BY KATHLEEN MURPHY – STAFF WRITER
Certainly not the only embarrassment the United States’ government has experienced in the last two weeks, but one directed towards the already criticized US intelligence community, Wikileaks released one of the largest collections of classified material on March 7.
This trove included 7,818 pages of files and 943 attachments related to the Central Intelligence Agency’s various cyberwarfare and hacking techniques. These documents were partially redacted to prevent the revealed cyberweapons and CIA projects from falling completely into other hands, making this release for the most part more humiliating than innately dangerous in content.
The highlights of these materials revealed include information on various weapons created or considered for development at the CIA. They also discussed a covert base within a German US consulate and the US intelligence community’s role in promoting vulnerabilities in smartphones and related technologies.
Concerns about cybersecurity, relations with Germany, and other vulnerabilities exposed by Wikileaks bring up serious issues with privacy in the domestic and international realm. Since the CIA is purposefully hoarding vulnerabilities in technology and hacking the phones of world leaders, what would stop them from using these vulnerabilities to target civilians?
The context surrounding the list of weapons in the release has broader implications for US security, namely to provoke questions of whether and what kinds of regulations institutions should place on cyberweapons. Unlike physical warfare, cyberwarfare and associated cyberweapons do not have similar regulatory regimes to place limits on what this kind of warfare can look like. For example, the Geneva Conventions regulate the kinds of weapons used and the treatment of civilians, a regime whose equivalent does not exist for cyberweapons.
As these leaks reveal a long list of cyberweapons and related developments, the continued use and proliferation of these weapons reinforces the need to ask whether interested parties should implement regimes like the Geneva Conventions. Setting these kinds of “ground rules,” so to speak, may be difficult practically to develop and apply across enough of the world’s cyberwarfare powers. Yet, it may provide important guidelines to prevent attacks on civilian targets or discourage proliferation, among other possible standards.
Reminiscent of past leaks from Wikileaks, the secret base of CIA operations out of a consulate in Frankfurt, Germany may also affect the international security realm.
Unlike the 2013 CIA leaks that revealed wiretapping of Angela Merkel’s personal mobile, provoking outrage and implicating the same Frankfurt consulate, the German government has approached these allegations cautiously. Currently, German officials are attempting to verify the information surrounding CIA activities in Germany, including that the Frankfurt base covered hacking targets in countries in Europe and the Middle East as well as China. The implications of this part of the leak then remain open, although they appear not to have significantly, or at least publically, impacted US-German relations as of now.
Concerning our present-day conception of privacy online often conjured by Wikileaks-related news another important impact lies with the US government’s hoarding of security vulnerabilities in products from technology companies worldwide. The CIA kept these “zero-days” that it discovered on various tech firm platforms for its own purposes and security interests, ensuring its own access to intelligence on these platforms. However, during the late Obama administration, Wikileaks indicated that tech companies like Google and Microsoft negotiated with the executive to gain some of these “zero days.” The companies hoped to patch them in order to secure their products’ viability and quality.
While this negotiation process now exists, the earlier period signifies the insecurity of the devices and technology that many Americans and people around the world use daily. It also indicates the kind of privacy-for-security compromises the US government is willing to make in the name of the American people. Although the US government has, for most Americans, the legitimate ability to make that kind of decision as a democracy, the implications may still be problematic.
Additionally, the creation of negotiations between the companies and the intelligence community suggests a more equitable process, allowing companies to advocate for their clients’ privacy and individual data security. However, the process lacks a significant amount of transparency, especially as the negotiating tech firms have no links to a democratic foundation, like the CIA. Even as Congress has placed checks on its powers, the CIA can only offer so much transparency. Moreover, as the revealed records demonstrate, the employee makeup of the CIA is predominately young and male, making it not fully representative of the American public as a whole.
Thus, while these leaks may contain mostly embarrassing revelations, they encourage the continuation of an important conversation in American public discourse. They push Americans to ask themselves and each other what kinds of compromises they are willing to make between personal privacy, democratic principles and the security that protects the political environment where this very discourse can occur.