The White House explains why it keeps quiet on internet security flaws

We wouldn't blame you for worrying about the US government's willingness to remain silent on internet vulnerabilities in the name of national security; no one wants to be left open to a preventable attack. However, the White House sees these disclosures as a complicated issue, and has posted an explanation of its reasoning in an attempt to assuage fears. The administration argues that it has a "disciplined, rigorous and high-level" decision system that balances the risks to the public against the value of any intelligence. Agencies are more likely to share details of security flaws if there's a great potential for damage, or if it's likely that someone will use the exploits. At the same time, officials are more likely to stay hush-hush when there's a high-priority target, or if it's relatively safe to use an exploit for a short while.

The White House adds that it has a vested interest in speaking up when possible; it suffers like everyone else if critical infrastructure goes down, after all. It's at least clear from the statements that the government doesn't make its choices lightly. With that said, the absence of any "hard and fast rules" may not sit well with privacy and security advocates. They've been concerned that the NSA not only has a loose definition of what constitutes an acceptable exploit, but that it has created security holes of its own. The response doesn't do much to address trust -- while the government may be careful when it discloses security problems, we don't know that it's always making the right moves.

[Image credit: US Embassy Jakarta, Flickr]