Here is a quick round-up of this week’s technology headlines and related stories you may have missed:
- CIA Director John Brennan provided additional insight on the cyber implications of the CIA’s reorganization during a discussion at the Council on Foreign Relations. As the Washington Post reported last week, the CIA is restructuring its operations by creating a new Directorate of Digital Innovation and replacing longstanding divisions with "mission centers" modelled on the CIA’s Counterterrorism Center, which Brennan once ran. In his prepared remarks, Brennan said that the creation of the new directorate "does not signal a change in the CIA’s core mission," but will allow the CIA to use technology to support all of the CIA’s missions. While Brennan didn’t elaborate further, this presumably includes using cyber operations to assist human intelligence targeting and collection.
- The developers of TOR have announced that they want to wean themselves off U.S. government funding. Approximately 75 percent of TOR’s funding comes from the U.S. government, primarily from the State Department as part of it’s efforts to provide anonymity tools to human rights campaigners and activists in countries which filter and monitor Internet traffic. Certain TOR users have expressed concern that the U.S. government leverages its funding to uncover illegal activity or unmask people looking to hide their activities, effectively turning TOR into a honeypot instead of an anonymity service.
- Wikimedia, the non-profit organization that runs Wikipedia, and the American Civil Liberties Union are suing the NSA over its "upstream" intelligence collection capabilities. The lawsuit alleges that the NSA’s ability to access information from the Internet’s backbone as it transits through the United States amounts to a violation of the First and Fourth amendments of the U.S. constitution, which protect free speech and prohibit unreasonable search and seizure respectively. Herb Lin at Lawfare commented on the suit, which elicited a reply from Megan Graham at Just Security.
- Reuters ran a story highlighting the potential geopolitical fault lines among private sector cybersecurity firms. While the piece won’t be new to anyone who follows the cybersecurity industry closely, the article does a good job flagging a critical industry debate: do security companies disclose all of the vulnerabilities and offensive operations they uncover, or do some withhold some information for fear of losing business with important government clients?