WikiLeaks dump brings CIA spying powers into the spotlight

WikiLeaks is looking into evidence over whether the CIA ever spied on anyone in the US

Has the CIA ever spied on you? That’s a key question swirling around the WikiLeaks document dump that allegedly details the U.S. agency's secret hacking tools.

The documents themselves don't reveal much about who the CIA might have snooped on. But the agency certainly has the power to spy on foreigners outside the U.S., said Paul Pillar, a former deputy counterterrorism chief with the CIA.

That's its job after all: to collect foreign intelligence. But even so, the CIA is pretty selective with its targets.

The CIA's spying powers

Stopping terrorists and rival governments is the priority, Pillar said. And NSA-style mass surveillance doesn't necessarily help in that mission; it can actually "overload" the investigations with unnecessary data, he said.

"They've [the CIA] got far too much to do, and they're already inundated with too much information as is," he said.

So if you aren't involved in any plot against the U.S. or Western democracy, the CIA isn't going to waste its time on you, Pillar added.

However, it's important to note that U.S. citizens aren't immune to the CIA's spying powers. The agency can spy on them when they're outside the country, but only if it has the approval of the U.S. attorney general and a special court, when applicable.

Also, spying can be tricky. What happens if the CIA is listening in on a suspected terrorist who's speaking to a U.S. citizen?

Intelligence agencies will collect the raw data, but will usually redact any mention of the U.S. person from the finished intel report, Pillar said. In other cases, where the U.S. person is suspected of committing a serious crime, the data will be forwarded to a separate agency like the FBI, he said.

The number of "people who have access to the raw take … is extremely small,” Pillar said. "Any people who read that final report, they don’t get any information on the U.S. person at all."

A glimpse into the CIA’s playbook

Other security experts say there's nothing in the WikiLeaks document dump that shows the CIA engaged in mass surveillance.

Rather the documents allegedly describe hacking tools and malware mostly designed to target specific electronic devices, including smartphones, smart TVs, and PCs.

"That makes a big difference," said Herbert Lin, a senior research scholar for Cyber Policy and Security at Stanford University. "It's much more targeted than about bulk collection."

WikiLeaks has claimed the documents underscore how the CIA has created an arsenal of cyberweapons without any public oversight. But others like Lin view the matter differently.

"It’s the CIA's job to spy on foreigners," he said. "If the CIA wasn't developing these tools, then someone ought to have been fired."

Nevertheless, WikiLeaks claims it might have evidence that the agency spied on targets in the U.S. From the stolen documents, it's found 22,000 IP addresses that allegedly correspond to computers systems within the country. However, so far, WikiLeaks has yet to release more details.

Until it does, it's hard to say what any of those addresses might signify, said Alex Heid, chief research officer at Security Scorecard.

"Just because the IP address is being hosted within the USA, doesn't mean an American citizen was making use of it," he said.

Domestic spying?

However, the CIA certainly has a history of domestic spying in the U.S., Heid added. The CIA itself was involved in the illegal surveillance of journalists, antiwar protestors, and suspected communists from the 1950s to the 1970s.

Since then, the CIA has undergone reforms. And the agency has said it's "legally prohibited" from conducting electronic surveillance targeting anyone in the country.

But that doesn't mean the CIA can't find ways to work around those restrictions. The agency can actually request the FBI collect data in the U.S. for it. In fact, it can lend the FBI hand with the surveillance by offering "specialized equipment and technical knowledge," according to a government executive order.

There isn’t much information on how the CIA follows these rules in practice, said Nate Cardozo, a staff attorney with privacy advocate the Electronic Frontier Foundation. But he wonders if these leaked CIA hacking tools were also in the hands of other federal U.S. agencies, such as the FBI and Department of Homeland Security, which can investigate U.S. citizens.

Given that WikiLeaks obtained a copy, it's also unclear if any foreign government or malicious hackers might have this hacking tech as well.

"The CIA developed these powerful tools and lost control of them," Cardozo said. "So who knows who else has control over these tools? That's the most frightening thing to me."

Join the PC World newsletter!

Error: Please check your email address.

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Michael Kan

IDG News Service
Show Comments

Most Popular Reviews

Latest News Articles

Resources

PCW Evaluation Team

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre x360

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Windows 10 / Lenovo Yoga 910

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?