The US has become a place where the rule of law is as slippery as a salmon. On Tuesday, Wikileaks released evidence that the CIA has been snooping on people illegally using Samsung smart TVs, smartphones, and PC microphones. The data dump (which is called Vault 7) is only the first part of the whistleblowing organization’s treasure trove of information about the CIA. According to Julian Assange, it is only 1% of the entire cache that has been acquired from the CIA insider who supplied Wikileaks with the files.
The leak demonstrates that while the NSA was put under the magnifying glass due to the Snowden revelations, the CIA received vast amounts of funding and massively expanded its hacking operations. In fact, rather than a cyber civil war in the USA (which is often believed to be occurring between the competitive rival agencies), it seems far more likely that the government simply moved its hacking operations from the NSA to the CIA to keep them going. Of course, I might be wrong and they might really both be hacking away simultaneously for different paymasters. Either way, it is more of the same dirty US surveillance we have all come to expect.
As if Vault 7 wasn’t enough of a shock for a Tuesday afternoon, on the same day GOP senators put forward a joint resolution that would permit ISPs to sell consumer data to third parties (without consumer consent). The proposed resolution is yet more evidence of the vast rift of opinion that is currently tearing the US apart.
Privacy advocates feel that the US is already stepping on people’s right to privacy far too much. US-based corporations that promise privacy do so under a worrying gray cloud, fully aware that they could be served a warrant and a gag order at any time. Under these circumstances (when private personal data can be forced out of firms hands against their will), privacy is a false promise.
That is why PrivacyTools.io recommends that people who value privacy should steer away from firms based in the US. Sadly, despite how bad things already are for US consumers, if Republicans have their way then this invasive climate only looks set to get worse.
Regulations already in place
In October 2016, the Federal Communications Commission (FCC) passed regulations that seek to force ISPs to ask for “explicit consent” to sell or share data on to third parties. This regulation was created to protect US consumers’ privacy and is one of the few positive pieces of legislation that US citizens had to look forward to.
Now, just two months into the Trump administration, we are starting to see worrying signs about how the Republicans plan to move forward in terms of digital privacy. As predicted, it isn’t pretty. Last Tuesday’s highly invasive joint resolution was introduced by Sen. Jeff Flake (R-Ariz.) and 23 Republican co-sponsors. The resolution would use legislative powers from the Congressional Review Act (CRA) to overrule the FCC. What is also incredibly troubling, is that the use of the CRA means that if the resolution passes, the FCC would never be allowed to re-introduce the privacy regulations ever again.
A Crisis for Privacy in the US
The result for US citizens? ISPs would have free reign over the data that they capture from their customers, and the ability to share it with whoever they want. This is a huge breach of privacy, which is what the FCC was trying to regulate against. So, why are Republicans seeking to overrule the FCC’s good work?
Presumably, the US government is interested in passing this legislation so that ISPs can freely pass data about any person of interest to the US intelligence community. However, the ramifications of such legislation would also mean that any data collected about people – including web browsing histories and metadata – would be subject to an unregulated free for all. This would give ISPs the legal right to sell private consumer data to whoever they like. Senator Edward Markey (D-Mass.) was quick to criticize the new proposal:
“Big broadband barons and their Republican allies want to turn the telecommunications marketplace into a Wild West where consumers are held captive with no defense against abusive invasions of their privacy by internet service providers.”
Unbelievably, the Arizona senator claims that the proposed resolution is for the benefit of regular consumers. He claims that it would “protect consumers from overreaching internet regulation.” Adding that it “empowers consumers to make informed choices on if and how their data can be shared.”
This is, in reality, the opposite of the truth. The FCC’s current regulations specify that ISPs must seek permission from consumers if they want to share any of the following: “geo-location data, financial and health information, children’s information, Social Security numbers, Web browsing history, app usage history, and the content of communications.”
That requirement is due to come into force in December 2017. In addition, the FCC’s privacy regulation specifies that ISPs are supposed to take measures to stop consumer data falling prey to cybercriminals. This part of the regulation was supposed to kick in ten days ago (on 4 March), though sadly Trump’s newly appointed FCC chairman (Ajit Pai) has postponed it.
Despite what he claims, Sen. Jeff Flake’s proposed resolution would stop the FCC’s privacy-providing regulations (which are designed to protect consumers) from ever taking effect. Unfortunately, due to the Republican majority in the Senate, it seems highly likely that this new resolution will successfully stop the FCC’s regulations from ever seeing the light of day – at a huge loss to US citizens’ privacy.
Protect Yourself with a VPN
Talking about Tuesday’s Vault 7 revelations, famed security expert John McAfee made the following comments:
“We have turned inward. The bulk of the CIA hacking was not done against a foreign power or a hostile power – unless every individual US citizen is viewed as a hostile power – but no it was done against u: normal US citizens and American industry. To the point where if one of them [US firm] wouldn’t cooperate with investigations, the CIA would manage to get one of its operatives planted inside… to put backdoors into all of their systems.
“The US has become the world’s master at spying on its own citizenry.”
In the interview, McAfee admits that despite knowing that this sort of surveillance was happening for years, he never imagined that it would be quite as bad as it actually is. “It put shivers down my back,” he says before continuing, “this can’t possibly be happening, isn’t this America?”
Sadly, however, this is the harsh truth about the current climate in the US. The US intelligence community is using loopholes to do mass surveillance, and the only real way for citizens to protect their data from being too easily penetrated is with end-to-end encryption. Sure, the NSA and the CIA do have methods for breaking some of those encryption protocols. In addition, the security community is eagerly awaiting the results of the Open Source Technology Improvement Fund’s OpenVPN audit (and whatever that rigorous testing us about the number one VPN protocol on the market at the moment).
Despite this, however, Vault 7 and the proposed new resolution are stark reminders that citizens of the US (and everywhere else) ought to be protecting their data as much as possible with a strong VPN. At least with a VPN, consumer data is protected from the prying eyes of ISPs. The result is that for third parties (like government agencies) to get their hands on that data, a VPN subscriber would have to be singled out and victimized with a much more focused and direct attack (which is a far more costly, unlikely, and precise endeavor).
Opinions are the writers own.
Title Image credit: Minerva Studio/Shutterstock.com
Image credit: Richard Frazier/Shutterstock.com
Image credit: Jakkrit Orrasri/Shutterstock.com
Image credit: Chanwoot_Boonsuya/Shutterstock.com