CIA's Shrugtastic Response To Hacking Apple Security: 'It Is What It Is' And 'That's What We Do'
from the meh dept
We just had a story based on the Intercept breaking the fact that the CIA holds an annual hackathon (the CIA calls it a "Jamboree") to come up with new ways to hack secure systems, inviting in various contractors and government agencies. Much of the work is focused on hacking Apple's security, inserting backdoors and generally degrading security and encryption for everyone.The CIA refused to comment on the Intercept's original story, but the reporters got former FTC official Steven Bellovin to sum it up as:
“Spies gonna spy,” says Steven Bellovin, a former chief technologist for the U.S. Federal Trade Commission and current professor at Columbia University. “I’m never surprised by what intelligence agencies do to get information. They’re going to go where the info is, and as it moves, they’ll adjust their tactics. Their attitude is basically amoral: whatever works is OK.”Now, "unnamed" anonymous CIA officials seem to be picking up where that shrugging comment left off. Talking to CNBC reporters, the CIA folks give similarly "meh" kinds of responses:
"That's what we do," the official said. "CIA collects information overseas, and this is focused on our adversaries, whether they be terrorists or other adversaries."Except, of course, they don't just spy overseas. The CIA has done domestic spying as well, and the descriptions of the projects don't just impact people overseas. And then there's this one:
"There's a whole world of devices out there, and that's what we're going to do," the official said. "It is what it is."It is what it is. That's someone who clearly doesn't care one bit about the negative consequences of attacking security and inserting backdoors that can harm everyone, just so long as they can also spy on people they don't like. You know, like the US Senate.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: backdoors, cia, encryption, hackathon, jamboree, privacy, spying, surveillance
Companies: apple
Reader Comments
Subscribe: RSS
View by: Time | Thread
Serial killers just "do what they do" and that doesn't make their murders right.
[ link to this | view in chronology ]
Re:
Ahem. People don't learn it seems.
[ link to this | view in chronology ]
Re:
Who they do it to seems to be the issue here, right? That's also what all the hackers do at Black Hat and other yearly events, isn't it?
If it can be hacked, then it needs work. Simple as that.
You want secure? Make it. There are numerous examples of companies attacked by hackers to prove the point that the security isn't good enough. This is just another example.
The difference that seems important here is that it's sponsored by our government. I think they should have the tools to protect our interests. Abusing them, however, is another story.
[ link to this | view in chronology ]
Re: Re:
As their words and actions have shown, their definition of 'protection' tends to involve sabotaging and intentionally weakening security used by millions of people, all for no apparent good, as despite all the damage they cause, they always seem to get tongue-tied when it comes to presenting the benefits resulting from their actions, and when they do try and trot out examples to justify their actions, those examples pretty much without fail show that their actions were unnecessary and/or caused more damage than they prevented.
As they, and multiple other government agencies have shown, while they may be all for protecting their interests, their security and their powers, they don't seem to extend that same fervor to the public's interests and security, so it's hardly surprising that a 'lets find or create as many security flaws as we can' event like this isn't well received.
They've lost the trust of anyone paying even the slightest bit of attention, so backlash against even things that may have been acceptable before is to be expected, and they have only themselves to blame for it.
[ link to this | view in chronology ]
Re: Re: Re:
So when it comes to who is watching the watchers, I like to refer to an old Goldie Hawn movie, Protocol. In the final scene, she is testifying before a senate panel and says the following after resigning from the state department, "So now that I'm Sunny Davis, private citizen again, you're gonna have to watch out for me. Because I'm gonna be watching all of you... like a hawk."
We are the watchers... if we keep putting the wrong people in office, we have no one but ourselves to blame.
[ link to this | view in chronology ]
Re: Re: Re: Re:
The public has a good amount of responsibility towards the government, but a large chunk of that demands transparency, demands that the people know what is being done, and who is doing it, and the government has been doing everything within it's power, even if it has to make up laws and rules in the process, to avoid that transparency and the informed public that results from it.
As such you'll have to excuse me when I don't buy the 'you get the government you deserve' and/or 'if the government is out of control, it's the public's fault for not reigning it in' arguments. The public deserves some of the blame, but the side lying, misleading, and hiding their actions from those they theoretically are supposed to serve shoulders most of it.
[ link to this | view in chronology ]
Re: Re: Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re:
1. i propose this to you: what if (and it isn't an 'if', it is a definite), 'our' computer-based voting systems are NOT secure (they are not) ?
then the ONLY method we have for 'holding them accountable' is borked...
2. but, let's be stupid and assume the voting systems are valid: when the two hydra heads of the SAME korporate money party have the system on lock down, HOW in dog's name do we EFFECTIVELY get any other 3rd party candidates any traction ? we don't...
3. HOW do we actually DO our due diligence and oversight when it is kept super duper top secret EVEN FROM OUR DULY ELECTED officials *supposedly* providing oversight ? how can WE "OWNERS" of democracy provide any oversight of things kept (PURPOSEFULLY/ILLEGALLY) out of sight that we have NO knowledge of being done in our names with our monies ? ? ?
4. lastly, the warm and fuzzy anecdote (BASED ON A MOVIE) is sweet and all; but when the media is bought and paid for to NOT do any such investigative reporting, HOW is a mere citizen supposed to put the fear of dog in our 'superiors' ? ? ? not going to happen to any significant degree, just not going to, i don't care how many pairs of rose-colored glasses you have on...
[ link to this | view in chronology ]
Re: Re: Re: Re: Re:
We have demanded instant gratification for almost every part of our lives... this includes politics and policy. How else do you explain the Patriot act and Obamacare?
We always root for the underdog. How many of our sports icons or celebrities have had comebacks after a drug addiction or illegal activity and we cheer them on? The same holds true for our politicians.
Why do you think this email issue with Clinton is coming out now? It wasn't the republicans that exposed it. Will it still be in the news in a year and a half when the elections roll around or will it be long lost and forgotten in the smoke of so many other scandals and outrages?
How much recent news has there been concerning Ferguson? How long ago was it?
We as a people need to begin to have a longer memory, so that when those in charge don't do what they were elected to do, we vote them out... or we get the rules changed to put term limits on all offices.
Our elected offices were originally meant to be part time gigs, more like jury duty than a career.
To blame the game and not the players is wrong on every level. The players are what make the game great or not.
We are all playing the game. so instead of raging against the machine, jump in and drive it.
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
Re: Re:
A really HUGE difference is that the Black Hat is all about actually revealing the security flaws so that they can be fixed.
The CIA does no such thing. Until a a vulnerability is revealed, it can't be fixed (you can't fix something when you don't know it's broken).
I'm not saying the CIA is doing wrong. I'm saying that comparing the hacker community to the CIA is like comparing apples to oatmeal.
[ link to this | view in chronology ]
Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re: Re:
[ link to this | view in chronology ]
Re: Re: Re:
Sounds good, what is the cinnamon in this analogy?
[ link to this | view in chronology ]
Canada Has A solution for This
[ link to this | view in chronology ]
And "it is what it is" means exactly nothing as no new information is received from such a statement.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
I think it's worse than that. They do whatever DOESN'T work, too (See: torture).
[ link to this | view in chronology ]
Uh...
[ link to this | view in chronology ]
Re: Uh...
But who said that the CIA published them?
[ link to this | view in chronology ]
Re: Uh...
The end result is that the only people who gain anything from this are the CIA and those watching the CIA's actions -- other governments and malicious operatives.
One example of this was in VLC -- for years, there was a VLC attack that was effective against OS X, Windows and Linux, and could be triggered just by opening a specially crafted file in VLC (the expected action would still perform too). As I understand it, this was used by the CIA, and eventually some companies like VUPEN noticed what was happening and added it to their arsenal. It took someone who used these products AND was concerned about product security in open source software to flag the issue up.
[ link to this | view in chronology ]
watch lists and linux/BSD-related websites
[ link to this | view in chronology ]
"other adversaries" = ordinary citizens
So the CIA collects information "overseas" -- i.e., on U.S. citizens using the other Four Eyes.
After the recent dustup between the Senate and the CIA, why am I not sleeping better at night ?
[ link to this | view in chronology ]
Corporate Personhood
In the US, corporations are legally people, which they claim grants them rights enjoyed by legal human citizens (rights which are being misused - I'm looking at you, ISPs who claim 1st Amendment means they have a right to censor or modify people's data on their networks). So from a perspective (not necessarily correct but analogous for our purposes), US companies are US citizens.
So then how come hosting a jamboree to hack into an American company's stuff is more acceptable than hacking into John Doe's computer for the same reason? Now, you can say that they bought Apple hardware and hacked that, which is "okay"* because at that point they owned the hardware and not Apple. But if (haha if) they instead actually hacked into servers and stuff owned by Apple, Apple should be screaming massive 4th Amendment violations (corporate personhood and all, right?), just like John Doe would - and the government can't claim lack of standing on this one.
This is all bullshit. Either companies are people, or they aren't** - the government doesn't get to pick and choose based on how it feels and what it thinks it can get away with, but right now the citizens are getting the short ends of both sticks.
*As an aside, lots of companies are claiming that modifying stuff is illegal - phone unlocking, jailbreaking, modding, etc. There's been a decade or more of fighting over our rights to make harmless modifications (jailbreaking doesn't encourage piracy anymore than encryption encourages terrorism) to our devices. Yet while lobbyists/the government is trying to make stuff like device modification effectively illegal ('without permission' or whatever red herring platitude they insert), they themselves are doing exactly that - only their modifications are far from harmless. The government is once more not applying the same standards to itself as it does its citizens, just like when all those copyright maximalists were caught using copyrighted material or pirated software.
**I'm inclined towards the latter, seeing as corporate personhood is pretty much a uniquely American thing. There are better tools to accomplish the same goals; corporate personhood isn't necessary..
[ link to this | view in chronology ]
Re: Corporate Personhood
[ link to this | view in chronology ]
Small Title Correction
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Makes sense
[ link to this | view in chronology ]
Re: Makes sense
[ link to this | view in chronology ]
Sorry folks
[ link to this | view in chronology ]
Re: Sorry folks
Well, we completely changed the constitution because 9/11 and so now, all of your so-called rights and laws are what we say they are, when we say they are, and according to OUR latest re-interpretation of the laws of the USA, we have not exceeded any legal boudaries, or broken any laws.
Sincerely,
NSA, your National Surveillance Agency
PS
eat out shorts :)
/s
[ link to this | view in chronology ]
Torture: It is what it is, and that's what we do!
Spying on you, the US Citizen: It is what it is, and that's what we do!
Super catchy.
[ link to this | view in chronology ]
Unconstitutionally Redundant
The cretins at CIA are simply looking to protect their rice bowl.
[ link to this | view in chronology ]
So you breaking the constitution, law, legal, policy, whatever the fuck you should call it depending on your blaze mood, you breaking these that you enforce by force on others is most assuredly not a bullshit fucking response of
"It is what its"
No.its.fuckin.not............or are you implying that laws are meaningless, that nobody should bother following them, and your authority go up in smoke with it........thats seems to be about the same amount of respect you are showing to the law of the land with
"It is what it is"........god, .......cant we have a tsa scanner that identifies bad fucking representation, at least tsa would do SOME good against the damage of their existance......and......and.......no more bad fuc..ing representation
[ link to this | view in chronology ]
He characterized 'em as what again?
[ link to this | view in chronology ]
Re: He characterized 'em as what again?
What makes you think he views it as something to be proud of?
[ link to this | view in chronology ]
Amoral
[ link to this | view in chronology ]
ALL SOLUTIONS !
[ link to this | view in chronology ]