News stories

WikiLeaks Just Dumped a Mega-Trove of CIA Hacking Secrets
07 March 2017
ON TUESDAY MORNING, WikiLeaks published a data trove that appears to contain extensive documentation of secret Central Intelligence Agency spying operations and hacking tools. Codenamed “Vault 7,” the file contains 8,761 documents, and WikiLeaks claims that it represents “the majority of [the CIA] hacking arsenal including malware, viruses, trojans, weaponized ‘zero day’ exploits, malware remote control systems and associated documentation.”
……READ MORE

Don’t Let WikiLeaks Scare You Off of Signal and Other Encrypted Chat Apps
07 March 2017
OF ALL THE revelations to come out of the 9,000-page data dump of CIA hacking tools, one of the most explosive is the possibility that the spy agency can compromise Signal, WhatsApp, and other encrypted chat apps. If you use those apps, let’s be perfectly clear: Nothing in the WikiLeaks docs says the CIA can do that.
……READ MORE

How to protect your private data when you travel to the United States
07 March 2017
On January 30 – three days after US President Donald Trump signed an executive order restricting immigration from several predominantly Muslim countries – an American scientist employed by NASA was detained at the US border until he relinquished his phone and PIN to border agents. Travellers are also reporting border agents reviewing their Facebook feeds, while the Department of Homeland Security considers requiring social media passwords as a condition of entry.
…..READ MORE

Our reflections

Researchers and research ethics reviewers should be thinking about computer security throughout nearly all elements of the design and conduct of human research – especially when the data is potentially personally identifiable and the information sensitive.

The need for encryption in communications may arise when: data is collected or generated (e.g. by an online interview); transferred between collaborating researchers and support staff, or when discussing publication with editors. Routine email/webmail/messaging/Skype services may not be sufficiently secure. One response is through the use of encrypted chat apps such as Signal and WhatsApp.

We now know more about how the US intelligence services monitor and hack communications. These analyses do highlight the importance of safe email/online practices and prudent/up-to-date internet security.

It should be noted that the Wired analysis of the CIA data dump has not indicated any direct vulnerability in Signal and WhatsApp, there is apparently still considerable material yet to be released and recent commentary on the IRB Forum has suggested that Signal remains a secure solution.

Of course, researchers are still vulnerable if they carry data between jurisdictions and there are stories of researchers being asked for their passwords at the US border. Again, it is worth considering the technical solutions.