<nettime> The WikiLeaks Battle: Should Information Be Shared or Censored?

[nettime's avid reader <nettime {AT} kein.org>]

Published : December 08, 2010 in Knowledge {AT} Wharton
http://knowledge.wharton.upenn.edu/printer_friendly.cfm?articleid=2653


The WikiLeaks Battle: Should Information Be Shared or Censored?

Julian Assange, the Australian founder of WikiLeaks, the controversial 
website that has been posting classified government documents, is now being 
held without bail in the U.K., awaiting extradition to Sweden for 
questioning regarding an alleged rape. But sensational news aside, his 
site's recent release of confidential U.S. State Department cables has 
implications for businesses and corporations with sensitive information to 
shield, according to experts at Wharton and the University of Pennsylvania.

"WikiLeaks is a fascinating microcosm of a larger trend -- that the 
Internet allows freer flow of information, including things we want to be 
available and things we don't," says Wharton professor of legal studies and 
business ethics Kevin Werbach. While premeditated leaks and other types of 
unauthorized disclosures are nothing new, he adds, digital technology makes 
it much easier for "one disgruntled individual" to unleash massive troves 
of information almost instantaneously.  

For many, the WikiLeaks case has opened up a fundamental debate over 
privacy of information versus public access on the open web. In a column on 
The Guardian's website on December 6, John Naughton wrote: "The most 
obvious lesson [of the WikiLeaks case] is that it represents the first 
really sustained confrontation between the established order and the 
culture of the internet. There have been skirmishes before, but this is the 
real thing." Indeed, while Assange is behind bars, WikiLeaks and other 
"mirror sites" that have sprung up to distribute its material are 
threatening to release a code that would unleash more sensitive, uncensored 
data from governments and corporations if Assange is killed or convicted. 
On December 8, the site said the arrest would not stop it from posting new 
revelations, and WikiLeaks subsequently published a new set of cables about 
the British government's decision to release convicted Libyan Lockerbie 
bomber Abdel Baset Ali al-Megrahi.

For companies, the WikiLeaks case may ultimately serve as a parable on 
guarding sensitive information. Joseph Turow, professor of communication at 
the University of Pennsylvania's Annenberg School for Communication, says 
the State Department cables released by WikiLeaks, while controversial, are 
perhaps more well-thought-out than most internal corporate communications. 
"If I were a CEO, this would not make me feel comfortable. I would be very 
concerned that this would happen in my company," he says. "The cables that 
have been released look incredibly tame compared to the e-mail that people 
send around corporations."

Bad Publicity and Trade Secrets

Bruce Schneier, an author of books on cyber-security and founder of BT 
Counterpane, a security firm, argues that WikiLeaks rose up because of an 
excessive amount of classification of information and a weak press that 
"acts like a stenographer" for the government. He adds that the U.S. 
government is now experiencing what the music and entertainment industries 
have endured during the past several years -- digital distribution networks 
that sprang up as alternatives to the systems that recording labels and 
producers tried to control.

Although WikiLeaks has been disseminating information for 18 months, much 
of it about the Iraq and Afghanistan wars, Werbach notes that the state 
department communiqués seem to have raised the site's profile and generated 
a strong reaction. For example, credit card companies, PayPal and Amazon 
decided to cut off links that helped fund WikiLeaks, apparently under 
pressure from government officials. "It's dangerous when [the] government 
tells private companies that certain content should be kept off the 
network," he notes. It is also "reasonable for companies to be thinking 
about whether WikiLeaks crossed the line in its most recent disclosures."

Andrea Matwyshyn, Wharton professor of legal studies and business ethics, 
says society is struggling to find a balance between control of information 
and disclosures that may help the nation "better plot its own trajectory." 
Governments and corporations should focus less on WikiLeaks and more on the 
initial source of disclosures, she notes, because "once [information] goes 
out into the wild blue yonder of the Internet, getting it back from 
cyberspace is impossible."

Indeed, Australian Foreign Minister Kevin Rudd, who was identified as a 
"control freak" in the cables, says it is not Assange who is responsible 
for the unauthorized release of more than 200,000 diplomatic documents. 
"The bad people in this little exercise are the people who gave the 
information to him, because they are the people who breached the trust. 
They deserve to be chased and prosecuted," Rudd told reporters. Army Pfc. 
Bradley Manning has confessed in online chats that he downloaded classified 
documents from Army networks -- including U.S. State Department cables -- 
and gave them to WikiLeaks. He is being held at the U.S. Marine Corps brig 
at Quantico, Va. and faces 52 years in prison on charges of passing 
unauthorized information from military computers.

In addition to preventing bad publicity, Matwyshyn points to the importance 
of a proactive strategy to protect corporate trade secrets in the courts. 
She notes that a company does not really know if its information is a trade 
secret until it is forced to challenge a suspected violator in court. 
Rulings on whether a legitimate trade secret has been breached depend 
heavily on whether a company can prove that it valued a piece of 
intellectual property enough to take adequate steps to protect it from 
leaking outside the organization.

Companies "fail chronically" to establish a system-wide approach to the 
protection of information and rely, too often, on technology-based security 
solutions, Matwyshyn says. "They think that if they have a strong IT 
department they are covered. That's the wrong approach, because information 
flows need to be monitored not only through information technology, but 
holistically throughout the entire organization."

Wharton management professor Lawrence Hrbeiniak says that the WikiLeaks 
disclosures have prompted him to think about the strategic implications of 
outsourcing -- for better or worse. He notes that one WikiLeaks release was 
a so-called "hit list" of government and private sector facilities around 
the world -- including vaccine and essential medicines plants, mines and 
industrial facilities -- that, if attacked, could harm the U.S. population. 
"Outsourcing for governments and companies has benefits, but it also 
increases one's dependency [on] or vulnerability [to] those who control 
what the governments or companies need," he says. "WikiLeaks suggests this 
vulnerability for governments, but the same implications exist for 
companies. Extreme dependency on others can increase their power and 
control over us."

A 'Cyborg Dynamic'

Top managers need to have the mindset that information security is 
important and work collaboratively across internal divisions to 
preemptively plug sources of potential leaks, Matwyshyn and other experts 
say. In the case of the diplomatic cables, the State Department decided 
that for the sake of convenience, employees would be able to use thumb 
drives which resulted in "default permission" to copy materials, according 
to Matwyshyn. "And this person copied it and walked out the door."

Even employees restricted by confidentiality agreements break those 
contracts with results that can have ramifications beyond the employee-
employer relationship, Matwyshyn notes. Organizations that depend on 
keeping secrets need to develop systemic processes covering information 
sharing. She observes that a duality is taking place throughout business in 
approaches to corporate information. On the one hand, the rise of social 
media has made companies eager to embrace the Internet to connect with new 
customers and build a greater presence in communities. "For marketing 
purposes," Matwyshyn says, "technology and outreach is a boon." At the same 
time, she continues, a "cyborg dynamic" is developing. Companies are 
increasing the use of technology internally. As they become more 
mechanized, and less human, they rely on the integration of computer 
systems to secure sensitive information, which she notes "may or may not be 
operating optimally."

Matwyshyn argues that computer-based information systems need "human 
backstops" who are able to look at the larger picture of information 
security on an ongoing basis to determine where information flows are being 
used and where they might need to be redirected. She suggests corporations 
develop new systems for information sharing from the top down through the 
collaboration of the chief technology officer, chief security officer, the 
CEO and other officer-level positions. Working together, high-level 
executives should be able to develop integrated and thoughtful information 
sharing policies along with the corporate culture to enhance and enforce 
the rules. "These are decisions that need to come from the top and create a 
culture of information care within an organization -- not only for its own 
information but for the security of consumer information the organization 
possesses."

Businesses now possess huge amounts of customer data that is vulnerable to 
premeditated, as well as accidental, disclosure, Matwyshyn points out. 
Consumers, she notes, are growing increasingly alarmed about letters they 
receive from companies indicating that their private information has been 
breached. In the past decade, 45 states have created statutes requiring 
companies to notify consumers of the possibility that their secure 
information may have been breached. "The arrival of a widespread regime of 
law is unprecedented in its speed," she says, reflecting "a consumer outcry 
and heightened concerns over control." Consumers want to be able to share 
the information to gain better access to products and services, but they 
also want that information contained, leading to what academics call the 
"privacy paradox."

"Consumers are looking for a regime of trust and the ability to have some 
kind of input on their data usage. Essentially, [they want to] have a 
stronger contractual regime around the licensing of their information," 
says Matwyshyn, who adds that it is possible to imagine a time when 
companies would be liable for damages for lapses in protecting consumer 
information. "But consumers aren't really interested in seeking damages. 
They simply want to control their information."

It Boils Down to Trust

In the aftermath of the WikiLeaks furor, Pentagon and State Department 
officials have said some foreign officials now seem reluctant to trust U.S. 
officials. "We have already seen some indications of meetings that used to 
involve several diplomats and now involve fewer diplomats," said State 
Department spokesman P.J. Crowley. "We're conscious of at least one meeting 
where it was requested that notebooks be left outside the room."

According to Turow, there is a tension between the need for corporate 
executives to be able to communicate honestly and openly and the potential 
fallout if frank discussions are later revealed. He suggests highly 
sensitive matters should not be committed to writing or should have tight 
information controls. While companies can adopt best practices for 
information management, such as limits on the amount of material an 
individual can download, there is no technology to guard against a 
determined rogue individual. "In the end, it comes down to the trust of 
your employees. Their loyalty is what [counts]."

Werbach says the most recent WikiLeaks information releases reflect less 
focus on scandal than in the past. The cables, he notes, are mostly day-to-
day communications that are interesting, but do not seem to represent 
dangerous secrets. It is likely the U.S. government has more sensitive 
communications behind tighter security, he adds. Still, "the number of 
corporate laptops that are stolen and are not encrypted is truly 
frightening."

And while the volume of leaks of U.S. communications seems large, it is 
probably only a small fraction of the "daily chatter" in diplomatic 
networks, Werbach points out. He notes that high level discussions between 
the President and Chinese leaders or about nuclear strategy are likely 
protected by tight access. Any organization needs to prioritize the level 
of information it wants to protect and set up appropriate levels of 
security, he says. "You can't just put a cone of silence around 
everything."





#  distributed via <nettime>: no commercial use without permission
#  <nettime>  is a moderated mailing list for net criticism,
#  collaborative text filtering and cultural politics of the nets
#  more info: http://mail.kein.org/mailman/listinfo/nettime-l
#  archive: http://www.nettime.org contact: nettime {AT} kein.org