National security or user safety first? Tech firms reluctant to join forces with WikiLeaks

WikiLeaks founder, Julian Assange, said he would provide access to CIA cyberweapons.

A man crosses the Central Intelligence Agency (CIA) logo in the lobby of CIA Headquarters in Langley, Virginia, on August 14, 2008.SAUL LOEB/AFP/Getty Images

For technology firms like Google, Apple and Microsoft, the news that Julian Assange, the founder of WikiLeaks, is open to working with them to help fix suspected security vulnerabilities in their products poses a rather difficult legal and ethical dilemma.

In the wake of Wikileaks' disclosure of alleged Central Intelligence Agency (CIA) hacking tools targeting iOS, Android and other web-connected software including smart-TVs, one big question now looms: What comes first, customer safety or national security?

"After considering what we think is the best way to proceed we have decided to work with them [technology firms] and give them exclusive access to technical details," Assange said on 9 March during a live-stream from the Ecuadorian embassy, where he lives under political asylum.

Advertisement

The so-called "cyberweapons", the CIA has claimed, are used to protect US citizens from terrorism, online threats and hostile foreign nations.

But the WikiLeaks founder urged collaboration between the world's tech giants and his website, which reportedly obtained the documents a source inside the agency's cyber intelligence unit in Langley, Virginia.

Once the weapons are "disarmed", he said the data would be released into the public domain. While over 8,000 documents were released in the first batch – many detailing software bugs that had already been patched – Assange has claimed that was less than 1% of the "full arsenal" of cybertools.

After his appeal, however, tech firms – at least on the surface – appear reluctant to take up his offer. Many, as first reported by the New York Times, remain cautious due to legitimate legal concerns over delving into exploit data that may be considered classified government information.

"We've seen Julian Assange's statement and have not yet been contacted," a Microsoft spokesperson said. "Our preferred method for anyone with knowledge of security issues, including the CIA or Wikileaks, is to submit details to us at secure@microsoft.com."

Google's director of information security and privacy said in a statement this week: "As we've reviewed the documents, we're confident that security updates and protections in both Chrome and Android already shield users from many of these alleged vulnerabilities."

Meanwhile Apple, which develops iOS software, urged its users to update and said: "While our initial analysis indicates that many of the issues leaked today were already patched in the latest iOS, we will continue work to rapidly address any identified vulnerabilities."

Advertisement

It is understood other software developers and manufacturers, including Samsung, are still analysing the leak for potential vulnerabilities. One problem is that no-one – apart from Assange – knows the true scope of the leak, or its exact content.

'We've seen Julian Assange's statement and have not yet been contacted,' a Microsoft spokesperson saidReuters/Valentin Flauraud

According to the Financial Times, some in the technology industry remain suspicious of Assange's true motives. The newspaper quoted a source at an unnamed company who said the firm's policy of not working with "bad actors" would include WikiLeaks under that definition.

The US government defines Assange in similar terms. Sean Spicer, the White House press secretary, advised all technology firms to ask for legal counsel before talking up WikiLeaks' offer. "It remains classified regardless of whether or not it is released into the public," he warned.

And CIA spokesperson Jonathan Liu, on Thursday (9 March) asserted that "Julian Assange is not exactly a bastion of truth and integrity." The FBI is currently probing the leak, and reportedly is now lining up interviews with hundreds of staffers in an attempt to source the leak.

In an analysis released on 7 March, Assange described why he believes the bugs put all internet users at risk. "By hiding these security flaws from manufacturers like Apple and Google the CIA ensures that it can hack everyone and at the expense of leaving everyone hackable," he wrote.

© Copyright 2017 IBTimes Co., Ltd. All Rights Reserved.