Cyber Week in Review: March 10, 2017
from Net Politics and Digital and Cyberspace Policy Program

Cyber Week in Review: March 10, 2017

Here is a quick round-up of this week’s technology headlines and related stories you may have missed:

Surprise! The CIA spies on people! Wikileaks published a trove of Central Intelligence Agency documents revealing the agency’s cyber tools to break into smartphones, televisions, and computers. Security experts say the 8,761 documents expose nothing dramatically new about CIA espionage, which constitute legitimate spying activity and are not particularly sophisticated. And no, you’re not likely to be of interest to U.S. spooks. Software companies have had a similarly blasé response to the document dump, with both Apple and Google claiming to have already fixed most security vulnerabilities exposed. The documents, however, reveal the CIA’s use of zero-day vulnerabilities and that has raised questions about the viability of the U.S. government’s Vulnerabilities Equity Process (VEP), the process by which the U.S. government decides whether to disclose flaws it finds or buys to software vendors. The leak is nonetheless an embarrassing blow to the CIA, and the FBI has opened an investigation into the disclosure. If there’s one good thing to come out of these leaks is the revelation that hackers inside the CIA are the same as hackers outside Langley. They both love memes.

Listen all of y’all it’s a sabotageThe New York Times reports that the United States launched a years-long cyber effort to sabotage North Korea’s nuclear program. The effort may have succeeded for a time, and perhaps resulted in a series of failed missile tests. President Kim-jong Un ordered an investigation into the failed tests, which lead to the execution of senior officials. According to the Times, the sabotage effort prompted intense debate within the Obama administration as to whether the United States was crossing a red line: if the United States meddled in others’ nuclear supply chains, what would prevent a Russia or China from doing the same to it and render existing nuclear arsenals less safe? Columbia law professor and Council on Foreign Relations fellow Matthew Waxman ponders the legal basis for the operation over at Lawfare.

File under: "pipe dream." In a special report submitted to the United Nations Human Rights Council this week, independent expert on privacy Joe Cannataci called for serious reform on government surveillance practices. He called on UN member states to start the negotiation of a treaty to enshrine the right to privacy from surveillance, stating that it’s time to “start reclaiming cyberspace from the menace of over-surveillance.” Cannataci also expressed concern that current surveillance laws in countries such as the United States, France, and Germany choke privacy rights in favor of furthering the transition into the digital age. The question as to whether privacy and security are mutually exclusive remains highly contested worldwide among policymakers, as evidenced by U.S. Federal Bureau of Investigation Director James Comey this week, who remarked that there is “no such thing as absolute privacy in America.”

Still no LinkedIn for Russia. Russia announced this week that it will continue to block access to LinkedIn after the social networking site indicated it would not transfer Russian user data to local servers. LinkedIn has been banned in the country since November 2016 due its violation of a Russian law that stipulates that companies must store Russian citizens’ data on Russian soil. Despite its inability to reach an agreement with the Russian government, LinkedIn has said it will continue to be available in the Russian language and that it hopes successful negotiations with Russian authorities are on the horizon.