“We are often told that law enforcement must have a way to get around strong encryption technologies in order to catch bad guys. Such a “backdoor” into security techniques would only be used when necessary and would be closely guarded so it would not fall into the wrong hands, the story goes.
The intelligence community does not yet have a known custom-built backdoor into encryption. But intelligence agencies do hold a trove of publicly unknown vulnerabilities, called “zero days,” they use to obtain hard-to-get data. One would hope that government agencies, especially those explicitly dedicated to security, could adequately protect these potent weapons.
A recently released 2017 DOJ investigation into a breach of the CIA Center for Cyber Intelligence’s (CCI) “Vault 7” hacking tools publicized in 2016 suggests that might be too big of an ask. Not only was the CCI found to be more interested in “building up cyber tools than keeping them secure,” the nation’s top spy agency routinely made rookie security mistakes that ultimately allowed personnel to leak the goods to Wikileaks.”