Two panels on data security and online privacy during South by Southwest Interactive’s government track were particularly salient Friday after a newsy week that included Wikileaks’ release Tuesday of documents on how the government hacks your tech and President Donald Trump’s accusation Saturday that former President Barack Obama had illegally tapped his phone.
Scott Shackford with Reason magazine said he was glad he did not over-prepare for his panel “Get a Warrant: The Fourth Amendment and Digital Data.”
In it, privacy advocates discussed how people across the planet are volunteering more data that ever. But while people are carrying more and more data with them in the form of a smartphone, privacy laws haven’t caught up with the challenges yet.
“Unfortunately (lawmakers) are not predisposed to reform,” Mike Goodwin with the R Street Institute said. “We would like to see that change now that the president of the U.S. believes he was wiretapped. That could be good news, even though it’s in an odd way.”
Despite being one of the most bipartisan issues at Capitol Hill, privacy laws, even those with wide support, have remained stalled. And while Trump decried a wire tap at Trump Tower in a tweet that provided no evidence of the claim, the administration doesn’t appear to be in a hurry to pull back on government surveillance programs.
“At the same time Trump is claiming about being snooped upon, his staff is saying they don’t want anything to change,” said Sean Vitka with Demand Progress.
The recent trove of documents released by Wikileaks became the central topic of discussion during the morning panel “Bugs in the System: Mapping the Vulns Market.”
“Vulns” are tech-speak for exploitable vulnerabilities hackers find in software and operating systems. They’re the kind of windows the FBI forced open to access the information inside the iPhone of the man accused of the San Bernardino shooting, in a fight with Apple that became very public.
Of course, criminals are also actively searching for software flaws to infiltrate computers and phones.
Panelists described a so-called “gray market” in which companies will put out “bug bounties” and offer to pay hackers to find and fix vulnerabilities in their systems that they fix. But the price is much higher when the “vuln” is purchased by a third party seeking to either resell or exploit it.
The tools uncovered in the Wikileaks dump this week were largely known vulnerabilities. Their targets are at the individual level and not at creating a wider surveillance net.
But while many of the vulnerabilities had already been solved in software patches, they are still exploitable in surveillance if people don’t update their software.
“People don’t patch. That is the flaw,” said Ari Schwartz, managing director of cybersecurity services at Venable LLC and a former member of the White House National Security Council.