The CIA Can’t Protect Its Own Hacking Tools. Why Should We Trust Government Privacy and Security Proposals?

“We are often told that law enforcement must have a way to get around strong encryption technologies in order to catch bad guys. Such a “backdoor” into security techniques would only be used when necessary and would be closely guarded so it would not fall into the wrong hands, the story goes.

The intelligence community does not yet have a known custom-built backdoor into encryption. But intelligence agencies do hold a trove of publicly unknown vulnerabilities, called “zero days,” they use to obtain hard-to-get data. One would hope that government agencies, especially those explicitly dedicated to security, could adequately protect these potent weapons.

A recently released 2017 DOJ investigation into a breach of the CIA Center for Cyber Intelligence’s (CCI) “Vault 7” hacking tools publicized in 2016 suggests that might be too big of an ask. Not only was the CCI found to be more interested in “building up cyber tools than keeping them secure,” the nation’s top spy agency routinely made rookie security mistakes that ultimately allowed personnel to leak the goods to Wikileaks.”

The FBI’s Systematic Dishonesty

“It would be reassuring, in a sense, if the FBI’s misfeasance could be explained by anti-Trump bias. But as Horowitz noted in his report, the fact that “so many basic and fundamental errors were made by three separate, hand-picked teams on one of the most sensitive FBI investigations,” one that “was briefed to the highest levels within the FBI” and “FBI officials expected would eventually be subjected to close scrutiny,” suggests a much deeper problem involving unrestrained overzealousness, confirmation bias, tunnel vision, and groupthink—tendencies that threaten all Americans who value their privacy and reputations.

Even Comey, who claims the dishonesty described by Horowitz “does not reflect the FBI culture of compliance and candor,” wonders if the failure might be “systemic,” meaning there could be “problems with other cases.””