When WikiLeaks founder Julian Assange offered tech companies exclusive access to CIA hacking tools on Thursday, he made his intentions clear – "so that the fixes can be developed... so people can be secure." But his offer has left the likes of Google and Apple in a dilemma on how to deal with the anti-secrecy organisation which, the U.S. government believes, tries "to damage the Intelligence Community's ability to protect America against terrorists and other adversaries."
WikiLeaks published a hoard of 8,761 documents on its website on Tuesday, describing secret hacking tools and snippets of computer code that CIA allegedly used to breach a wide range of consumer electronic products like smartphones, smart TVs, and other software and equipment from tech giants, including Apple, Google, Samsung and Microsoft. If these companies actually get their hands on the leaked hacking tools, it will be much easier for them to spot and fix the exact loopholes in their products, and defend against any state-backed hacking attempts in future.
While the affected tech companies have a responsibility to fix issues in their products to protect consumer privacy, there is a huge risk of facing legal and ethical questions by accepting assistance from WikiLeaks. In addition, there could also be questions on whether technology companies should rely on a person who is believed by some U.S. officials and lawmakers to have connections with the Russian government.
"Considering what we think is the best way to proceed and hearing these calls from some of the manufacturers, we have decided to work with them to give them some exclusive access to the additional technical details that we have so that the fixes can be developed and pushed out, so people can be secure," Assange said during an online press conference from the Ecuadorean embassy in London.
While it is currently unclear how WikiLeaks intended to cooperate with the companies, White House has already issued a warning that accepting any assistance from WikiLeaks could result in the violation of the law. WikiLeaks' offer could also land companies in legal difficulties if they are under any government contracts or have employees with security clearances.
"The unauthorized release of classified documents does not mean it's unclassified," Stewart Baker, a former official at the Department of Homeland Security and former legal counsel for the National Security Agency, told the Associated Press. "Doing business with WikiLeaks and reviewing classified documents poses a real risk for at least their government contracting arms and their cleared employees."
During the conference on Thursday, Assange did say that some companies had requested for more details about the CIA hacking tools. However, the authenticity of his claim couldn't be verified, and it is also unlikely that legal counsels in big companies will take the risk of reaching out to Assange for help since there's still uncertainty about the views of the Justice Department.
Meanwhile, Microsoft said that it would welcome submissions of vulnerabilities if they are submitted through normal reporting channels.
"We've seen Julian Assange's statement and have not yet been contacted," Reuters quoted a Microsoft representative as saying. "Our preferred method for anyone with knowledge of security issues, including the CIA or Wikileaks, is to submit details to us at secure@microsoft.com so we can review information and take any necessary steps to protect customers."
While Apple hasn't made any comments so far on Assange's offer, the company said in a statement Tuesday that "many of the issues" mentioned in the WikiLeaks documents had already been fixed in the latest version of its iOS operating system.
But the question is how long the companies will refrain from checking out what WikiLeaks has in store.
So far, WikiLeaks has not set any conditions for its cooperation. And, with the CIA not showing any intention of contacting the affected companies about the vulnerabilities, they are certainly left with little choice.
