Alleged CIA documents show urgent need to limit government hacking

Washington D.C. — WikiLeaks today released thousands of documents it claims are from the Central Intelligence Agency (CIA) that purportedly give information about software and tools used in hacking operations. The documents highlight the inherent risks involved in government hacking operations. Access Now condemns the stockpiling of vulnerabilities, calls for limits on government hacking and protections for human rights, and urges immediate reforms to the Vulnerabilities Equities Process.

“Hacking is one of the most invasive activities governments can engage in, yet it occurs in the dark, without public debate,” said Nathan White, Senior Legislative Manager at Access Now.  “It’s not just the CIA, but law enforcement agencies in the United States and around the world that conduct hacking operations with significant repercussions for human rights and digital security. This leak demonstrates the urgent need to have a serious discussion about government hacking and to implement a legal framework.”

According to Wikileaks, the documents detail vulnerabilities in common software and technologies including iPhones and the Android operating system. The documents are also purported to include exploitations for those vulnerabilities.

“Today, our digital security has been compromised because the CIA has been stockpiling vulnerabilities rather than working with companies to patch them. The United States is supposed to have a process that helps secure our digital devices and services — the ‘Vulnerabilities Equities Process.’ Many of these vulnerabilities could have been responsibly disclosed and patched. This leak proves the inherent digital risk of stockpiling vulnerabilities rather than fixing them,” added White.

Access Now, an international NGO that focuses on the intersection of human rights and technology, recently issued a comprehensive report examining government hacking and recommended a presumptive ban on this activity unless protections and safeguards can be implemented. The full report is available here. An executive summary is available here.

“It’s simply a fantasy to believe that only the ‘good guys’ will be able to use these tools. It is critical for governments, law enforcement, technologists, and civil society to have an honest conversation about the impact of government hacking in the digital age,” added White.