13 March 2017

WikiLeaks Reignites Tensions Between Silicon Valley and Spy Agencies

Vindu Goel and Nick Wingfield

SAN FRANCISCO — Four years ago, Edward J. Snowden’s disclosures that the federal government was hacking America’s leading technology companies threw the industry into turmoil.

Now WikiLeaks has shaken the tech world again by releasing documents Tuesday that appear to show that the Central Intelligence Agency had acquired an array of cyberweapons that could be used to break into Apple and Android smartphones, Windows computers, automotive computer systems, and even smart televisions to conduct surveillance on unwitting users.

Major technology companies, including Apple, Google and Microsoft, were trying to assess how badly their core products had been compromised. But one thing clearly had been ruptured yet again: trust between intelligence agencies and Silicon Valley.

“After the Snowden disclosures, the Obama administration worked hard to re-establish relationships and government-industry partnerships,” said David Gutelius, chief executive of the marketing technology company Motiva, who has worked with the federal government on national security projects. “This leak will challenge those ties to some extent. But I don’t see companies simply walking away from the table as a result of this. Government and industry still need one another.”

The tense relationship between the technology industry and government agencies has been well documented. After the disclosures by Mr. Snowden, a former contractor for the National Security Agency, the government appeared to give some ground to the industry, which was angered by previously unknown snooping on their products and embarrassed by disclosures of their cooperation with intelligence agencies.

The government allowed companies to describe in broad terms the number of secret court orders for access to customer information that they receive. President Barack Obama also promised that the government would share knowledge of security flaws so that they could be fixed.

But last year, relations soured again after Apple resisted a Justice Department request for help accessing the iPhone of one of the attackers in the 2015 shooting in San Bernardino, Calif. As the company’s chief executive, Timothy D. Cook, explained in a letter to customers at the time, “The government is asking Apple to hack our own users and undermine decades of security advancements that protect our customers.”

In that case, the government eventually found a way into the phone without Apple’s assistance.

The documents posted by WikiLeaks suggest that the C.I.A. had obtained information on 14 security flaws in Apple’s iOS operating system for phones and tablets.

Apple said Tuesday night that many of those security issues had already been patched in the latest version of its software and it was working to address remaining vulnerabilities.

The leaked documents also identified at least two dozen flaws in Android, the most popular operating system for smartphones, which was developed by Alphabet’s Google division.

Google said it was studying the flaws identified by WikiLeaks. Android is more difficult to secure than Apple’s software because many phone makers and carriers use older or customized versions of the software.

The documents released by WikiLeaks reveal numerous efforts by the C.I.A. to take control of Microsoft Windows, the dominant operating system for personal computers, using malware. They include techniques for infecting DVDs and USB storage devices with malware that can be spread to computers when they are plugged in.

No comments: