[cryptome] Re: Fwd: 78716A

  • From: Ryan Carboni <ryacko@xxxxxxxxx>
  • To: cryptome@xxxxxxxxxxxxx
  • Date: Thu, 18 Dec 2014 14:47:05 -0800

"Records Requested: I request any information the NSA has on malware
transmitted through USB firmware.

I request this for personal, noncommercial purposes, particularly for
securing my own personal computer.

I authorize fees up to $20." request #78716A. I did suggest that they
search the research directorate.

On Thu, Dec 18, 2014 at 2:41 PM, doug <douglasrankine2001@xxxxxxxxxxx>
>  Hi Ryan,
> That proposition may...or may not be true... :-) .  However, be as it
> may, they are saying that your request is "overly broad" and therefore has
> too wide an ambit to be answered without a lot of effort.  They therefore
> require your help in narrowing it down so that they can answer it. They are
> trying to be helpful by providing a couple of hyperlinks.  Take a look at
> them and if they are not helpful or provide some guidance, them  may I
> suggest that you re-frame the question and re-submit it. Sorry, but I am
> not familiar with the question, what is it that you wish them to provide an
> answer to?
> Dougie.
> On 18/12/14 22:22, Ryan Carboni wrote:
>  Common Americans are no longer considered worth protecting as part of
> national security.
> -----------
>   Mr. Carboni,
> Thank you for providing the information below.  We have conducted an
> initial search within the organization that is most likely to hold records.
> That organization advised that the request, as worded, is overly broad.
> Querying any of our organizations would likely result in the same
> response.  The phrase “malware transmitted through USB firmware” is overly
> broad, such that any of our internal organizations would not be able to
> determine which files to search or be able to conduct a search with a
> reasonable amount of effort. Terms such as “malware” or “firmware” may turn
> up in any number of NSA records and most likely would not be related to
> securing home networks. Furthermore, added search without a clarification
> of context and specific records sought, would incur significant fees which
> would be passed on to you as an “all other” requester.
>   A large facet of the NSA/CSS mission is to protect National Security
> (i.e. government, DoD, Industry partners) information systems.  In doing
> so, this Agency provides guidance on Information Assurance security
> solutions to our Industry and Government customers regarding risk,
> vulnerabilities, mitigations, and threats.  While it is not part of our
> mission to provide guidance on securing home networks, we may occasionally
> post information on our website as you may recall from our letter. Our
> Information Assurance Directorate (IAD) has provided some information to
> the public that may be of interest to you.  Here are some additional links
> that you may peruse:
> https://www.nsa.gov/ia/mitigation_guidance/index.shtml
> https://www.nsa.gov/public_info/press_room/2014/nsa_seal_scam_alert.shtml
> (this is a recent article the does provides a link regarding malware)
> https://www.nsa.gov/ia/index.shtml  The last paragraph provides a video
> link under “IAD's Latest Security Guide Helps Customers Protect Home
> Networks,” and there is also a fact sheet titled “Best Practices for
> Keeping Your Home Network Secure.” Since the information you appear to be
> requesting (protecting home networks) does not fall under the purview of
> NSA/CSS missions, continued search of our files would not be productive.
> Your request will be administratively closed as an improper FOIA.  If,
> after reviewing the information on our website, you wish to submit a FOIA
> request on similar topic(s), please provide enough detail to allow for an
> accurate and focused search.
> Regards,
> Cindy B
> NSA/CSS FOIA Requester Service Center
> (301)688-6527

Other related posts: