[cryptome] Re: FOIPA adventures
jdb10987 at yahoo.com
Thu Dec 24 15:00:48 PST 2015
Make sure you ask for it in computer-readable format. Otherwise, some joker might send it to you on paper. Jim Bell
From: Ryan Carboni <ryacko at gmail.com>
To: cryptome at freelists.org
Cc: cpunks <cypherpunks at cpunks.org>
Sent: Thursday, December 24, 2015 2:41 PM
Subject: Re: [cryptome] Re: FOIPA adventures
Clearly you should make a request for the source code for the the Promis software as used by the FBI. It's public domain.
On Thu, Dec 10, 2015 at 3:54 AM, coderman <coderman at gmail.com> wrote:
On 12/9/15, coderman <coderman at gmail.com> wrote:
> a most recent Glomar:
> "Disclosure timeline and decision making rationale for disclosure of
> vulnerability MS14-066 / CVE-2014-6321 - "Vulnerability in Schannel
> Could Allow Remote Code Execution (2992611)" to Microsoft Corporation
> as part of the Vulnerabilities Equities Process. Please include
> timeline for initial discovery with source of discovery, first
> operational use, and finally, date for vendor notification."
> "The request has been rejected, with the agency stating that it can
> neither confirm nor deny the existence of the requested documents."
I reject and demand appeal of your rejection of this request.
First and foremost, please recognize that the GSF Explorer, formerly
USNS Hughes Glomar Explorer (T-AG-193), for which this Glomar response
is so named, was a purely military operation, using custom-built
military equipment, on an exceptionally sensitive military mission to
recover military equipment. Observe that the "Vulnerabilities Equities
Process" is a public outreach activity communicating with third party
partners, acting in the public interest regarding software used by
public citizens and business alike - a scenario at opposite ends and
means from which this denial blindly overreaches.
Second, observe that existing precedent supports the release of
materials responsive to this request. In American Civil Liberties
Union v. Department of Defense Case No: 04-CV-4151 (ACLU v. DoD) the
courts have affirmed the public interest as compelling argument for
favoring the public interest against clearly military efforts. The
Glomar denial should be well targeted; this targeted falls well
outside of the the "Vulnerabilities Equities Process", which is a
public outreach activity communicating with third party partners,
acting in the public interest, regarding software used by public
citizens and business alike.
Third, consider that it is a well established technique in the
information security industry to identify the origin and nature of a
defect discovery and disclosure timeline. This information is used for
myriad of secondary research, analysis, and automation efforts
spanning numerous industries. The utility of of disclosure timeline
information and context has decades of rich support and strong
evidence of public interest benefit, particularly regarding long
reported and fixed defects, such as this one, which has patches
available for over a year.
Fourth, observe that every hour of expert opinion coupled with legal
review amounts to a non-trivial expenditure of hours which are a sunk,
throw away cost of FOIA communication. While as a taxpayer I
appreciate the service of FOIA professionals such as those involved in
this request, who provide tireless effort the all hundreds of millions
of US citizens, my personal cost should be recognized. For this reason
a deference in favor of public interest and disclosure is well
supported for this request regarding the "Vulnerabilities Equities
Process", which is a public outreach activity communicating with third
party partners, acting in the public interest, regarding software used
by public citizens and business alike.
Thank you for your time, and best regards,
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 8394 bytes
Desc: not available
More information about the cypherpunks