NEW YORK — WikiLeaks has offered to help the likes of Google and Apple identify the software holes used by purported CIA hacking tools — and that puts the tech industry in something of a bind.
While companies have both a responsibility and financial incentive to fix problems in their software, accepting help from WikiLeaks raises legal and ethical questions. And it’s not even clear at this point exactly what kind of assistance WikiLeaks can offer.
WikiLeaks founder Julian Assange said Thursday that the anti-secrecy site will help technology companies find and fix software vulnerabilities in everyday gadgets such as phones and TVs. In an online news conference, Assange said some companies had asked for more details about the purported CIA cyberespionage toolkit that he revealed in a massive disclosure on Tuesday.
“We have decided to work with them, to give them some exclusive access to the additional technical details we have, so that fixes can be developed and pushed out,” Assange said. The digital blueprints for what he described as “cyberweapons” would be published to the world “once this material is effectively disarmed by us.”
Any conditions WikiLeaks might set for its cooperation weren’t immediately known. Nor was it clear if WikiLeaks holds additional details on specific vulnerabilities, or merely the tools designed to exploit them.
Apple declined comment on the WikiLeaks offer, and Google didn’t respond to requests for comment. Microsoft said it hopes that anyone with knowledge of software vulnerabilities would report them through the company’s usual channels.
Companies may run into legal issues in accepting the offer, especially if they have government contracts or employees with security clearances.
“The unauthorized release of classified documents does not mean it’s unclassified,” said Stewart Baker, a former official at the Department of Homeland Security and former legal counsel for the National Security Agency. “Doing business with WikiLeaks and reviewing classified documents poses a real risk for at least their government contracting arms and their cleared employees.”
During the 2016 election, WikiLeaks published thousands of emails, some embarrassing, from breached Democratic Party computers and the account of a top aide to Hillary Clinton. U.S. intelligence agencies concluded those emails were stolen by hackers connected to the Russian government in an attempt to help Donald Trump win the presidency. The CIA did not respond directly to Assange’s offer, but it appeared to take a dim view of it.