Reason.com - Free Minds and Free Markets
Reason logo Reason logo
  • Latest
  • Magazine
    • Current Issue
    • Archives
    • Subscribe
    • Crossword
  • Video
  • Podcasts
    • All Shows
    • The Reason Roundtable
    • The Reason Interview With Nick Gillespie
    • The Soho Forum Debates
    • Just Asking Questions
    • The Best of Reason Magazine
    • Why We Can't Have Nice Things
  • Volokh
  • Newsletters
  • Donate
    • Donate Online
    • Donate Crypto
    • Ways To Give To Reason Foundation
    • Torchbearer Society
    • Planned Giving
  • Subscribe
    • Reason Plus Subscription
    • Print Subscription
    • Gift Subscriptions
    • Subscriber Support

Login Form

Create new account
Forgot password

Cybersecurity

CIA Leak Shows How We're Losing Both Privacy and Security with Tech Data

Agency hoards infiltration tools and puts our information at risk of exposure.

Scott Shackford | 3.8.2017 2:00 PM

Share on FacebookShare on XShare on RedditShare by emailPrint friendly versionCopy page URL
Media Contact & Reprint Requests
Large image on homepages | Richard B. Levine/Newscom
(Richard B. Levine/Newscom)
surveillance
Richard B. Levine/Newscom

Consider this: The actual details about certain CIA cybersurveillance tools and hacking programs making it out into the public sphere aren't as important as we think. That the fact these details leaked in the first place is what matters. That our intelligence agencies cannot expect to keep their practices secret from the public at large (and other nations) should influence policy decisions on how much information they collect and how they prioritize infiltrating devices over revealing security risks.

After WikiLeaks dumped thousands of documents about CIA surveillance and cyberespionage techniques Tuesday, Ed Krayewski looked through and summarized some of the more notable discoveries. There have been some responses that maybe overstate what the CIA is doing based on at least what's in these documents. The use of surveillance through smart televisions, for example, requires a person to physically interact with the television in order to install malware. There is no evidence that CIA snoops can simply access the camera in any Samsung smart television.

So maybe the information from this leak is itself not particularly shocking. The CIA is doing largely what people expect them to do. That doesn't mean there's nothing important we should be learning from this info dump. Julian Sanchez, a Cato senior fellow who writes and speaks on surveillance issues and is a founding editor of Just Security, spoke to Reason (via Twitter direct messages) about the greater implications of the dump.

The CIA documents demonstrated an emphasis on data and device infiltration over security and the desire to keep "zero day" exploits (security weaknesses the device or software creator doesn't initially know exists) to themselves to aid in surveillance. Except, as this latest leak demonstrates, the CIA may not actually be good at keeping these exploits secure. And that creates more cybersecurity vulnerabilities for everybody because the CIA isn't informing companies about holes in their devices and programs.

"Many of us have been saying for a while that the default really ought to be quite prompt disclosure, because on net the security gain from closing vulnerabilities—defense against attacks against Americans—is likely to be greater than the value of the intelligence gleaned from maintaining the access," Sanchez says. "And I think that holds even if we're just talking about the risk of a hacker or foreign intel service independently discovering the same leak."

It's not unlike the fight over encryption "backdoors," deliberately designed mechanisms to access the data of a device or program by bypassing its security systems. Government officials want to use backdoors to access data for investigations of crime or terrorism. But there's no such thing as an encryption bypass that only the "right" people can use. Just like zero day exploits, anybody with the right knowledge—regardless of whether they have good or ill intent—would be able to exploit an encryption backdoor.

If even the secretive CIA cannot keep the details of its exploits out of the hands of Wikileaks, then we've surrendered both privacy and security for the benefit of the intelligence community's desire to collect information. Sanchez notes that "when you add what appears to be a very real problem of the actual tools we develop—weaponized vulnerabilities—making it into the wild, the risk of opting for retention over disclosure is even greater."

The leak should also be a reminder that when the federal government snoops, collects, and stores data about everybody, there's also the risk of that information "making it into the wild." We already saw this under President Barack Obama's administration when the private personnel data on millions of federal employees was compromised. The more information the government has, the greater potential for harms from other compromises.

But it's unclear right now whether any of these concepts or concerns will play any role in this post-leak analysis. Right now the emphasis is on who is responsible for the leaks ("Was it Russia? Was it? It was Russia, wasn't it? Tell us if it was Russia.") and the embarrassment the CIA must feel over the leak.

Start your day with Reason. Get a daily brief of the most important stories and trends every weekday morning when you subscribe to Reason Roundup.

This field is for validation purposes and should be left unchanged.

NEXT: University of Lincoln's Conservative Student Group Censored for Complaining About Censorship

Scott Shackford is a policy research editor at Reason Foundation.

CybersecuritySurveillanceCentral Intelligence AgencyPrivacyEncryptionCellphones
Share on FacebookShare on XShare on RedditShare by emailPrint friendly versionCopy page URL
Media Contact & Reprint Requests

Show Comments (33)

Latest

The App Store Freedom Act Compromises User Privacy To Punish Big Tech

Jack Nicastro | 5.8.2025 4:57 PM

Is Shiloh Hendrix Really the End of Cancel Culture?

Robby Soave | 5.8.2025 4:10 PM

Good Riddance to Ed Martin, Trump's Failed Pick for U.S. Attorney for D.C.

C.J. Ciaramella | 5.8.2025 3:55 PM

Trump's Tariffs Are Already Raising Car Prices and Hurting Automakers

Joe Lancaster | 5.8.2025 2:35 PM

Trump's Antitrust Enforcer Says 'Big Is Bad'

Jack Nicastro | 5.8.2025 2:19 PM

Recommended

  • About
  • Browse Topics
  • Events
  • Staff
  • Jobs
  • Donate
  • Advertise
  • Subscribe
  • Contact
  • Media
  • Shop
  • Amazon
Reason Facebook@reason on XReason InstagramReason TikTokReason YoutubeApple PodcastsReason on FlipboardReason RSS

© 2024 Reason Foundation | Accessibility | Privacy Policy | Terms Of Use

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

r

Do you care about free minds and free markets? Sign up to get the biggest stories from Reason in your inbox every afternoon.

This field is for validation purposes and should be left unchanged.

This modal will close in 10

Reason Plus

Special Offer!

  • Full digital edition access
  • No ads
  • Commenting privileges

Just $25 per year

Join Today!