Sunday, March 12, 2017

14.4 - Privacy and the CIA

Privacy and the CIA

Finally, a few minutes on something I haven't talked about in a while: privacy in a digital age.

This was prompted, I expect you realize, by the release of a trove of CIA documents by WikiLeaks revealing a slew of agency's hacking techniques and programs.

This is, the group says, the first in a series of releases it's calling "Vault 7."

The title of the first release is "Year Zero," and the nearly 9,000 documents describe clandestine methods for bypassing or defeating encryption, antivirus tools, and other protective security features intended to keep the private information of citizens and corporations just that: private.

Experts who checked out the material said it appeared to be genuine.

The documents provide an overview of the scope and direction of the CIA's global covert hacking program, its malware arsenal, and dozens of "zero day" weaponized exploits against a wide range of US and European company products, including the Apple iPhone, Google's Android, Microsoft Windows. and even Samsung TVs, which are turned into covert microphones.

According to the group's press release, the CIA can also "bypass the encryption of WhatsApp, Signal, Telegram, Wiebo, Confide, and Cloackman" and the documents described ways of tricking various anti-virus programs into allowing malicious code to be injected into a computer. In other words, if the CIA wants to know, it will find out, no matter what you do to protect yourself, because "All your secrets are belonging to us."

What's more, there are indications that the CIA was working on ways to infect the vehicle control systems in by modern cars and trucks, which could, at least hypothetically, enable the agency to take over vehicles on the road and stop them - or direct them to where the agents wanted them to go.

What's not included are the actual hacking tools themselves. WikiLeaks said it planned to avoid distributing such information until a consensus emerges on how to deal with such software, although the group indicated the next day it may well release the information to technology and software corporations so they could construct patches against the CIA's methods.

It's worth recalling here that the NSA has for some time had a unit called "Tailored Access Operations," the very mandate of which is to enable the spooks to hack any computer, anywhere, any time. "Getting the ungettable" is the NSA's own description of the unit's duties. So this isn't actually a new field for the spooks and may involve the crudest sort of inter-agency rivalry and jealousy: Is the CIA just resentful of having to depend on the NSA for some intelligence operations or jealous of the NSA having a capacity it doesn't?

Meanwhile, the poor relation among the techno-spooks, the FBI, is still whining about encryption.

At a cybersecurity conference hosted by Boston College on March 7, FBI director James Comey declared that "There is no such thing as absolute privacy in America."

That, he said, "is the bargain. We made that bargain over two centuries ago to achieve two goals: privacy and security. Widespread default encryption changes that bargain. In my view it shatters the bargain."

That is, the inability of the FBI to penetrate modern encryption on our phones, our ability to keep our private information actually private, is destroying the ability of the noble and guiltless surveillance state to keep us safe and secure.

James "I must know all" Comey
The fact that his remarks come just a day after the Wikileaks document dump gave them a rather surreal quality, but he soldiered on, grousing about how many devices the agency had obtained and been unable to penetrate during the last quarter of 2016. Those devices, he declared, were linked to an array of criminal, counterintelligence, and terrorism investigations - but did not bother to declare how or even if the inability to access those devices impacted those investigations.

But here's the center of it for me: Comey denied that he is advocating for weaker encryption or for so called encryption backdoors into our phones. Oh no, he insisted that, contrary to pretty much everyone in the technological and computer fields, firms can retain access to a person's communications while also providing strong encryption.

That doesn't even make sense! How can a company provide strong encryption while still being able to access our communications at will? What kind of encryption is that? What kind of privacy is that if it can be breached at will?

Comey acknowledged that Americans have a reasonable expectations of privacy in their homes, cars, and devices. Big of him. But then he went on to spin a dark tale of a criminal world forever hidden from the FBI's view - while at the same time saying both that sophisticated criminals, nation states, and spies have had access to encryption technology for decades, and claiming that its the fact that encryption tools are now widely available which is the problem.

Which means, really, that the problem he's pointing to is us. Ordinary folks. Everyday folks. We're the ones who benefit from that wider availability of encryption. Not the sophisticated criminals, nation states, and spies; he said it himself, they've had access to it all along. We're the ones who can better protect our secrets. Which means we're the ones in James Comey's cross-hairs. Because the one thing the state cannot abide is the people being able to keep secrets, for the people to be able to know anything the state does not.

No comments:

 
// I Support The Occupy Movement : banner and script by @jeffcouturer / jeffcouturier.com (v1.2) document.write('
I support the OCCUPY movement
');function occupySwap(whichState){if(whichState==1){document.getElementById('occupyimg').src="https://sites.google.com/site/occupybanners/home/isupportoccupy-right-blue.png"}else{document.getElementById('occupyimg').src="https://sites.google.com/site/occupybanners/home/isupportoccupy-right-red.png"}} document.write('');