PRESS STATEMENT: Privacy International Reaction to Vault 7 Leaks
Privacy International Executive Director Dr Gus Hosein said:
“If today’s leaks are authenticated, they demonstrate what we’ve long been warning about government hacking powers — that they can be extremely intrusive, have enormous security implications, and are not sufficiently regulated. Insufficient security protections in the growing amount of devices connected to the internet or so-called “smart” devices, such as Samsung Smart TVs, only compound the problem, giving governments easier access to our private lives. If the CIA knew of security weaknesses in the devices many of us use — from “smart” phones to “smart” TVs — they should have been working with companies to fix the vulnerabilities, not exploit them.
Both the US and UK governments have used secret interpretations of law to justify hacking. In the US, the legal framework for NSA’s hacking operations likely stems from Executive Order 12333, but it remains shrouded in secrecy. Today’s leaks raise profound questions about the authority under which the CIA develops and carries out its hacking activities.
The leaks also shed light on secret intelligence arrangements between the US and other countries. One of the programs, code-named “Weeping Angel,” is said to exploit weaknesses in Samsung “smart” televisions to convert them into secret surveillance devices, recording conversations and transmitting them back to a CIA server. It is reported that this program was developed together with British intelligence agencies. PI has long fought to shed light on secret intelligence cooperation and data-sharing, including with respect to hacking capabilities and activities. Programs like Weeping Angel, if true, reveal the broad scope of these arrangements, which continue to operate in secrecy without clear rules or oversight.
Our devices must be secure against both the companies who seek to exploit our data and governments who seek to watch us. Samsung, mentioned in the documents, has had a history of controversy over its “smart” TV. Governments are taking advantage of the companies hunger to grab our data, often without our knowledge.
Privacy International continues to fight for transparency and accountability around government hacking and sharing powers, as well as improvements in the security of our networks and devices. Without such, we increasingly face a world where we are vulnerable in ways most of us cannot imagine, and our governments contribute to the problem as often as they try to fix it.”
Privacy International recently produced a 3-minute video which provides an overview of privacy risks with regards to smart devices, including smart meters. https://privacyinternational.org/node/1037