Obama Says He May Or May Not Let the NSA Exploit the Next Heartbleed

An anonymous reader writes "The White House has joined the public debate about Heartbleed. The administration denied any prior knowledge of Heartbleed, and said the NSA should reveal such flaws once discovered. Unfortunately, this statement was hedged. The NSA should reveal these flaws unless 'a clear national security or law enforcement need' exists. Since that can be construed to apply to virtually any situation, we're left with the same dilemma as before: do we take them at their word or not? The use of such an exploit is certainly not without precedent: 'The NSA made use of four "zero day" vulnerabilities in its attack on Iran's nuclear enrichment sites. That operation, code-named "Olympic Games," managed to damage roughly 1,000 Iranian centrifuges, and by some accounts helped drive the country to the negotiating table.' A senior White House official is quoted saying, 'I can't imagine the president — any president — entirely giving up a technology that might enable him some day to take a covert action that could avoid a shooting war.'" Side note: CloudFlare has named several winners in its challenge to prove it was possible to steal private keys using the Heartbleed exploit.

Well, yeah

[LordLucless]

Spy agency's job is to spy. It'd be remiss of them not to use such a security hole.

The question is, would he allow the NSA to exploit a similar vulnerability against Americans. And I think we already know the answer to that one too.

Re:Well, yeah

[Joce640k]

..."avoid a shooting war", "national security or law enforcement need"....

Why does it always come down to those things?

Does the USA actually have any enemies like that or is it just the (government created) national paranoia?

Re:Well, yeah

[JoeMerchant]

..."avoid a shooting war", "national security or law enforcement need"....

Why does it always come down to those things?

Because that's their job?

Seriously, upgrading the server or refactoring the software? Why does IT always have such drama, can't they just scale up and down like Sales?

Re:

[rmdingler]

..."avoid a shooting war", "national security or law enforcement need"....

Why does it always come down to those things?

Does the USA actually have any enemies like that or is it just the (government created) national paranoia?

It makes for a better sound bite than We hate to put your bank account's password at risk, but it's for some plausibly useful future reason that we do so.

Re:

[K. S. Kyosuke]

Why does it always come down to those things?

Well, after you piss off half of the world with your covert ops, pulling strings in the background, supporting criminal organizations etc., you're pretty much committed to a path of "how to deal with people who're smiling at me if I don't know whether the thing they're holding behind their back is a knife".

Re:

[CrimsonAvenger]

Why does it always come down to those things?

Well, after you piss off half of the world with your covert ops, pulling strings in the background, supporting criminal organizations etc., you're pretty much committed to a path of "how to deal with people who're smiling at me if I don't know whether the thing they're holding behind their back is a knife".

And then there was 1941, when we didn't do any of those things, and still found ourselves in a shooting war.

Personally, I'm wondering when we're going to find

Re:

[Anonymous Coward]

Personally, I'm wondering when we're going to find ourselves in Yet Another European War, what with Putin doing his Sudetenland thing with Ukraine and all....

Well, maybe we shouldn't at that point. If "half the world" is pissed off at us, maybe we should just stay here and let them deal with Putin all by their lonesomes. In fact, maybe we should just tell Putin now that we aren't going to do anything about Russia's actions at all; let him know that we are just going to stay the hell out and away, as long as he leaves the US out of it. Quit selling arms to any part of the world, keep 'em all to ourselves. Bring our troops and ships back home, patrol the fuck

Re:

[Anonymous Coward]

Spy agency's job is to spy.

And murderer's murder. Stating their job doesn't make it anymore moral. A spy's spying can be immoral, and that's exactly what the pieces of trash in the NSA have been doing.

Re:

[ganjadude]

exactly, He answered the wrong question, The correct question should have been
" will you allow the use of these tools against americans without disclosure" I dont mind if they are spying on others as that is their job, but it is not their job to spy on us in america. (we can argue the merits of spying on other countries another day)

Re:

[Bartles]

No, not without disclosure. Without a warrant. That is what the constitution requires. A warrant, or privacy. There is no middle ground, don't let this government create one.

Re:Well, yeah

[rnturn]

The NSA's job is not to spy on Americans regardless of whether they have a warrant or not. Spying on Americans is the FBI's job.

Re:

[davester666]

yes, once this whole 'spying' thing gets outlaws, the FBI will simply open an investigation into everybody's involvement with terrorism. And no, there is no way to prove you are NOT a terrorist, so at best it will always be an open investigation..

Re:

[ganjadude]

Based on the FBI list lets take a look at who they consider terrorists shall we?

People who are concerned about privacy, and shield the screen from view.
Are seen using multiple cell phones, or sim swapping
use of anonymizers or other IP blockers
encryption users
Asking about voice and data encryption
http://www.networkworld.com/community/blog/25-more-ridiculous-fbi-lists-you-might-be-terrorist-if

Tea party? terrorist
occupy group? terrorist
believe in the constitution? terrorist

and not terrorists, but t

Re:

[Anonymous Coward]

I think the NSA can spy on Americans if they are deemed to be an extremist and/or a threat to national security. Here are the currently defined extremist groups and threats identified by the White House:
Christians
Muslims
Conservatives
Republicans
White people
People with jobs
Any news media reporter that wants answers about Benghazi
Any news media reporter who questions Obama's probe into IRS t

Re:

[Sciath]

You forgot ... anyone who disagrees with the intelligence agencies including... liberals.

Re:Well, yeah

[Charliemopps]

No, the NSAs (as well as all government agencies) job is to defend the constitution and protect the citizens of the United States of America. The NSA has abandon the former goal in favor of the latter. They are not mutually exclusive. This country was founded on the principle that we as a people value freedom and liberty over life itself. The NSA, and apparently the president have forgotten this.

Re:

[Anonymous Coward]

The NSA's charter as promulgated by President Truman is COMINT. That means 1) spying on foreign governments, and 2) ensuring the integrity of US government communications. They've failed #1 by spying on Americans. They've failed #2 by passively allowing thousands of known software bugs to go unpatched, thereby leaving the US government's sprawling COTS network infrastructure vulnerable.

You don't need lofty non-sense to damn the NSA. They're failed the basic tasks they've actually been given.

Also, because th

Re:

[jonwil]

IMO the NSA should be split into 2 agencies.
One would be tasked with protecting the security of data, information, communications and networks of the United States government, its agencies and any entity deemed to be vital to national security. And this does include finding and fixing (or giving to vendors to fix) bugs in software being used by those entities it is tasked with protecting. And developing new protocols and algorithms and systems and hardware and software to protect the stuff it is tasked with

Re:

[Anonymous Coward]

They abandoned the latter when they abandoned the former.

Re:

[Sciath]

Let's not forget which President started us down this path... King George II.

Re:

[lonOtter]

There is no naivete. I expect nothing but thuggery from the government, so it isn't a surprise when we see the NSA being evil pieces of trash. It is, however, something that must be stopped.

Re:Not it actually isn't...

[Enigma2175]

The job of any government agency to defend the constitution. It's the job of the judicial branch. Furthermore, you actually expect a spy agency to protect the constitution? That's not even close to their job.

The naivete some have on this issue is rather surprising given the demographics of the site.

Employees at the NSA take an oath to defend the constitution. From the NSA's website [nsa.gov]:

NSA/CSS employees are Americans first, last, and always. We treasure the U.S. Constitution and the rights it secures for all the people. Each employee takes a solemn oath to support and defend the Constitution of the United States against all enemies, foreign and domestic.

It's not naivete, it's just expecting them to do what they SWORE TO DO.

Re:

[Sciath]

What amazes me is the (shall I say) ignorance on the part of citizens who can confuse "duties" or job responsibilities with "purpose". Regardless of what anyone has been told by a government agency or even the media, their duty is ultimately to defend the U.S. Constitution. I used to work for a government agency. Had to pledge to defend the Constitution. There were many times in the course of my job when orders to me or department policies (I felt) conflicted with the Constitution ands I refused to act on t

Re:

[Triklyn]

that domestic part is where it gets kinda muddy methinks.

Re:

[Kremmy]

The problem with our world is that a high level of competency is actually required for an awful lot of things, and nobody wants to be competent anymore.

Re:

[AchilleTalon]

Not completely true. Many want to be competent, however nobody wants to pay what this competency worth. You have to invest a lot of time to become competent and at the end, it must pay otherwise you are better to do something else. There is a lot of well paid jobs which don't require the efforts you need to put on something to become competent.

Re:

[Anonymous Coward]

The problem with the open source model is that it requires a high level of competency at too many levels.

Yeah. Sure. I'm not sure if you know what "open source" means and instead seem to be using it as a stand-in for "things I cannot understand."

You, and many others, use open source software every day without even noticing it. Chances are the very browser you are using to spew irrational hate is open source.

and no file manager either. See? Pure genius.

Really? Linux has no file manager? That's funny, I seem to recall there being about a dozen of them...

Perhaps before calling others stupid, you should first learn what the fuck you're even talking about.

Re:

[Anonymous Coward]

They're also in charge of defending USA networks against intrusion from foreign powers. Leaving security holes in software used by US citizens, that others, like the FSB, can exploit run counter to that part of their job.

Re:Well, yeah

[Somebody Is Using My]

Signal interception is only half of the NSA's charter; the other half is "Information assurance", which means keeping The Bad Guys (tm) from doing the same to us.

The NSA has been too focused on the interception part of their job, to the point where they are allowing - or purposefully weakening - US security with weak or backdoored encryption methods. Too many government agencies rely on the Internet for them to have turned a blind eye to things like the OpenSSL vulnerability; the NSA has failed at one of the most important part of its jobs.

While I would be loathe to forbid an intelligence agency from using such a vulnerability against legitmate targets, at the same time I would be quite upset if they didn't make sure that they weren't doing what was necessary to keep its charges (us!) safe from being similarly penetrated, especially if that task was specifically part of their remit.

Re:

[Anonymous Coward]

The problem here is that you can't do one without doing the other, unless you want to go back to the days where SSL required a special "US" browser and a proprietary web server. Nowadays, information assurance directly harms signal interception because "the bad guys" are running the exact same software as "the good guys". If the NSA finds a vulnerability in OpenSSL, they can't fix it for US companies while using it against the bad guys at the same time. The bad guys will just patch their software, they aren

Re:Well, yeah

[Savage-Rabbit]

Spy agency's job is to spy. It'd be remiss of them not to use such a security hole.

The question is, would he allow the NSA to exploit a similar vulnerability against Americans. And I think we already know the answer to that one too.

No, the role of the NSA is not just to gather SIGINT, the NSA iis also tasked with preventing unfriendly entities from gathering SIGINT which is why the NSA initiated and open sourced SE Linux [wikipedia.org] just to cite one example. So the question here is should the NSA put every single American SSL using business at risk for years on end to protect a single source of SIGINT? After all, foreign intelligence services may not have to budget of the NSA but they are not stupid either, they can discover bugs like Heartbleed just as easily as the NSA can and might well use it sufficiently stealthily for the NSA not to notice that they aren't the only ones sitting on this vulnerability. When do the costs of spying outweigh the benefits?

Re:

[jafac]

So the question here is should the NSA put every single American SSL using business at risk for years on end to protect a single source of SIGINT?

The big question, for real, is; is there a backdoor in SE Linux?

If they were irresponsible enough to leave Heartbleed alone for 2 years, then how can we believe they haven't discovered (or inserted) compromises in other software?

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[MooseMiester]

I agree with you, and would add that Obama proved that the folks who spin the "We care about you" story are the one's that care the least about anybody except themselves.

The real problem is how did so much of society become so gullible that they are happy reciting "The Narrative", and attacking anyone who doesn't parrot it exactly the same way they do as an ignorant hayseed, clinging to guns and religion, extremist, homophobic, xenophobic, racist woman hater that is evil beyond evil and therefore there w

Re:

[jafac]

"spy agency's job to spy" sounds like a convenient excuse to ignore ethics. All is permissible due to expediency, and because if we don't do it, our enemies will. Guess I thought that we were better than that. If we're going to accept that we're not, then I'm wondering why exactly we came down from the trees in the first place.

Re:

[rtb61]

However the NSA's job is not criminal negligence. The NSA's http://en.wikipedia.org/wiki/N... [wikipedia.org], primary job is adherence to the constitution. When it finds a security flaw in systems which will affect it's fellow citizens it is required by law to either correct the flaw or make the public aware of that flaw so that they can correct it, it is criminally negilgent of them to find flaws and keep them secret so that they and any 'other' criminal agency both foreign and domestic may exploit them. Especially damn

Re:

[Ceriel Nosforit]

Your former allies question your sanity.

Sounds like

[rmdingler]

He is pretty much admitting the next vulnerability will be exploited until no further military or law enforcement benefit exists.

There are almost certainly ongoing exploits of vulnerable systems.

People will very often tell you their intentions if you listen closely enough.

Re:

[ganjadude]

or is he admitting the next one is already in the wild, and they are already exploiting it?

Barack Barack Bork Bork

[bayankaran]

If you have the exploit, you can exploit the exploit.

only one Comment needed.

[Anonymous Coward]

We just don't trust you and wouldn't if you said, " you'd close gitmo", "not spy on us", "or not pay for back doors." You've won the war of attrition. pre 2001 of-age people know what we've lost and you can say and do whatever you like. ehh.... it must a pre-coffee morning.

There's no information here.

[slapjerkt]

The information content of a sentence whose structure is, "I may x or I may not x" is 0.

Re:There's no information here.

[Iconoc]

He also forgot to say "let me make one thing perfectly clear."

Re:

[QuantumPion]

On the contrary there is a lot of information there. When a government official says "I may or may not respect the constitution" that mean he has already decided that he will do whatever he wants regardless of constitutional authority and obeys the law only when it is convenient to do so.

Re:

[Kasar]

Given that this administration (and the previous) called music piracy a national security issue, equating copying an MP3 file with counterfeiting, the bar for what is a threat to the nation is pretty low with these people.

Re:

[account_deleted]

Comment removed based on user account deletion

The President doesn't micro-manage this stuff

[localroger]

Really, anybody who thinks anybody cabinet level or higher even knows about this kind of logistical detail is an idiot. This isn't at all like the torture thing which is a basic human rights violation; nobody is questioning the NSA's right to spy on certain people, and this has nothing to do with any accusation that they're spying on people they shouldn't be spying on. This is about technological implementation, and it's part of NSA's purview as a spy agency to explore technologies that further their ability to do their job. Part of that is discovering weaknesses in cryptographic systems which are trusted by the people you want to spy on. Having discovered such a useful weakness they aren't obliged to report it, although they are obliged not to use it (or any of their other techniques) against our own citizens.

Re:

[Dachannien]

This is about technological implementation, and it's part of NSA's purview as a spy agency to explore technologies that further their ability to do their job. Part of that is discovering weaknesses in cryptographic systems which are trusted by the people you want to spy on.

The NSA also plays a counterintelligence role, and they're falling short of that if they don't take action to notify developers of a widely used Internet infrastructure utility that their software contains a critical exploit. If they can exploit it, so can the spy agencies of any other government with the skills to do so.

Re:The President doesn't micro-manage this stuff

[PeeAitchPee]

Yet, the NSA is part of the Executive Branch and, as its head, the buck stops with him. James Clapper LIED to a Senate panel -- right to Ron Wyden's face -- and nothing has happened. The Snowden leaks are almost 11 months old now, and Obama obviously knew of a lot of those activities before then. He has chosen to DO NOTHING, or worse, in the case of mass surveillance, kick the ball to *Congress* (yes, the same Congress he's constantly bitched during his two terms about being dysfunctional and blocking his every move), which is completely unnecessary as NSA is part of the Executive Branch. Let's suppose that, as you contend, Obama is sooooo high up that he was in fact completely ignorant of any of the technical details of these activities, or even the existence of some of these programs. If he cared even the tiniest bit about our rights and upholding the Constitution -- especially in the wake of disclosures about leaving all US Citizens completely vulnerable to exploits such as HeartBleed -- he'd at least hit the Pause button on these programs via Executive Order so they could be properly investigated. He hasn't done *anything* close to that -- nothing. Just a bunch of bullshit lip service. This indicates he approves of all of these programs, and is attempting to wait until the noise dies down so they can be continued and expanded. Giving Obama a pass on anything NSA-related is weak and people that do it look like apologists from where a lot of us sit.

Re:

[AchilleTalon]

Well, did NSA actually knew or not about Heartbleed? Anyone can prove NSA was aware of the bug and did nothing to protect USA from a third party's threat?

This has nothing to do with Snowden etc.

[localroger]

I'm fully with the "buck stops here" theory of governance. The problem is that this isn't even a buck. How, exactly, do you think that the information that an exploit like Heartbleed exists migrates in a compartmentalized agency like the NSA from the group that identifies it to use in spying to the group that perhaps looks to protect us from foreign spies? How does it migrate to top administration? The answer is that it doesn't. It can't. Maybe it should, but as the NSA (and probably any practially wo

Re:

[MooseMiester]

Obama had two years of a majority in both houses to overturn the civil rights horrors he howled and wailed about during the Bush years... and did not.

Instead, they have used the full power of these organizations to go after political enemies.

Sure does explain where their allegiance is. To themselves, and to greed.

Re:

[joe_frisch]

If a military organization discovers a weakness in an enemy country's defenses, it is perfectly reasonable for them to keep this weakness secret and use it in future conflicts. Cyber security is different. Since we are all using roughly the same technology, by discovering a weakness in the defenses of another country, they have discovered a weakness in OUR defenses.

At the moment the US has a strong advantage in conventional warfare, but not so much in cyber warfare. In looking at overall national defense

Re:

[tragedy]

That depends heavily on what you mean by an advantage in cyber war. If you're after mutually assured destruction, then maybe patching holes in everyone's defenses doesn't help. If you don't want your own side to be completely destroyed, it's aterrible idea.

If you trust the word of the NSA

[kruach aum]

you're a moron. Don't trust liars who have been proven to lie and then continue lying. In fact you probably shouldn't trust liars in general.

Re:

[Anonymous Coward]

Since 9/11, everyone is a target of the NSA. If there is any information the NSA can collect on you, they will collect it and store it away forever on the off chance they may have to use it against you someday. Why, because they can. As far as they are concerned we all are equally likely to become future terrorists and threats to corporate interests and the government, so omnipresent mass surveillance on every human being on the planet is perfectly justifiable.

Does Obama really have anything to do with it?

[damn_registrars]

Does the NSA really ask the President's permission to exploit any given loopholes in their work? If the President had to authorize all their auctions than this would seem to be both rather damning for the president and a bit of a waste of his time.

Should always be reported

[medv4380]

The problem with saying "unless 'a clear national security or law enforcement need' exists" is that it actually compromises national security. What is more important. That you can easily hack in and skill data from the KGB, or some mafia site; or that every last American Citizen can be hacked by the KGB, or mafia? Keeping a bug like heartbleed a secret is something only an idiot or black hat would do. If the NSA knew of heartbleed early, and kept it a secret they are arrogant idiots. They ether wanted criminals to have free rain to steal anything they wanted, or they believed that criminals are too stupid to have found this bug.

Re:

[CrimsonAvenger]

hack in and skill data

Okay, I have to ask...

It is fairly obvious from the remainder of the post that the author is American. It looks like he/she/it was trying to say "hack in and steal data", but generally when words are mispelled, they're mispelled based on similar sounds. So what dialect has "steal" and "skill" sounding alike?

Seriously curious, since I thought that I knew most major dialects, and don't recall one that would pronounce the "ea" in "steal" like the "i" in "skill".

Re:

[medv4380]

Typo from a lack of coffee first thing on a Sunday Morning. With a pretty stressful weekend too.

Re:

[CrimsonAvenger]

okay, coffee, or lack of it, has left me pretty messed up a time or three in my life. Was hoping to find out there was yet another way of speaking in the country, but alas, it was just lack of caffeine....;-)

Old habits die hard

[Begemot]

The enemies will exploit it, so they can't afford being not competitive. Surely they will exploit everything they can and let the bullshit art masters cover up. That's how they're trained to think and old habits die hard.

Makes sense

[Pop69]

Why would you want to tell the opposition what your plans are, that would be really stupid

Obama could issue an Executive Order

[PeeAitchPee]

The NSA is part of the Executive Branch. Obama could immediately, at the very least, put a temporary halt on all of these types of activities and conduct a review gauging the potential impact on ordinary US citizens as collateral damage. He has done no such thing -- not with mass surveillance, not with HeartBleed, not with any of the other nasty shit disclosed in the Snowden leaks. Don't DARE give him a pass on anything NSA-related -- he doesn't need Congress in this case and can personally shut it all down at any time.

Re:

[grep -v '.*' *]

?? Confused here ... so are you saying that you HOPE he CHANGES?

That being said, he's "at the mercy" of what his managers tell him. I'm sure news is filtered every which way but loose and that he's told "ignore the TV", as those guys only reflect some public opinion, and they don't have all of the facts anyway.

After all, we know he's proficient in technically matters [baltimoresun.com], so I'm sure that him deep understanding the NSA technical functions is just obvious [xkcd.com].

Re:

[flyingfsck]

No, Ohbumma can't do squat, due to the large file the NSA has on him.

Cool story bro

[mansie]

"We knew about this since day one, heck we ordered, executed and implement.. I mean... we may or may not exploit the next one we produ.. I mean the next one."

yeah right

[sribe]

Like he really has any control over what they do anymore...

Murica! Freedom!!

[ze_jua]

You Americans are so lucky. Of course they will do this! to defend your freedom!!! :-)

misaligned goals

[amerello]

This is a clear indication that the government's and NSA's security concerns are absolutely misaligned with the interest of the population. They seem to serve imperialist ambitions. An indicator of concern for citizen's security would be to report such a vulnerability immediately and helping prevent the exploitation of the bugs by cyber criminals. That would be in the interest of national and international security.

At last a politician who speaks the truth.

[hey!]

He MIGHT let the NSA do it, OR he MIGHT NOT. That's a credible a statement as anyone could make.

pure garbage

[Anonymous Coward]

What a useless president. Spineless, cowardly, completely incompetent. Has he ever disciplined anyone? Either that or he's degenerated into a true puppet. How can he live with himself?

What "let"?

[Chas]

Obama isn't in a position to "let" or "prohibit" SHIT (even his own).

He's a fucking douchebag, Chicago Machine politician.

He has no opinions or even feelings outside of what his little cabal of "advisors" tell him he does.

He's also in NO position to dictate to the NSA what they will or will not do with an undiscovered bug in a security device/program.

The NSA damn well WILL use it, and so long as nobody leaks it to THE PUBLIC, it's "See No Evil, Hear No Evil, Speak No Evil" from the rest of the government.

Ev

Re:

[bytesex]

They will also be held accountable, at least internally, if, when it becomes known, and subsequently there is damage to the interests of the US. So in spite of your rhetoric, it's always a gamble. And I think in this particular case, we have reason to believe the man: the damage would have been potentially too great. And there is, in this particular case, seemingly no real reason to lie.

Re:

[Chas]

Accountable?

The US Government?

Pfft!

I'll believe that shit when I start seeing it.

I hesitate to label them crooks, because crooks couldn't get away with the shit our government does.

Not to mention that crooks are more careful with money than the US government EVER was.

So they are collaborating with the bad guys...

[gweihir]

Why? Simple: If they let this type of vulnerability exits unpatched, they are collaborating with criminals, foreign (and often hostile) intelligence services and terrorists by standing idle buy. That puts them straight in the "bad guys" class and, by any sane account, represents high treason. It is a bit like leaving the border open in order to see who brings anthrax, nuclear material or bombs over it.

In addition, they are increasing the level of uncertainty and trust for everybody, thereby aiding terrorist

POLITICS will cause the next dark age

[kheldan]

For a long time now I've thought that religion will cause the next Dark Age of Man, through promoting willful ignorance, superstition, and blind "faith", instead of promoting knowledge, understanding, and the search for actual truth. Apparently I was wrong, or at least not completely correct: Politicians and politics will bring about the next Dark Age, by driving people away from the Internet through mass surveillance, and runaway corporate interests destroying Net Neutrality. Once the Internet is no longer

Re:

[ewieling]

Nobody will "boycott the internet". I tried living without a personal e-mail address for a couple of months, it was much more difficult than expected. I continue to use the internet, but far less than before. Seldom purchase anything online anymore, seldom use debit/credit cards anymore. I've reduced my personal web usage to only a few web sites (slashdot being one of them), Cell phone usage drastically reduced. You know what would stop the NSA? If everyone stopped buying stuff online, stop using

If the NSA were actually about National Security..

[jtara]

If the "primary directive" of the NSA were actually National Security (rather than spying) what they should do would be obvious.

In the interest of national security, should the NSA discover such an exploit, they should quietly work with public and private organizations to get as much of the infrastructure fixed before the exploit becomes generally known.

Instead, though, what we have is that the NSA has likely had free access. Along with the rest of the world's spy agencies. And hackers and crime networks. That doesn't foster national security, IMO.

national security

[drolli]

The national security interest would be to patch the hole, not to leave it open. This hole was to easy to exploit, and supposedly enabled identity theft on a massive scale, even to vastly infereior intelligence services.

The comparison with the centrifuges in Iran is misleading. for that combination of attacks it is very hard even to find suitable experts to generate the code.

Let's keep it simple

[Trashcan Romeo]

The US government has the ability to spy on every electronic communication you make, it has been exploiting that ability to the fullest for many years now, and it will continue to do so forevermore. It will do so for the sole purpose of increasing its own power. If put to the inconvenience, it will lie to your face about it. This state of affairs will prevail regardless of which branch of the Money Party is in power. And there isn't thing one you can do about it.

Re:

[Dutchmaan]

And there isn't thing one you can do about it.

That's the only thing I disagree with... so I fixed it..

"And there isn't thing one you WILL do about it."

No Rules, Just Right

[Dutchmaan]

Rules with broad sweeping generalized caveats basically means, no rules. It means WE (as in the people who made the rules) are going to decide on in a subjective way whether we broke the rules or not... and anyone who even knows the most basic aspects of human nature, knows that we as people in general don't like incriminating ourselves, and a government is just a group of people.

So this is basically just lip service from the government, to calm public anger while at the same time giving us the finger.

Were NSA servers vulnerable?

[abies]

Might be bit hard to check after the fact, but if their servers were leaking data on unpatched version of heartbleed it would suggest innocence. If their servers (important ones) were somehow immune to this attack before it went public... they knew something.

Decision

[brunnegd]

The only decision 0bama can make is on his next vacation site.

Re:

[Ron Goodman]

I doubt they have anything on him. He's just frightened of something happening and his political opponents claiming that he "weakened" us somehow, which they would in a heartbeat.