But former Obama administration cyber officials take a more tempered view. “The idea that there’s an operational need for the CIA to target Apple and Google overseas shouldn’t surprise anybody, given the pervasiveness of the Android and iPhone,” said Rob Knake, a former White House cyber official who left the administration in 2015.
The Obama officials established a policy in early 2014 that called for agencies including the CIA, the National Security Agency, the FBI and the Secret Service to submit software flaws they discovered or purchased for review by all the agencies with an interest in their use or disclosure.
The policy is called the “Vulnerabilities Equities Process,” and it is not designed “to disclose all vulnerabilities,” Knake said. “The policy is not unilateral disarmament of the United States.”