14 DAY TRIAL // The NSA (National Security Agency) is in the midst of a two-year-old lawsuit with the EFF (Electronic Frontier Foundation) for the right to keep its zero-day handling process secret from the prying eyes of the outside world.
The whole scandal started in 2014, when US media discovered that the NSA knew in advance of the Heartbleed bug that affected nearly two-thirds of the entire sites on the Internet.
News reporters learned that the agency knew about the bug but didn't tell anyone, deciding to use it for offensive purposes to gather information on foreign threats.
The EFF sued the NSA in 2014
The EFF sued the NSA based on the Freedom of Information Act, in an attempt to force the agency to disclose more information about its zero-day handling process.
Even if the judge hadn't made a decision yet, back in November 2015, the NSA acknowledged on its website that its security researchers disclosed 91% of all the security vulnerabilities they found, keeping the rest for internal use as part of their hacking arsenal against foreign or internal threats.
Despite this admission, the EFF was not happy and continued the lawsuit. This past January, a court in San Francisco, California, ordered the NSA to release more information on the process.
NSA released a redacted version of its zero-day process
The agency complied, and a few days later, it released a less-redacted version of its Vulnerable Equities Process (VEP) document. This file contained step-by-step procedures on how the NSA decides what zero-day to disclose and what to keep in-house.
Again, the EFF was still not happy and has filed a new complaint, asking for more data to be disclosed. The Foundation even suggested that the judge carry out an "in camera" (private) review of VEP in its raw form to validate the need to redact some of the document's portions.
"We think it's important the public knows how the government uses our vulnerabilities against us, and this document details how the government makes that decision," EFF attorney Nathan Cardozo said for Courthouse News.
