Rules of the Road: The Need for Vulnerabilities Equities Legislation

Read Original Article
Photo: Flickr: WOCinTech Chat
Media Outlet: Lawfare

Sharon Bradford Franklin and Andi Wilson wrote for Lawfare about the need for a Vulnerabilities Equities Process (VEP) that protects cybersecurity & promotes transparency:

When the government discovers a bug in any computer hardware or software system, should it immediately inform the device or software manufacturer, so the company can create a patch and protect its customers’ cybersecurity? When should the government be permitted to keep the information to itself, and exploit the vulnerability to hack into devices in support of law enforcement and intelligence agency operations? By promptly notifying manufacturers and allowing them to repair cyber vulnerabilities, the government serves its responsibility to protect the nation from cyber attacks, which can harm not only our information systems, but also our financial systems, critical infrastructure, and public safety. Yet, as we have long known, the government also restricts knowledge of some cyber vulnerabilities for exploitation in law enforcement and intelligence operations.


Andi Wilson is a policy analyst at New America’s Open Technology Institute, where she researches and writes about the relationship between technology and policy.

Sharon Bradford Franklin is director of surveillance and cybersecurity policy for New America's Open Technology Institute, where she leads OTI's work on issues involving government surveillance, encryption, cybersecurity, and government access to data.