CIA: Protect Americans First Instead of Hacking Their Phones and TVs

'Fundamentally, security is more important than surveillance.'

Ronald Bailey | 3.10.2017 11:55 AM

As all the world now knows, Wikileaks released the "Vault 7" trove of secret information about the Central Intelligence Agency's cyberwarfare and electronic surveillance activities. Among other things, the Vault 7 documents revealed hacking vulnerabilities in the code that operates Apple and Android devices and Windows, OSx, Linux, and internet servers. After the Edward Snowden National Security Agency mass surveillance revelations, the Obama administration promised to share with private vendors what the government learns about software vulnerabilities. To increase sharing, the Obama adminstration purportedly "reinvigorated" the Vulnerabilities Equities Process (VEP) in which the spooks at the NSA basically got to decide which exploitable software flaws to disclose to private companies.

Some critics of the VEP think it unreasonably disarms the U.S. intelligence community in the long twilight struggle with our international adversaries. For example, cybersecurity specialists Dave Aitel and Matt Tait assert:

Public protestations to the contrary, there should be no confusion: the VEP is, inherently, harmful to intelligence operators. The IC's adversaries in Russia, China, Iran and North Korea are not—nor will they ever be—hamstrung by similar policies….So no matter how limited the VEP might be, it will always represent a strategic disadvantage against foreign adversaries, a window into the US government's most sensitive operations. …

As problematic as the current VEP policy is, astoundingly plenty of US civil liberties groups and think tanks now clamour to make things significantly worse. Misunderstanding and discarding strategic interests, they offer policy proposals premised on an unexamined axiom that the US government should disclose essentially all vulnerabilities and do so at a much faster rate—there even appears to be some underlying uncertainty as to whether the government should be allowed to have an undisclosed vulnerability in the first place.

Herein lies the basic problem: US cyber operations already face a greater level of scrutiny and limitations than our competitors. But single-minded reformists seek still more restrictions. At the same time, US cyber capabilities grow increasingly critical and central to the basic function of democratic interests worldwide. Without a robust investment in these capabilities, the US will lack the ability to solve the "Going Dark" issue and our intelligence efforts will start to run into quicksand around the world.

Interestingly, if disclosing software vulnerabilities enhances the "Going Dark" problem for U.S. spooks, it would also tend to put Russian, Chinese, and Iranian cyberspies in the dark too. At a 2013 Cato Institute conference to discuss NSA spying, renowned cybersecurity guru and Harvard Berkman Center fellow Bruce Schneier persausively asserted, "A secure Internet is in everyone's interests. We are all better off if no one can do this kind of bulk surveillance. Fundamentally, security is more important than surveillance."

Today, Moxie Marlinspike, the developer of Signal the encrypted instant messaging and voice calling app, was on NPR's Morning Edition to talk about the Wikileaks Vault 7 revelations. The NPR segment noted that Wikileaks founder Julian Assange has suggested that his group would work with tech companies to fix the vulnerabilities in their systems that the CIA has kept secret. Marlinspike was then asked about Assange's offer by reporter David Greene:

Question: Is there an argument that Julian Assange is offering is something that the government should be doing; if they know about vulnerabilities in technology that they might tell you or Android about them and that's not a role that Wikileaks should be playing?

Answer: Absolutely, I think certainly I agree that is irresponsible to hoard these vulnerabilities and say (A) that no one else has discovered these vulnerabilities or to (B) think that they can manage them securely because, you know, obviously they can't. If what the CIA is interested in doing is protecting Americans, then I think it should be in the CIA's interest to disclose these vulnerabilities to American companies so that they can fix them and protect their users.

Yes.

Start your day with Reason. Get a daily brief of the most important stories and trends every weekday morning when you subscribe to Reason Roundup.

NEXT: Pitzer College RA Tells White Girls to Stop Wearing Hoop Earrings: It's Cultural Appropriation

Hide Comments (22)

Editor's Note: As of February 29, 2024, commenting privileges on reason.com posts are limited to Reason Plus subscribers. Past commenters are grandfathered in for a temporary period. Subscribe here to preserve your ability to comment. Your Reason Plus subscription also gives you an ad-free version of reason.com, along with full access to the digital edition and archives of Reason magazine. We request that comments be civil and on-topic. We do not moderate or assume any responsibility for comments, which are owned by the readers who post them. Comments do not represent the views of reason.com or Reason Foundation. We reserve the right to delete any comment and ban commenters for any reason at any time. Comments may only be edited within 5 minutes of posting. Report abuses.

SomeGuy 8 years ago

This is 100% true and its infuriating seeing idiots think otherwise out of sear ignorance.

We would be far better served with good unbroken encryption standards system wide.

Enctyped dashcams
cameras
file systems
interenet
cellphones
phone calls
and everything.

There is no real good reason for our data to be so fucking broken.
1. Vagina Lover 8 years ago
  
  What I want to know is, will the psychotic Trump The Hump, lying, hypocritical phony Sean "Ugly, Little, Chimp Face" Hannity and the rest of the contards still now lick the shit from rapist Julian Assange's diseased asshole?
2. Vagina Lover 8 years ago
  
  Contard hack/toady chimp face (he really does look very simian) Hannity must think that the brown stuff that comes from rapist Julian Assange's diseased asshole is fudge. Nah, he just loves the taste of shit.
Hugh Akston 8 years ago

If what the CIA is interested in doing is protecting Americans...

Well there's your problem right there.
1. SomeGuy 8 years ago
  
  Agreed...i have never seen or heard any government agencies interest to protect Americans besides the military. Any police/spy organization has never really given a shit about Americans. The military oddly enough does....to an extent.
  1. SomeGuy 8 years ago
    
    Don't get me wrong Military has no problem turning on Americans (Katrina) but at its core its purpose to to defend the homeland and not police/spy.
    1. Bubba Jones 8 years ago
      
      I think that was NOLA cops that went nuts in Katrina. Not soldiers.
      1. SomeGuy 8 years ago
        
        National Guard was caught too. IIRC even the army was complicit in certain ways.
        
        Its been a number of years since i read about it but it was bad.
Jerryskids 8 years ago

"There's a fine line between cuddling and holding someone down so that they can't get away."

Oops, wrong Dave Aitel. But the sentiment's the same, ain't it?
Colossal Douchebag 8 years ago

Disclosure would make CIA a servant of the people, rather than master.

Can't have that.
Enjoy Every Sandwich 8 years ago

I've long wondered how long it will be before it's considered "suspicious" by the authorities to NOT own a cell phone, or to own one but sometimes leave it at home. "The only reason you didn't bring your cell phone with you is you're trying to HIDE SOMETHING!!!"
1. SomeGuy 8 years ago
  
  It is true i try to hide many many things in my VC cascading containers with multiple layers, redirects, fake data. My VPNs, Tails, TOR, and so much more. Hidden shit in various places in the real world. Shit hidden in online games and so on. I do many things to hide stuff.
  
  FUCK OFF SLAVES 😀
2. SomeGuy 8 years ago
  
  It is true i try to hide many many things in my VC cascading containers with multiple layers, redirects, fake data. My VPNs, Tails, TOR, and so much more. Hidden shit in various places in the real world. Shit hidden in online games and so on. I do many things to hide stuff.
  
  FUCK OFF SLAVES 😀
  1. SomeGuy 8 years ago
    
    SLAVERS*
Inigo Montoya 8 years ago

"the VEP is, inherently, harmful to intelligence operators. The IC's adversaries in Russia, China, Iran and North Korea are not?nor will they ever be?hamstrung by similar policies....So no matter how limited the VEP might be, it will always represent a strategic disadvantage against foreign adversaries..."

Yeah, well those countries also practice all sorts of stuff like random arrests/interrogations, summary executions without the need for jury trials, extended at-will prison sentences, laws governing speech, internet access, the press, and even simple freedom of assembly, etc. By the logic of these guys, the US intelligence/law enforcement community should be able to do all that, too. I mean, isn't it a huge "disadvantage" to be "hampered" by a stupid thing like a Bill of Rights?
1. SomeGuy 8 years ago
  
  You do realize everything you listed the US does too.......
  1. Don't look at me. 8 years ago
    
    Yeah, but not in the open.
    1. SomeGuy 8 years ago
      
      yes it does. Drone strikes, Chicagos PD black site, numerous safe space and protest laws exist, indefinite detention of "sex offenders", attacking people who are protesting on private property with permission, and so on.
Uncle Jay 8 years ago

RE: CIA: Protect Americans First Instead of Hacking Their Phones and TVs
'Fundamentally, security is more important than surveillance.'

We must all trust our leaders to spy on us for our own good and for the good of the collective.
They always have our best interests at heart and have never done anything since the inception of our country that damaged or ruined the lives of Americans.
Therefore, let us all inform our slave masters in power what we think, say and do, along with what other people think, say and do if we are to continue down the enlightened path of socialist totalitarianism.
Spying by our ruling elitist betters only simplify and better our lives.
1. SomeGuy 8 years ago
  
  The fucked up part is i have met people who totally think this.
ant1sthenes 8 years ago

"The IC's adversaries in Russia, China, Iran and North Korea are not?nor will they ever be?hamstrung by similar policies"

Maybe not, but they will be hamstrung when the security gaps they were exploiting in products used by/in the US are closed thanks to the tireless efforts of NSA whitehats. I doubt we're obligated to disclose similar vulnerabilities to Russian, Chinese, and North Korean software companies, so it's mostly of benefit to violating the rights of Americans, not legit espionage, anyway.
PaulfromJersey 8 years ago

Please understand, dear posters, that the Hollywood Evil CIA buzzing about in your fevered brain doesn't exist. CIA has no mandate to operate in the United States. It is a foreign-intelligence organization. Other agencies may hack gear located within the United States. CIA does not. It's an important distinction you should keep in mind.

Please log in to post comments

CIA: Protect Americans First Instead of Hacking Their Phones and TVs

'Fundamentally, security is more important than surveillance.'

Latest

Marco Rubio Says He's Revoked 300 Student Visas Over Campus Activism

Pam Bondi Aims To Revive a Moribund Legal Process for Restoring Gun Rights

Trump Is Sabotaging His 'Drill, Baby, Drill' Agenda

How Backpage Became MILFS.com

The 'Meritocracy' Lie

Recommended

Login Form