It is the leakiest of times in the Executive Branch. Last week, Wikileaks published a massive and, by all accounts genuine, trove of documents revealing that the CIA has been stockpiling, and lost control of, hacking tools it uses against targets. Particularly noteworthy were the revelations that the CIA developed a tool to hack Samsung TVs and turn them into recording devices and that the CIA worked to infiltrate both Apple and Google smart phone operating systems since it could not break encryption. No one in government has challenged the authenticity of the documents disclosed.
We do not know the identity of the source or sources, nor can we be 100% certain of his or her motivations. Wikileaks writes that the source sent a statement that policy questions "urgently need to be debated in public, including whether the CIA's hacking capabilities exceed its mandated powers and the problem of public oversight of the agency" and that the source "wishes to initiate a public debate about the security, creation, use, proliferation and democratic control of cyber-weapons."
The FBI has already begun hunting down the source as part of a criminal leak investigation. Historically, the criminal justice system has been a particularly inept judge of who is a whistleblower. Moreover, it has allowed the use of the pernicious Espionage Act -- an arcane law meant to go after spies -- to go after whistleblowers who reveal information the public interest. My client, former NSA senior official Thomas Drake, was prosecuted under the Espionage Act, only to later be widely recognized as a whistleblower. There is no public interest defense to Espionage Act charges, and courts have ruled that a whistleblower's motive, however salutary, is irrelevant to determining guilt.
The Intelligence Community is an equally bad judge of who is a whistleblower, and has a vested interest in giving no positive reinforcement to those who air its dirty laundry. The Intelligence Community reflexively claims that anyone who makes public secret information is not a whistleblower. Former NSA and CIA Director General Michael V. Hayden speculated that the recent leaks are to be blamed on young millennials harboring some disrespect for the venerable intelligence agencies responsible for mass surveillance and torture. Not only is his speculation speculative, but it's proven wrong by the fact that whistleblowers who go to the press span the generational spectrum from Pentagon Papers whistleblower Daniel Ellsberg to mid-career and senior level public servants like CIA torture whistleblower John Kiriakou and NSA whistleblower Thomas Drake to early-career millennials like Army whistleblower Chelsea Manning and NSA whistleblower Edward Snowden. The lawbreaker does not get to decide who is a whistleblower.
Not all leaks of information are whistleblowing, and the word "whistleblower" is a loaded term, so whether or not the Vault 7 source conceives of him or herself as a whistleblower is not a particularly pertinent inquiry. The label "whistleblower" does not convey some mythical power or goodness, or some "moral narcissism," a term used to describe me when I blew the whistle. Rather, whether an action is whistleblowing depends on whether or not the information disclosed is in the public interest and reveals fraud, waste, abuse, illegality or dangers to public health and safety. Even if some of the information revealed does not qualify, it should be remembered that whistleblowers are often faulted with being over- or under-inclusive with their disclosures. Again, it is the quality of the information, not the quantity, nor the character of the source.
Already, the information in the Vault 7 documents revealed that the Intelligence Community has misled the American people. In the wake of Snowden's revelations, the Intelligence Community committed to avoid the stockpiling of technological vulnerabilities, publicly claiming that its bias was toward "disclosing them" so as to better protect everyone's privacy. However, the Vault 7 documents reveal just the opposite: not only has the CIA been stockpiling exploits, it has been aggressively working to undermine our Internet security. Even assuming the CIA is using its hacking tools against the right targets, a pause-worthy presumption given the agency's checkered history, the CIA has empowered the rest of the hacker world and foreign adversaries by hoarding vulnerabilities, and thereby undermined the privacy rights of all Americans and millions of innocent people around the world. Democracy depends on an informed citizenry, and journalistic sources -- whether they call themselves whistleblowers or not -- are a critical component when the government uses national security as justification to keep so much of its activities hidden from public view.
As we learn more about the Vault 7 source and the disclosures, our focus should be on the substance of the disclosures. Historically, the government's reflexive instinct is to shoot the messenger, pathologize the whistleblower, and drill down on his or her motives, while the transparency community holds its breath that he or she will turn out to be pure as the driven snow. But that's all deflection from plumbing the much more difficult questions, which are: Should the CIA be allowed to conduct these activities, and should it be doing so in secret without any public oversight?
These are questions we would not even be asking without the Vault 7 source.