Re: (Score:2)
There's nothing in that italicized statement that states it's their responsibility to ensure your right to privacy.
There's nothing in that statement that states it's their responsibility to disclose vulnerability information to the holes can be patched
Re: (Score:2)
They "correlate and evaluate" to the State department and other entities of the USG.
The "Disseminating information" part of their mission does not mean that they must (or should) inform corporate entities of their bugs.
Re: Who's Responsibility? (Score:4, Insightful)
Thb they would probably argue they are protecting the safety of US citizens by maintaining a spy capability. That is their job, not turning over those same vulnerabilities.
Re: (Score:2)
Re: (Score:3)
"Correlating and evaluating intelligence related to the national security.."
Bobs hacked Samsung TV is not a national security issue. Its not the CIA's job to worry about the fact that someone could possibly compromise your smart phone revealing all your most sensitive dick picks. The CIA holds on to vulnerabilities like these to do little insignificant things like hacking the NK nuclear missile programs stalling a potential international conflict, hacking Iranian nuke programs, thwarting terrorist bombings by interception of communications, destabilizing foreign nations that are apposed to your existence, etc.. But I'm sure your dick pics should be their top priority.
You forgot "Spy on opposition candidates"
Re: (Score:2)
Bobs hacked Samsung TV is not a national security issue
It is when Bob is the son of a general and the television is used to eavesdrop on conversations of classified material in his house.
Re: (Score:2)
Bobs hacked Samsung TV is not a national security issue
It is when Bob is the son of a general and the television is used to eavesdrop on conversations of classified material in his house.
SRSLY? If some jackass general is discussing classified info outside of an approved secure area, that's the national security issue. He should be court-martialed. That said, catching him in the act in his own home should be preceded with issuance of a valid warrant.
Re: (Score:2)
One reason people objected to the collection of meta-data was that with sufficient, seemingly innocent, data it is possible to discern guilty behavior.
Re: (Score:3)
Even spy agencies like the CIA have a responsibility to protect the security and privacy of Americans.
Security yes... abroad. Privacy: not so much.
The CIA has been historically responsible for international operations, including spying in and on foreign nations. The FBI is supposed to do those things inside the country.
Re: (Score:2)
As long as commercial interests and hence the national security interests and hinge to no small part on the economic stability and power of the US use the same tools that private citizens use, protecting our privacy is basically collateral damage of protecting the US national security.
Re: (Score:2)
Re: (Score:2)
nearly every action they did that resulted in "regime change" was to benefit some corp that was exploiting the people or the resources of some weaker country
That's not really useful evidence is the thing. Any regime change that didn't install a communist was going to benefit some corp in the region (and if the old guy wasn't a commie, then it would screw whatever corp he was in bed with).
Since the primary mission of the CIA for years was to overthrow small communist-leaning governments, usually for some tyrant who ended up working against us, the result would tend to be pro-corporate just as a side-effect of their blind anti-Red agenda.
Re:Who's Responsibility? (Score:5, Interesting)
While I find the abusive techniques being reported as abhorrent as the next fellow, I would challenge the assertion that it's their job to disclose security issues.
I'm not saying that they morally are not obligated. They are morally obligated to do so, in my personal opinion, to maintain the general fabric of security for the country.
But I'm not so sure that they have a legal obligation to do so.
There are some pretty convincing cases where they could argue that an obscure exploit can be disclosed and upgrade the digital security of the nation by 0.01% or they could hold onto it and use it to help prevent specific bad actors with big plans.
So yes, while I'd like to think we're all above board and working towards a bright shiny future with full disclosure, I'm not sure that the charter for agencies running covert ops lists vulnerability disclosure as their operational mandate.
Re:Who's Responsibility? (Score:5, Interesting)
They knew that Samsung TVs could be used to spy on people via their cameras and microphones. Samsung TVs are quite popular. It's likely that they are in sensitive places, like meeting rooms of US corporations, hospitals, newsrooms etc. And in all likelihood, the Russians and the Chinese and the Iranians and the North Koreans and GCHQ and many other intelligence agencies know all this too. I wouldn't be at all surprised if for-hire black hats knew as well.
So the CIA has a choice. Sit on this information and use it to gather intel themselves, but leaving the US at severe risk, or publish and give up their capability but also deny it to their adversaries. They must have either decided that the intel was more valuable than the loss to US citizens and corporations, or more likely never even had this discussion.
Re: (Score:2)
Samsung TVs are quite popular. It's likely that they are in sensitive places, like meeting rooms of US corporations, hospitals, newsrooms etc.
It's worse than that. These TVs don't just end up there, they're actively marketed at these places because they can install various video conferencing apps and avoid the need to have a separate computer to control the video conferencing system.
Re: (Score:2)
Samsung TVs are quite popular. It's likely that they are in sensitive places, like meeting rooms of US corporations, hospitals, newsrooms etc.
It's worse than that. These TVs don't just end up there, they're actively marketed at these places because they can install various video conferencing apps and avoid the need to have a separate computer to control the video conferencing system.
So let me get this straight. The CIA works with Samsung to market TV to specific people and corporations and then also interferes by back dooring these specific tv's before shipping them out? Because it's already been proven the TV's can't be accessed remotely without first having physical access (usb port) and modifying them.
I disagree (Score:5, Insightful)
It is the job of the CIA to collect intelligence. Central Intelligence Agency, right there in the name. It's not their job to post software patches.
I think what Cindy Cohn meant was "it would sure be nice if the CIA had let us know about the problems rather than keep them secret", and I agree that would have been awfully nice of them - but wanting the CIA to reveal tactical information that helps it do its job is silly.
They're a spy agency, folks. This is what spies do.
Re: (Score:2)
Re: (Score:2)
Their mission is to collect and desseminate information. You seem to have left out that big word beginning with D.
Their purpose certainly isn't to disseminate everything they collect. That would be stupid and entirely counter-productive. Somebody quoted them up above:
Correlating and evaluating intelligence related to the national security and providing appropriate dissemination of such intelligence;
By asking them to disclose vulnerabilities that they're able to exploit, you're asking them to diminish their capabilities. Patching the world isn't their job - Spying on it is.
Re: (Score:2)
Prior to these leaks no one knew that the CIA knew about these exploits. Now everyone knows the CIA knows about these exploits. This provides two clear problems for intelligence gathering for the CIA.
1. Other individuals and organizations will address these exploits making the exploits useless for government actors.
2. Other individuals and organizations will cease using these exploits for intelligence gathering as they're aware that the CIA knows about them. This does not mean that they don't have other exp
Re: (Score:2)
...do you leave all the computers in the government and major industries that drive our nation like power plants and airlines vulnerable...
Yes, you leave them vulnerable. They will always be vulnerable - The CIA has only discovered a subset of the global population of software vulnerabilities. Securing the planet is not the CIA's job; it should not be; and searching for vulnerabilities only to disclose them to the world would be a misuse of tax dollars. There are other, preferable, ways of finding, reporting, and patching bugs that do not waste the time of our intelligence agencies.
Re: (Score:2)
Did you not read the summary?
Even spy agencies like the CIA have a responsibility to protect the security and privacy of Americans.
It's their job.
I hate to disagree, but isn't that the FBI's job domestically? At least it's going to be part of Homeland Security or something...The CIA is specifically limited to gathering forgiven intelligence isn't it?
Re:Who's Responsibility? (Score:5, Insightful)
It's like how when the CIA discovers a Russian General has a secret to hide they never black mail him but immediately notify the Russian Authorities of their vulnerability.
Re: (Score:3)
Re: (Score:2, Insightful)
It's like how when the CIA discovers a Russian General has a secret to hide they never black mail him but immediately notify the Russian Authorities of their vulnerability.
That's logical, because Russia - like the USA - is the CIA's enemy.
Re: Who's Responsibility? (Score:2)
The CIA doesn't have a responsibility to Russia. If their officials have personal vulnerabilities, those vulnerabilities are exclusively Russian. Software vulnerabilities aren't exclusively Russian. These vulnerabilities affect American citizens. They affect American troops and officials. They affect American government agencies. The risk is not simply that the vulnerabilities will be discovered by foreign intelligence, but that any one of thousands of employees and contractors could sell the entire archive
Re: (Score:2)
Except all the US generals have the exact same secret, and are equally vulnerable to blackmail. As do their politicians, corporations, citizens, and allies.
So by not notifying anyone, they're leaving their own country wide open to the Russians, Chinese, Mossad, other nations, organised crime etc, who they are hoping desperately haven't and won't ever notice the same secret themselves. They can't even tell if it's already happened. It's pure security through obscurity, and we've just seen that it didn't work
Re:Who's Responsibility? (Score:5, Insightful)
It's the CIAs job to protect Americans and keep them safe. Its job also includes protecting the US' trade secrets and commercial interests. And that by definition entails making sure that enemies of the US, be it military or economic, cannot abuse security problems that may affect US interests.
In other words, yes, pointing those security flaws out to manufacturers and making sure that these flaws cannot be abused by enemies of the US and its assets is pretty much the definition of the CIA mandate.
Re: (Score:3)
Re: (Score:3)
Re: (Score:2)
Re: (Score:2)
It's a plus depending on who you're talking about.
Foreign Spy Agencies: Positive
Domestic Companies: Positive
CIA: Negative
Domestic Spy Agencies (Excluding CIA): Probably Negative
Consider the following scenarios where two spy agencies both use an exploit to spy on the other team.
1. Neither agency is aware the other agency has the tool.
2. Both agencies are aware the other agency has the tool.
3. One agency is aware the other agency has the tool but not the inverse.
3 is the ideal situation for your team because
I don't agree (Score:2, Informative)
Re: (Score:3)
"Let the USA burn to ashes, as long as we manage to destroy Russia in the process"?
Re: (Score:2)
So the NSA/CIA/... are now the publicly financed bug tracking unit of Apple/Google/Microsoft/ZTE/Huawei/Samsung/etc ?!?
Saying otherwise is "Let the USA burn to ashes, as long as we manage to destroy Russia in the process"?!?!
Re: (Score:2)
They are also meant to be an external department of DEA, by arresting drug smugglers instead of taking their money to fund own operations.
They are also meant to be the American-funded police of Mexico, and customs agency, in order not to aid smuggling weapons to Mexican mafia.
Oh, and they are meant to be bodyguards of democratically elected politicians in South America, in order not to aid the local dictators in assassinating them.
And they definitely should open public-funded hospitals to aid people, so tha
Re: (Score:2)
You need to tell whoever it is that is feeding you these "meant to" lines to knock off the psychotropics. None of that has anything to do with the missions of the CIA/NSA.
Re:I don't agree (Score:5, Insightful)
The problem is that they both have two conflicting goals when it comes to a discovered vulnerability, which can be used both by others to attack us, but also can be used by those agencies to gather intelligence. The term for it in the Intelligence Community is the "Equities Problem." This wasn't an issue in the past, because in the days of the Cold War for instance, the systems/codes/etc the Soviets were using were entirely different from American ones. Discovering a vulnerability in a Soviet cryptography system was only useful for intelligence gathering, whereas patching a vulnerability in an American cryptography system would not imperil our foreign intelligence collection activities.
In today's world however, everyone basically uses the same systems. This presents a quandary for the three-letter-agency folks. Do we patch everything and shut off our ability to gain information, possibly missing key information about a future attack? Do we keep the vulnerabilities secret to enable more collection, knowing that one of those vulnerabilities will someday be used to attack us and that we could have prevented it? Do we somehow try and muddle through, knowing that we may wind up with the worst of both?
Re:I don't agree (Score:5, Insightful)
Seems there is another problem. Suppose you start from agencies with well defined responsibilities with their matching checks to control them(well, hypothetically, let's say 'better defined') The FBI is domestic but has its constraints. The NSA does hacking but has its constraints . The CIA does spying.
Then if the CIA expands into the domestic front and into the hacking front without the constraints, (and the foreign intervention front as well, it could be said), you have a problem with unchecked power. The common response though is 'the CIA is defending us they don't need to be constrained.' Yeah right. The whole security apparatus has gotten completely out of hand.
Re: (Score:2)
Re: (Score:2)
"National Security" is not the same as "Personal Security". While they are related at times please do not conflate the two.
One is about the defense of the nation as a whole and is clearly a government responsibility, the other is only a government responsibility in as far as law enforcement and regulations are concerned.
CIA is a spy agency that breaks the law. (Score:4, Interesting)
The CIA doesn't have the interest of the American public. They're used to committing illegal acts to get things done. Look up Iran Contra.
Re: CIA is a spy agency that breaks the law. (Score:3)
Re: (Score:2)
If you think that coming up with ways to assassinate people is worthy work, then your mind is warped.
Oh, so you wouldn't have assassinated Hitler, given the chance? We could have saved a lot of grief had it been possible to assassinate Saddam Hussein rather than drive in there and drag him out of his spider hole in person.
Re: (Score:2)
God outsourced his job responsibilities to the CIA in order to give him more time to watch you masturbate.
I think watching people masturbate was outsourced to DHS and FBI at some point.
I wonder what god does now, with so much free time on his hands.
Re: (Score:3)
The CIA doesn't have the interest of the American public. They're used to committing illegal acts to get things done. Look up Iran Contra.
Iran Contra was not a CIA operation: it was an NSC operation - Ollie North was an NSC guy.
Anyway, right now, the various intel agencies are more dedicated to running a background government of their own, complete w/ their own foreign and defense policies. Which is why they're doing their utmost to undermine the president. Having tasted blood in the form of Lt Gen Flynn, they're now targeting Sessions and anyone else they perceive as a threat, so that they can get their own swamp nominees in.
Re: (Score:3)
Is there an equivalent of Godwin's Law for Israel and the Jews? Because there ought to be.
Re: (Score:2)
Congratulations: it's the Archtech Law.
Now go get a wikipedia page and it's official.
Re: (Score:2)
other nations don't care about you, your laws, and your "human rights".
The question is more: are there some nations who don't care or are it all nations?
And what kind of nation do you want to be?
That's not how it "should" work (Score:3, Interesting)
Right, so when the CIA/NSA/whatever, uses a vulnerability that gives them access to information -- that it is their reason for existing, they should immediately turn the vulnerability over to the device manufacturer so that they will patch it.
Because these agencies exist and are financed to perform vulnerability testing for Apple/Google/Microsoft/HP/Dell/ZTE/Huawei/etc!?!?
Methinks that anyone that can say "that's not how it should work" with a straight face can only be a lawyer, habituated to defining truth as "whatever best serves me/my client".
We cannot be appalled by the lies of people like Trump and at the same time accept it when people who are say that they are defending us from his and other deceptions are also lying to us.
EFF, this does not help as it only gives Trump et all more ammunition.
Re:That's not how it "should" work (Score:4, Interesting)
Do they really "exist" to gather information, or is gathering information just one tactic that they use as part of a larger mission? I'd argue that the only reason for their existence, or the existence of government in general, is to serve The People. Don't they repeatedly justify their activities by the claim that they're doing us a service?
Suggesting that the intelligence agencies exist purely for information gathering is the same as saying that the military exists purely to blow things up and kill people. They're good at doing that, but they do it in pursuit of a particular mission. "Invade and Occupy Iraq and find all the WMDs" for example.
If the mission of the intelligence agencies is to serve The People who pay the taxes and from whom the government derives its just power, they are doing us a disservice because we're not only vulnerable to THEIR information gathering, but vulnerable to anyone else in the world who figures out how to exploit same vulnerabilities.
Re: (Score:2)
After following the appropriate laws and the directives of the Executive branch, yes.
Re: (Score:2)
Intelligence agencies vs threats–us in the m (Score:2)
Old stuff (Score:5, Informative)
It looks to me like the list of CIA hacking tools is a list of vulnerabilities that we already knew about and have been discusssing since forever, and it's hardly just the CIA that's been taking advantage of the environment.
And it also looks like a list of vulnerabilities that the vendors all know about and we've all been complaining about.
Soooo why exactly should the CIA tell Apple "we have an evil app that intercepts messages before encryption" when Apple and everyone else who's been paying attention already knows about these apps. Should the CIA have meetings with every half-assed IOT vendor to tell them that their device is a POS and hiw the CIA takes advantage when we and they all know this already?
Did CIA kill Mike Hastings by controlling his car? (Score:5, Interesting)
http://www.news.com.au/finance... [news.com.au]
This is why people fear Artificial Intelligence (Score:5, Insightful)
So obsessed with the letter of the mission statement, that you forget its spirit. Subjects you were meant to serve become means, and disposable resources in achieving goals that no longer serve their purpose, as the cost outweighs benefits by way too much.
CIA was created to protect safety of USA citizens. It got specific goals and means by which it would serve in that mission, and focused on them so much the mission went entirely out of focus. Collateral damage is no longer considered an issue. No matter how much CIA hurts and weakens the USA, it considers the actions a success if the "enemy" (actual or potential) is weakened in the process.
It's silly to expect a spy agency to obey the law and play always fair. But whatever it does, no matter how nefarious and slimy, it should always put the good of its citizens first. And it's ridiculous to expect whatever they might have gained through holding to these exploits outweighs the losses of the public caused by the non-disclosure. CIA no longer serves USA. CIA just serves goals of CIA, and if means to these goals conflict with the good of USA, so be it, USA be damned.
Re: (Score:2)
It's silly to expect a spy agency to obey the law and play always fair.
Exactly, and I laugh at the naive simpletons who don't understand this.
The only time you should believe this is when you're still in pre-school or a head-injury ward.
Re: (Score:2)
That serves furthering the position of CIA. The victorious candidate is likely to favor them, grant them better funding, which will allow them to pursue their goals more efficiently. Damage to the country be damned.
Not their job (Score:4, Informative)
Even spy agencies like the CIA have a responsibility to protect the security and privacy of Americans.
The CIA's website says "CIA’s primary mission is to collect, analyze, evaluate, and disseminate foreign intelligence to the President and senior US government policymakers in making decisions relating to national security".
It seems pretty clear that they are focused on gathering information relating to US national security... it says nothing about protecting private individuals information. I can guess that they will claim to have weighed up the threat to private individuals vs the intelligence gathering advantages of not disclosing these vulnerabilities. I'm not saying I agree with this sentiment, but I don't think this exposes the CIA to the extent that the article suggests.
I call Bullshit (Score:5, Informative)
...Even spy agencies like the CIA have a responsibility to protect the security and privacy of Americans.
Section 202 of the National Security Act of 1947 established the CIA, and nowhere in the charter does it state it's their responsibility to protect the privacy of Americans.
Re: (Score:2)
The charter is subordinate to the Constitution, as as every CIA employee who took the oath of office and signed the affidavit affirming same should know:
Re: (Score:2)
1 - Posted as AC? If you can't put your name next to your statements, STFU, coward.
2 - The CIA's job is to spy. Evidently, they use vulnerabilities discovered in software to do that.
3 - After re-reading your response, I can see why you'd post as AC. If you were any more dense you'd achieve spontaneous fission. That drivel isn't something I'd want my name next to, either.
4 - Again, it's not the CIA's responsibility to uphold the privacy rights of citizens and, until you post links to or the directive(s)/reg
Re: (Score:2)
until you post links to or the directive(s)/regulation(s) themselves stating it "is" their responsibility, refer to #1 & #2 above
Re: (Score:2)
See #1 and #2
Re: (Score:2)
I think it's rather a stretch to go from a prohibition on unreasonable searches and seizures to "the CIA must disclose any and all bugs in anybody's computer software that could be used to gain unauthorized access to those computers".
Seriously? (Score:2)
"The dark side of this story is that the documents confirm that the CIA holds on to security vulnerabilities in software and devices -- including Android phones, iPhones, and Samsung televisions -- that millions of people around the world rely on."
This is EXACTLY what I would expect of them. This is how they gain their advantage.
No sane person would ever expect the CIA/NSA/FBI to announce that they found a security vulnerability. It would be like a burglar announcing to a home owner that he found an unlocke
VEP doesn't mandate disclsoure (Score:4, Informative)
The Vulnerabilities Equities Process doesn't have a mandate to disclosure, merely to determine if they should disclose or keep it for use. The EFF explains it:
EFF filed a lawsuit under the Freedom of Information Act in 2014 to get access to the government's "Vulnerability Equities Process" (VEP), the policy it uses to decide whether to disclose information about security vulnerabilities or instead withhold this information for its own purposes, including law enforcement, intelligence collection, and "offensive" exploitation.
EFF v. NSA, ODNI - Vulnerabilities FOIA" [eff.org]
The EFF has a heavily redacted copy of the policy the key statement in there is "When a decision is made to disseminate..." [eff.org]
no, they don't (Score:2)
It is the responsibility of US spy agencies not to violate the security and privacy of Americans; it is not their responsibility to fix security and privacy problems domestically.
You're probably confused because sometimes spy agencies say "in our operations, we protect the security and privacy of Americans", but that's in the same sense of "when we ship glass, we protect it from breaking", not "we protect a
Comment removed (Score:4, Insightful)
Why doesn't WikiLeaks publish Russian or Chinese.. (Score:2)
I have no problem (Score:2)
I have no problem with our intelligence agencies keeping tools and means to hack.
I DO HAVE a problem when they're used against American citizens and even used to murder them without a trial.
Our government should be doing everything it can to PROTECT us against China, Russia, etc. It should not be treating >us like antagonists to be targeted and crushed. It's time we stop treating our citizens like "criminals in the making".
nothing new (Score:2)
The agency appears to have failed to accurately assess the risk of not disclosing vulnerabilities to responsible vendors and failed to follow even the limited Vulnerabilities Equities Process.
This is the same group of idiots that are largely responsible for polio still being around (citation below). Failing to accurately assess risk and shortsighted thinking are nothing new to these folks.
Citation:
https://www.scientificamerican... [scientificamerican.com]
Re: (Score:2)
Re: (Score:3)
Saddly I have to agree. While in those fields of wildflowers, the ideal humanity has nothing but love and respect for its fellow human, but as long as that ideal exists, countries will continue to need security organizations like the CIA to keep an eye on those that dno not share those ideals. Until the entire world unilaterally accepts one another and the common good, there is a need for a defensive stance and that stance cannot support the altruistic ideas that most of us would love to adopt.
All of that s
Re: (Score:2, Troll)
Their job is to stop Mohammed from blowing up your children.
It's a bit late for that, unless they also have time machines. The best way to prevent "Mohammed from blowing up your children" (and when did that last happen in the USA?) would have been to refrain from blowing up his children. And his wife, and his aunts and uncles and his parents and his friends. And his dog.
Unfortunately that carrier task force sailed decades ago.
Re:Their job? (Score:5, Informative)
Challenge accepted. In the last 10 years:
-Malala Yousafzai is a nobel peace prize winner and she is from pakistan. https://www.nobelprize.org/nob... [nobelprize.org]
-Aziz Sancar was born and educated in turkey (difficult to tell whether he is of muslim faith or not, but he was probably at least raised in that culture) and is a chemistry nobel prize recipient.
-Maryam Mirzakhani was born and educated (up to bachelor) in Iran and received a Fields medal.
Re: (Score:2)
Challenge accepted.
And you therefore lose. You have accepted a challenge to debate an irrelevant, orthogonal issue. Whether it is right to kill Muslims wholesale does not depend on how many gadgets they invent or how many Nobel Prizes they win.
Best not feed the trolls.
Re: (Score:2)
Three. The first of which is worthless.
Was that the best you could do?
Re: (Score:2)
Er, how does any of that justify blowing them up?
Re: (Score:2)
Re: (Score:2)
You are right. The CIA is NOT responsible for ones personal security. They are involved in NATIONAL security, which is related to personal security, but the two concepts are NOT the same thing.
Re: (Score:3)
Yea, in the addled minds of some posters They think the following statement is true: National security == Personal security
Sorry folks, that evaluates to false...
The CIA is charged with protecting National Security by gathering intelligence on foreign targets. They are NOT charged with protecting individual's personal security though their protection of the nation does protect the individual in some ways.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
See my subject Bob the Super WEASEL behind a FAKE NAME online for your FAKE LIFE sockpuppet that you are w/ no balls:
I'm pretty sure we all knew "Bob the Super Hamster" wasn't actually his real name. Just sayin'
Re: (Score:2)
That some of the exploits they decided to hang onto, were actually malware code samples that would allow them to attribute attacks to foreign governments. When in fact they had nothing do to with said attack. In addition to this, they appear to have held onto exploits for vehicle control systems, that would allow them to ASSASSINATE people without detection. This is CERTAINLY NOT what they were hired to do. Not by any of the US citizens/agents that I know anyway. These are EXPOSED Black Ops Projects, by any other definition. Its time that someone unbiased investigated the CIA/NSA... They clearly are into some things they shouldn't be. Things that are CLEARLY ILLEGAL...
The CIA protects our country abroad. If these black ops missions saved millions of lives (which we know they have before) then one idiot like you being upset is worth it.