WikiLeaks’ CIA Hacking Revelations

(An earlier draft of this column on Digital Privacy for Ordinary People appeared in the Leveller.)

Surveillance is in the news again with WikiLeaks’ release of an archive detailing CIA hacking methods. What does this mean for you, the ordinary reader interested in having a private on-line life?

First, let’s back up a little. NSA whistleblower Edward Snowden’s 2013 revelations showed the ubiquity of mass on-line surveillance.
But they also showed that certain programs and services were giving security agencies difficulty. These programs implemented encryption in various contexts – for browsing, instant messaging, calling, or for drives and whole operating systems. In 2013 the NSA internally characterized these privacy tools as a “major threat” to their mission. It also described the effect of chaining them together as “catastrophic” – leading to a “near-total loss/lack of insight to target[’s] communications [and] presence”.

The development and popularization of these tools has continued, and this column was created to introduce the best of them to readers.

Nothing in this more recent CIA release shows that these encrypted tools have been compromised, despite an initial tweet from WikiLeaks that spoke of “bypassing” popular encrypted apps like Signal and WhatsApp. While it was initially picked up by many news organizations, a growing consensus has characterized this tweet as ‘misleading’ and ‘sensationalizing,’ to borrow words from Zeynep Tufekci, a New York Times contributor and ‘technosociologist’ professor at the University of North Carolina.

So I still recommend encrypted tools like the Tor browser, Signal messaging/voice/video app, ProtonMail webmail, and TAILS operating system. Future columns will cover these tools in detail. In Tufekci’s words, “if anything, the C.I.A. documents in the cache confirm the strength of encryption technologies.”

That said, what the WikiLeaks cache does show is a significant shift in surveillance culture. Having realized that they can no longer reliably intercept communications when they are encrypted, the CIA has shifted to specifically targeting devices with malware. This includes smartphones, computers, smart TVs, and even automobile control centers. These practices by the CIA are probably indicative of what security agencies all over the world are doing, according to ProtonMail founder Andy Yen, a secure e-mail provider. Continue reading