What should we citizens make of the report from WikiLeaks, which published what it said were internal CIA documents showing that the agency developed secret tools to spy on us by hacking into pretty much anything we use on the Internet — our computers, smartphones, even our TVs?
Cybersecurity experts are trying to figure out what it all means, and not much is clear right now. Meanwhile, there are things that regular people should take a minute to understand.
First, every one of us has an online presence — call it an information avatar — that reflects what we buy, what we watch and read online, where we live and work, who our friends and loved ones are, who we are. Companies, governments, employers, friends, enemies, acquaintances — all want access to this data.
This avatar gets more valuable with time as we increase our digital presence with online bank and brokerage accounts, Facebook, LinkedIn, Twitter, credit and debit cards.
Eventually, as our cars and homes migrate online — through smart appliances like thermostats and coffee makers and home monitoring systems — our avatars will become even more valuable to many organizations.
There are significant benefits to expanding our digital presence — we’ll call that the “good”– but as this WikiLeaks document release reminds us, there is also the bad and ugly.
Not only can organizations creatively acquire data on us, but the employees of those organizations can use the Internet to illegally share those creative tools and techniques.
And citizens must understand that we should have no expectation of absolute or even reasonable privacy. The breadth and depth of the CIA’s capabilities are just an example of what other countries are capable of doing. All of the developed countries in the world incorporate both offensive and defensive cybersecurity capabilities that are equal to or are a subset of what the US can do.
Therefore, it is not just US citizens who should not have any privacy expectation, but most people everywhere. If you are a citizen of one country, then other countries can, if they so desire, access your information avatar from your Internet presence.
People must also be aware that the products they buy are optimized to be sold at a certain price and that price does not include huge investments in security. Companies do not prioritize the security capabilities of their products, because adding these capabilities costs money. It requires expensive programmers steeped in cybersecurity techniques to continually run intricate testing to keep even with or not too far behind hackers.
Products properly hardened against cyberattack are not cheap — and who thinks of the security weaknesses of the new TV they are buying at a discount from Best Buy?
So, it is clear from these WikiLeaks documents that the CIA, and presumably the rest of the world’s intelligence communities, are leveraging the security vulnerabilities that are present in all of the products we purchase that can connect to the Internet.
It will be interesting to watch the “Who Gave WikiLeaks the Documents” casino play out. Was it Russia? Disgruntled Deep State government employees who want to embarrass the Trump administration? Deep-pocket adversaries of the President? North Korea? An organized crime syndicate hoping to capitalize on general enhanced levels of anxiety and confusion? Some combination of these?
Whatever the case, our eyes should be open now.
Our global society is becoming more digital with time. Our health information, fully outside of our control and spread across many computers at offices and hospitals, are connected. Our phones and tablets are connected.
Your information avatar is currently available to anyone with the capabilities to access and leverage it. Those who want the information connected to it are far better at taking it than we are at protecting it. And that gap will grow with time.