[cryptome] Re: FOIPA adventures

Michael Best themikebest at gmail.com
Thu Dec 24 15:04:41 PST 2015


Let me know if you do, I've spent a lotta time with the case. For instance, not many people know there are several versions of the software that might be FOIA-able from different agencies. 

Sent from my iPhone

> On Dec 24, 2015, at 5:41 PM, Ryan Carboni <ryacko at gmail.com> wrote:
> 
> https://en.wikipedia.org/wiki/Inslaw#Inslaw_Affair_divides_into_two_separate_issues
> 
> Clearly you should make a request for the source code for the the Promis software as used by the FBI. It's public domain.
> 
>> On Thu, Dec 10, 2015 at 3:54 AM, coderman <coderman at gmail.com> wrote:
>> On 12/9/15, coderman <coderman at gmail.com> wrote:
>> > a most recent Glomar:
>> >
>> > "Disclosure timeline and decision making rationale for disclosure of
>> > vulnerability MS14-066 / CVE-2014-6321 - "Vulnerability in Schannel
>> > Could Allow Remote Code Execution (2992611)" to Microsoft Corporation
>> > as part of the Vulnerabilities Equities Process. Please include
>> > timeline for initial discovery with source of discovery, first
>> > operational use, and finally, date for vendor notification."
>> > -
>> > https://www.muckrock.com/foi/united-states-of-america-10/discloseddisgustagency-22289/
>> >
>> > "The request has been rejected, with the agency stating that it can
>> > neither confirm nor deny the existence of the requested documents."
>> > -
>> > https://www.muckrock.com/foi/united-states-of-america-10/discloseddisgustagency-22289/#comm-209022
>> 
>> 
>> reply(appeal):
>> '''
>> I reject and demand appeal of your rejection of this request.
>> 
>> First and foremost, please recognize that the GSF Explorer, formerly
>> USNS Hughes Glomar Explorer (T-AG-193), for which this Glomar response
>> is so named, was a purely military operation, using custom-built
>> military equipment, on an exceptionally sensitive military mission to
>> recover military equipment. Observe that the "Vulnerabilities Equities
>> Process" is a public outreach activity communicating with third party
>> partners, acting in the public interest regarding software used by
>> public citizens and business alike - a scenario at opposite ends and
>> means from which this denial blindly overreaches.
>> 
>> Second, observe that existing precedent supports the release of
>> materials responsive to this request. In American Civil Liberties
>> Union v. Department of Defense Case No: 04-CV-4151 (ACLU v. DoD) the
>> courts have affirmed the public interest as compelling argument for
>> favoring the public interest against clearly military efforts. The
>> Glomar denial should be well targeted; this targeted falls well
>> outside of the the "Vulnerabilities Equities Process", which is a
>> public outreach activity communicating with third party partners,
>> acting in the public interest, regarding software used by public
>> citizens and business alike.
>> 
>> Third, consider that it is a well established technique in the
>> information security industry to identify the origin and nature of a
>> defect discovery and disclosure timeline. This information is used for
>> myriad of secondary research, analysis, and automation efforts
>> spanning numerous industries. The utility of of disclosure timeline
>> information and context has decades of rich support and strong
>> evidence of public interest benefit, particularly regarding long
>> reported and fixed defects, such as this one, which has patches
>> available for over a year.
>> 
>> Fourth, observe that every hour of expert opinion coupled with legal
>> review amounts to a non-trivial expenditure of hours which are a sunk,
>> throw away cost of FOIA communication. While as a taxpayer I
>> appreciate the service of FOIA professionals such as those involved in
>> this request, who provide tireless effort the all hundreds of millions
>> of US citizens, my personal cost should be recognized. For this reason
>> a deference in favor of public interest and disclosure is well
>> supported for this request regarding the "Vulnerabilities Equities
>> Process", which is a public outreach activity communicating with third
>> party partners, acting in the public interest, regarding software used
>> by public citizens and business alike.
>> 
>> Thank you for your time, and best regards,
>> '''
>>  - https://www.muckrock.com/foi/united-states-of-america-10/discloseddisgustagency-22289/#comm-209748
> 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/html
Size: 5612 bytes
Desc: not available
URL: <http://lists.cpunks.org/pipermail/cypherpunks/attachments/20151224/37095f57/attachment-0002.txt>


More information about the cypherpunks mailing list