I just finished recording a podcast with Larry Lessig and the Berkman fellows about Wikileaks. It should be online within a day or two. In the meantime, we’ve been trying to simply nail down some of the facts surrounding the situation. We figured we’d share what we’ve gathered so far as a FAQ, and we’ll update it as we learn more or get corrections. Feel free to leave new questions in the comments and we’ll aim to work those in too.
What is Wikileaks?
Wikileaks is a self-described “not-for-profit media organization,” launched in 2006 for the purposes of disseminating original documents from anonymous sources and leakers. Its website says: “Wikileaks will accept restricted or censored material of political, ethical, diplomatic or historical significance. We do not accept rumor, opinion, other kinds of first hand accounts or material that is publicly available elsewhere.”
More detailed information about the history of the organization can be found on Wikipedia (with all the caveats that apply to a rapidly-changing Wiki topic). Wikipedia incidentally has nothing to do with Wikileaks — both share the word “Wiki” in the title, but they’re not affiliated.
Who is Julian Assange and what is his role in the Wikileaks organization?
Julian Assange is an Australian citizen who is said to serve as the editor-in-chief and spokesperson for Wikileaks since its founding in 2006. Previously he’d been described as an advisor. Sometimes he is cited as its founder. The media and popular imagination currently equate him with Wikileaks itself, with uncertain accuracy.
In 2006, Assange wrote a series of essays which have recently been tapped as an explanation of his political philosophy. A close reading of these essays shows that Assange’s personal philosophy is in opposition to secrecy-based, authoritarian conspiracy governments, in which category he includes the US government amidst many others not conventionally thought of as authoritarian. Thus, as opposed to espousing a philosophy of radical transparency, Assange is not “about letting sunlight into the room so much as about throwing grit in the machine.” For further analysis, check out Aaron Bady‘s original blog post.
Why is Wikileaks so much in the public eye right now?
At the end of November 2010, Wikileaks began to slowly release a trove of what it says are 251,287 diplomatic cables acquired from an anonymous source. These documents came on the heels of the release of the “Collateral Murder” video in April, and Afghan and Iraq War Logs in July and October, which totaled 466,743 documents. The combined 718,030 are said to originate from a single source, thought to be U.S. Army intelligence analyst Pfc. Bradley Manning, who was arrested in May 2010, but that’s not confirmed.
Has Wikileaks released classified material in the past?
Yes, under an evolving set of models.
Berkman Fellow Ethan Zuckerman has some interesting thoughts on the development of Wikileaks and its practices over the years, which will be explained in greater detail when the Berkman Center podcast is released later this week. In the meantime, here’s a capsule version.
Wikileaks has moved through three phases since its founding in 2006. In its first phase, during which it released several substantial troves of documents related to Kenya, Wikileaks operated very much with a standard wiki model: the public readership could actively post and edit materials and had a say in the types of materials that were accepted and how such materials were vetted. The documents released in that first phase were more or less a straight dump to the Web: very little organized redacting occurred on the part of Wikileaks. Wikileaks’ second phase was exemplified with the release of the “Collateral Murder” video in April of 2010. The video was a highly curated, produced and packaged political statement. It was meant to illustrate a political point of view, not merely to inform. The third phase is the one we currently see with the release of the diplomatic cables: Wikileaks working in close conjunction with a select group of news organizations to analyze, redact and release the cables in a curated manner, rather than dumping them on the Internet or using them to illustrate a singular political point of view.
What news organizations have access to the diplomatic cables and how did they get them?
According to the Associated Press, Wikileaks gave four news organizations (Le Monde, El Pais, The Guardian and Der Spiegel) all 251,287 classified documents. The Guardian subsequently shared their trove with The New York Times.
So have all 251,287 documents been released to the public?
No. Each of the five news organizations is hosting the text of at least some of the documents in various forms with or without the relevant metadata (country of origin, classification level, reference ID). The Guardian and Der Spiegel have performed analyses of the metadata of the entire trove, excluding the body text. The Guardian’s analysis is available for download from its website.
Wikileaks itself has released (as of 1:06pm on 7 December 2010) 1095 documents out of the total 251,287. The Associated Press has reported that Wikileaks is only releasing cables in coordination with the actions of the five selected news organizations. Julian Assange made similar statements in an interview with Guardian readers on 3 December 2010. Cables are being released daily as the five news organizations publish articles related to the content.
Are each of the five news organizations hosting all the documents that Wikileaks has released?
No. Each of the five news organizations hosts a different selection of the released documents, in different forms, which may or may not overlap. It’s not clear how much they’re coordinating on releasing new documents, since each appears to have a full set.
How are the five news organizations releasing the cables?
Le Monde hosts an application, developed in conjunction with Linkfluence, which host the searchable text of several hundred cables. The text can be searched by the sender (either country of origin, office or official), date range, persons of interest cited in the docs, classification status, or any combination of the above. Only the untranslated, English text of the cables can be accessed and there is no cut-and-paste available.
El Pais offers access to over 200 cables, available in the orginal English or in Spanish translation, searchable by country of origin and key terms and subjects (such as “Google and China”). These searches also return El Pais articles written on a given subject (often places ahead of the cables in the search listings). They also offer a “How to read a diplomatic cable” feature, explaining what all the abbreviations and and technical verbage mean in plainspeak, posted on 28 November 2010.
The Guardian offers the cable data in several forms: they have performed an analysis of metadata of the entire 251,287 document trove, and made it available in several forms (spread sheets hosted on Google Docs and in downloadable form) as well as infographics.
The Guardian also hosts at least 422 cables on their website, searchable by subject, originating country and countries referenced.
The New York Times hosts what it calls a
selection of the documents from a cache of a quarter-million confidential American diplomatic cables that WikiLeaks intends to make public starting on Nov. 28. A small number of names and passages in some of the cables have been removed by The New York Times to protect diplomats’ confidential sources, to keep from compromising American intelligence efforts or to protect the privacy of ordinary citizens.
The documents are not searchable and are organized by general subject.
Who is responsible for redacting the documents? What actions did Wikileaks take to ensure that individuals were not put in danger by publication of the documents?
According to the Associated Press and statements released by Wikileaks and Julian Assange, Wikileaks is currently relying on the expertise of the five news organizations to redact the cables as they are released, and is following their redactions as it releases the documents on its website. (This cannot be verified without examining the original documents, which we have not done — nor are we linking to them here.) According to the BBC, Julian Assange approached the US State Department for guidance on redacting the documents prior to their release. One can imagine the dilemma for the Department there: assist and risk legitimating the enterprise; don’t assist and risk poor redaction. In a public letter, Harold Koh, legal adviser to the Department of State, declined to assist the organization and demanded the return of the documents.
The Los Angeles Times reported that Wikileaks has directly released at least one cable describing a U.S. Department of Homeland Security list of sensitive overseas facilities:
The Department of Homeland Security list on overseas sites, known as the Critical Foreign Dependencies Initiative, includes oil and gas pipelines, telecom cables, rare-metal and other mines, military contractors, ocean navigation chokepoints, and such obscure facilities as an Australian laboratory described as the sole supplier of Crotalid Polyvalent Antivenin — an antidote to rattlesnake venom.
The list, “whose loss could critically impact the public health, economic security, and/or national and homeland security of the United States,” according to the leaked cable that contained it, is maintained by the Department of Homeland Security, which was seeking to update it in February 2009 by getting recommendations from State Department diplomats.
American officials have denounced the apparent release of the list, and it’s not clear that the document has been made available by any of the five newspapers possessing copies of all the cables.
If you’re willing to part with your email address, you can find out from stratfor.com why they think that
[s]uggestions that a list of critical infrastructure released by WikiLeaks helps terrorists drastically underestimate transnational terrorists’ capabilities and sophistication when it comes to target selection.
Are the documents hosted anywhere else on the Internet? What is the “insurance” file?
In late July 2010, Wikileaks is said to have posted to its Afghan War Logs site and to a torrent site an encrypted file with “insurance” in the name. The file, which apparently can still be found on various peer-to-peer networks, is 1.4 gigabytes and is encrypted with AES256, a very strong encryption standard which would make it virtually impossible to open without the password. What is in the insurance file is not known. It has been speculated that it contains the unredacted cables provided by the original source(s), as well as other, previously unreleased information held by Wikileaks. There is further speculation, which has been indirectly boosted by Julian Assange, that the key to the file will be distributed in the event of either the death of Assange or the destruction of Wikileaks as a functioning organization. However, none of these things is known. All that is known for sure is that it’s a really big file with heavy encryption that’s already in a number of people’s hands and floating around for others to get.
What happens if Wikileaks gets shut down? Can it be shut down?
It depends on what’s meant by “Wikileaks” and what’s meant by “shut down.”
Julian Assange has made statements suggesting that if Wikileaks becomes non-functional as an organization then the key to the encrypted “insurance” file will be released. The actual machination of how such a “dead man’s switch” would operate is not known. If the key were released, and if the encrypted insurance file contains unredacted and unreleased secret documents, then those decrypted files would be available to many people nearly instantaneously. Wikileaks claimed in August that the insurance file had been downloaded over 100,000 times.
Wikileaks apparently maintains a small paid staff — who and where is not exactly on a “people” page, though there used to be a physical PO box in Australia where documents could be sent — and is additionally supported by volunteers, speculated to be at most a few thousand. So, would it be possible for a motivated organization to disrupt its real-world infrastructure? Yes, probably. However, at this point, it is not practical to recover the information the organization has already distributed (which includes the entire trove of diplomatic cables to the press as well as whatever is in the encrypted insurance file), as well as any other undistributed information the organization might seek to release. So in terms of the recovery of leaked information, the downfall of Wikileaks as an organization would matter little.
Furthermore, there appear to be currently over a thousand sites mirroring Wikileaks and its content. Wikileaks has made available downloadable files containing its entire archive of released materials to date.
On a more technical level, the Wikileaks website can come under attack, and its means of collecting money can be made much more difficult.
Why did wikileaks.org stop working as a way to find the site?
For a traditional website to work it will want a domain name like website.com, so people can find it. Those domain names can stop working for any number of reasons. One commonly assumed action for Wikileaks is that ICANN, the Internet Corporation for Assigned Names and Numbers that manages certain top-level protocol and parameter assignments for the Internet, intervened. It did not.
A little technical discussion to explain why: The domain name system (“DNS”) is hierarchical, and its zones are exclusive of one another rather than inherited (save for the lateral mirroring among the twelve root zone servers). The root zone orchestrated by ICANN is a very small file — just a mapping between each top-level domain like .org or .ch (“TLD”) and the IP address(es) of the servers designated to say more about that TLD (one server, not in ICANN’s hands, keeps track of names under .org, one for names under .ch, etc.). You can see a user-friendly version of the file here, with the Swiss name servers described here. The info you see there is what ICANN can directly change — and that only for its own root zone servers (B, L, and sort-of A), hoping to have it mirrored by the others; map below the fold here.
So for those servers, ICANN could all-or-nothing delete .ch, which means for those drawing TLD info from the ICANN roots they’d eventually (depending on caching of previous info) cease finding the nic.ch server(s) in Switzerland through which to resolve any .ch name. But there’s no way to express in the TLD zone something like “go to nic.ch for every domain name under .ch except wikileaks.ch.” And if .ch were ditched, the mirroring root servers would likely balk at mirroring that elision, and ISPs using B, L, and A to resolve TLDs would just turn to other root zone servers — or hard code in the last known IP address for nic.ch as the place to go for .ch names.
I guess a too-crafty-by-half solution would be to mirror everything in the .ch zone to a new .ch server run by ICANN, then delete wikileaks.ch’s info from that server’s files, then redirect the root zone to the new server instead of the old. That would work for about five minutes. After that, increasing chaos as Swiss webmasters made changes to their .ch names in the “official” nic.ch registry only to find them not reflected for those users unlucky enough to be rerouted to ICANN’s snapshot mirror. At which point the mirror roots (and the ISPs) awaken to the deception and take action a la the preceding graf.
Note that wikileaks.org went down not because of anything done to its DNS entry within the list kept by the registry* that minds the list of .org domains. Instead, the name server to which its entry pointed was attacked by unknown parties — DDOS’d — and EveryDNS, the operator of the name server, chose to stop answering queries about wikileaks in the hopes that the DDOS would stop. (Apparently it did.) EveryDNS is not to be confused with EasyDNS, which is a separate company that isn’t involved in the situation! [Update 12/9/10: Wired reports that EasyDNS is now assisting Wikileaks as a result of being confused with EveryDNS; “We’ve already done the time; we might as well do the crime,” said its CEO.]
If a domain name doesn’t work, a website can try to register and maintain another domain name, or it can just use a direct IP address — a number — to be found. A website also needs hosting, and Wikileaks has apparently had to shift its hosting at least once after being dropped by a chosen provider: Amazon’s commodity hosting service shut down the site for terms of service violations after being contacted by U.S. Senator Joseph Lieberman.
(added 9 December 2010)
Is Wikileaks breaking US law by receiving and releasing the cables and other classified material?
Good question. There are laws that penalize the release of classified information, but they’ve generally been applied to someone — such as a government official — entrusted with the information who then leaks it or gives it to an enemy — Aldrich Ames was a CIA officer who gave information to the Soviets, and Army soldier Bradley Manning is currently under arrest for claimed involvement in passing information to Wikileaks. Ames was charged under a part of the “ Espionage Act,” 18 U.S.C. 794, “Gathering or delivering defense information to aid foreign government.” Manning was charged under the Uniform Code of Military Justice; there’s a helpful summary of what provisions have been applied here.
So what about Wikileaks? There are some provisions of the Espionage Act that might apply — 18 U.S.C. 793 is about “gathering, transmitting, or losing defense information,” and it criminalizes the act of “obtaining” a document “connected with the national defense” if done “for the purpose of obtaining information respecting the national defense with intent or reason to believe that the information is to be used to the injury of the United States, or to the advantage of any foreign nation.” 18 U.S.C. 798 on classified information might also apply.
The former section was invoked in the famed “Pentagon Papers” case, where the government sought to prevent continuing publication of a classified history of the Vietnam War authored by the government and leaked to the Times by Daniel Ellsberg, a former military analyst who was employed by the RAND Corporation at the time. The Times prevailed in the Supreme Court, which issued a brief and unenlightening “per curiam” opinion accompanied by more detailed concurring opinions, none of which garnered a majority of the Justices’ votes. One reading of the outcome of the case is that the Pentagon Papers themselves weren’t deemed so sensitive — so damaging to the national security — that once leaked to the Times the Times could be ordered not to share them. Rather, the Times could share them and then face whatever consequences the government might bring to bear. But once the papers were published, the government did not seek to prosecute the Times, both because its behavior isn’t a great fit with the statute(s), because the First Amendment might be found to trump the statutes, and because there are political difficulties with making an enemy of the press.
A separate criminal case under section 793 against Ellsberg as the leaker is a more natural fit with the statute, and it was brought — but it evaporated amidst revelations of illegal government wiretaps against him.
So, what about Wikileaks? Its position may be roughly equal to that of The New York Times or any of the other four news organizations currently hosting copies of the cables. Indeed, the prospect has been raised that the Times should face prosecution. Perhaps here the balance of the news value of the cables versus the harm caused by their release is less helpful to the intermediaries like the Times and Wikileaks. And Assange’s own statements, described above, about the purpose of Wikileaks — to bring down what he sees as corrupt governments rather than merely to inform the public — might establish a needed intent to harm the government that a “regular” newspaper arguably lacks. The Justice Department has also stated that it is exploring options other than the Espionage Act, including “conspiracy or trafficking in stolen property,” under which to indict Julian Assange. That would look closely at the levels of cooperation and encouragement between Wikileaks and any government leakers; something more than the prototypical “small brown envelope” appearing on Wikileaks’s (or the Times’s) doorstep could be enough to say that a leaker like Manning and an intermediary like Wikileaks are engaged in a criminal enterprise together — and anything done wrong by one can be attributed to the other. (The classic example is the driver of a getaway car in the bank robbery being held responsible for the shooting of a bank employee inside as if he or she had pulled the trigger.)
Of course, even a prosecution with a good chance of success would face tricky political questions — does arrest and prosecution make Assange and Wikileaks underdog heroes? Traditionally prosecutors have not applied the Espionage Act’s broad proscriptions to the press, and this may make sense given the frequency with which high-level government officials intentionally leak information to the press — it’d be strange to leak the information and the prosecute the press for publishing it, or worse, only prosecute the press when one isn’t the leaker.
Wikileaks has indicated that its next leak will be of private sector information: the private records of a large bank or BP, for example. If that is true, releasing such information could be a breach of trade secret or copyright law. There, civil cases could be brought by the organizations originally holding the records, or even perhaps private torts cases by those whose privacy might be invaded.
A final note: Bills have been introduced in both the House and the Senate that would overtly criminalize the publication of the “names of military or intelligence community informants.” These are being played as “anti-Wikileaks” bills, but because they would specifically criminalize publication, they attack news organizations and Wikileaks equally.
What is Operation Payback? Who is “Anonymous”? What is a distributed denial of service attack (DDOS)?
Operation Payback began in September 2010 as a coordinated retaliation to actions taken by the MPAA, RIAA, and other groups against file sharing sites such as The Pirate Bay and BitTorrent search engines. In some cases, it was in response to DDOS attacks targeted at file-sharing sites, such as those launched by Aiplex Software against sites hosting pirated copies of Bollywood films. In others, the triggers were statements made by individuals that were considered hostile to file sharing services or their users, such as those made by KISS bassist Gene Simmons. Internet security consulting firm Pandalabs reported that by October 7, 2010, the total downtime for copyright-related websites targeted by Operation Payback was 537 hours and 55 minutes.
Operation Payback has since evolved to include attacks against those organizations perceived to be taking actions harmful to Wikileaks. Targets appear to include Mastercard, Amazon, Paypal, PostFinance, and the Swedish Prosecution Authority, among others. (Wikileaks, too, has suffered denial of service attacks. You can see an account of these and other attacks at the Pandalabs blog.)
The group associated with Operation Payback is known as “Anonymous,” a “loose coalition” of internet users, associated with the image board 4chan and a handful of other forums and wikis. Because of this most recent and very high profile campaign, they’ve attracted significant media attention from The Guardian, the New York Times, the BBC, and the Wall Street Journal, among others.
In this particular wave, Anonymous is using a tool known as a distributed denial of service attack , or DDOS. During a DDOS attack, an attacker will generate, either via the use of proxy machines or an automated program, a flood of “pings” or requests to the targeted site. The server essentially has a meltdown, unable to respond to the many, many requests for information and is rendered unable to serve the page to the legitimate user requests. In most cases, a DDOS attack is effected through the use of innocent machines which have been previously been infected and are part of a botnet or zombie army, without the knowledge of their owners. It is unclear whether or not Anonymous is using an all-volunteer botnet with motivated Internet users adapting such tools as the colorfully named “Low Orbit Ion Cannon,” or whether some machines are being used without their owners’ permission as would happen with a traditional botnet. You can see the Internet Storm Center’s analysis of the DDOS tool here.
There’s at least one rumor circulating that Anonymous is shifting its tactics away from DDOS.
First Amendment and prior restraint issues aside, does the US government have any legal authority to arbitrarily shut down a website? Is there any precedent for the US government shutting down websites?
The US government has previously taken action to seize domain names and thus render the associated websites practically unavailable on the Internet, most recently with the November 30 “Cyber Monday” seizure of about 80 websites thought to be involved in the sale of counterfeit goods. “Operation In Our Sites II” was an effort of the Department of Homeland Security’s Immigration and Customs Enforcement.
So far there is no indication that a government has attempted to overtly seize the Wikileaks.org domain name. Rather, it appears as though Wikileaks’s troubles are arising from political pressure, claimed TOS violations, and DDOS attacks (actual or threatened) arising from non-governmental sources.
For more on the role of intermediaries with regard to the hosting and operations of Wikileaks, you might read Rebekah Heacock’s analysis of the situation over at ONI.
What is the relationship between Wikileaks and the Wikimedia Foundation?
There is no connection between Wikileaks, the Wikimedia Foundation or other “Wiki-” organizations. The Wikimedia Foundation does not own the Wikileaks.org domain name. “Wiki” is a descriptive term, not a trademark, and does not indicate any relationship between the two entities.
What is a mirror? What are the risks of running a mirror site?
A mirror is a site which hosts a copy of data on another site. There are currently appear to be over a thousand sites mirroring both the Wikileaks main site and its diplomatic cables site.
The legal risks of mirroring the Wikileaks content may at first glance track the risks of hosting the original content, particularly if the mirroring is done with the intention of preserving the specific contents of the mirrored site.
For that matter, participating in a DDOS attack runs afoul of the law in multiple jurisdictions.