1
00:00:00,040 --> 00:00:03,480
Speaker 1: The federal government has opened a criminal investigation into wiki

2
00:00:03,520 --> 00:00:06,720
Speaker 1: leak's release of more than eight thousand, seven hundred documents

3
00:00:06,720 --> 00:00:09,280
Speaker 1: and files that it says come from the CIA. That's

4
00:00:09,280 --> 00:00:12,600
Speaker 1: according to a CNN report. The documents, if they are real,

5
00:00:12,720 --> 00:00:16,720
Speaker 1: reveal malware viruses, security vulnerabilities, and millions of lines of

6
00:00:16,760 --> 00:00:20,240
Speaker 1: code the CIA has used to hack into devices, including

7
00:00:20,239 --> 00:00:24,000
Speaker 1: smartphones and smart TVs. The releases raised questions about how

8
00:00:24,000 --> 00:00:27,040
Speaker 1: wiki Leaku's got such sensitive files and how much privacy

9
00:00:27,080 --> 00:00:29,440
Speaker 1: we can count on when our devices are connected to

10
00:00:29,480 --> 00:00:32,760
Speaker 1: the internet. With us to talk about the release of

11
00:00:32,800 --> 00:00:36,640
Speaker 1: all of these uh previously secret documents are Stephen Vladdock,

12
00:00:36,680 --> 00:00:40,120
Speaker 1: a professor at the University of Texas School of Law,

13
00:00:40,200 --> 00:00:43,280
Speaker 1: and William Banks, the director of the Institute for National

14
00:00:43,320 --> 00:00:47,160
Speaker 1: Security and counter Terrorism at Syracuse University College of Law.

15
00:00:47,720 --> 00:00:51,479
Speaker 1: William what do the uh what do these documents reveal

16
00:00:51,600 --> 00:00:56,880
Speaker 1: to us about CIA capabilities for hacking? Well, I think

17
00:00:56,920 --> 00:00:59,080
Speaker 1: the first thing that they reveal is that the c

18
00:00:59,280 --> 00:01:06,680
Speaker 1: I isn't very good at keeping it stuff secure, Stephen,

19
00:01:08,040 --> 00:01:11,880
Speaker 1: a blogger. Nicholas Weaver, a security researcher at the International

20
00:01:11,920 --> 00:01:15,000
Speaker 1: Computer Science Institute in Berkeley, said the story here isn't

21
00:01:15,040 --> 00:01:18,680
Speaker 1: that the CIA hacks people? Of course they do. Taxpayers

22
00:01:18,680 --> 00:01:21,720
Speaker 1: would be right to be annoyed if that weren't the case.

23
00:01:21,959 --> 00:01:24,160
Speaker 1: Do you agree with that? I do. I mean, I

24
00:01:24,240 --> 00:01:27,479
Speaker 1: think part of the real story here is, as Bill suggests,

25
00:01:27,760 --> 00:01:30,360
Speaker 1: the remarkable fact that wikilis was able to get its

26
00:01:30,400 --> 00:01:34,679
Speaker 1: hands on if these are all accurate, over eight thousand documents,

27
00:01:34,680 --> 00:01:36,240
Speaker 1: this is just the first of what's promised to be

28
00:01:36,319 --> 00:01:39,160
Speaker 1: six or seven different disclosures. But John also, I think

29
00:01:39,200 --> 00:01:41,880
Speaker 1: it's not a surprise that the CIA has the ability

30
00:01:41,920 --> 00:01:44,360
Speaker 1: to do this. I think the surprise is, if this

31
00:01:44,440 --> 00:01:48,600
Speaker 1: holds up, if these are really authentic, just how widespread

32
00:01:48,680 --> 00:01:53,120
Speaker 1: and comprehensive, um the CIA's tool kit is, and basically

33
00:01:53,200 --> 00:01:56,880
Speaker 1: just how able the CIA is to defeat, or if

34
00:01:56,880 --> 00:02:00,120
Speaker 1: not defeat, at least bypass um, just about all of

35
00:02:00,160 --> 00:02:03,639
Speaker 1: the security measures that many of us have even started

36
00:02:03,680 --> 00:02:07,520
Speaker 1: to take from granted on our phones, on our computers,

37
00:02:07,520 --> 00:02:10,440
Speaker 1: on our televisions, in our cars. Um. If they're really

38
00:02:10,440 --> 00:02:13,400
Speaker 1: just easy to defeat by the CIA, it makes you wonder,

39
00:02:13,600 --> 00:02:17,119
Speaker 1: you know, who else could could manipulate those capabilities for

40
00:02:17,120 --> 00:02:20,880
Speaker 1: for mischief? Well? Bill, what you know, what is the

41
00:02:20,919 --> 00:02:24,480
Speaker 1: impact here? For in that regard you. Obviously, the CIA

42
00:02:24,520 --> 00:02:28,800
Speaker 1: is supposed to be focusing on external spying that is

43
00:02:28,800 --> 00:02:32,400
Speaker 1: not on United States citizens, but if others get information

44
00:02:32,520 --> 00:02:35,440
Speaker 1: from this dump, there could be implications for everybody in

45
00:02:35,480 --> 00:02:38,440
Speaker 1: the United States as well. And assuming for the month

46
00:02:38,440 --> 00:02:42,480
Speaker 1: the CIA has following the law. So what what should what?

47
00:02:42,480 --> 00:02:46,800
Speaker 1: What is the danger here in terms of what other entities,

48
00:02:46,880 --> 00:02:49,000
Speaker 1: other countries, other hackers might be able to do with

49
00:02:49,040 --> 00:02:52,160
Speaker 1: the information that WikiLeaks has put out. It's a real danger.

50
00:02:52,280 --> 00:02:57,040
Speaker 1: That's a good question. I mean, so the CIA needs

51
00:02:57,080 --> 00:03:00,320
Speaker 1: to share what it's known about these vulnerability is with

52
00:03:00,440 --> 00:03:03,720
Speaker 1: the companies that are impacted. You know that the Apples

53
00:03:03,760 --> 00:03:07,160
Speaker 1: and the and the other companies that make the devices

54
00:03:07,200 --> 00:03:09,640
Speaker 1: that we all use need to do a whole bunch

55
00:03:09,680 --> 00:03:12,560
Speaker 1: of of patches here as quickly as they can, which

56
00:03:12,560 --> 00:03:16,080
Speaker 1: will just lead to the next generation of vulnerabilities. Of course,

57
00:03:16,120 --> 00:03:18,960
Speaker 1: this is serve a cat and Moss game. Uh. The

58
00:03:19,040 --> 00:03:22,520
Speaker 1: offense has always been ahead of the defense in this world,

59
00:03:22,560 --> 00:03:26,799
Speaker 1: as this example illustrates, and and now that there will

60
00:03:26,919 --> 00:03:29,679
Speaker 1: be a period where where we'll have to be playing catchup.

61
00:03:30,240 --> 00:03:34,960
Speaker 1: CIA has lost a tremendous amount of their capabilities here

62
00:03:34,960 --> 00:03:38,240
Speaker 1: and they're gonna have to rebuild those as well, apart

63
00:03:38,280 --> 00:03:43,280
Speaker 1: from working hard to shore up their operational security. Steve.

64
00:03:43,320 --> 00:03:46,560
Speaker 1: They don't know yet whether it was an ex employee

65
00:03:46,680 --> 00:03:51,120
Speaker 1: or contractor, though many people are saying contractors, and several

66
00:03:51,160 --> 00:03:54,440
Speaker 1: of the security hacks in the past, like the Snowdon

67
00:03:54,960 --> 00:03:59,520
Speaker 1: and the man went to prison have been from contractors.

68
00:04:00,280 --> 00:04:04,920
Speaker 1: Is the CIA not not really doing enough background and

69
00:04:05,000 --> 00:04:08,520
Speaker 1: checking on their contractors. Yeah, Jude, I think it's a

70
00:04:08,520 --> 00:04:10,440
Speaker 1: little too early to tell. I mean, I think one

71
00:04:10,480 --> 00:04:14,040
Speaker 1: of the really important questions is how did Wickilix come

72
00:04:14,080 --> 00:04:18,479
Speaker 1: into all this information? Assuming it holds up as being authentic. Um,

73
00:04:18,520 --> 00:04:22,200
Speaker 1: it's not necessarily the case that this is another you know,

74
00:04:22,320 --> 00:04:25,800
Speaker 1: whistleblower Claude Edward Snowden. Um. You know, there are a

75
00:04:25,800 --> 00:04:29,120
Speaker 1: couple of reasons why this doesn't really smell like whistleblowing.

76
00:04:29,160 --> 00:04:31,720
Speaker 1: I means, as we've discussed already, you know, a lot

77
00:04:31,800 --> 00:04:34,760
Speaker 1: of this is stuff we actually all probably expected the

78
00:04:34,800 --> 00:04:37,000
Speaker 1: CIA was at least attempting to do, even if we

79
00:04:37,000 --> 00:04:40,440
Speaker 1: weren't sure they have the capabilities. Um. The other possibility, June,

80
00:04:40,480 --> 00:04:42,880
Speaker 1: is that this is not someone on the inside, but

81
00:04:43,040 --> 00:04:45,760
Speaker 1: rather this is the result of hacking. Um That the

82
00:04:45,760 --> 00:04:48,440
Speaker 1: hackers have actually managed to find a way to get

83
00:04:48,480 --> 00:04:52,400
Speaker 1: around some of the agency's you know, high security protocols.

84
00:04:52,720 --> 00:04:55,120
Speaker 1: At least some of these documents appear to be top secret,

85
00:04:55,200 --> 00:04:58,960
Speaker 1: and so you know, either way the answer is pretty alarmment.

86
00:04:59,000 --> 00:05:01,720
Speaker 1: Either there is someone on the inside who really doesn't

87
00:05:01,720 --> 00:05:04,880
Speaker 1: and hasn't seen a problem sharing this much information with

88
00:05:05,000 --> 00:05:07,839
Speaker 1: the net organization like Wiki leaks, or there isn't, in

89
00:05:07,880 --> 00:05:10,400
Speaker 1: which case we may have an even bigger problem in

90
00:05:10,520 --> 00:05:14,159
Speaker 1: the security of you know, information that's stored on top

91
00:05:14,200 --> 00:05:16,920
Speaker 1: secret government servers. Steve, one of the things that is

92
00:05:16,960 --> 00:05:20,200
Speaker 1: a bit confusing about all this is understanding exactly what

93
00:05:20,320 --> 00:05:22,279
Speaker 1: it is that we now know the CIA can do.

94
00:05:22,360 --> 00:05:25,919
Speaker 1: So for instance, um, they're one of the things they

95
00:05:25,920 --> 00:05:28,880
Speaker 1: can do is hack into smartphones even when people are

96
00:05:28,960 --> 00:05:33,320
Speaker 1: using encryption technology. How is that possible? So, I mean,

97
00:05:33,320 --> 00:05:34,960
Speaker 1: I think, you know, we still have to be careful

98
00:05:34,960 --> 00:05:36,640
Speaker 1: about what we know for sure and what we just

99
00:05:36,720 --> 00:05:40,159
Speaker 1: think we know from from the disclosures. It sounds like

100
00:05:40,279 --> 00:05:43,120
Speaker 1: what's going on is that there is some kind of

101
00:05:43,200 --> 00:05:47,280
Speaker 1: vulnerability that allows the those who have the vulnerability to

102
00:05:47,360 --> 00:05:49,600
Speaker 1: see I A. Now, I guess folks who also have

103
00:05:49,640 --> 00:05:53,320
Speaker 1: access to it on the black market UM not necessarily

104
00:05:53,400 --> 00:05:57,640
Speaker 1: to actually get around UM or to break the encryption

105
00:05:57,839 --> 00:06:02,000
Speaker 1: in encrypted apps like for example, Signal or WhatsApp or

106
00:06:02,000 --> 00:06:04,840
Speaker 1: the things like that UM, but rather to take advantage

107
00:06:04,920 --> 00:06:08,520
Speaker 1: of functionality on the phone to bypass that encryption. So

108
00:06:08,720 --> 00:06:10,960
Speaker 1: in English, I mean if I use the Signal app

109
00:06:11,279 --> 00:06:14,440
Speaker 1: UM to communicate with Bill. The what we what what

110
00:06:14,480 --> 00:06:17,360
Speaker 1: it sounds like has happened is not that the CIA

111
00:06:17,440 --> 00:06:19,960
Speaker 1: has found a way to break the encryption on Signal,

112
00:06:20,279 --> 00:06:23,120
Speaker 1: but has found a way instead to break other software

113
00:06:23,120 --> 00:06:25,880
Speaker 1: and hardware on the phone to for example, take a

114
00:06:25,880 --> 00:06:29,200
Speaker 1: screenshot UM of a message that I might be typing

115
00:06:29,240 --> 00:06:31,679
Speaker 1: out to Bill, or of my exchange with Bill. UM.

116
00:06:31,720 --> 00:06:33,680
Speaker 1: That's not quite the same thing, Michael, even if it

117
00:06:33,680 --> 00:06:35,159
Speaker 1: turns out to be true, because it means that the

118
00:06:35,200 --> 00:06:39,440
Speaker 1: software itself is still secure UM. But it does raise

119
00:06:39,560 --> 00:06:44,080
Speaker 1: questions about the vulnerability of the surrounding operating system iOS,

120
00:06:44,120 --> 00:06:46,040
Speaker 1: you know, in the case of an iPhone user UM

121
00:06:46,080 --> 00:06:51,839
Speaker 1: and the hardware Bill. WikiLeaks said it has has published

122
00:06:51,880 --> 00:06:56,280
Speaker 1: the documents, but it's redacted and change some paragraphs, including

123
00:06:56,279 --> 00:07:00,800
Speaker 1: the names of tens of thousands of CIA targets because

124
00:07:00,839 --> 00:07:03,680
Speaker 1: of this. Does this mean that the CIA is going

125
00:07:03,720 --> 00:07:07,680
Speaker 1: to be scrambling now to protect either protect people in

126
00:07:07,720 --> 00:07:10,800
Speaker 1: the field or to change targets or what's going to

127
00:07:10,840 --> 00:07:15,120
Speaker 1: be happening. Well, it's true that unlike the Snowden uh

128
00:07:15,520 --> 00:07:19,240
Speaker 1: leaks that made their way on the wiki leaks, the

129
00:07:19,240 --> 00:07:22,000
Speaker 1: the there's a lot of a lot more care taken

130
00:07:22,040 --> 00:07:27,080
Speaker 1: to redact potentially harmful trail, harmful to sources that the

131
00:07:27,120 --> 00:07:32,200
Speaker 1: agency uses, and harmful to victims. Uh So there's probably

132
00:07:32,240 --> 00:07:35,120
Speaker 1: not so much scrambling going on in that regard right now.

133
00:07:35,720 --> 00:07:38,240
Speaker 1: But at the same time, the agency is going to

134
00:07:38,360 --> 00:07:43,760
Speaker 1: have to rethink about going after the materials technologically as

135
00:07:43,840 --> 00:07:47,880
Speaker 1: it has. The hacking itself is going to have to

136
00:07:47,920 --> 00:07:52,480
Speaker 1: go be accomplished in different ways. Again, as you said

137
00:07:52,560 --> 00:07:55,600
Speaker 1: at the top of the of the show, they're not

138
00:07:55,640 --> 00:07:59,040
Speaker 1: looking at Americans here, They're looking for foreign intelligence and

139
00:07:59,120 --> 00:08:03,320
Speaker 1: most of the time outside the United States. It's very important.

140
00:08:03,360 --> 00:08:06,880
Speaker 1: That's how we gather a lot of our intelligence these days.

141
00:08:06,960 --> 00:08:10,000
Speaker 1: Human intelligence is important, but the but the tech is

142
00:08:10,600 --> 00:08:13,680
Speaker 1: far more so these days. But Bill, do you trust

143
00:08:13,680 --> 00:08:17,160
Speaker 1: WikiLeaks not to reveal not to say tomorrow, well we

144
00:08:17,200 --> 00:08:21,640
Speaker 1: are revealing those names. No, I don't. I think that's

145
00:08:21,640 --> 00:08:24,880
Speaker 1: that's important to bear in mind here. You know, WikiLeaks

146
00:08:24,880 --> 00:08:28,600
Speaker 1: has no public accountability whatsoever. It's one of the interesting

147
00:08:28,640 --> 00:08:31,000
Speaker 1: things here is that whoever took this stuff, and we

148
00:08:31,160 --> 00:08:34,079
Speaker 1: talked about it in the in the prior segment, whoever

149
00:08:34,160 --> 00:08:37,520
Speaker 1: did it didn't disseminate it, say to the Guardian or

150
00:08:37,720 --> 00:08:41,959
Speaker 1: the Washington Post, but instead to wiki leaks and and

151
00:08:42,360 --> 00:08:45,600
Speaker 1: uh so that suggests I think, as Steve was saying

152
00:08:45,600 --> 00:08:49,080
Speaker 1: before the break, that it probably wasn't a whistleblower type

153
00:08:49,240 --> 00:08:50,840
Speaker 1: who was just trying to get the word out. They

154
00:08:50,840 --> 00:08:53,440
Speaker 1: would have gone to a more traditional media outlet here.

155
00:08:54,559 --> 00:08:58,760
Speaker 1: It was either hacker and as somebody surmised this morning,

156
00:08:59,240 --> 00:09:02,920
Speaker 1: could have been another state, the Russian since the since

157
00:09:02,960 --> 00:09:05,079
Speaker 1: the Russian seemed to have been involved in all of

158
00:09:05,120 --> 00:09:07,840
Speaker 1: our business lately, why not this, Well, it's not like

159
00:09:07,880 --> 00:09:11,880
Speaker 1: there's been any news about Russian hacking recently, right Steve.

160
00:09:12,040 --> 00:09:15,880
Speaker 1: So so the Steve, you know, one of the things

161
00:09:15,920 --> 00:09:17,960
Speaker 1: that you look at it from the other side that's

162
00:09:18,000 --> 00:09:20,800
Speaker 1: actually a bit odd about this is that in some

163
00:09:20,840 --> 00:09:23,839
Speaker 1: ways you could see this as um, people worry. People

164
00:09:23,840 --> 00:09:26,320
Speaker 1: worry a lot about the government doing sort of broad

165
00:09:26,360 --> 00:09:30,120
Speaker 1: based data collection, but all these techniques that are in

166
00:09:30,200 --> 00:09:33,559
Speaker 1: these documents really seemed to be about having to target

167
00:09:33,679 --> 00:09:37,760
Speaker 1: specific users. So is this really a sign that, you know,

168
00:09:38,000 --> 00:09:40,080
Speaker 1: it's actually a lot harder to do this kind of

169
00:09:40,360 --> 00:09:43,320
Speaker 1: intel for a place like the CIA than than you know,

170
00:09:43,360 --> 00:09:45,760
Speaker 1: the kind of worries we often have about broad based

171
00:09:45,920 --> 00:09:48,440
Speaker 1: data collection. It may be. I mean, I think I

172
00:09:48,440 --> 00:09:51,280
Speaker 1: think it's certainly the case that that when we find

173
00:09:51,280 --> 00:09:54,520
Speaker 1: out this kind of inside information and see just how

174
00:09:54,760 --> 00:09:57,200
Speaker 1: many hoops the government will often have to jump through

175
00:09:57,600 --> 00:10:01,160
Speaker 1: deeven to do what is as Bill points out, quintessential

176
00:10:01,320 --> 00:10:05,560
Speaker 1: foreign intelligence surveillance against quintessentially foreign targets. You know, I

177
00:10:05,600 --> 00:10:08,839
Speaker 1: think that does actually perhaps restore a little bit of faith, um,

178
00:10:08,920 --> 00:10:11,080
Speaker 1: that things are not quite as bad as perhaps they

179
00:10:11,080 --> 00:10:14,280
Speaker 1: seemed at various points after this known disclosures. UM. But

180
00:10:14,320 --> 00:10:16,120
Speaker 1: there's a larger point, Michael, and I think this is

181
00:10:16,120 --> 00:10:20,720
Speaker 1: the real issue that these UM disclosures tea up, which is,

182
00:10:20,760 --> 00:10:24,800
Speaker 1: you know, the next generation of fighting in this space

183
00:10:25,040 --> 00:10:27,400
Speaker 1: is going to be about encryption, and it's going to

184
00:10:27,480 --> 00:10:30,320
Speaker 1: be about whether the government should have the authority to

185
00:10:30,440 --> 00:10:33,400
Speaker 1: have you know, zero day exploits ort to have backdoors

186
00:10:33,440 --> 00:10:37,560
Speaker 1: around secured and encrypted software and hardware. UM, we saw

187
00:10:37,760 --> 00:10:41,000
Speaker 1: elements of this last year in the fight between Apple

188
00:10:41,080 --> 00:10:44,480
Speaker 1: and the FBI over access to the San Bernardino Shooters

189
00:10:44,559 --> 00:10:47,120
Speaker 1: iPhone UM, but that was the tip of the icebergs.

190
00:10:47,200 --> 00:10:49,800
Speaker 1: This is really the future, and you know, I suspect

191
00:10:49,840 --> 00:10:52,920
Speaker 1: that it's going to be sooner rather than later. Um,

192
00:10:52,960 --> 00:10:55,000
Speaker 1: that Congress is going to have to STEPNA have to

193
00:10:55,320 --> 00:10:57,240
Speaker 1: We're gonna have to stop there, Steve, we'll talk about

194
00:10:57,240 --> 00:10:59,680
Speaker 1: that in the future. That's Stephen Atlantic of the University

195
00:10:59,679 --> 00:11:02,880
Speaker 1: of Tech exists and William Banks of Syracuse University