• Home
  • Latest
  • Fortune 500
  • Finance
  • Tech
  • Leadership
  • Lifestyle
  • Rankings
  • Multimedia

Trendingnow

1

The U.S. spent $30 billion to ditch textbooks for laptops and tablets: The result is the first generation less cognitively capable than their parents

2

Peter Thiel and other tech billionaires are publicly shielding their children from the products that made them rich

3

Trump embraces Australian retirement system backed by Larry Fink

1

The U.S. spent $30 billion to ditch textbooks for laptops and tablets: The result is the first generation less cognitively capable than their parents

2

Peter Thiel and other tech billionaires are publicly shielding their children from the products that made them rich

3

Trump embraces Australian retirement system backed by Larry Fink
TechCyber Saturday

Data Sheet—Saturday, August 20, 2016

Robert Hackett
By
Robert Hackett
Robert Hackett
Down Arrow Button Icon
Robert Hackett
By
Robert Hackett
Robert Hackett
Down Arrow Button Icon
August 20, 2016, 1:29 PM ET
Add Fortune on Google for similar content.

At this year’s Defcon hacker conference in Las Vegas, Jason Healey, an Atlantic Council fellow and Columbia University researcher, revealed details, from what he could gather, about the United States government’s process for deciding whether to release or retain strategic computer bugs, useful for spying.

He began by asking the audience a question: How many of you think the number of software vulnerabilities in the National Security Agency’s stockpile is in the thousands? (Some hands raised.) How about the hundreds? (Most up.) How about dozens? (Crickets.)

The mustachioed academician proceeded to debunk what he deemed to be a misconception about the Vulnerabilities Equities Process, the covert procedure by which the government determines whether to disclose or to keep its secrets. Based on his research, which included interviews, public documents, and budget information, the NSA’s horde likely amounts to dozens—just dozens—of exploitable code flaws.

“I was shocked,” Healey told the roomful of disbelieving Defcon attendees, a proudly paranoid lot. “I assumed it was in the hundreds.” (He added that he had “moderate confidence” in the assessment.)

Unsurprisingly, given the process’ confidential nature, the public knows few details. And so civil liberties groups have agitated for openness and reform: individually submit every vulnerability to review, publish regular transparency reports, disclose all vulnerabilities after a short time. Who could object?

“This is a mindbogglingly terrible idea,” wrote Matt Tait and Dave Aitel, two founders of security consultancies, in a post on the blog Lawfare this week. The pair of intelligence agency alums listed reason after reason in a 3,300-word essay why the current system is “broken”—”it is, at some level, empty PR gamesmanship or simply poorly thought out guesswork,” they wrote—and how the reformers “now clamour to make things significantly worse.”

Their argument boils down to this: the Vulnerabilities Equities Process puts the U.S. at a disadvantage compared to its adversaries. Per the post:

Herein lies the basic problem: US cyber operations already face a greater level of scrutiny and limitations than our competitors. But single-minded reformists seek still more restrictions. At the same time, US cyber capabilities grow increasingly critical and central to the basic function of democratic interests worldwide. Without a robust investment in these capabilities, the US will lack the ability to solve the “Going Dark” issue and our intelligence efforts will start to run into quicksand around the world.

Governments must stockpile bugs, they argue. As the world’s communications adopt strong, end-to-end encryption, the only recourse that intelligence gatherers and law enforcement have to hack their targets. To do so, they need access to defects.

“This argument against the current VEP process is worth reading even if (like me) you disagree,” commented Kevin Bankston, director of the Open Tech Institute at the think tank New America, on Twitter.

Last week’s leak of an NSA-linked zero-day (previously unknown) vulnerability in Cisco firewall products has restoked the debate about the government’s disclosure policies. Healey, in an opinion piece for The Christian Science Monitor, knocked the spy agency (assuming it is responsible) for not disclosing the bug earlier: “The Shadow Brokers revelations”—named after the group that dumped the cache of spook hacking tools—”give the impression of an NSA that’s out of control,” he wrote, calling for an overhaul of the vulnerability review process.

When does stashing a vulnerability make the world safer, and when does it weaken the Internet for everyone? There are no easy answers; I welcome your input.

Have a great weekend, readers. More below.

Robert Hackett

@rhhackett

robert.hackett@fortune.com

Welcome to the Cyber Saturday edition of Data Sheet, Fortune’s daily tech newsletter. You may reach me via Twitter, Cryptocat, Jabber (see OTR fingerprint on my about.me), PGP encrypted email (see public key on my Keybase.io), Wickr, Signal, or however you (securely) prefer. Feedback welcome.

THREATS

Shadows broken. A mysterious hacker or hackers going by "Shadow Brokers" leaked attack code, allegedly from an NSA-linked group, that affects firewall and routing equipment made by the likes of Cisco, Fortinet, Juniper Networks, and others. Experts have speculated about the identity of the leakers, proposing everything from Russian spies to an NSA insider. (Fortune, Fortune, Washington Post)

Panic-driven cyber investment chills. Venture capital investors pumped an incredible amount of funding—$3.8 billion—into cybersecurity startups last year. That hype appears to be coming down; companies like Palo Alto Networks, FireEye, and Imperva, each lost about a quarter of their market value this year. (Wall Street Journal)

Twitter's terrorist whack-a-mole game. The microblogging service says it has clamped down on ISIS promoters running amok on its network. The company says it has closed 235,000 extremist-linked accounts since Feb., and has boosted shutterings by 80% since last year. (Fortune, Twitter)

Follow the yellow Silk Road. Ever wonder how those Feds who were stealing Bitcoin from the coffers of the online drug marketplace Silk Road got caught? Their undoing began after DEA Special Agent Carl Force tried to launder money through the Bitcoin exchange Bitstamp. (Ars Technica)

Meet Tony Fullman. The New Zealand citizen this week became the first-ever publicly identified target of the spy program PRISM, an Internet surveillance system used by the NSA and revealed by Edward Snowden in 2013. Intelligence agencies came to suspect that he was plotting to overthrow the government in Fiji. (Fortune, The Intercept)

Also, a tip of the hat to whomever Rickrolled the Shadow Brokers' Bitcoin auction. As Motherboard put it, very leet.

Share today's Data Sheet with a friend:
http://fortune.com/newsletter/datasheet/

Looking for previous Data Sheets? Click here.

ACCESS GRANTED

What does a satellite launch have to do with cybersecurity? A lot, actually. Fortune's Robert Hackett details a momentous scientific event.

China blasted the world’s first quantum communications satellite into orbit from the Gobi Desert early Tuesday.

The project signals the dawn of a potentially game-changing communications technology: quantum key distribution—a dependable system for exchanging secrets (more on this in a bit)—as beamed from space. If the experiment is successful, it could lead to considerably more secure global communications. Read the rest on Fortune.com.

FORTUNE RECON

Yes, That Website You're Visiting Is Probably Tracking You by Sy Mukherjee

Those Hacked NSA Exploit Names Are Funny, But Don't Laugh Too Hard by Mathew Ingram

20 Upscale Hotels Were Infected With Card-Data-Stealing Malware by David Meyer

China Says Foreign Investors' Concern Over Its Cybersecurity Bill Is 'Unnecessary' by Reuters

ONE MORE THING

Subvert like a spy. The CIA's Simple Sabotage Field Manual, published in 1944, serves as a step-by-step guide to bringing down an adversary from the inside. One tip? "Purposeful stupidity" as an act of destruction. So devious. (Flashbak)

About the Author
Robert Hackett
By Robert Hackett
Instagram iconLinkedIn iconTwitter icon
See full bioRight Arrow Button Icon
Add Fortune on Google for similar content.

Latest in Tech

Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025

Most Popular

Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Finance
Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam
By Fortune Editors
October 20, 2025
Fortune Secondary Logo
Rankings
  • 100 Best Companies
  • Fortune 500
  • Global 500
  • Fortune 500 Europe
  • Most Powerful Women
  • World's Most Admired Companies
  • See All Rankings
  • Lists Calendar
Sections
  • Finance
  • Fortune Crypto
  • Features
  • Leadership
  • Health
  • Commentary
  • Success
  • Retail
  • Mpw
  • Tech
  • Lifestyle
  • CEO Initiative
  • Asia
  • Politics
  • Conferences
  • Europe
  • Newsletters
  • Personal Finance
  • Environment
  • Magazine
  • Education
Customer Support
  • Frequently Asked Questions
  • Customer Service Portal
  • Privacy Policy
  • Terms Of Use
  • Single Issues For Purchase
  • International Print
Commercial Services
  • Advertising
  • Fortune Brand Studio
  • Fortune Analytics
  • Fortune Conferences
  • Business Development
  • Group Subscriptions
About Us
  • About Us
  • Press Center
  • Work At Fortune
  • Terms And Conditions
  • Site Map
  • About Us
  • Press Center
  • Work At Fortune
  • Terms And Conditions
  • Site Map
  • Facebook icon
  • Twitter icon
  • LinkedIn icon
  • Instagram icon
  • Pinterest icon

Latest in Tech

mm
Commentaryregulation
Exclusive: Delaware Secretary of State partners with Norm Ai to propose the AIC, a legal entity for agents
By John Nay and Charuni Patibanda-SanchezJuly 13, 2026
2 hours ago
u
PoliticsSocial Media
Europe to social media platforms: make yourself safe for kids under 13, somehow
By Lorne Cook, Kelvin Chan and The Associated PressJuly 13, 2026
4 hours ago
Meta’s AI data center cost went from $10 billion to $50 billion in under 2 years—and split the town in two
Big TechMeta
Meta’s AI data center cost went from $10 billion to $50 billion in under 2 years—and split the town in two
By Sydney LakeJuly 13, 2026
4 hours ago
b
CommentaryWorld Cup
Columbia Business School professors: What the Balogun red card can teach us about AI and judgment
By Oded Netzer, Christopher Frank and Paul MagnoneJuly 13, 2026
5 hours ago
‘We are driving in the fog’: Hundreds of economists admit they’re flying blind on AI
Economydisruption
‘We are driving in the fog’: Hundreds of economists admit they’re flying blind on AI
By Nick LichtenbergJuly 13, 2026
7 hours ago
Shuman Ghosemajumder
Cybersecuritycyber
Exclusive: Google’s former ‘click fraud czar’ emerges from stealth with an on-device AI shield against AI-powered phishing, deepfakes, and other scams
By Jeremy KahnJuly 13, 2026
8 hours ago

Most Popular

The U.S. spent $30 billion to ditch textbooks for laptops and tablets: The result is the first generation less cognitively capable than their parents
Innovation
The U.S. spent $30 billion to ditch textbooks for laptops and tablets: The result is the first generation less cognitively capable than their parents
By Sasha RogelbergJuly 12, 2026
1 day ago
Peter Thiel and other tech billionaires are publicly shielding their children from the products that made them rich
Big Tech
Peter Thiel and other tech billionaires are publicly shielding their children from the products that made them rich
By Marco Quiroz-GutierrezJuly 12, 2026
1 day ago
Trump embraces Australian retirement system backed by Larry Fink
Personal Finance
Trump embraces Australian retirement system backed by Larry Fink
By Brianna Sosa and BloombergJuly 12, 2026
1 day ago
Wyoming officials say Meta’s 715,000-square-foot data center is responsible for contaminating its water system with a rare bacterium
Environment
Wyoming officials say Meta’s 715,000-square-foot data center is responsible for contaminating its water system with a rare bacterium
By Sasha RogelbergJuly 10, 2026
3 days ago
Current price of oil as of July 13, 2026
Personal Finance
Current price of oil as of July 13, 2026
By Joseph HostetlerJuly 13, 2026
11 hours ago
Russia’s economy is an 'illusion' built on debt, and a banking crisis is ready to explode, intel report says, while the Kremlin may seize pensions
Banking
Russia’s economy is an 'illusion' built on debt, and a banking crisis is ready to explode, intel report says, while the Kremlin may seize pensions
By Jason MaJuly 12, 2026
1 day ago

© 2026 Fortune Media IP Limited. All Rights Reserved. Use of this site constitutes acceptance of our Terms of Use and Privacy Policy | CA Notice at Collection and Privacy Notice | Do Not Sell/Share My Personal Information
FORTUNE is a trademark of Fortune Media IP Limited, registered in the U.S. and other countries. FORTUNE may receive compensation for some links to products and services on this website. Offers may be subject to change without notice.