In March 2017, WikiLeaks released Vault 7, which consisted of some 8,761 leaked confidential Central Intelligence Agency (CIA) documents and files from 2013 to 2016, detailing the agency’s vast arsenal of tools for electronic surveillance and cyber warfare. [According to WikiLeaks, the first series of released CIA documents, titled “Year Zero,” introduced “the scope and direction of the CIA’s global covert hacking program, its malware arsenal and dozens of ‘zero day’ weaponized exploits against a wide range of U.S. and European company products, include Apple’s iPhone, Google’s Android and Microsoft’s Windows and even Samsung TVs…”] Vault 7, which WikiLeaks described as the “largest ever publication of confidential documents on the agency,” drew considerable media attention, including stories in the New York Times and the Washington Post, for example. However, as George Eliason of OpEdNews reported, while Vault 7 documented the tools at the CIA’s disposal, the “most important part” of the disclosure—“the part that needs to frighten you,” he wrote—is that “it’s not the CIA that’s using them.” Instead, the malware, viruses, trojans, weaponized “zero-day” exploits, and remote-controlled systems detailed in Vault 7 are “unclassified, open-source, and can be used by anyone.” Eliason’s OpEdNews series reported how the CIA and other agencies came to rely on private contractors and “open source intelligence,” and considered the manifold consequences of these revolutionary changes in intelligence gathering.
As Eliason explained in his first OpEdNews article, the CIA is limited by law in what it can do with these hacking tools—but subcontractors are not similarly restricted. (“If these tools were solely in the hands of a US agency,” he wrote, “you would be much safer.”) By using private contractors, the CIA and other government intelligence agencies gain access to intelligence gathered by methods that they are prohibited from using.
As Tim Shorrock reported in a 2015 article in the Nation, “Over the last 15 years, thousands of former high-ranking intelligence officials and operatives have left their government posts and taken up senior positions at military contractors, consultancies, law firms, and private-equity firms. In their new jobs, they replicate what they did in government—often for the same agencies they left.” In a 2016 report, Shorrock estimated that 58,000 private contractors worked in national and military intelligence, and 80 percent of those contractors worked for the five largest corporations in the intelligence-contracting industry. In that report, Shorrock concluded that “not only has intelligence been privatized to an unimaginable degree, but an unprecedented consolidation of corporate power inside US intelligence has left the country dangerously dependent on a handful of companies for its spying and surveillance needs.”
Early on, Eliason reported, the private contractors who pioneered open-source intelligence realized that they could circulate (or even sell) the information that they gathered before the agency for which they worked had reviewed and classified it. In this way, “no one broke any laws,” Eliason wrote, because the information “shifted hands” before it was sent to an agency and classified. [For one account of how early open-source intelligence contractors worked, see Benjamin Wallace-Wells, “Private Jihad,” New Yorker, May 29, 2006.]
This loophole created what Eliason described as a “private pipeline of information” that intelligence contractors could use to their advantage. Members of Congress, governors, news outlets, and others often wanted the same “intel” that the CIA had, and, Eliason wrote, open-source intelligence contractors “got paid to deliver Intel for groups looking for specific insights” into creating or influencing government policy.
As a result of these changes, according to Eliason’s second article, “People with no security clearances and radical political agendas have state sized cyber tools at their disposal,” which they can use “for their own political agendas, private business, and personal vendettas.”
Although WikiLeaks’s Vault 7 exposé received considerable corporate news coverage, these reports failed to address Eliason’s analysis of the flaws in open-source intelligence and private contractors. A notable exception to this was a March 2017 Washington Post editorial by Tim Shorrock. Noting that WikiLeaks’s Julian Assange had said the CIA “lost control of its entire cyberweapons arsenal,” Shorrock’s editorial reviewed the findings from his previous reports for the Nation and concluded that overreliance on private intelligence contractors was “a liability built into our system that intelligence officials have long known about and done nothing to correct.”
George Eliason, “The Private Contractors Using Vault 7 Tools for US Gov: Testimony Shows US Intel Needs a Ground-Up Rebuild Part 1,” OpEdNews, March 31, 2017, https://www.opednews.com/articles/The-Private-Contractors-Us-by-George-Eliason-Hackers_Intelligence_Intelligence-Agencies_Websites-170331-791.html.
George Eliason, “How Intel for Hire is Making US Intelligence a Threat to the World Part 2,” OpEdNews, February 14, 2018, https://www.opednews.com/articles/1/How-Intel-for-Hire-is-Maki-by-George-Eliason-Agencies_Espionage_Intelligence_Intelligence-Agencies-180214-219.html.
Student Researcher: Harrison Brooks (University of Regina)
Faculty Evaluators: Janelle Blakley and Patricia Elliott (University of Regina)