Make sure you ask for it in computer-readable format. Otherwise, some joker might send it to you on paper. Jim Bell __________________________________________________________________ From: Ryan Carboni To: cryptome@freelists.org Cc: cpunks Sent: Thursday, December 24, 2015 2:41 PM Subject: Re: [cryptome] Re: FOIPA adventures [1]https://en.wikipedia.org/wiki/Inslaw#Inslaw_Affair_divides_into_two_ separate_issues Clearly you should make a request for the source code for the the Promis software as used by the FBI. It's public domain. On Thu, Dec 10, 2015 at 3:54 AM, coderman <[2]coderman@gmail.com> wrote: On 12/9/15, coderman <[3]coderman@gmail.com> wrote: > a most recent Glomar: > > "Disclosure timeline and decision making rationale for disclosure of > vulnerability MS14-066 / CVE-2014-6321 - "Vulnerability in Schannel > Could Allow Remote Code Execution (2992611)" to Microsoft Corporation > as part of the Vulnerabilities Equities Process. Please include > timeline for initial discovery with source of discovery, first > operational use, and finally, date for vendor notification." > - > [4]https://www.muckrock.com/foi/united-states-of-america-10/disclose ddisgustagency-22289/ > > "The request has been rejected, with the agency stating that it can > neither confirm nor deny the existence of the requested documents." > - > [5]https://www.muckrock.com/foi/united-states-of-america-10/disclose ddisgustagency-22289/#comm-209022 reply(appeal): ''' I reject and demand appeal of your rejection of this request. First and foremost, please recognize that the GSF Explorer, formerly USNS Hughes Glomar Explorer (T-AG-193), for which this Glomar response is so named, was a purely military operation, using custom-built military equipment, on an exceptionally sensitive military mission to recover military equipment. Observe that the "Vulnerabilities Equities Process" is a public outreach activity communicating with third party partners, acting in the public interest regarding software used by public citizens and business alike - a scenario at opposite ends and means from which this denial blindly overreaches. Second, observe that existing precedent supports the release of materials responsive to this request. In American Civil Liberties Union v. Department of Defense Case No: 04-CV-4151 (ACLU v. DoD) the courts have affirmed the public interest as compelling argument for favoring the public interest against clearly military efforts. The Glomar denial should be well targeted; this targeted falls well outside of the the "Vulnerabilities Equities Process", which is a public outreach activity communicating with third party partners, acting in the public interest, regarding software used by public citizens and business alike. Third, consider that it is a well established technique in the information security industry to identify the origin and nature of a defect discovery and disclosure timeline. This information is used for myriad of secondary research, analysis, and automation efforts spanning numerous industries. The utility of of disclosure timeline information and context has decades of rich support and strong evidence of public interest benefit, particularly regarding long reported and fixed defects, such as this one, which has patches available for over a year. Fourth, observe that every hour of expert opinion coupled with legal review amounts to a non-trivial expenditure of hours which are a sunk, throw away cost of FOIA communication. While as a taxpayer I appreciate the service of FOIA professionals such as those involved in this request, who provide tireless effort the all hundreds of millions of US citizens, my personal cost should be recognized. For this reason a deference in favor of public interest and disclosure is well supported for this request regarding the "Vulnerabilities Equities Process", which is a public outreach activity communicating with third party partners, acting in the public interest, regarding software used by public citizens and business alike. Thank you for your time, and best regards, ''' - [6]https://www.muckrock.com/foi/united-states-of-america-10/disclose ddisgustagency-22289/#comm-209748 References 1. https://en.wikipedia.org/wiki/Inslaw#Inslaw_Affair_divides_into_two_separate_issues 2. mailto:coderman@gmail.com 3. mailto:coderman@gmail.com 4. https://www.muckrock.com/foi/united-states-of-america-10/discloseddisgustagency-22289/ 5. https://www.muckrock.com/foi/united-states-of-america-10/discloseddisgustagency-22289/#comm-209022 6. https://www.muckrock.com/foi/united-states-of-america-10/discloseddisgustagency-22289/#comm-209748