The obscure “vulnerabilities equities process” was a rule brought in by the Obama administration in 2010 that compels any government agency – be it the NSA, Secret Service or even the FBI – to report flaws or back doors in technology that might put Americans at risk.
The government, according to CNN is constantly keeping an eye on technology to ensure something a lot of people use doesn’t become compromised. If it spots something, a so called ‘zero day’ hack in an Apple iPhone that could expose others, the agency that discovered the bug has to meet with the National Security Council to discuss whether Apple should be made aware of the problem.
The idea behind the ruling was to ensure that rogue states or criminal groups don’t also discover holes in software and exploit them before the creator has had time to fix it.
So in the FBI’s ongoing attempts to break into the iPhone of San Bernadino shooter Syed Rizwan Farook – in which the law enforcement agency is working with an Israeli company – it might be inadvertently making it a lot more difficult for it to repeat the same process in future.
An undateddocument was declassified in late 2015 and reveals some – most of it is redacted – of the details behind the policy. It remains unclear which vulnerabilities have to be disclosed and which do not.
However, the President’s Review Group on Intelligence and Communications Technologies recommended in 2013 that, “U.S. policy should generally move to ensure that Zero Days are quickly blocked, so that the underlying vulnerabilities are patched on U.S. Government and other networks.”
So it looks like the debate will continue for some time to come.