The CIA #Vault7 Leaks are unsurprising
Wikileaks published the first of an (announced) series of leaks called #Vault7. The “archive appears to have been circulated among former U.S. government hackers and contractors in an unauthorized manner, one of whom has provided WikiLeaks with portions of the archive.” One important point is that it appears that the CIA hasn’t cracked either Signal or Whatsapp but that they rather rely on physical access to get into individual phones (or TVs) (Lawfare, ErrataSec) – this makes it harder to conduct mass surveillance because the costs are linear in the number of target devices. Overall, it is pretty striking how close the capacities of the CIA are to what we could have thought they were. Finally, if spy agencies know their arsenal is at risk of being forcibly disclosed like the CIA’s, this will likely bias them towards disclosing more vulnerabilities: what’s the point of keeping vulnerabilities if your arsenal can pretty much be destroyed at any point?
New FCC Chairman vs Net Neutrality
At the Mobile World Congress in late February, new FCC Chairman Ajit Pai said “net neutrality was “a mistake” and that the commission [was] “on track” to return to a much lighter style of regulation” (The Verge). In February 2015, under former FCC Chairman Tom Wheeler internet service providers had been reclassified as telecom companies providing service as a public utility, giving the FCC authority to regulate against agreements between content providers (e.g. Time Warner) and service providers (e.g. AT&T) to pay more for faster delivery (NYT). Instead, Commissioner Pai believes that “net neutrality rules make it harder to manage internet traffic and make investment in additional capacity less likely” (Fortune). We don’t know what the plan is yet, but the FCC dropped several investigations into zero-rating plans (free access to some internet services).
Is decentralization the future of the web?
Sir Tim Berners-Lee, the inventor of the world wide web, has been working this past couple of years of an effort to “decentralize the web” to “lock it open” (see his Decentralized Web Summit last June 2016). He published a Guardian op-ed warning about three harmful trends: 1) ” We’ve lost control of our personal data,” 2) ” It’s too easy for misinformation to spread on the web” and 3) ” Political advertising online needs transparency and understanding” (three arguments 100% aligned with my argument for regulating targeting-and-convincing infrastructures on Lawfare). Of course, the question is whether you think platforms will help (Berners-Lee wants to encourage “gatekeepers such as Google and Facebook to continue their efforts to combat the problem”) or whether you think that they are “symptoms” and that the root cause of the problem is that the business model of the internet is surveillance capitalism (collection and exploitation of personal data for private gains) in which case aggressive regulation is the only way out (read Aral Balkan‘s answer, he’s a privacy activist).
Have a hushed Monday!