Data war

I was going to wait a while longer to see what happens before making any comment on the whole Wikileaks debacle which has been dominating the news within the last week or so, but it appears that some of my contemporaries seem to have a sufficiently irrational view on this that I might as well make an opinion known.

My opinion on Wikileaks itself up to this time has been that I thought they were doing important work in the public interest, helping to highlight corruption and misdeeds such as violations of international laws, human rights abuses and financial fraud.  If we are to have any hope that the world of the future will be a more civilised one than the world of the past then information of this kind - unpleasant or embarrassing though it may be - does need to be brought to public attention and not remain hidden from view or be permitted to be erased from the history books.  In a properly functioning democracy, this is the function of whistle blowers and investigative journalists.

For a summary of Wikileaks and the motivations behind it, there's an instructive speech given by Jacob Applebaum at the HOPE conference.



However, since the takedown of Wikileaks what has been described as a "data war" has ensued against the various companies involved, such as Paypal and Visa.  Foolishly, even people who ought to know better are apparently supporting this kind of vigilante action, and in the BBC article even a Wikileaks spokesperson seems to be at least tacitly supporting it.

First of all, voluntarily downloading any sort of botnet program onto your computer is a really bad idea.  No really, I can hardly emphasise strongly enough how idiotic this is.  Are you sure that you know what that program contains?  Did you check the source code and compile it yourself, or is it just a binary?  Apart from attacking web sites - which is of course totally illegal - what other things might that program be doing on your computer?  Remember that malware developers are opportunists, and sometimes actively exploit news events.  Do you have any credit or debit cards, and if so is it really in your rational self-interest to attack companies which facilitate payments of this kind?  Is attacking web sites likely to help or hinder Wikileaks, or whistle blowers in general?

So to anyone who is tempted to join "operation payback", or encourage others to join, I would seriously advise you to think more carefully.  Boycott or civil disobedience campaigns are a better way of expressing displeasure than engaging in overt criminality.  I think it's a major error of judgement of anyone claiming to represent Wikileaks not to unambiguously condemn DDOS attacks on web sites at the earliest available opportunity.

Going beyond the current headlines, and regardless of what may or may not be the fate of Wikileaks, occasional and sometimes large scale leaks of information from companies or governments - sometimes by accident rather than by design - is likely to remain as a feature of the landscape.  This is really just a function of the increasing density of data storage and internet bandwidth.  Probably there will be some attempt to improve technical security and security procedures within governments and other large organisations, but technical measures alone won't prevent a determined insider from leaking information, although they may influence the volume of such disclosures.

One way in which organisations can respond to the threat of leaks is simply to become more transparent, with public disclosure as the default behavior whilst only guarding the most sensitive information.  An early example is data.gov.uk.  From the leaked diplomatic correspondences it's pretty clear that there exists a needless culture of secrecy, and that many of the documents have been gratuitously classified more out of habit than due to any good reason.

Also see 2600 Magazine condemns DOS attacks.