FBI Refuses to Disclose Details on Software Security Flaw; What Does the Gov’t Have to Hide?
This article was featured in our weekly newsletter, the Liberator Online. To receive it in your inbox, sign up here.
The fight ignited by Apple continues, as the feud between the tech industry and the US government warms up because Mozilla, the software company behind the popular browser Firefox, is now pressing the feds to disclose information pertaining to a potential security flaw.
Mozilla filed a motion with the US district court requesting information on potential Firefox vulnerabilities that could expose users and their data to major privacy infringement risks. The info was unearthed during a criminal investigation carried out by the FBI in which officials hacked into a Dark Web child pornography website in February 2015. During some time, the website was run by FBI officers from inside of a government facility in Virginia. But once the investigation was finalized, vulnerabilities that allowed for this hack were kept secret.
According to Mozilla, if the issues unearthed aren’t addressed by the tech companies, users’ privacy could be under attack. Since the Tor Browser is “built on the same base code as the open-source Firefox browser,” Mozilla believes the vulnerabilities should be shared with the group.
In Mozilla’s motion, the group claims that the government has “refused to tell Mozilla whether the vulnerability at issue in this case involves a Mozilla product,” prompting the company to inquire further in order to protect its users.
The fact the government used an exploit that hasn’t been unveiled makes government officials more likely to use the same artifice to “compromise users and systems running the browser,” a reality Mozilla seems to refuse to accept. According to Mozilla Corporation’s chief legal and business officer Denelle Dixon-Thayer, even the “judge in this case ordered the government to disclose the vulnerability to the defense team but not to any of the entities that could actually fix the vulnerability.” To the company, the judge’s decision makes no sense “because it doesn’t allow the vulnerability to be fixed before it is more widely disclosed.”
But as Tech Dirt has reported, once the judge ordered the FBI to turn over information on the hacking tool to the defense team, the feds refused. Instead of standing his ground, Judge Robert J. Bryan reversed course, allowing the FBI to keep the information under wraps.
According to Motherboard, the judge met with the government in order to learn more about the FBI’s reasoning in this case after the ruling, which prompted his decision to reverse his position. While Bryan “still thinks the defense has a reason to see that code,” he cannot ensure this will actually happen.
Tech Dirt believes there’s “a 0% chance of the FBI voluntarily turning this information over to the defense,” but Mozilla is pressing on anyway. Whether the FBI will be successful in keeping this information from the public is a matter of time.
What’s left to ask is: Why is the FBI so invested in keeping important information on data security from those who develop software that protect us from hackers?