SAN FRANCISCO (CN) - The National Security Agency is stalling on its promised release of records on its secret exploitation of the Heartbleed security bug, the Electronic Frontier Foundation claims in Federal Court.
The Heartbleed bug is a vulnerability in the web's most popular cryptographic feature, OpenSSL, which allows hackers to gain access to user names and passwords, steal sensitive information and eavesdrop on communications.
The EFF, a digital civil liberties nonprofit, claims the NSA knew about the vulnerability and used it gather intelligence for at least two years.
According to the lawsuit, the Office of the Director of National Intelligence denied that the government had any knowledge of Heartbleed before April 2014.
"It further explained that in response to recommendations by the White House Review Group, the executive branch had 'reviewed its policies in this area and reinvigorated an interagency process for deciding when to share vulnerabilities,'" the complaint states.
The EFF requested information about the process on May 6 this year. The national intelligence office said it would expedite the request, but still hasn't turned over any documents.
"This FOIA suit seeks transparency on one of the least understood elements of the U.S. intelligence community's toolset: security vulnerabilities. These documents are important to the kind of informed debate that the public and the administration agree needs to happen in our country," EFF legal fellow Andrew Crocker said in a statement.
The EFF wants to see the records.
It is represented by Andrew Crocker, Mark Rumold and Nathan Cardozo.