WikiLeaks Has “Revealed” the Obvious Fact That a Hacked Phone Makes Encrypted Messaging Pointless
Did they also find secret NASA data revealing the sky is blue?
If WikiLeaks has done one thing very well recently, it’s been highlighting the problems with a glut of information but a shortage of context. Most recently, they’ve released data on the CIA’s cyber surveillance abilities, and in the process they’ve stirred up fears that encrypted data transmission isn’t actually secure.
However, there’s nothing in their data dump that shows the CIA has broken the encryption of Signal, WhatsApp, or other popular secure messaging services. WikiLeaks own press release doesn’t say so, either, but their wording (and the tweet they sent out to accompany it) certainly wasn’t chosen to avoid that confusion. They state that the CIA can “bypass the encryption” of several apps by directly compromising the device the app is on, which is hardly new information.
These end-to-end encrypted messaging apps shield of data from spying while it’s transmitted, which means general, large-scale data collection efforts are out of luck. If there’s a targeted, successful effort to hack a specific person’s phone, though, no amount of encryption through an app is going to help. WikiLeaks’ press release says the CIA’s “bypass” is done by “hacking the ‘smart’ phones that they run on and collecting audio and message traffic before encryption is applied.”
That’s like saying you can bypass a password on a document by forcing someone to recite the contents for you from memory—true, but also painfully obvious and not really headline news. It’s not that WikiLeaks’ information is inaccurate, but the way it was sent out (and echoed in the New York Times and elsewhere) has people (largely journalists and activists) unnecessarily concerned over the security of communication apps, when nothing has changed about that security. If anything, this is good news for the apps, since it means the encryption is doing its job and requires a different, more involved approach to spying on someone’s private data.
In WikiLeaks’ view, the real news is that, whether or not the possibility is surprising, this is something the CIA is doing in some cases, thanks to security flaws on Android phones, and they think this and other measures outlined in their release “urgently need to be debated in public, including whether the CIA’s hacking capabilities exceed its mandated powers and the problem of public oversight of the agency.” While you wait for that debate to take place between people who know what they’re talking about, check out the CIA’s repository of the dankest emoticons in existence—for very important national security purposes.
(image via Jacqui Brown)
—The Mary Sue has a strict comment policy that forbids, but is not limited to, personal insults toward anyone, hate speech, and trolling.—
Have a tip we should know? firstname.lastname@example.org