This action might not be possible to undo. Are you sure you want to continue?
Assignment: Term Paper Class: MCIS 623 (Winter 2010) Nova Southeastern University Student Name: Bob Savage (email@example.com) Due Date: March 14, 2010
Page 1 of 10
Introduction This paper examines Wikileaks.org, an Internet technology that supports whistleblowers. It is structured as follows. First the primary class of stakeholders (whistleblowers) is examined; this provides context and motivation for the existence, functionality, and technical architecture of Wikileaks.org. Second, Wikileaks is examined from two perspectives, Wikileaks.org as a technology that supports whistleblowers, and the legal challenges that have made it difficult for Wikileaks to operate. Finally, a brief conclusion summarizes our description of technological support for whistleblowers, pointing out some areas where further research could be beneficial. Stakeholder Analysis: Whistleblowers This section provides some background information on whistleblowers, the primary stakeholders intended to be serviced by the Wikileaks.org website. Though other stakeholder classes can be identified (most importantly “the Public”), the needs of this stakeholder class motivate the existence, functionality, and technical architecture of Wikileaks.org. A secondary stakeholder class (“the Press”) will be considered in passing. Whistleblowing is the process of bringing a crime to society's attention *. Generally whistleblowers are inside of the organization that is committing the crime. Because of their position, a whistleblower is at risk to various reprisals from the criminal organization. Further, society generally looks on those who “rat” on their peers with disdain. As such, whistleblowers are a special group who serve a clear public service, but require special protections from normal social mechanisms. Historical examples of whistleblowing are easy to find and could be marshalled from across the globe, here we merely present samples from the United States of America. One famous case involved Frank Serpico, a NYC police officer who testified several times in 1971, including in front of the Knapp Commission against corrupt members of the NYC police force . As an example of the sort of retribution a whistleblower can expect, officer Serpico was shot in the face in the course of a police raid, but was abandoned by the other officers in the raid, who didn't even call in the shooting, as per procedure. His story was made into a 1973 movie starring Al Pacino. More recently Americans were shocked to hear of the massive Ponzi schemes run by Bernard (“Bernie”) Madoff and R. Allen Stanford. Even more shocking, perhaps, were the subsequent revelations that officials at the Securities and Exchange Commission (SEC) had been alerted to both criminal endeavors years before the arrests
* For a review of various usages and definitions of the term “whistleblower”, including distinctions between “whistleblower” and “informant”, see .
Page 2 of 10
took place. Subsequent investigations into how whistleblowing is handled at the SEC has revealed that Harry Markopolos, who blew the whistle on Bernie Madoff, and Leyla Wydler, who blew the whistle on Allen Stanford, were not alone in being ignored. In fact the SEC has even reported other whistleblowers to the criminal organization . In the case of Bernie Madoff (to say nothing of other criminals left unpunished) taking Markopolos' whistleblowing seriously could have protected many from financial losses that totaled in the tens of billions of dollars. Frank Serpico attempted to report the corruption he saw through normal channels, including his superiors, which resulted in his getting shot in the face and left to die. Leyla Wydler reported the mishandling of funds through normal channels, including through her superiors, the National Association of Securities Dealers, and the SEC; she was fired from her job and her allegations were ignored by the SEC for three years. Normal channels represent (to paraphrase Serpico's Knapp Commission testimony) an 'atmosphere in which the honest fears the dishonest'. Given that whistleblowers cannot expect that their reports of corruption and other criminal behavior will be handled in a timely fashion, without severe repercussions for the whistleblower, alternative mechanisms for releasing information critical to the public's interest are needed. In a free society this function might be served by the press, especially if strong laws protect news sources. This poses three problems. First, news source protections are not guaranteed in America (for example, NYT reporter Judith Miller was incarcerated for refusing to testify to a grand jury about her source in 2005 ). Second, some “free” countries allow “gag orders” whereby the government prevents the press from reporting on cases of its choosing. One such country is the United Kingdom, whose Official Secrets Act allows such gag orders. Despite their original purpose (to protect National Security) their use has extended, including a controversial usage in 2008 in gagging reportage of a murder trial . Finally, and simply put: all countries are not free; relying upon the local traditions for protection of whistleblowers or a free press is, in effect, abandoning large populations who live in countries where any criticism of the government (including revelations of corruption) are illegal and severely punished. Legal approaches to encourage whistleblowers to use normal channels (up through supervisors, or through governmental agencies) have stressed after-the-fact protection, particularly “protection of employment status”, which can cover anything from dismissal to being refused promotion, to adverse recommendations[1, pp. 65-67]. Unfortunately (as we have seen) reporting wrongdoing through normal channels frequently results in no action taken to prevent further wrongdoing. This leads to the idea that, if one can publicize the wrongdoing, an engaged public can bring pressure to halt the wrongdoing,
Page 3 of 10
however the anonymity of the whistleblower must be ensured to encourage the release of the information to the public. Anonymity is important, not only to protect the whistleblower from retaliation, but also because most organizations are now placing contractual restrictions on employee handling of confidential information (see [1, pp. 15-17 for an international perspective on the “duty of loyalty and confidentiality” to employers). Although these contracts can have valid purposes (including the protection of sensitive customer information and trade secrets), in the context of organizational malfeasance they can form the backbone of a Code of Silence (Omertà) that hides criminal behavior, corruption, etc. Depending upon the wording, even carrying company documents outside of the building can be a breach of contract. In the injunction obtained against Wikileaks.org that we shall look at in the next section, the justification was that release of the documents was a violation of the banking privacy laws of the Cayman Islands . Bishop, Gates, & Hunker  performed a comprehensive examination of the notion of Attribution (essentially the opposite of Anonymity). Attribution is a popular notion in the domain of system security, where it is an assumed good, because it could be used to trace back an attack to its source. The authors explain, however, that the simplistic notion of attribution is insufficient. First, they distinguish between the interests of nine different classes of stakeholders. As an example, even if the sender and receiver of a given message agree on the attribution (or lack of attribution) required, intermediate stakeholders, such as the government of any country “through which the message transits”  can have different requirements. The potential for conflicting requirements leads the authors to propose a network that supports attribution policy negotiation as part of their framework. Although a dynamically negotiated attribution network might be desirable in the abstract, the needs of whistleblowers can be satisfied with a network that supports an appropriate, static attribution policy. In the nomenclature of the article, this could be “perfect non-attribution” or “sender non-attribution”. Perfect non-attribution (that is, non-attribution that covers both sender and receiver) becomes more of an issue in authoritarian nations where even receiving certain kinds of information can have dire consequences. Three additional policies mentioned by Bishop, Gates, & Hunker could be useful, but are not required for a whistleblower-protecting communications system: 1) imprecise attribution, 2) false attribution, and 3) randomized false attribution. Imprecise attribution is an academically useful category, in which attribute data could be recovered, but only with such effort and expense that, in
Page 4 of 10
practical terms, it wouldn't be. Similar categories have proved useful in other fields, such as encryption, where truly unbreakable codes are not sought, but rather codes that are so difficult to break that it isn't worth the effort. Although not a desirable policy for our purpose, it is useful to distinguish between imperfect attribution and true non-attribution (wether perfect or sender only) because some systems might offer only imperfect non-attribution, which is generally insufficient for whistleblowers. An example provided by the authors is the Cypherpunk Type I remailer, whose attribution data could be derived from tables if one confiscated the system. Since whistleblowers frequently want to hide their activities from governments, or large corporations who have the resources to trigger governmental action (as the previously mentioned Wikileaks injunction demonstrates), such limited non-attribution is insufficient. Meanwhile, false attribution and randomized false attribution may prove useful as a means for overwriting attribution information, but are, in themselves, not required attribution policies for whistleblowers. Wikileaks.org: Technology & Legal Challenges This section attempts to describe Wikileaks.org as a communications medium providing both the sender non-attribution policy and a version of the perfect non-attribution policy that were introduced in the previous section. It will then go into some of the problems with keeping the site open, including finding a suitable nation to host the data center (a problem made tangible by the 2008 ruling that temporarily shutdown Wikileaks' US data center). Wikileaks.org was launched in January 2007 . It receives leaked documents from whistleblowers all over the world, and subsequently hosts them. This complicates Wikileaks' role, as in some respects they are a publisher as well as a carrier. Wikileaks provides add on services (some manual) that are essential to its role as a carrier capable of non-attributable messaging. Further its hosting capabilities are essential to its performance as a perfect non-attribution messaging service. The Wikileaks.org technical architecture is unpublished, but is assumed to consist of a main server in Sweden, which is replicated globally . According to Acquisti & Gritzalis, Wikileaks.org “uses both Tor and FreeNet” [9, p. 10]. FreeNet is a “Distributed Anonymous Information Storage and Retrieval System" , but here we will focus on the Tor system of anonymizing routers, which was introduced in a paper by Dingledine, Matthewson, & Syverson , the source for the rest of this paragraph. Some random subset of the Tor network is used to form a virtual circuit. Unlike most virtual circuits, which act to optimize network performance, the Tor network requires a message to visit a number of additional routers prior to delivery, which obscures the participants associated with the firstname.lastname@example.org Page 5 of 10
message. In essence each Tor network node, called an “onion router” (OR), receives a multiply encrypted message, which, along with a single layer key, and the location of the next OR, is used to successively remove layers of encryption (like peeling an onion). The Exit OR (that is the final router within the virtual circuit formed within the Tor network) appears to be the sender of the message. The Tor system has two vulnerabilities. First, an opponent (e.g. a totalitarian government) that is able to maintain observation of both sides of the communication (that is, the sender and either the receiver, or the Tor Exit OR) is able to use a timing attack to relate the non-attributed message delivered with the encrypted message inserted into the virtual circuit, thus attributing both sender and receiver . Second, any movement from the Exit OR to the final destination happens after the Tor encryption has been removed, therefore any identifying information in the content of the message should be protected by end-to-end encryption. This was dramatically revealed by a researcher who was able to collect sensitive data by setting up Tor Exit servers. He then sniffed outgoing data leaving via port 25 (used for email) . “He collected between 200 and 250 accounts belonging to embassies and government agencies that were sending passwords and the content in the clear.” . Contrary to popular belief, Wikileaks.org does not allow indiscriminate posting of information. It is possible that this is the result of evolution of the technology after criticism received about documents posted online early in Wikileaks' existence, but Julian Assange, one of the principle's behind Wikileaks.org (he refers to himself as an “editor” at Wikileaks.org ) claimed, at a talk delivered in December 2009 at the 26th Chaos Communications Congress (26C3) that editing is performed on all documents prior to publication, both to ensure they meet internal guidelines, and to strip identifying information . At the same talk he described arrangements that Wikileaks will make with journalists to grant them exclusivity to a given leak in hopes that this will encourage reporting on the material, as non-exclusive publication can be a disincentive for the research required prior to reporting on such a document. Assange has also stated, “we have had to spread assets, encrypt everything, and move telecommunications and people around the world to activate protective laws in different national jurisdictions” . We will look at legal challenges in a moment, but it is important to note that, as a technology to support whistleblowers, Wikileaks is more than a communications medium (e.g. Tor delivery to a content distribution layer); various manual and automatic processes (document editing and encryption of various materials) as well as business practices are essential to fulfilling its mission. Wikileaks.org has been involved in hundreds of legal disputes , but one in particular is of interest to an American audience. In early 2008, Julius Baer Bank and Trust, a Cayman Islands
Page 6 of 10
financial institution, succeeded in obtaining an injunction in Californian court requiring the shutdown of Wikileaks.org. The decision was considered overreaching by many . The documents in question purportedly proved that Julius Baer offered to “hide assets and wash funds” for its clients . Instead of blocking access to the document in question, the judge's ruling required the U.S. hosting company (Dynadot) to block access to the entire Wikileaks.org domain by refusing resolution of the domain name, as well as preventing the “transfer of the domain name to a different domain registrar” [judge's ruling, quoted in 16]. Although the matter was eventually resolved (in part due to the “Streisand Effect”, which raised the visibility of the leaked documents), the incident was ample evidence that even the Americans, “the Freedom of Speech Fundamentalists” , would not protect Wikileaks from legal interference in the fulfillment of their mission. Ironically, the more fundamental issue of locations, such as the Cayman Islands, operating as “Tax Havens” by offering favorable banking laws to attract organizations, such as Julius Baer, served as a model for a new Wikileaks initiative. Starting in 2009 , Wikileaks principles, including Julius Assange, engaged in discussions with members of the Icelandic Parliament regarding the establishment of Iceland as a Journalist Haven. The results of those discussions, the Icelandic Modern Media Initiative (IMMI) aims to strengthen Icelandic law pertaining to Source Protection, Whistleblower Protection, Communications Protection, Limiting Prior Restraint, Process Protection (i.e. anti-SLAPP provisions), History Protection (“The view that an electronic archive is 'published' every time it is viewed has been extensively abused to remove important articles on corruption from online newspaper archives long after they were published.”), • Libel Tourism Protection, • Freedom of Information Act, and the establishment of the Icelandic Prize for Freedom of Expression . Obviously a full discussion of the proposal (which comes up for vote by the Icelandic Parliament in April-May 2010) is beyond the scope of this paper, but the basic approach is to take a comprehensive view of legislation, incorporating language already established in various nations, to form a 'best practices' legal framework that supports freedom of speech. The hope is that, in addition to strengthening freedom of speech for Icelandic citizens and press, IMMI will attract journalists, publishers, and human rights groups to use Iceland as a base of operations, making Iceland an offshore safe-haven for “speech” and other forms of information. In the words of Birgitta Jonsdottir, a member of the Icelandic Parliament, “We would email@example.com Page 7 of 10 • • • • • •
become the inverse of a tax haven. They are trying to make everything opaque. We are trying to make it transparent.” . Conclusion Whistleblowers are an unusual class of stakeholders who provide a clear social benefit, but frequently do so by violating the letter of the law. As a result, some efforts to root out bad actors in society (especially those efforts that attempt to eliminate anonymous communication) end up harming these good actors (or otherwise minimizing their effectiveness at achieving social good). We have examined the attribution framework proposed by Bishop, Gates, & Hunker, and identified two attribution policies useful for facilitating whistleblower communications. Wikileaks.org in its current state provides sender non-attribution, and at least a limited form of perfect non-attribution, in that messages are hosted by Wikileaks.org, and the sender doesn't need to know how to directly contact the receiver (perhas a human rights group). Unfortunately Wikileaks.org faces problems beyond technical hurdles; the information served by Wikileaks.org must be hosted somewhere, so this paper has described both a legal injunction which temporarily shutdown the American server and the ongoing efforts to establish Iceland as free speech haven. Since events surrounding Wikileaks are still occurring, this discussion is not complete. A more detailed analysis of the Wikileaks.org technical architecture would require access to information internal to the organization. The notion of expanding the impact of specific leaks by granting exclusive access that was expressed by Julian Assange is an interesting one that deserves serious study. Finally, the results of the efforts in the Icelandic parliament have not come in as of this writing; a follow-up describing the results of Parliamentary proceedings, as well as a description of the impact such legislation ultimately has in attracting economic activity associated with free speech, therefore is a desideratum. References  (2006). Banisar, D. “Whistleblowing: International Standards and Developments”. Primera Conferencia Internacional sobre Corrupción y Transparencia. Instituto de Investigaciones Sociales, UNAM. Mexico, March 23-25 2006. Available online at: <http://www.corrupcion.unam.mx/documentos/investigaciones/banisar_paper.pdf>.  (1997). Haberman, C. “Serpico Steps Out of the Shadows to Testify”. New York Times, September 24, 1997. Available online at: <http://www.nytimes.com/1997/09/24/nyregion/serpico-steps-out-of-theshadows-to-testify.html?sec=&spon=&pagewanted=1>.  (2010). Goldfarb, Z. “At the SEC, the system can be deaf to whistleblowing”. Washington Post, firstname.lastname@example.org Page 8 of 10
January 21, 2010. Available online at: <http://www.washingtonpost.com/wpdyn/content/article/2010/01/20/AR2010012005125.html?hpid=topnews>.  (2005). Kurtz, H. & Leonnig, C. “Criminal Contempt Could Lengthen Reporter's Jail Stay”. Washington Post, July 16, 2005. Available online at: <http://www.washingtonpost.com/wp-dyn/content/ article/2005/07/15/AR2005071502080.html>.  (2008). Norton-Taylor, R. “Secrets and lies”. The Guardian, UK, January 11, 2008. Available online at: <http://www.guardian.co.uk/commentisfree/2008/jan/11/politics.ukcrime>.  (2008). Weinstein, H. “Judge is Asked to Rescind Closure of Website”. Los Angeles Times, February 27, 2008. Available online at: <http://articles.latimes.com/2008/feb/27/local/mewikileaks27>.  (2009). Bishop, M., Gates, C., & Hunker, J. “The Sisterhood of the Travelling Packets”. Proceedings of the 2009 workshop on New Security Paradigms, Oxford, UK. ACM. Available online at: <http://portal.acm.org/citation.cfm?id=1719039>.  (2008). Singel, R. “Immune to Critics, Secret-Spilling Wikileaks Plans to Save Journalism … and the World”. Wired.com Online Rights blog, July 3, 2008. Available online at: <http://www.wired.com/politics/onlinerights/news/2008/07/wikileaks>.  (2007). Acquisti, A., & Gritzalis, S. Digital privacy: theory, technologies, and practices. Auerbach Publications. 2007.  (Undated). FreeNet Project. “What is FreeNet?”. FreeNet Project Website, undated. Available online at: <http://freenetproject.org/whatis.html>.  (2004). Dingledine, R., Mathewson, N., & Syverson, P. “Tor: The Second-Generation Onion Router”. Proc. 13th USENIX Security Symposium. San Diego, CA. August 2004. Available online at: <http://www.usenix.org/events/sec04/tech/full_papers/dingledine/dingledine_html/index.html>.  (2010). Tor Project. “6.9 What attacks remain against onion routing?”. TheOnionRouter/TorFAQ. Tor Project website. Updated March 4, 2010. Available online at: <https://wiki.torproject.org/noreply/TheOnionRouter/TorFAQ#Whatattacksremainagainstonionrouting. 3F>.  (2007). Zetter, K. “Rogue Nodes Turn Anonymizer into Eavesdropper's Paradise”. Wired. September 10, 2007. Available online at: <http://www.wired.com/politics/security/news/2007/09/embassy_hacks>.  (2010). Assange, J. “WikiLeaks editor: why I'm excited about Iceland's plans for journalism”. OrganGrinder Blog, The Guardian, UK. February 15, 2010. Available online at: <http://www.guardian.co.uk/media/organgrinder/2010/feb/15/wikileaks-editor-excited-icelandjournalism>.  (2009). Assange, J., & Schmitt, D. “Wikileaks Release 1.0”. 26 th Chaos Communications Congress. December 27, 2009. Video available online at: <http://events.ccc.de/congress/2009/Fahrplan/ events/3567.en.html>.  (2008). Zetter, K. “Cayman Islands Bank Gets Wikileaks Taken Offline in U.S.”. Wired, Threat Level blog, February 18, 2008. Available online at: <http://www.wired.com/threatlevel/2008/02/cayman-island-b/>.  (2010). BBC News. “Worries over Iceland law change prompted by Wikileaks”. Alastair Mullis email@example.com Page 9 of 10
interview, BBC News. February 12, 2010. Available online at: <http://news.bbc.co.uk/2/hi/technology/ 8513602.stm>.  (Undated). IMMI Workgroup. “Proposal for a parliamentary resolution”. IMMI Workgroup webite. (undated). Available online at: <http://www.immi.is/?l=en&p=vision>.  (2010). Cohen, N. “A Vision of Iceland as a Haven for Journalists”. New York Times, February 21, 2010. Retrievable online at: <http://www.nytimes.com/2010/02/22/business/media/22link.html>.
Page 10 of 10
This action might not be possible to undo. Are you sure you want to continue?
We've moved you to where you read on your other device.
Get the full title to continue listening from where you left off, or restart the preview.