CERT and disclosure of CVE-2020-0601
| Tracking # |
2020-HQFO-00422 |
| Submitted | Jan. 15, 2020 |
| Est. Completion | None |
MuckRock users can file, duplicate, track, and share public records requests like this one. Learn more.
Communications
From: Jurre van Bergen
To Whom It May Concern:
Pursuant to the Freedom of Information Act, I hereby request the following records:
All documents related in whole or in part to the detailing the disclosure of CVE-2020-0601, a Microsoft security issue in Crypt32.dll in various versions of their Windows product. The security vulnerability was allegedly found and reported to Microsoft by the NSA.
The NSA disclosed it through the following channels, detailed here: https://twitter.com/NSAGov/status/1217152211056238593 & https://media.defense.gov/2020/Jan/14/2002234275/-1/-1/0/CSA-WINDOWS-10-CRYPT-LIB-20190114.PDF
U.S cert disclosed it here: https://www.us-cert.gov/ncas/alerts/aa20-014a
Any of those documents could be but not limited to, notes, e-mails, media talking points, communication with Microsoft, as well as any records sharing details with other U.S government agencies about the vulnerability and communication with U.S Cert.
If you regard these documents as potentially exempt from disclosure requirements, I request that you nonetheless exercise your discretion to disclose them.Please release all reasonably segregable nonexempt portions of documents.
The requested documents will be made available to the general public, and this request is not being made for commercial purposes.
In the event that there are fees, I would be grateful if you would inform me of the total charges in advance of fulfilling my request. I would prefer the request filled electronically, by e-mail attachment if available or CD-ROM if not.
Thank you in advance for your anticipated cooperation in this matter. I look forward to receiving your response to this request within 20 business days, as the statute requires.
Sincerely,
Jurre van Bergen
From: United States Computer Emergency Readiness Team
Good Evening,
Attached is our acknowledgment of your DHS FOIA request. If you need to contact this office again concerning your request, please provide the DHS reference number. This will enable us to quickly retrieve the information you are seeking and reduce our response time. This office can be reached at 866-431-0486.
Regards,
DHS Privacy Office
Disclosure & FOIA Program
STOP 0655
Department of Homeland Security
245 Murray Drive, SW
Washington, DC 20528-0655
Telephone: 1-866-431-0486 or 202-343-1743
Fax: 202-343-4011
Visit our FOIA website (http://www.dhs.gov/foia)
From: Muckrock Staff
To Whom It May Concern:
I wanted to follow up on the following Freedom of Information Act request, copied below, and originally submitted on Jan. 15, 2020. Please let me know when I can expect to receive a response. You had assigned it reference number #2020-HQFO-00422.
Thanks for your help, and let me know if further clarification is needed.
From: Muckrock Staff
To Whom It May Concern:
I wanted to follow up on the following Freedom of Information Act request, copied below, and originally submitted on Jan. 15, 2020. Please let me know when I can expect to receive a response. You had assigned it reference number #2020-HQFO-00422.
Thanks for your help, and let me know if further clarification is needed.
From: Muckrock Staff
To Whom It May Concern:
I wanted to follow up on the following Freedom of Information Act request, copied below, and originally submitted on Jan. 15, 2020. Please let me know when I can expect to receive a response. You had assigned it reference number #2020-HQFO-00422.
Thanks for your help, and let me know if further clarification is needed.
From: Muckrock Staff
To Whom It May Concern:
I wanted to follow up on the following Freedom of Information Act request, copied below, and originally submitted on Jan. 15, 2020. Please let me know when I can expect to receive a response. You had assigned it reference number #2020-HQFO-00422.
Thanks for your help, and let me know if further clarification is needed.
From: Muckrock Staff
To Whom It May Concern:
I wanted to follow up on the following Freedom of Information Act request, copied below, and originally submitted on Jan. 15, 2020. Please let me know when I can expect to receive a response. You had assigned it reference number #2020-HQFO-00422.
Thanks for your help, and let me know if further clarification is needed.
From: Muckrock Staff
To Whom It May Concern:
I wanted to follow up on the following Freedom of Information Act request, copied below, and originally submitted on Jan. 15, 2020. Please let me know when I can expect to receive a response. You had assigned it reference number #2020-HQFO-00422.
Thanks for your help, and let me know if further clarification is needed.
From: Muckrock Staff
To Whom It May Concern:
I wanted to follow up on the following Freedom of Information Act request, copied below, and originally submitted on Jan. 15, 2020. Please let me know when I can expect to receive a response. You had assigned it reference number #2020-HQFO-00422.
Thanks for your help, and let me know if further clarification is needed.
From: Muckrock Staff
To Whom It May Concern:
I wanted to follow up on the following Freedom of Information Act request, copied below, and originally submitted on Jan. 15, 2020. Please let me know when I can expect to receive a response. You had assigned it reference number #2020-HQFO-00422.
Thanks for your help, and let me know if further clarification is needed.
From: Muckrock Staff
To Whom It May Concern:
I wanted to follow up on the following Freedom of Information Act request, copied below, and originally submitted on Jan. 15, 2020. Please let me know when I can expect to receive a response. You had assigned it reference number #2020-HQFO-00422.
Thanks for your help, and let me know if further clarification is needed.
From: Muckrock Staff
To Whom It May Concern:
I wanted to follow up on the following Freedom of Information Act request, copied below, and originally submitted on Jan. 15, 2020. Please let me know when I can expect to receive a response. You had assigned it reference number #2020-HQFO-00422.
Thanks for your help, and let me know if further clarification is needed.
From: United States Computer Emergency Readiness Team
Good Morning, Attached is our final response to your request. If you need to contact this office again concerning your request, please provide the DHS reference number. This will enable us to quickly retrieve the information you are seeking and reduce our response time. This office can be reached at 866-431-0486. Regards, DHS Privacy Office
Disclosure & FOIA Program
STOP 0655
Department of Homeland Security
245 Murray Drive, SW
Washington, DC 20528-0655
Telephone: 1-866-431-0486 or 202-343-1743
Fax: 202-343-4011
Visit our FOIA website
From: Jurre van Bergen
In response to 2020-HQFO-00422, I hereby file an appeal
I have submitted a FOIA request of which I received your final communication that no records can be found. I have to say, I have my doubt about it. This should've been processed by CISA, of which the U.S Cert department falls under.
The United States Computer Emergency Readiness Team is an organization within the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency. U.S. Cert's mission is the U.S cyber risk advisor, helps companies secure themselves by communicating risks and give cyber vulnerabilities an CVE number, etc.
This is one of the main tasks of U.S Cert, which is why I find it weird there can't be information found about this vulnerability that I request information of.