Last week, the Justice Department filed criminal charges against a North Korean operative for a malware attack that endangered hospital systems and crippled the computers of businesses, governments, and individuals around the world. Americans might be surprised to learn that the software used for this 2017 attack — known as “WannaCry” — was based on a hacking tool created by the U.S. government itself.
The NSA developed the tool for its own hacking operations and, inevitably, it leaked out. This incident raises questions about the wisdom of allowing the U.S. government — and law enforcement agencies in particular — to deploy hacking as a tool of surveillance.
Government hacking proposals have evolved in the context of the FBI’s “Going Dark” public relations campaign, which claims that the growing use of encryption will eviscerate the FBI’s ability to eavesdrop on criminals. To guard against this, the government says it needs tech companies to compromise customer security by providing “backdoor” access to law enforcement, giving it broad access to private communications and other revealing personal data.
But security experts almost uniformly agree that it is dangerous to design encryption to ensure investigators can have access to everything. Giving the government this power would render encryption software less secure since it would necessarily have a built-in weakness.
As the government vigorously pursues its campaign to force back doors into communications systems and devices, some security experts have proposed an odd compromise in response: That instead of giving the government more expansive backdoor privileges, the government should be allowed to deploy hacker tricks, arguably compromising fewer people’s data in the process.
Read the full post at the ACLU blog.