Vault 7, CIA leaks, and the Case for End-to-End Encryption

Reading Time: 2 minutes

Vault 7 was first teased by Wikileaks at the start of the year, through a series of Tweets which were fundamentally fodder for conspiracy theorists: images from Gestapo archives, the seed bank at Svalbard, old photographs of US military aircraft being built. In the end, the contents of the Vault (a title made up by the organisation itself) were revealed to be none other than CIA hacking tools: weapons of immense sophistication, capable of infecting devices not directly connected to the internet, looking at allied intelligence data, or even masking the identity of cyber-attackers  as an act of misdirection.

For a group which has a curiously cosy relationship with Russia – consider founder Julian Assange’s time on state broadcaster RT (then called Russia Today) – this shouldn’t be entirely surprising. The overall thrust of the code was not merely to point out that America’s moral grandstanding in the wake of potential Russian interference was hypocritical (a fair point). It supported a narrative amongst Trump supporters (both inside and outside of the United States) that it was all the conspiracy of a nebulous deep state, guided by the neo-liberal allies of Hilary Clinton. The end game is a soup of half-truths and outright lies, in which it’s unclear who to trust: a powerful tool in denying the US government the high ground.

There’s evidence that the sort of malware found in Vault 7 has made its way into the hands of criminals – perhaps gleaned from the evidence stolen from the CIA. It’s tempting, in that light to see Wikileaks’ behaviour in releasing the code for the malware as naive at best and toxic at worst. The group isn’t best known for vetting the information it puts out, after all, and previous releases have data may have put the civil rights of citizens at risk. The lesson which intelligence agencies in the West would like us to learn is that Wikileaks is simply doing the work of the Russians.

Even if Vaults 7 and 8 are the results of Kremlin stooges, they’ve made one of the best cases for end-to-end encryption for the citizens of the free world. Whilst governments have pressed for back doors to apps like WhatsApp, civil society and tech companies have tried to explain security doesn’t work like that. You’re not so much making a door into an app with a specific key, but creating an artificial hole – one anyone with specific knowledge could stumble across.

Vault 7 should have exploded the myth that the CIA – or indeed any intelligence agency – is truly an impregnable fortress, a cornerstone of the argument to break end-to-end encryption. Whatever else comes out in Vault 8, our wariness of spooks (whichever country they hail from) should not be changed.