The agency, which exists to find out secrets, fails to keep them
The Economist: A GRIM year for American spy agencies took a turn for the worse with the leaking, on March 7th, of what appeared to be a lengthy, detailed catalogue of the CIA’s secret hacking tools for turning computers, internet routers, telephones and even web-enabled televisions into remote spying devices, and for bypassing encrypted messaging services by penetrating individual Apple and Android smartphones. The WikiLeaks anti-secrecy organisation posted nearly 9,000 documents and files dated 2013-16 in what it said was a first taste of a “vault” of CIA secrets. WikiLeaks claimed that the archive was provided by a former American government hacker or contractor eager to “initiate a public debate” about the security and democratic control of cyber-weapons, viruses and malware. The group said it had redacted computer code that could be used to launch attacks, pending such a debate.
That self-justification by WikiLeaks will only further strain relations between the intelligence community, the administration of President Donald Trump and technology firms in Silicon Valley. In the final days of the Obama era, American spy chiefs assessed “with high confidence” that a trove of embarrassing e-mails stolen from officials at the Democratic Party and Hillary Clinton’s presidential campaign were “relayed” to WikiLeaks by Russia, in a bid to sway the election of 2016. A month before that election Mr Trump had gleefully hailed the leaking of Clinton campaign e-mails, declaring: “I love WikiLeaks!” Days before taking office in January, Mr Trump accused American spy agencies of leaking against him, though he finally conceded that Russia might have been behind the hacking of Democratic e-mails.
The new CIA leaks are a fresh blow to an intelligence community still suffering the after-effects of the release of National Security Agency documents by a former contractor, Edward Snowden, in 2013. The leaks once again highlight the trade-offs underlying espionage in the digital age. Governments want good computer security because they fear cyber-crime and hacking. Yet they also value security flaws because computers and smartphones are excellent spying tools, even in an age of strong, private-sector encryption. If spies can read files directly off a target’s screen, they need not care if it is later transmitted by WhatsApp or similar services.
In another trade-off, governments rely on close co-operation with technology companies. That is why in 2010 the Obama administration undertook to alert firms to security flaws when they found them. WikiLeaks appears to show government agents still buying and hoarding so-called “zero-day” vulnerabilities from hackers, meaning coding flaws not known to a technology product’s creators. The files show agents discussing how to break into such operating systems as Apple’s iOS and Google’s Android, to extract a target’s location, audio and text messages, and secretly take over control of a smartphone’s microphone and camera. Apple said it had already patched many of the newly revealed flaws and would “rapidly” address others.
A GRIM year for American spy agencies took a turn for the worse with the leaking, on March 7th, of what appeared to be a lengthy, detailed catalogue of the CIA’s secret hacking tools for turning computers, internet routers, telephones and even web-enabled televisions into remote spying devices, and for bypassing encrypted messaging services by penetrating individual Apple and Android smartphones. The WikiLeaks anti-secrecy organisation posted nearly 9,000 documents and files dated 2013-16 in what it said was a first taste of a “vault” of CIA secrets. WikiLeaks claimed that the archive was provided by a former American government hacker or contractor eager to “initiate a public debate” about the security and democratic control of cyber-weapons, viruses and malware. The group said it had redacted computer code that could be used to launch attacks, pending such a debate.
That self-justification by WikiLeaks will only further strain relations between the intelligence community, the administration of President Donald Trump and technology firms in Silicon Valley. In the final days of the Obama era, American spy chiefs assessed “with high confidence” that a trove of embarrassing e-mails stolen from officials at the Democratic Party and Hillary Clinton’s presidential campaign were “relayed” to WikiLeaks by Russia, in a bid to sway the election of 2016. A month before that election Mr Trump had gleefully hailed the leaking of Clinton campaign e-mails, declaring: “I love WikiLeaks!” Days before taking office in January, Mr Trump accused American spy agencies of leaking against him, though he finally conceded that Russia might have been behind the hacking of Democratic e-mails.
The new CIA leaks are a fresh blow to an intelligence community still suffering the after-effects of the release of National Security Agency documents by a former contractor, Edward Snowden, in 2013. The leaks once again highlight the trade-offs underlying espionage in the digital age. Governments want good computer security because they fear cyber-crime and hacking. Yet they also value security flaws because computers and smartphones are excellent spying tools, even in an age of strong, private-sector encryption. If spies can read files directly off a target’s screen, they need not care if it is later transmitted by WhatsApp or similar services.
In another trade-off, governments rely on close co-operation with technology companies. That is why in 2010 the Obama administration undertook to alert firms to security flaws when they found them. WikiLeaks appears to show government agents still buying and hoarding so-called “zero-day” vulnerabilities from hackers, meaning coding flaws not known to a technology product’s creators. The files show agents discussing how to break into such operating systems as Apple’s iOS and Google’s Android, to extract a target’s location, audio and text messages, and secretly take over control of a smartphone’s microphone and camera. Apple said it had already patched many of the newly revealed flaws and would “rapidly” address others.