WikiLeaks published thousands of documents this week, detailing tools the CIA allegedly uses to hack into smartphones, computers and other electronic devices.
Fred Schneider is a Cornell University computer science professor who researches trustworthy computing and public policy, and co-chairs the Cybersecurity Working Group at Cornell. Schneider cautions that without the investment in more-secure systems, American citizens are vulnerable to cyber attacks by foreign powers.
Schneider says: “It's unfortunate that systems we build and deploy today – from cell phones to clouds – are so vulnerable to attack. Fortunately, American citizens are protected by law from wire-tapping and other forms of surveillance by U.S. intelligence agencies.
“But we're not protected from such attacks by foreign powers, and I see no reason that foreign intelligence agencies wouldn't be capable of building the same kinds of attack tools that were just revealed. The U.S. doesn't have a monopoly on top security expertise, after all. Better systems would be the only way to protect against those attacks.
“Given that we don't invest in building more-secure systems and that the vulnerabilities exist, the loss of capability for the U.S. from these disclosures is unfortunate; it diminishes U.S. capabilities for intelligence gathering, and such information has proved useful in forming foreign policy and in focusing defense investments."
Thomas Ristenpart is an associate professor at Cornell Tech and a member of the Computer Science department at Cornell University, whose research spans a wide range of computer security topics. Ristenpart says the leak should guardedly increase our confidence in encrypted messaging systems.
“The leak illustrates more of what we knew already, that state actors compromise systems to gain access to user data and communications. Unlike the Snowden revelations, the leak doesn’t suggest a paradigm shift in terms of our understanding of capabilities or methods.
“It also, instead of undermining our confidence in encrypted messaging systems, should possibly guardedly increase our confidence in them, as the CIA apparently relies instead on compromising the end points of communications instead of directly attacking the cryptography.”