22
ISSUES: Privacy
Chapter 1: What is privacy?
FBI was initially incapable of breaking
into the San Bernardino killer’s iPhone.
“People expect the Government to
have these magic tools,” he said.
American citizens should not be lulled
into a false sense of security that the
CIA only targets foreign nationals. The
‘Vault 7’ documents show a broad
exchange of tools and information
between the CIA, the National Security
Agency, and other US federal agencies,
as well as intelligence services of close
allies Australia, Canada, New Zealand
and the United Kingdom.
“We can’t spy on our own citizens but
we can spy on anyone else’s,” explained
Neil Richards, a law professor from
Washington University. “If agencies
are friends with each other, they have
everybody else do their work for them
and they just share the data.”
“Dividing the world into American
citizens and non-American citizens is
a false dichotomy,” Gidari added. “We
don’t have a monopoly on spy tools.”
This leaves us with a terrifying new
prospect: government spies essentially
deploying viruses and trojans against
their own citizens.
The onus is now on the companies that
make the devices to plug any holes in
their operating systems – something
they do regularly through bug bounty
programs, where security researchers
disclose vulnerabilities in return for
rewards.
It’s clear from the CIA files that the US
Government has flouted this custom
in order to stockpile “zero days” –
undisclosed exploits – for its own
advantage. This is a practice the US
Government has previously publicly
denied.
“If companies aren’t aware that a
vulnerability exists they can’t patch
it. If it exists it can be exploited by
any malicious actor – whether that’s
a hacker, foreign state or criminal
enterprise,” said Neema Singh Guliani,
legislative counsel with the American
Civil Liberties Union.
“I have a big problem with the
Government leaving us vulnerable to
the same tools in hand so other nation
states and hackers could exploit them,”
Gidari said. “That isn’t protecting
American citizens.”
Gidari’s view echoes Apple’s stance
when the FBI demanded the company
build a backdoor to the iPhone so
they could access data on the San
Bernardino killer’s phone.
“Apple believes deeply that people
in the United States and around
the world deserve data protection,
security and privacy. Sacrificing one
for the other only puts people and
countries at greater risk,” the company
said at the time. The iPhone maker
was more muted in its response to
the Vault 7 dump, vowing to “rapidly
address” any security holes.
“There is nearly universal consensus
from technologists that it’s impossible
to build weaknesses or access
mechanisms into technology that can
only be used by the good guys and not
the bad,” Cohn said.
This week’s revelations are sure
to increase the strain on relations
between Silicon Valley and the US
Government. While some of the older
telephony companies such as AT&T
and Verizon, which rely heavily on
government contracts, have a history
of compliance with government
requests,
tech
giants
Google,
Facebook, Microsoft and Apple have
proved to be less compliant.
It’s not possible to meaningfully
participate in modern life without
relationships with some or all of these
technology companies processing our
data, Richards added. So it’s important
to know where their loyalties lie – to
their customers or to government.
Since Snowden’s revelations of mass
surveillance, companies such as Apple,
Google and Microsoft have been
working hard to rebuild trust with
consumers through strengthening
security, fighting government data
requests and releasing transparency
reports highlighting when and how
many requests are made.
“It’s a very encouraging development
if we care about civil liberties and the
right to privacy, but at the same time
it’s unsatisfying if the discretion of a
company is the only real protection for
our data,” Richards said.
“We need to build the digital society
we want rather than the one handed
to us by default,” he added.
This will require a complete overhaul
of the laws relating to when the
Government can collect location
and content information, something
civil liberty campaigners have been
pushing for.
“These decisions need to be made by
the public, not by law enforcement
or tech executives sitting in private,”
Richards said.
9 March 2017
Ö
Ö
The
above
information
is
reprinted with kind permission
from
The Guardian
. Please visit
for further
information.
© 2017 Guardian News
and Media Limited
