The CIA Can’t Protect Its Own Hacking Tools. Why Should We Trust Government Privacy and Security Proposals?

“We are often told that law enforcement must have a way to get around strong encryption technologies in order to catch bad guys. Such a “backdoor” into security techniques would only be used when necessary and would be closely guarded so it would not fall into the wrong hands, the story goes.

The intelligence community does not yet have a known custom-built backdoor into encryption. But intelligence agencies do hold a trove of publicly unknown vulnerabilities, called “zero days,” they use to obtain hard-to-get data. One would hope that government agencies, especially those explicitly dedicated to security, could adequately protect these potent weapons.

A recently released 2017 DOJ investigation into a breach of the CIA Center for Cyber Intelligence’s (CCI) “Vault 7” hacking tools publicized in 2016 suggests that might be too big of an ask. Not only was the CCI found to be more interested in “building up cyber tools than keeping them secure,” the nation’s top spy agency routinely made rookie security mistakes that ultimately allowed personnel to leak the goods to Wikileaks.”

CIA Encryption Meddling and Chinese Espionage Allegations Make It Clear: We All Need Strong Data Protection

“The same U.S. government that wants tech companies and telecoms to create secret software doors that would allow it to snoop on our private communications and data is also worried that other governments will be able to use those same back doors to do the same thing. This is what tech privacy experts have been warning U.S. officials (and U.K. officials and Australian officials) all along: Any back door that allows law enforcement to circumvent user privacy protections will ultimately be used by people with bad intentions.”