Stop the NSA from ‘Stockpiling’ Software Vulnerabilities

Target: Donald Trump, president of the United States

Goal: Order the NSA and other agencies to immediately inform software companies like Microsoft of any vulnerabilities it uncovers, before they fall into the hands of criminals.

Have you been hit by WannaCry? It’s a piece of dangerous software being spread by hackers across the world like wildfire, locking users out of their own computers. A target computer’s files are encrypted by the software, then the victim is given a tough choice: either pay the hackers to decrypt the files, or see the entire computer wiped. It’s already hit over 230,000 computers in 150 countries; and according to experts, the U.S. National Security Agency (NSA) is to blame. According to Microsoft, WannaCry is based on a weakness in Windows software uncovered by the NSA. However, instead of immediately informing Microsoft of this potential exploit, the NSA decided to keep it to themselves, according to the company.

“This attack provides yet another example of why the stockpiling of vulnerabilities by governments is such a problem,” said Brad Smith, Microsoft’s chief legal officer.

According to Smith, the NSA’s “hoarding” of software vulnerabilities puts all of us in danger. Time and time again, the NSA and other agencies have kept these vulnerabilities to themselves, only to have them leaked in embarrassing ways.

“We have seen vulnerabilities stored by the CIA show up on WikiLeaks … repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage,” he said.

To Smith, an “equivalent scenario with conventional weapons would be the U.S. military having some of its Tomahawk missiles stolen.”

Unlike the military though, the NSA seems to regularly lose control of its own weapons; and it’s all of us who pay the price.

We therefore call on U.S. President Donald Trump to take action against the hoarding of software exploits by the NSA, CIA and other security agencies. If you agree, please sign this petition.

PETITION LETTER:

Dear President Trump,

Time and time again, the NSA, CIA and other state security agencies have proven themselves incapable of handling their own weapons. These weapons come in the form of software vulnerabilities, which agencies have been accused of stockpiling for their own espionage and counter-espionage activities. Microsoft and other major software companies have long complained about this practice, arguing agencies should turn over their findings to companies. This would allow firms like Microsoft to improve their software quicker, and keep all of us safer online.

Not only does the NSA refuse to do this, but they consistently seem to lose control of their own exploits. So instead of this critical information being given to companies like Microsoft, it seems to often end up in the hands of criminals. This is exactly what happened with the disastrous WannaCry hack. In this case, hackers used an exploit discovered by the NSA to hold 230,000 computers at ransom, raking in an estimated US$100,000 so far.

For a government agency with the word “security” in its name, the NSA doesn’t seem particularly secure; and it’s putting all of us in danger.

As Brad Smith, Microsoft’s chief legal officer put it, an “equivalent scenario with conventional weapons would be the U.S. military having some of its Tomahawk missiles stolen.”

Indeed, the U.S. military is generally trusted with its Tomohawks, because after all, it doesn’t tend to leak them to criminal groups.

The same cannot be said for the NSA. If the NSA can’t keep its software exploits out of the hands of criminals, then it needs to start acting responsibly. This would mean ordering the agency to hand over exploits to responsible actors like Microsoft as soon as they are found, so they can patch their software as soon as possible.

We all know the NSA likes its toys, but if it can’t play safely, then it’s time for adults to step in.

Sincerely,

[Your Name Here]

Photo Credit: Byseyhanla

Sign the Petition

  • Only your name will be displayed. By signing, you accept our terms and may receive updates on this and related causes.
FacebookCare2 NewsTwitterEmailShare

One Comment

  1. The NSA is definitely not looking out for the good of people. In fact, it seems pretty corrupt.
    I agree the NSA should be forced to hand over any knowledge of vulnerabilities. It should also be held accountable for it’s actions and it’s lack of action.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

Facebook Comments

comments

96 Signatures

  • Janice Bernard
  • alessandro verzola
  • Carri Welsh
  • P Bowen
  • Daniel O'Keefe
  • Nikki Owen
  • Alexis Dawson
  • Selena Ambush
  • kajsa ingelsson
  • matt fitzhugh
1 of 10123...10
Skip to toolbar