Is the CIA Reading Your Texts — and If They Are, Can You Stop It?

March 7th 2017

Kyle Fitzpatrick

A massive new leak of CIA documents has many people worried their phones are not as secure as the once believed — and wondering whether U.S. intelligence agents are reading their texts.

On Tuesday, WikiLeaks released a bevy of alleged CIA hacking documents that reveal the agency’s inner workings when it comes to electronic espionage, with press reports claiming everything from Samsung televisions to encrypted messaging programs like WhatsApp and Signal are compromised. In fact, however, encrypted messaging programs are still encrypted and generally safe from prying eyes — it's the platforms they run on (like Android and iOS) that the agency can compromise if it has a specific target in mind.

So... is the CIA spying on you?

The short answer is no. You’re probably fine, unless you really angered the U.S. government and installed CIA malware on your phone.

Dr. Nicholas Weaver, a researcher at the International Computer Science Institute in Berkeley, California, doesn’t see the latest news as cause for concern. 

“This should be a matter of anti-concern on some things,” Weaver told ATTN:. “Yes, the CIA has an exploit for iPhones. Duh. But they aren’t going to use that very readily. Unless your name happens to be Baghdahdi [the hed of the Islamic State], you’re probably safe using an iPhone.”

So...should you modify how you interact with technology?

In a statement, the Electronic Frontier Foundation said your best bet if you're worried about privacy is to continue using encrypted messaging programs.

“We have not seen any indications that the encryption of popular privacy apps such as Signal and WhatsApp has been broken,” the statement reads. “The worst thing that could happen is for users lose faith in encryption-enabled tools and stop using them.”

If you're looking to worry, ransomware is actually a threat.

“For the typical reader, your worry is ransomware,” he said, noting you could be at risk of a Russian hacker withholding your information for Bitcoins. However, that risk is still low.

Weaver explains: “The way to deal with that is to imagine if your computer and any attached hard drive all caught on fire. Would you lose more than a few weeks data? If the answer is yes, you need to change your backup procedure and have off-site backup. If your answer is no, hakuna matata."

The moral of this leak: be a sophisticated user.

Dr. Weaver suggests using two-step verification processes — setting up your Gmail, for instance, to require both a password and a code texted to your phone in order to log in — and to otherwise make life more difficult for those who want your data.

“Security is a hard and nuanced problem and nobody can be perfect,” Weaver explained. “Your goal is to be expensive. You want to be an expensive target because, if you’re an expensive target, only people willing to spend a huge amount of effort won’t be able to attack you.”

To become expensive, Weaver recommends identifying any threats and understanding if you actually have a reason to be hacked. For a detailed plan of action, he suggests following Teen Vogue’s recent guidelines for securing a conversation.