It’s understandable to think that any time a leak comes from a three letter agency it must be similar to Edward Snowden’s leaks from the NSA. We’ve seen the “Vault 7” hacks portrayed this way in the media and many who were on Snowden’s side then, seem to be against the CIA now. However, these are radically different situations. While the Snowden leaks showed the NSA engaging in unconstitutional behavior at the expense of American’s privacy, these leaks seem to contain a lot of good news for privacy hawks.
The CIA is Working Exactly Like It’s Supposed To
Let’s start by examining the CIA’s mission statement:
CIA’s primary mission is to collect, analyze, evaluate, and disseminate foreign intelligence to assist the President and senior US government policymakers in making decisions relating to national security.
So far, the leaks have been consistent with this mission statement and the CIA’s goal of foreign intelligence. And there is no indication they are spying on Americans or doing anything illegal. This is a far cry from the warrant-less domestic surveillance of the NSA. We want our CIA to be able to collect foreign intelligence to keep us safe.
The leaks mostly focus on the collection of hacking tools that the CIA uses for targeted surveillance. All but the extreme fringe of privacy activists agree that targeted surveillance is exactly what we want our intelligence agencies to do. This method of surveillance means that the CIA has to expend manpower and resources to hack a target and listen in on them. It’s essentially the same as the past, where the CIA had to physically plant a bug to listen in on someone or tap a specific phone line. In general, since the CIA has limited resources, they won’t waste those resources hacking anyone they don’t believe to be a legitimate threat. In contrast, the NSA engaged in passive, large-scale surveillance which spys on everyone without probable cause or expending extra energy.
One area that the CIA should be acting differently is hoarding vulnerabilities in consumer goods. This isn’t illegal but leaves those vulnerabilities unpatched and available for other hostile actors to use.