The ethics of large data leaks

This September, a firestorm erupted when WikiLeaks put the entire unredacted cache of leaked US embassy cables up on its website. Vulnerable individuals named in the cables panicked, the media and civil society expressed confusion and outrage, and WikiLeaks was widely blamed for irresponsibility and indifference to the harm its leaks could cause, suffering more defections from its ranks.  Just prior, Julian Assange squarely blamed David Leigh of The Guardian for publishing in a book the secret passcode to the encrypted file, which WikiLeaks had transmitted through a secure server. Leigh responded that he had been told the code was temporary and would expire.  However, shortly before Assange was arrested on 7 December 2010, the encrypted material was also posted on BitTorrent. In August, 2011, WikLleaks defector Daniel Domscheit-Berg tipped off a German magazine where the file could be found on the internet, and the news began to circulate. But responsibility for the revelations was even more tangled and diffuse.

Wikileaks long had serious leaks within its ranks. More news organizations than the initial four obtained and ran stories on the cables. Israel Shamir, a one-time WikiLeaks insider, appears to have given the cache to Belarus dicator Lukashenko in 2010, prompting allegations that Belarusian activists then suffered retaliation. Wikileaks also distributed the cables to many more media outlets, saying it had roughly ninety media partners by mid-2011.  Further leaks sprang from the ranks of the media partners. By April, WikiLeaks staff believed that most major intelligence agencies likely had obtained  the entire unredacted cache.  In late August, as the connection between the passcode and the location of the encrypted cache was about to go viral, it seemed the only audiences that might still not have access were the general public and the very individuals who might be at risk of serious human rights abuse due to their exposure. WikiLeaks sent out a few quiet warnings, and then posted the unredacted material itself.

The WikiLeaks publication of the unredacted cables did alert vulnerable sources, several of whom left their countries to protect themselves. It also ensured that no party intent on retaliating against US sources would have difficulty identifying prey.  We can recognise this without vilifying Wikileaks; like any publisher, they faced difficult decisions with limited knowledge, and under a great deal more pressure than most.

Even so, WikiLeaks’ acts in relation to the cables give the free speech community whiplash. On the one hand, there is no doubt that the vast majority of this information was of public interest — to many publics and in many ways, including the quintessential rationale for journalistic leaks, whistleblowing.  If Julian Assange could be prosecuted in the US under the Espionage Act for mere publication, so could any major media enterprise or human rights group, a tremendous blow to freedom of expression and the right to information in a jurisdiction that often leads in protecting these rights.  On the other, many human rights activists are disturbed at the willingness of WikiLeaks to further expose individuals to reprisal in the name of freedom of information. A bright line in values had been crossed.

WikiLeaks had taken a different approach with the US diplomatic cables than it had with the Afghanistan war logs, pacing its releases, redacting more carefully, and soliciting input on risks, even from the US government.  This made its unredacted dump the more surprising. The publication of the raw cables by others did not absolve Wikileaks of responsibility in its own publication.  By providing additional publicity and an implicit authentication, it may have added to tangible risks, but just as important, it undercut its own claim to concern for protection of individuals from abuse.  The function of alerting persons who might be named in the cables could have been performed much earlier, and in ways that publicly acknowledged the wide dissemination of the cables by early 2011.  And by the time Wikileaks published, the more debatable function of providing unredacted access to the global public was underway at other websites.

What lessons should publishers draw? The first is that it is hard to keep confidential information secret, and this is as much a human as a technical problem. Information not only “wants to be free,” as Stewart Brand noted it also has value, and people want to trade it.  Digital information is especially easy to amass and pass in the internet age, and large data leaks are likely to proliferate.

Next, large data sets are hard to handle responsibly.  They require large resources to review, analyze and redact, as my organisation, Human Rights Watch, has discovered when it secured troves in Kurdistan, Chad and Libya. WikiLeaks appropriately went to major newspapers that could muster the resources to handle it well.  Yet it is governments and intelligence services that have the most resources to analyze and mine large data sets (and correlate information to other intelligence), making it all the more important for those who publish whistleblowing to try to protect individuals at risk.

Not everything is worth the effort of publishing in a responsible way. Newspapers know this, because they have to pay for newsprint.  But there is a moral economy as well, where the more attenuated the public’s interest, the more other values and goals might weigh against exposure.  Most researching professions, to ensure their moral legitimacy, aim not only to increase knowledge but to protect human security, privacy, and dignity.  Sometimes preserving rather than uploading can be a reasonable alternative.

Finally, we should strive to create a culture of ethical transparency, because without an ethical underpinning, it will be difficult to resist growing efforts to tighten up laws that punish leaks.  Part of that is cultivating some modesty about our ability to fortell the full consequences of either exposure or concealment, and a willingness to be responsible for decisions either way.

Dinah Pokempner is General Counsel of Human Rights Watch

Wikileaks whistleblowers need care as well as attention

As often is the case with its founder’s outbursts, WikiLeaks’ outraged response to the Guardian’s use of the password to the unredacted version of its US diplomatic cables dump — as a chapter heading in a book — is ironic on several levels.

In a case raised by Index on Censorship late last year, WikiLeaks deleted the name of a dissident author who had secretly spoken with US diplomats, but left in the giveaway title of one of his books, used …as the chapter heading.

We raised it as an example of WikiLeaks lacking the background knowledge needed to properly spot risks to cited individuals. But as was also noted, this was asking a lot of a small organisation.

In that case it was knowledge of books written by obscure dissident academics in small dictatorships. Obscure to WikiLeaks volunteers, that is. Calling in journalists and local activists with broader skills was a good idea. It even made sense on that basis to ask the US government for help in redacting documents stolen from them.

I feel sympathy for the Guardian’s great investigative journalist David Leigh, whose own lack of knowledge in one particular field — passwording protocols and de-encryption — seems to have earned him much of the blame for the “disastrous” release of all 251,287 diplomatic cables in unredacted form.

In recent years the means of secure communications has become dominated by technical “solutions” at the expense of people-centric security measures. I am not technically illiterate. I can write a PHP script or patch a bit of code, but I still struggle with a lot of these systems.

The current over-reliance on encyrption fails to take into account human fallibility. It only takes one person in the circle to misunderstand the instructions and not only is everyone busted, no-one knows until the bad guys act on it.

One dictatorship which broke a communications line of ours this way last year may have waited weeks before showing its hand. It was bluntly done when they did, even though nobody was jailed. The achieved aim was to intimidate, demoralise and spread suspicions among the blameless.

To me the current rack of encryption tools may be too complex, certainly not intuitive enough, for non-expert users to use confidently. Especially when the penalty for a bad installation or a late upgrade can be 20 years in prison. To some of the inventors of such solutions this is our fault for being, well, stupid. But they come from a community not exactly known for their people skills.

I preferred the early days of such communication in the run up to the Kosovo War, when we evaded Rade Markovic’s secret police by use of steganography, which hides secret messages inside an otherwise dull and inoffensive image.

It was easily cracked, but that wasn’t the point. The point was to pass the loaded images across networks where dull holiday photos are normally exchanged. (If you still had to be furtive you hid messages in the kind of pictures shared on the kind of legal but embarassing websites where furtiveness is normal, even expected.)

The idea was, as the spies say, to hide in plain sight. Being furtive only meant you were worth extra surveillance.

But with the kind of anonymising browsers then coming on line, and the new encryption systems that followed, the emphasis shifted to protecting the privacy of the message instead of obscuring the fact that messages were being sent at all.

Logging in to secure communications became a kind of public declaration of furtiveness. Years later a new system, Telex, is looking at reversing the model but is barely into test phase. And it still doesn’t address the basic problem, that technological solutions do not solve human problems.

Looking back over nearly 40 years of careful collection and republication of covertly provided banned documents by Index on Censorship, you see right away that the process is not technical at all, but about protective, supportive, sustaining relationships between people who give and receive information in secret.

Journalists understand this. More relevantly perhaps, so do spies, especially those in the business of “running” agents in hostile, dangerous environments. The literature of espionage has lots to say about the “tradecraft” of covert information exchange. It is as much about the psychology of relations as it is about using invisible ink.

As Salon’s Glenn Greenwald writes, “the acts of deliberate evil committed by the world’s most powerful factions which (WikiLeaks) has exposed vastly outweigh the mistakes which this still-young and pioneering organisation has made.”

But once WikiLeaks stopped being an anonymous dead letter drop and started mediating in the use of that dropped content, it started down the path to ever greater and more direct responsibility for its whistleblowers.

Index on Censorship chief executive John Kampfner commented yesterday: “Sites such as WikiLeaks will continue to emerge, and will have an important role to play. But they should be operated with a great duty of care, both to whistleblowers and to individuals who may find themselves in danger after irresponsible leaks of diplomatic, intelligence or other material.”

The true successor to WikiLeaks will find that protecting the people that provide the information that gives their work a point adds up to more than just lines of code.


Rohan Jayasekera is Associate Editor and Deputy Chief Executive of Index on Censorship

Wikileaks, Belarus and Israel Shamir

It has been reported that an “accredited” journalist for Wikileaks, Israel Shamir, met with Uladzimri Makei, the Head of the Presidential administration in Belarus. Subsequently, it was reported in the Belarus Telegraf that a state newspaper would be publishing documents about the Belarusian opposition.

Wikileaks has always maintained it takes care to ensure that names of political activists are redacted from cables before publication on its website. Index on Censorship is concerned that some of the Wikileaks cables relating to Belarus that have not appeared on the main Wikileaks website are now in the public domain.