WikiLeaks doesn’t ever make things easy.
When it became clear that the organization possessed documents that detail exploits affecting a handful of major tech companies, it looked like Julian Assange would play nice. Now, a week has passed since Assange said he would disclose information about those vulnerabilities to the companies affected — standard practice for the discovery of zero-day exploits that could threaten security for millions of users.
“We have decided to work with them, to give them some exclusive access to some of the technical details we have, so that fixes can be pushed out,” Assange said in a statement last week.
As Motherboard reports, WikiLeaks made contact with the tech companies this week, but it hasn’t provided any of the relevant data. Instead, it sent over a contract with a set of conditions that must be met first, though the specifics of the document aren’t known at this time. As its Twitter account makes clear, WikiLeaks was on the fence about whether to share the vulnerabilities at all.
Some of the companies affected feel fairly confident that their products are safe thanks to recent updates, but they’d probably like to tie up the loose ends anyway. “As we’ve reviewed the documents, we’re confident that security updates and protections in both Chrome and Android already shield users from many of these alleged vulnerabilities,” a Google spokesperson said last week.
Apple similarly indicated that the CIA methods likely no longer pose a threat and that “many of the issues leaked… were already patched in the latest iOS,” but noted that it “will continue work to rapidly address any identified vulnerabilities.”
For its part, the CIA appears to have made no effort to check in with the tech companies about the exploits that it has “stockpiled.” While there’s an argument for the CIA protecting its secrets, with the exploits out in the wild now, they’re of little use to anyone who doesn’t have criminal motivations. WikiLeaks has also faced criticism for how it presented the set of leaks, which it framed in sensational language in spite of the fact that the documents revealed little that was new.
In the meantime, we’d be curious what kind of demands the famously recalcitrant and not exactly tech-friendly Assange might have made. So you know, if you happen to run across the contract, we’d be happy to take a look.