23 April 2013
WikiLeaks Threat: Eric Schmidt and Jared Cohen
Also:
http://wikileaks.org/Transcript-Meeting-Assange-Schmidt
Related: The Rise of Terrorist Hackers: Eric Schmidt and Jared Cohen
http://cryptome.org/2013/04/terrorist-hackers.htm
Schmidt, Eric; Cohen, Jared (2013-04-23).
The
New Digital Age: Reshaping the Future of People, Nations and Business.
Knopf Doubleday Publishing Group. Kindle Edition. (pp. 34, 39-47)
The Data Revolution
[Excerpt]
Some people will cheer for the end of control that connectivity and data-rich
environments engender. They are the people who believe that information wants
to be free,2 and that greater transparency in
all things will bring about a more just, safe and free world. For a time,
WikiLeaks cofounder Julian Assange was the worlds most visible
ambassador for this cause, but supporters of WikiLeaks and the values it
champions come in all stripes, including right-wing libertarians, far-left
liberals and apolitical technology enthusiasts. While they dont always
agree on tactics, to them, data permanence is a fail-safe for society. Despite
some of the known negative consequences of this movement (threats to individual
security, ruined reputations and diplomatic chaos), some free-information
activists believe the absence of a delete button ultimately strengthens
humanitys progress toward greater equality, productivity and
self-determination. We believe, however, that this is a dangerous model,
especially given that there is always going to be someone with bad judgment
who releases information that will get people killed. This is why governments
have systems and valuable regulations in place that, while imperfect, should
continue to govern who gets to make the decision about what is classified
and what is not.
We spoke with Assange in June 2011, while he was under house arrest in the
United Kingdom. Our above-mentioned position aside, we must account for what
free-information activists may try to do in the future, and therefore, Assange
is a useful starting point. We will not revisit the ongoing debates of today
(about which there are already many books and articles), which focus largely
on the Western reaction to WikiLeaks, the contents of the cables that have
been leaked, how destructive the leaks were and what punishments should await
those involved in such activities. Instead, our interest is in the future
and what the next phase of free-information movements beginning with,
but not restricted to, the Assange types may try to achieve or destroy.
Over the course of the interview, Assange shared his two basic arguments
on this subject, which are related: First, our human civilization is built
upon our complete intellectual record; thus the record should be as large
as possible to shape our own time and inform future generations. Second,
because different actors will always try to destroy or otherwise cover up
parts of that shared history out of self-interest, it should be the goal
of everyone who seeks and values truth to get as much as possible into the
record, to prevent deletions from it, and then to make this record as accessible
and searchable as possible for people everywhere.
Assanges is not a war on secrecy, per se There are all
sorts of reasons why non-powerful organizations engage in secrecy,
he told us, and in my view its legitimate; they need it because
theyre powerless but instead it is a fight against the
secrecy that shields actions not in the publics interest. Why
are powerful organizations engaged in secrecy? he asked rhetorically.
The answer he offered is that the plans they have would be opposed if made
public, so secrecy floats them to the implementation stage, at which point
its too late to alter the course effectively. Organizations whose plans
wont incur public opposition dont carry that burden, so they
dont need to be secretive, he added. As these two types of organizations
battle, the one with genuine public support will eventually come out on top,
Assange said. Releasing information, then, is positive to those engaged
in acts which the public supports and negative to those engaged in acts the
public doesnt support.
As to the charge that those secretive organizations can simply take their
operations off-line and avoid unwelcome disclosure, Assange is confident
in his movements ability to prevent this. Not a possibility, he said;
serious organizations will always leave a paper trail. By definition, he
explained, systematic injustice is going to have to involve a lot of
people. Not every participant will have full access to the plans, but
each will have to know something in order to do his job. If you take
your information off paper, if you take it outside the electronic or physical
paper trail, institutions decay, he said. Thats why all
organizations have rigorous paper trails for the instructions from the
leadership. Paper trails ensure that instructions are carried out properly;
therefore, as Assange said, if they internally balkanize so that
information cant be leaked, theres a tremendous cost to the
organizational efficiency of doing that. And inefficient organizations
mean less powerful ones.
Openness, on the other hand, introduces new challenges for this movement
of truth-seekers, from Assanges perspective. When things become
more open, then they start to become more complex, because people start hiding
what theyre doing their bad behavior through complexity,
he said. He pointed to bureaucratic doublespeak and the offshore financial
sector as clear examples. These systems are technically open, he said, but
in fact are impenetrable; they are hard to attack but even harder to use
efficiently. Obfuscation at this level, where the complexity is legal but
still covering something up, is a much more difficult problem to solve than
straightforward censorship.
Unfortunately, people like Assange and organizations like WikiLeaks will
be well placed to take advantage of some of the changes in the next decade.
And even supporters of their work are faced with difficult questions about
the methods and implications of online disclosures, particularly as we look
beyond the case study of WikiLeaks and into the future. One of the most difficult
is the question of discretionary power: Who gets to decide what information
is suitable for release, and what must be redacted, even temporarily? Why
is it Julian Assange, specifically, who gets to decide what information is
relevant to the public interest? And what happens if the person who makes
such decisions is willing to accept indisputable harm to innocents as a
consequence of his disclosures? Most people would agree that some level of
supervision is necessary for any whistle-blowing platforms to serve a positive
role in society, but there is no guarantee that supervision will be there
(a glance at the recklessness of hackers3 who
publish others personal information online in bulk confirms this).
If there is a central body facilitating the release of information, someone
or some group of people, with their own ideas and biases, must be making
those decisions. So long as humans, and not computers, are running things
in our world, we will face these questions of judgment, no matter how transparent
or technically sound the platforms are.
Looking ahead, some people might assume that the growth of connectivity around
the world will spur a proliferation of WikiLeaks-like platforms. With more
users and more classified or confidential information online, the argument
goes, dozens of smaller secret-publishing platforms will emerge to meet the
increase in supply and demand. A compelling and frightening idea, but wrong.
There are natural barriers to growth in the field of whistle-blowing websites,
including exogenous factors that limit the number of platforms that can
successfully coexist. Regardless of what one thinks of WikiLeaks, consider
all the things it needed in order to become a known, global brand: more than
one geopolitically relevant large-scale leak to grab international attention;
a track record of leaks to show commitment to the cause, to generate public
trust and to give incentives to other potential leakers by demonstrating
WikiLeaks ability to protect them; a charismatic figurehead who could
embody the organization and serve as its lightning rod, as Assange called
himself; a constant upload of new leaks (often in bulk) to remain relevant
in the public eye; and, not least, a broadly distributed and technically
sophisticated digital platform for leakers, organization staff and the public
to handle the leaked materials (while all remaining anonymous to one another)
that could evade shutdown by authorities in multiple countries. It is very
difficult to build such an intricate and responsive system, both technically
and because the value of most components depends on the capabilities of others.
(What good is a sophisticated platform without motivated leakers, or a set
of valuable secrets without the system to discretely process and disseminate
them?) The balance struck by WikiLeaks between public interest, private
disclosure and technical protections took years to reach, so it is hard to
imagine future upstarts, offshoots or rivals building an equivalent platform
and brand much faster than they could particularly now that authorities
around the world are attuned to the threat such organizations pose.
Moreover, even if new organizations managed to build such platforms, it is
highly unlikely that the world could support more than a handful at any given
time. There are a few reasons for this. First, even the juiciest disclosures
require a subsequent media cycle in order to have impact. If the landscape
of secret-spilling websites became too decentralized, media outlets would
find it difficult to keep track of these sites and their leaks, and to gauge
their trustworthiness as sources. Second, leakers will naturally coalesce
around organizations that they believe will generate maximum impact for their
disclosures while providing them with the maximum amount of protection. These
websites can compete for leakers, with promises of ever better publicity
and anonymity, but its only logical that a potential whistle-blower
would look for successful examples and follow the lead of other leakers before
him. What source would risk his chance, even his life, on an untested group?
And organizations that cannot consistently attract high-level leaks will
lose attention and funding, slowly but surely atrophying in the process.
Assange described this dynamic from his organizations perspective as
a positive one, providing a check on WikiLeaks as surely as it kept them
in business. Sources speak with their feet, he said.
Were disciplined by market forces.
Regionality may determine the future of whistle-blowing websites more than
anything else. Governments and corporations in the West are, for the most
part, now wise to the risks that lackluster cybersecurity allows, and though
their systems are by no means impenetrable, significant resources are being
invested in both the public and the private sector to better protect records,
user data and infrastructure. The same is not true for most developing countries,
and we can expect that as these populations come online in the next decade,
some will experience their own version of the WikiLeaks phenomenon: sources
with access to newly digitized records and the incentive to leak sensitive
materials to cause a political impact. The ensuing storms may be limited
to a particular country or region, but they will nonetheless be disruptive
and significant for the environments they touch. They may even catalyze a
physical revolution or riot. We should also expect the deployment of similar
tactics from government authorities to combat such sites (even if the
organizations and their servers are based elsewhere): filtering, direct attacks,
financial blockades and legal prosecution.
Eventually, though, the technology used by these platforms will be so
sophisticated that they will be effectively unblockable. When WikiLeaks lost
its principal website URL, WikiLeaks.org, due to a series of distributed
denial-of-service (DDoS) attacks and the pullout of its Internet service
provider (which hosted the site) in 2010, its supporters immediately set
up more than a thousand mirror sites (copies of the original
site hosted at remote locations), with URLs like WikiLeaks.fi (in Finland),
WikiLeaks.ca (in Canada) and WikiLeaks.info. (In a DDoS attack, a large number
of compromised computer systems attack a single target, overloading the system
with information requests and causing it to shut down, denying service to
legitimate users.) Because WikiLeaks was designed as a distributed system
meaning its operations were distributed across many different computers,
instead of concentrated in one centralized hub shutting down the platform
was much more difficult than it seemed to most laymen. Future whistle-blowing
websites will surely move beyond mirror sites (copies of existing sites)
and use new methods to replicate and obfuscate their operations to shield
themselves from authorities. One way to accomplish this would be to create
a storage system where fragments of files are copied and distributed in such
a way that if one file directory is shut down, the files can be reassembled
from those fragments. These platforms will develop new ways to ensure anonymous
submission for potential leakers; WikiLeaks constantly updated its submission
methods, warning users to avoid earlier cryptographic routes among
them SSL, or secure sockets layer, and hidden Tor service, using the highly
encrypted Tor network once they had determined that those were
insufficiently secure.
And what of the individuals leading this charge? The Assanges of the world
will still exist in the future, but their support bases will remain small.
The more welcomed whistle-blowers of the future will be the ones who follow
the example of people like Alexei Navalny, a Russian blogger and anticorruption
activist, who enjoys much sympathy from many in the West. Disillusioned with
Russias liberal opposition parties, Navalny, a real-estate lawyer,
started his own blog dedicated to exposing corruption in major Russian companies,
initially supplying the disclosures himself by taking small stakes in the
businesses and invoking shareholder rights to force them to share information.
He later crowd-sourced his approach, instructing supporters to try to do
the same, with some success. Eventually, his blog grew into a full-blown
secret-spilling platform, where visitors were encouraged to donate toward
its operating costs via PayPal. Navalnys profile grew as his collection
of scoops swelled, most notably with a set of leaked documents that revealed
the misuse of $ 4 billion at the state-owned oil pipeline company Transneft
in 2010. By late 2011, Navalnys public stature placed him at the center
of preelection protests, and his nickname for Vladimir Putins United
Russia party, the Party of Crooks and Thieves, had gone viral, adopted widely
throughout the country.
Navalnys approach, at least in the beginning of his new activism, was
distinctive in that for all his zeal he had not turned the focus of his
whistle-blowing operation toward Putin himself. His targets had largely been
commercial, although given that the Russian public and private sector are
not always easily distinguished, the information implicated some government
officials as well. Moreover, despite the harassment he experienced
he had been arrested, imprisoned, spied on and investigated for
embezzlement he remained free for years. His critics may have called
him a liar, a hypocrite or a CIA stooge, but Navalny remained in Russia (unlike
so many other high-profile Kremlin opponents) and his blog was not censored.
Some think Navalny did not constitute much of a threat to the Kremlin; his
name recognition among Russians remained quite low, though his supporters
argue that such figures merely reflect low Internet penetration across the
country and the success of state media censorship (Navalny was banned from
appearing on state-run television). But a more interesting theory is that,
for a time at least, Navalny found a way to toe the line as an anticorruption
activist, knowing what to leak and from whom and what areas to
avoid. Unlike prominent Putin critics, like the jailed billionaire Mikhail
Khodorkovsky and the self-exiled oligarch Boris Berezovsky, Navalny seems
to have found a way to challenge the Kremlin, while fighting corruption,
without veering into overly sensitive areas that might place him in grave
danger. (Short of a badly doctored photograph that appeared in a pro-Kremlin
newspaper showing Navalny laughing with Berezovsky, there is little to suggest
he has any ties to those critics.) His presence seemed to be tolerated by
the Russian government until July 2012, when it deployed all available tools
to discredit him, formally charging him with embezzlement in a case concerning
a state-owned timber business in the Kirov region, where he had formerly
worked as an advisor to the governor. The charges, carrying a maximum sentence
of ten years in prison, reflected how much of a threat the resilient
antigovernment protest movement had become. The world will continue to watch
the trajectories of figures like Navalny to see whether his approach provides
some measure of insulation from attack for digital activists.
There is also the frightening possibility that sites will emerge created
by people who share the design and scale of these whistle-blower platforms
but not their motivations. Rather than functioning as a clearinghouse for
whistle-blowers, such platforms would serve as hosts to all manner of pilfered
digital content leaked active military operations, hacked bank accounts,
stolen passwords and home addresses without any particular agenda beyond
anarchy. Operators of these sites would not be ideologues or political activists;
they would be agents of chaos. Today, hackers and information criminals publish
their ill-gotten gains fairly indiscriminately the 150,000 Sony customer
records released by the hacker group LulzSec in 2011 were simply made
downloadable as a file through a peer-to-peer file-sharing service
but in the future, if a centralized platform emerged that offered them
WikiLeaks-level security and publicity, it would present a real problem.
Redaction, verification and other precautionary measures taken by WikiLeaks
and its media partners would surely not be performed on these unregulated
sites (indeed, Assange told us he redacted only to reduce the international
pressure that was financially strangling him and said he would have preferred
no redactions), and lack of judgment around sensitive materials might well
get people killed. Information criminals would almost certainly traffic in
bulk leaks in order to cause maximum disruption. To some extent, leaking
selectively reflects purpose while releasing material in bulk is effectively
thumbing ones nose at the entire system of secure information.
But context matters, too. How different would the reaction have been, from
Western governments in particular, if WikiLeaks had published stolen classified
documents from the regimes in Venezuela, North Korea and Iran? If Bradley
Manning, the alleged source of WikiLeaks materials about the United
States government and military, had been a North Korean border guard or a
defector from Irans Revolutionary Guard Corps, how differently would
politicians and pundits in the United States have viewed him? Were a string
of whistle-blowing websites dedicated to exposing abuses within those countries
to appear, surely the tone of the Western political class would shift. Taking
into account the precedent President Barack Obama set in his first term in
office a clear zero tolerance approach toward unauthorized
leaks of classified information from U.S. officials we would expect
that future Western governments would ultimately adopt a dissonant posture
toward digital disclosures, encouraging them abroad in adversarial countries,
but prosecuting them ferociously at home.
_____
2 This dictum is commonly attributed to Stewart Brand, the
founder and editor of the Whole Earth Catalog, recorded at the first
Hackers Conference, in 1984.
3 While in the technical community the term hacker
means a person who develops something quickly and with an air of spontaneity,
we use it here in its colloquial meaning to imply unauthorized entry into
systems.
|