[Wikimedia-l] law enforcement buying vulnerabilities on black market & leaving them unreported for surveillance

James Salsman jsalsman at gmail.com
Tue Aug 20 05:01:46 UTC 2013


While the trickling release of Edward Snowden's revelations from bad to
worse in weekly incremental steps has been enormously effective in swaying
public opinion, it has made formulating a meaningful response very
difficult.

A few weeks ago we learned that the FBI has been purchasing personal
computer operating system vulnerabilities from gray and black-hat hackers
on the black market, often for several tens of thousands of dollars each,
and leaving them unreported and thereby unpatched for use in future
surveillance operations:
http://blogs.wsj.com/digits/2013/08/01/how-the-fbi-hacks-criminal-suspects/

Unfortunately, this means that the vulnerabilities remain available to the
criminal computer crime underground, affecting everyone including
Foundation project readers and contributors alike.

Very recently a well respected group of researchers characterized this
state of affairs as "preferable" to the complexity of additional
surveillance network and systems infrastructure:
http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2312107

This is a false dichotomy which directly places Foundation project readers
and editors at risk, but does so along with virtually everyone else who
uses personal computer or smartphone equipment. However, I think it is an
important aspect to address because none of the other recent eavesdropping
revelations put people at risk to organized computer crime, blackmail, and
extortion in the same way.

Is there any reason to exclude action on a particular issue just because it
effects everyone else along with our users?


More information about the Wikimedia-l mailing list