As is often the case with its founder’s outbursts, WikiLeaks’ outraged response to the Guardian’s use of the password to the unredacted version of its US diplomatic cables dump – as a chapter heading in a book – is ironic on several levels.
In a case raised by Index on Censorship late last year, WikiLeaks deleted the name of a dissident author who had secretly spoken with US diplomats, but left in the giveaway title of one of his books, used …as the chapter heading.
We raised it as an example of WikiLeaks lacking the background knowledge needed to properly spot risks to cited individuals. But as was also noted, this was asking a lot of a small volunteer-based organisation.
In that case it was knowledge of books written by obscure dissident academics in small dictatorships. Obscure to WikiLeaks volunteers, that is. Calling in journalists and local activists with broader skills was a good idea. It even made sense on that basis to ask the US government for help in redacting documents stolen from them.
I feel sympathy for the Guardian’s great investigative journalist David Leigh, whose own lack of knowledge in one particular field – passwording protocols and de-encryption – seems to have earned him much of the blame for the ’disastrous’ release of all 251,287 diplomatic cables in unredacted form.
In recent years the means of secure communications has become dominated by technical ‘solutions’ at the expense of people-centric security measures. I am not technically illiterate. I can write a PHP script or patch a bit of code, but I still struggle with a lot of these systems.
The current over-reliance on encryption fails to take into account human fallibility. It only takes one person in the circle to misunderstand the instructions and not only is everyone busted, no-one knows until the bad guys act on it.
One dictatorship which broke a communications line of ours this way last year may have waited weeks before showing its hand. It was bluntly done when they did, even though nobody was jailed. The achieved aim was to intimidate, demoralise and spread suspicions among the blameless.
To me the current rack of encryption tools may be too complex, certainly not intuitive enough, for non-expert users to use confidently. Especially when the penalty for a bad installation or a late upgrade can be 20 years in prison. To some of the inventors of such solutions this is our fault for being, well, stupid. But they come from a community not exactly known for their people skills.
I preferred the early days of such communication in the run up to the Kosovo War, when we evaded Rade Markovic’s secret police by use of steganography, which hides secret messages inside an otherwise dull and inoffensive image.
It was easily cracked, but that wasn’t the point. The point was to pass the loaded images across networks where dull holiday photos are normally exchanged. (If you still had to be furtive you hid messages in the kind of pictures shared on the kind of legal but embarassing websites where furtiveness is normal, even expected…)
The idea was, as the spies say, to hide in plain sight. Being furtive only meant you were worth extra surveillance.
But with the kind of anonymising browsers then coming on line, and the new encryption systems that followed, the emphasis shifted to protecting the privacy of the message instead of obscuring the fact that messages were being sent at all.
Logging in to secure communications became a kind of public declaration of furtiveness. Years later a new system, Telex, is looking at reversing the model but is barely into test phase. And it still doesn’t address the basic problem, that technological solutions do not solve human problems.
Looking back over nearly 40 years of careful collection and republication of covertly provided banned documents by Index on Censorship, you see right away that the process is not technical at all, but about protective, supportive, sustaining relationships between people who give and receive information in secret.
Journalists understand this. More relevantly perhaps, so do spies, especially those in the business of ‘running’ agents in hostile, dangerous environments. The literature of espionage has lots to say about the ‘tradecraft’ of covert information exchange. It is as much about the psychology of relations as it is about using invisible ink.
As Salon’s Glenn Greenwald writes, “the acts of deliberate evil committed by the world’s most powerful factions which (WikiLeaks) has exposed vastly outweigh the mistakes which this still-young and pioneering organisation has made.”
But once WikiLeaks stopped being an anonymous dead letter drop and started mediating in the use of that dropped content, it started down the path to ever greater and more direct responsibility for its whistleblowers.
Index on Censorship chief executive John Kampfner said yesterday: “Sites such as WikiLeaks will continue to emerge, and will have an important role to play. But they should be operated with a great duty of care, both to whistleblowers and to individuals who may find themselves in danger after irresponsible leaks of diplomatic, intelligence or other material.“
The true successor to WikiLeaks will find that protecting the people that provide the information that gives their work a point adds up to more than just lines of code.