Wikileaks, the shadowy but seemingly genuine service for hosting leaked government and corporate documents, suffered a serious setback yesterday, when a US court forced their internet provider to remove their address records from their servers.
These DNS servers, which provide the essential link on the web of connecting the IP address that computers use to communicate with each other with the human-readable domain names we use to access the web, are essential to the functioning of a website. You can see in these links, to the IP address and wikileaks.org, that currently the site is only accessible by it’s computer address, 88.80.13.160.
The internets redundancy and resistance to any kind of damage, including censorship, has shown itself, as many large blogs and sites have provided links to the IP address of the site, and one imagines that wikileaks may even be experiencing normal, or higher traffic than usual. The takedown of the site was initiated by a US judge at the instigation of a Cayman Islands subsidiary of a Swiss bank, which was concerned about some documents related to their operations being released into the public domain. It’s not the first time that wikileaks have been threatened by banking institutions; they were also asked to remove some papers relating to the Northern Rock debacle, and refused.
Wikileaks’ careful anonymity has led many tech commenters, including openDemocracy friend Bill Thompson, to cast doubt on their operation, but hopefully this latest exposure will force them to become more rigorous, or at least open, in their sourcing and disclosure. The DNS shutdown, however, highlights and corroborates Bill’s concerns regarding wikileaks. It is obvious that they are susceptible to the same problems many websites (including openDemocracy) could face; their servers are hosted by a third party which is legally obliged to follow the instructions of the court. Hence, while the wikileaks database and its contents are presumably safe, and held on encrypted hard drives, the service itself is susceptible to disruption and, as was seen last year in the relatively high profile seizure of some of indymedia’s servers, this data could be obtained by the government.
Wikileaks claim that the data held on their servers is secure, and that submissions are anonymised by Tor, a piece of software/service which allows for anonymous, or at least untraceable communications across the web. The problems with this are that the governments (and corporate networks) keep traffic logs of much of the data going through their networks. While the data is currently secure, the possibility of a flaw being discovered in Tor, or other encryption methods, is not insignificant. History is littered with cryptographic systems that have been broken by third parties, and Tor has some well documented vulnerabilities already, the most significant being the requirement to trust the individual at the other end of your connection, or at least the person running what is called an exit node on the network .
This latest disruption of wikileaks will, I hope, expose some of the flawed thinking behind the site. By remaining anonymous (and for what appear to be very good reasons), the sites founders have formed an expectation that submitters will be accorded the same anonymity. Furthermore, they have compromised a fundamental tenet of trust on the internet; knowing who you are connected to and their agenda.
A great strength of the internet is that anyone can publish anything they choose. This has led to the exposure of the internal operations of many companies and governments, and, as noted above, the internets self-healing response to censorship means that stories that are covered up, such as the recent Chinese actor sex video scandal, only gain more views. It is only by assessing a source online through other services, such as the UK based Journa-list, the extensive discussion history of a Wikipedia article or the simpler, populist method of assessing a site based on the age of the domain and the traffic and links it receives, as Google and Alexa do, that a reader can assess the veracity of a work. Wikileaks provides no context or corroboration for content, and when asked about the potential for propaganda through the site, they can only point out that “it's hard to imagine it being more propagandist than most of the media today.”
The work of wikileaks is important, and the services that they have provided are undoubtedly crucial for activists, whistleblowers and citizens of oppressive regimes. However, the anonymity of the founders, and the technical inability of the site to guarantee security (and a very concerning lack of willingness to divulge the details of their security systems) mean that the site cannot be relied upon as a serious journalistic or news source, at least without external verification of the documents, which is impossible within the wikileaks architecture. These most recent attacks on the wikileaks infrastructure and servers, which have been conducted entirely through the legal system, show the weaknesses in using the web for complete anonymity and anonymous publishing.. In essence, the idea is wonderful, but in practice serves to highlight that, without context, information on the web is only as useful as the corroboration provided by the rest of the web.
