From: Center for Information Technology Policy at Princeton University
Date: Thursday, November 15, 2012 Time: 12:30 -1:30 pm Location: 306 Sherrerd Hall Food and discussion begins at 12:30 pm. Everyone invited.
Christopher Soghoian is the Principal Technologist & Senior Policy Analyst at the American Civil Liberties Union.
Over the past year, the public has started to learn about the shadowy trade in software security exploits. Rather than disclosing these flaws to software vendors like Google and Microsoft who will then fix them, security researchers can now sell them for six figures to governments who then use them for interception, espionage and cyber war.
These flaws are only useful for their intended purpose if software vendors remain in the dark about them, and if fixes never reach the general public. As such, the very existence of government stockpiles of software security flaws, whether for law enforcement, espionage or military operations means that government agencies are exposing consumers, businesses and other government agencies to exploitable security flaws which could otherwise be fixed.
What should be done, if anything, about this part of the security industry? Are researchers who sell exploits simply engaging in legitimate free speech that should be protected? Or, are they engaging in the sale of digital arms in a global market that should be regulated?
Leave a Reply