{"id":3005,"date":"2020-06-28T16:24:55","date_gmt":"2020-06-28T16:24:55","guid":{"rendered":"http:\/\/lonecandle.com\/?p=3005"},"modified":"2020-06-28T16:24:55","modified_gmt":"2020-06-28T16:24:55","slug":"the-cia-cant-protect-its-own-hacking-tools-why-should-we-trust-government-privacy-and-security-proposals","status":"publish","type":"post","link":"https:\/\/lonecandle.com\/?p=3005","title":{"rendered":"The CIA Can&#8217;t Protect Its Own Hacking Tools. Why Should We Trust Government Privacy and Security Proposals?"},"content":{"rendered":"\n<p>&#8220;We are often told that law enforcement must have a way to get around strong encryption technologies in order to catch bad guys. Such a &#8220;backdoor&#8221; into security techniques would only be used when necessary and would be closely guarded so it would not fall into the wrong hands, the story goes.<\/p>\n\n\n\n<p>The intelligence community does not yet have a known custom-built backdoor into encryption. But intelligence agencies do hold a trove of publicly unknown vulnerabilities, called &#8220;zero days,&#8221; they use to obtain hard-to-get data. One would hope that government agencies, especially those explicitly dedicated to security, could adequately protect these potent weapons.<\/p>\n\n\n\n<p>&nbsp;A&nbsp;<a href=\"https:\/\/www.wyden.senate.gov\/imo\/media\/doc\/wyden-cybersecurity-lapses-letter-to-dni.pdf\" target=\"_blank\" rel=\"noreferrer noopener\">recently released<\/a>&nbsp;2017 DOJ investigation into a breach of the CIA Center for Cyber Intelligence&#8217;s (CCI) &#8220;<a href=\"https:\/\/reason.com\/2017\/03\/16\/vault-7-versus-snowden\/\" target=\"_blank\" rel=\"noreferrer noopener\">Vault 7<\/a>&#8221; hacking tools publicized in 2016 suggests that might be too big of an ask. Not only was the CCI found to be more interested in &#8220;building up cyber tools than keeping them secure,&#8221; the nation&#8217;s top spy agency routinely made rookie security mistakes that ultimately allowed personnel to&nbsp;<a href=\"https:\/\/wikileaks.org\/ciav7p1\/\" target=\"_blank\" rel=\"noreferrer noopener\">leak the goods to Wikileaks<\/a>.&#8221;&nbsp;<br><br><a href=\"https:\/\/reason.com\/2020\/06\/23\/the-cia-cant-protect-its-own-hacking-tools-why-should-we-trust-government-privacy-and-security-proposals\/\" target=\"_blank\" rel=\"noreferrer noopener\">https:\/\/reason.com\/2020\/06\/23\/the-cia-cant-protect-its-own-hacking-tools-why-should-we-trust-government-privacy-and-security-proposals\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>&#8220;We are often told that law enforcement must have a way to get around strong encryption technologies in order to catch bad guys. Such a &#8220;backdoor&#8221; into security techniques would only be used when necessary and would be closely guarded so it would not fall into the wrong hands, the story goes.<\/p>\n<p>The intelligence community does not yet have a known custom-built backdoor into encryption. But intelligence agencies do hold a trove of publicly unknown vulnerabilities, called &#8220;zero days,&#8221; they use to obtain hard-to-get data. One would hope that government agencies, especially those explicitly dedicated to security, could adequately protect these potent weapons.<\/p>\n<p> A recently released 2017 DOJ investigation into a breach of the CIA Center for Cyber Intelligence&#8217;s (CCI) &#8220;Vault 7&#8221; hacking tools publicized in 2016 suggests that might be too big of an ask. Not only was the CCI found to be more interested in &#8220;building up cyber tools than keeping them secure,&#8221; the nation&#8217;s top spy agency routinely made rookie security mistakes that ultimately allowed personnel to leak the goods to Wikileaks.&#8221; <\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[13],"tags":[474,120],"class_list":["post-3005","post","type-post","status-publish","format-standard","hentry","category-article-share","tag-cia","tag-privacy"],"_links":{"self":[{"href":"https:\/\/lonecandle.com\/index.php?rest_route=\/wp\/v2\/posts\/3005","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lonecandle.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lonecandle.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lonecandle.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/lonecandle.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=3005"}],"version-history":[{"count":1,"href":"https:\/\/lonecandle.com\/index.php?rest_route=\/wp\/v2\/posts\/3005\/revisions"}],"predecessor-version":[{"id":3006,"href":"https:\/\/lonecandle.com\/index.php?rest_route=\/wp\/v2\/posts\/3005\/revisions\/3006"}],"wp:attachment":[{"href":"https:\/\/lonecandle.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=3005"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lonecandle.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=3005"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lonecandle.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=3005"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}