Revelations from Wikileaks have far deeper implications than have been covered by the media as yet. The CIA has lost control of not only a trove of documents about the organization’s cyber warfare capabilities. It’s lost control of the weapons themselves.
In digital warfare, there exists the concept of a zero-day exploit. In hacker/information security parlance, a zero-day is an undisclosed vulnerability in software that has been discovered. Ordinarily, watchdog groups and the organizations that produce software have procedures in place to discuss vulnerabilities and issue patches before releasing details of exploits to the general public. Only in the extreme circumstance of an organization deliberately ignoring reports by security researchers of exploitable weaknesses do ethical hackers resort to releasing details of the attack to the general public. The obvious ramification of knowledge being openly available before a patch is released is that anyone can use it prior to patching.
There is the obvious issue, raised by Wikileaks itself, that the CIA has duplicated the functions of the NSA, but very likely with even less oversight for the use of their arsenal. This is not only a waste of taxpayers’ money, but possibly a revelation that unconstitutional attacks on the privacy of American citizens may be taking place by more than one government agency. If that is the case, it is a clear violation of the CIA’s mission, as laid out by Congress.
The ultimate effect of losing this digital arsenal, which may now be in the hands of anyone, is that literally any digital evidence may be called into question. The scope of who may have access to it is completely unknown, and this genie cannot be put back into its bottle. The evidentiary value of criminal activity stored on computers could be disclaimed as planted evidence. This has wide-ranging implications not only for cases under consideration, but for future cases which may be brought.
The CIA now has an obligation to the American people to disclose all of the methods of its infiltration to software developers in advance of the coming storm. It must shatter the weapons it created and, if Congress deems it necessary, it may rebuild a new arsenal.
Furthermore, Congress must probe the agency deeply and potentially reform the country’s spying agencies completely. There is evidently far too much overlap for which the taxpayer is expected to foot the bill. It is also evident that there is too little civilian oversight and too much delegation of powers in the name of national security, a long-standing problem which has now become an emergency. Ethical considerations of spying on foreign powers aside, this lapse has made it clear that our own spying agencies are as much a danger to our own citizens as they are to the rest of the world.