While the trickling release of Edward Snowden&#39;s revelations from bad to worse in weekly incremental steps has been enormously effective in swaying public opinion, it has made formulating a meaningful response very difficult.<div>

<br></div><div>A few weeks ago we learned that the FBI has been purchasing personal computer operating system vulnerabilities from gray and black-hat hackers on the black market, often for several tens of thousands of dollars each, and leaving them unreported and thereby unpatched for use in future surveillance operations:</div>
<div><a href="http://blogs.wsj.com/digits/2013/08/01/how-the-fbi-hacks-criminal-suspects/">http://blogs.wsj.com/digits/2013/08/01/how-the-fbi-hacks-criminal-suspects/</a><br></div><div><br></div><div>Unfortunately, this means that the vulnerabilities remain available to the criminal computer crime underground, affecting everyone including Foundation project readers and contributors alike.</div>

<div><br></div>Very recently a well respected group of researchers characterized this state of affairs as &quot;preferable&quot; to the complexity of additional surveillance network and systems infrastructure:<div><a href="http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2312107">http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2312107</a><br>
<div><br></div>
This is a false dichotomy which directly places Foundation project readers and editors at risk, but does so along with virtually everyone else who uses personal computer or smartphone equipment. However, I think it is an important aspect to address because none of the other recent eavesdropping revelations put people at risk to organized computer crime, blackmail, and extortion in<span></span> the same way.<span></span><div>

<br></div><div>Is there any reason to exclude action on a particular issue just because it effects everyone else along with our users?</div><div><br></div>
</div>