On Saturday, the Senior Administration Officials cast light on the subject of Internet Security and said President Obama has clearly decided that whenever the U.S. Intelligence agency like NSA discovers major vulnerabilities, in most of the situations the agency should reveal them rather than exploiting for national purpose, according to The New York Times





OBAMA's POLICY WITH LOOPHOLE FOR NSA

Yet, there is an exception to the above statement, as Mr. President carved a detailed exception to the policy "Unless there is a clear national security or law enforcement need," which means that the policy creates a loophole for the spying agencies like NSA to sustain their surveillance programs by exploiting security vulnerabilities to create Cyber Weapons.

In rare instances, US policy may briefly authorize using a Zero Day for high priority intelligence collection, following senior, interagency review involving all appropriate departments." After three-month review of recommendations [ PDF-file ], the Final Report of the Review Group on Intelligence and Communications Technologies was submitted to Mr. Obama on last December, out of which one of the recommendation on page no. 37 states that, "





Obama took this new decision in January this year, but the elements of decision disclosed just one day after the story of HeartBleed OpenSSL Security Bug broke last week and Bloomberg reported that the NSA may have known about the flaw for last two years and using it continuously to gain information instead of disclosing it.





The Office of the Director of National Intelligence (ODNI) released a statement on Friday in response to the Bloomberg report saying NSA was not aware of Heartbleed until it was made public.





The ODNI report concludes, "In response to the recommendations of the President's Review Group on Intelligence and Communications Technologies, the White House has reviewed its policies in this area and reinvigorated an interagency process for deciding when to share vulnerabilities. This process is called the Vulnerabilities Equities Process. Unless there is a clear national security or law enforcement need, this process is biased toward responsibly disclosing such vulnerabilities," that coincides with above stated recommendation.





PURCHASED ZERO DAYS, AGAINST ANYONE-ANYTIME

As we already know, U.S. government is the biggest buyer of cyber weapons and Zero-Day exploits, those NSA and FBI are using from last many years to compromise the Internet for spying on the whole world.





In NSA's exploit archive there could be more than 50 percent of purchased exploits, and without any doubt we can label it as 'National Security or Law Enforcement Needs'. Thanks for above exceptional recommendation, the use of Zero-day exploits are now enough legal against anyone-anytime.





US policy should generally move to ensure that Zero Days are quickly blocked, so that the underlying vulnerabilities are patched on US Government and other networks."



In March, Edward Snowden files Operation Shotgiant" against the Chinese government and networking company Huawei, in early 2009 and also accused for stealing the source codes for certain products. Review Group report also mentions, "."In March, Edward Snowden files revealed that the National Security Agency conducted a major offensive cyber operation called "" against the Chinese government and networking company Huawei, in early 2009 and also accused for stealing the source codes for certain products.





Will U.S also responsibly disclose zero-day flaws to foreign vendors (like Huawei and ZTE) as well, rather than exploiting their products for Cyber espionage on other Countries?