President Barack Obama has carved out a broad national security exception for the National Security Agency (NSA), claims the new report.
President Obama has made a decision in January that the NSA, in case of discovering some big hole or exploit in the internet security, should reveal it to the tech sector most of the times. But, the key is that he has also provided an all-important exception.
New York Times in a report on Saturday, citing senior administration officials, stated the exception is that the agency need not reveal any major flaws in internet security, in the event of “a clear national security or law enforcement need.”
This exception – or a loophole that could likely allow the spy agency to exploit security flaws like Heartbleed while the public remained at risk of attacks from hackers.
This piece of information comes just days after two sources familiar with the matter told Bloomberg that the spy agency was well aware of the Heartbleed bug and have been exploiting it to gather intelligence for at least two years. However, the White House and the NSA have denied that report.
Caitlin Hayden, the spokeswoman for the National Security Council, said the review of the recommendations, which is complete now, had “resulted in a reinvigorated process to weigh the value of disclosure when a security flaw is discovered, against the value of keeping the discovery secret for later use by the intelligence community.”
“This process is biased toward responsibly disclosing such vulnerabilities,” she said.
Heartbleed bug, a flaw in the encryption code related to security area, exposed a major vulnerability in security protocols used by many popular websites like Google, Yahoo and Facebook. Over 500 million websites are estimated use to OpenSSL that contains the flaw.
Robin Seggelmann, the man who gave the world the most significant security flaw the internet has ever had, claimed it to be a simple programming error that was relatively trivial, but with a clearly sever effect.