Revelations about the CIA’s use of hacking tools by anti-secrecy group WikiLeaks show the risks of mass surveillance and bolster the case for international regulation, the United Nations’ independent expert on privacy said.
WikiLeaks published on Tuesday what it said were thousands of pages of internal Central Intelligence Agency discussions about hacking techniques used over several years.
The CIA, which is the United States’ civilian foreign intelligence service, has declined to comment on the authenticity of the purported intelligence documents. Cyber security experts say the documents appear to be authentic.
Joe Cannataci, the U.N. Special Rapporteur on the right to privacy, a job created in 2015 after Edward Snowden’s revelations about U.S. surveillance, said he was not surprised by the CIA’s capabilities, but that the case highlighted the growing security risks and the need for effective oversight.
“Probably the real story here (is) that somebody was able to get into the CIA’s supposedly secure spaces, extract and publish this stuff,” he told Reuters.
Cannataci reported to the U.N. Human Rights Council this week and urged states to work towards an international treaty to protect people’s privacy, saying traditional safeguards had become outdated in the digital era.
The WikiLeaks release has strengthened the case for evaluating intelligence oversight mechanisms and reinforcing them globally, he said.
“The WikiLeaks CIA hacking techniques story is yet more proof, if any were needed, that intelligence agencies and the data they gather are often just as vulnerable as everybody else and that they should not be taking the risk of gathering huge amounts of data about all of us in an indiscriminate manner.”
Cannataci cited evidence that information collected by states, including through bulk acquisition or mass surveillance, was increasingly vulnerable to hacks by foreign government or organized crime.
“The risk created by the collection of such data has nowhere been demonstrated to be proportional to the reduction of risk achieved by bulk acquisition,” he said.Surveillance is a legitimate tool to fight crime, but needs to be supervised, targeted and safeguarded, with warrants issued by an independent oversight authority on the basis of reasonable suspicion that somebody may be a threat to national security or has committed, or is about to commit, a crime, Cannataci said.
“Targeted surveillance: good. Mass surveillance: bad,” he added.
(Reporting by Tom Miles)