Blog

Hacking WikiLeaks’ Whistle: how attack based transparency ruins leaks

11 Aug , 2016  | by:

 Using the internet to publish leaked data made the news again in the last few weeks through global media coverage of WikiLeaks’ recently published  “Erdoğan emails”, belonging to Turkey’s ruling party, and the Democratic National Conference email archive. Both stories were framed as revealing hidden truths and promoting transparency through the ever-radical distributed publishing capacity of the internet.

However, these revelations stand out because they were not leaks; there were no whistleblowers. Instead, we see two occasions where WikiLeaks used material that was purloined by hackers outside of the target organisations, who then offered the data to WikiLeaks for publication. By accepting, WikiLeaks got hacked at its own game. The DNC and AKP disclosures provide some ‘scientific journalism’ for Assange of how and why hacking-to-leak falls short.

 

DNC

To put the first occasion in rather blunt language, a foreign government selected the Democratic National Convention as political target, digitally infiltrated that target, and then exposed its inner turmoil (ostensibly to sow discord or coverup a larger hacking program) by relying on WikiLeaks to make it public. Although the DNC was pwnd by having the material published, WikiLeaks was made pawn in the greater geopolitical games afoot.

There is now consensus among securityfirms, intelligence agencies, and marginally independent press that Russia’s security services (the FSB and GRU specifically) infiltrated the Democratic National Committee’s servers. Even Greenwald’s cabal at The Intercept suggest the potential for a false flag operation here is small. WikiLeaks published what was given to them by the source (FSB/GRU), while awaiting more material.

To be clear, we’re talking about the Russian State using WikiLeaks to forward Russian goals and afford plausible deniability. From this perspective it matters less what DNC internal emails said (we know the DNC didn’t like Bernie Sanders), and matters more who thought that information should become public and why. Or, the reality could be worse: what if the Russians judiciously changed a sentence or two in the emails for reasons that aren’t yet clear?

When confronted with the DNC story, we tend to understand it as radical transparency: new forms of involuntary networked data dissemination, spread without the consent or knowledge of whoever held the data. However, that definition does not consider questions of compulsion or autonomy of the action or motives of the disclosure. While these might not matter if ‘the truth’ is uncovered in the end, the reality of ‘truth’ in use is not that simple.

Even in the age of radical leaks on the internet, Alasdair Roberts points out, instantaneous and complete revelation of the truth remains impossible. Thinking otherwise assumes these radical disclosures reveal truths rather than just reconfigure what is visible.

More data will always reconfigure what is visible. Re-mediating data in new ways can re-reconfigure what is visible and add new effects. Think of linking up disparate data sets of health records and voting patterns for purposes of re-identification of supposedly anonymous data.

Leaking can’t find truth, it can only reconfigure what is visible. Thinking through that reconfiguration is key to the democratic and ethical decisions that surround radical disclosure and enable its effects. The AKP disclosure can further explain this.

AKP

In the AKP story, WikiLeaks’ disclosed data from the ruling AKP in Turkey, but the reality was not the story of censorship, and freedom of the press widely lauded online. Corporate media and even independent voices (including Edward Snowden) got this AKP-WikiLeaks story wrong, focussing on Turkey’s reaction rather than the content and how it was mediated into public view. The story is actually a story of a hacker using WikiLeaks to inadvertently ‘dox’ thousands of Turkish citizens.

The doxing story broke when well-known academic of Turkish origin Zeynep Tufekci wrote a piece for the Huffington post, that provided visibility to the doxing story, as well as the offending data. She summarised her thoughts in the tweet “Instead of “AKP emails”, Wikileaks dumped private info of ALMOST EVERY WOMAN in Turkey Yes.”

There was some truth to this. The hacker WikiLeaks’ relied on had compiled all the data he gathered from the AKP including lists of private information on thousands of people in Turkey, such as their political affiliation, gender, home addresses, etc. WikiLeaks linked to a database of that information on its social media feed as it began to publish the “Erdoğan emails”.

The seemingly authoritative account of what went (wr)on(g), and a notable and solitary public mea culpa is found through Michael Best. Tufekci has since updated her Huffington Post story to reflect a less accusatory angle.

Meanwhile, Turks point out that rather than exposing inner circles of power, almost all the emails hosted at WikiLeaks are to the AKP from normal citizens (asking about fixing potholes etc.).The visibility WikiLeaks brought to the coup in Turkey did not expose truth in the inner workings of the Erdogan camp. Instead, it offered radical visibility to politically divisive mass-data on Turkish citizens.

This visibility brought on Turkish citizens was mediated through the Huffington Post, Tufekci, WikiLeaks’ Twitter feed, the ‘hackers’ Michael Best and Phineas Fisher, and of course, the AKP. That chain leads to the same data yes, but the visibility each actor brought to the data reconfigured how and what was visible (to whom) in its own way, and to what political affect.

Both the DNC and AKP stories were dependent on a hacker soliciting information to WikiLeaks in a manner far from traditional whistleblowing. There are consequences to using hacking to elicit data from disclosure. Part of those consequences is a realisation about the political nature of disclosure, the political reality of managing visibility, and the democratic myth of transparency.


Hacking Leaks or Leaking Hacks?

At issue here is not the political value or virtu(e) of WikiLeaks, but how the reality of publishing hacked data dilutes the ethical licence for radical whistleblowers and publishers to act at all.

Reliance on hacking in the purpose of transparency is misguided. Such attack-based ‘transparency’ dilutes the ethical ground on which whistleblowing stands — and requires. Leaking always has a purpose — a motive that can be purely anarchical or more pointedly moral or political, but is always there.

Purposeful leaks by administrations exist. Journalists often rely on these as much as administrations do. Leakers that feel a moral, rather than political/instrumental call to disclose are commonly referred to as Whistleblowers.

Whistleblowing is traditionally framed as an altruistic and ethical action — an individual independently decides to create a public (information) good when there is democratic need. Whistleblowing helps solve what Harvard scholar Archon Fung, describes as the ‘defensive’ information problem: here leaks allows citizens to protect themselves against hidden actions of powerful organisations. However, as we saw above, WikiLeaks latest disclosures on the DNC in America and the AKP in Turkey, had the inverse effect.

These two stories reaffirm that even in the age of radical leaks on the internet, the instantaneous and complete revelation of the truth remains a pipe dream. Even in mass data leaks, disclosure will always be a selective, mediated and political act. Thus, the pertinent question remains who is smoking us up, and why?

In the murky world of digital hacks and networked disclosure, the axiom that data doesn’t lie is only a partial truth: data offers political and partial understanding, just like any other form of mediated content.

This is exactly the point Daniel Ellsberg advised Kissinger on when he informed Kissinger that his new security clearances came through. Yes you read that correctly. The man who ended up leaking the Pentagon Papers at one point was advising Henry Kissinger on the power of secrecy.

Ellsberg recounts that he told Kissinger that being given access to high-level secrets would make it very difficult to consider any other information outside of them. The irony of Ellsberg’s story comes full circle when it is Assange who both shares the Kissinger anecdote to justify WikiLeaks, and at the same time chooses to blindly publish hacked secrets.

Hacking?

WikiLeaks has always been coy about whether it solely relies on leakers volunteering material to be published. There is evidence that WikiLeaks siphoned documents off a Tor exit node, where, third parties unknown to WikiLeaks had their data (de)encrypted. WikiLeaks publicly claims that ‘somewhere between none and a handful’ of documents were published after being captured through this method. However, in a boastful 2007 email that was later leaked to cryptome.org, Assange wrote:

Hackers monitor chinese [SIC] and other intel as they burrow into their targets, when they pull, so do we.…Near 100,000 documents/emails a day. We’re going to crack the world open and let it flower into something new….We don’t even know a tenth of what we have or who it belongs to.

If the boast is to believed, WikiLeaks was siphoning up a lot of material without their ‘sources’ knowledge. Radically disclosing these documents, while not following the virtue of Whistleblowing, at least expressed a slightly more Machiavellian virtu of leaking via double-blind publishing: WikiLeaks could remain ‘blind’ to the identities and motivations of whomever is providing documents it would then ‘leak’, while whomever is transmitting these documents remained ‘blind’ to WikiLeaks’ plans of disclosure.

But the AKP and DNC disclosure cases were different. The normative democratic idea of leaks was upended. For the AKP disclosures, WikiLeaks lost control of its own exposition of AKP power by linking to data outside its own control. In the DNC case, WikiLeaks was used to forward goals of the Russian State by actively managing the visibility of a third party for reasons unknown. We can look to the ‘scientific journalism’ / research done by security folk unearthing what actually happened with the DNC and Michel Best’s acknowledgment regarding the AKP to show something is rotting the fruits of digital leaking.

Hacked data, while a seemingly unimpeachable ‘truth’ is, in use, not able to give the public complete insight, knowledge or create political truth. Rather than reveal truth, these disclosures reconfigure sociopolitical hierarchies in complex ways on the whims of hackers’ motives. These reconfigurations sometimes increase equity, sometimes decrease security, sometimes their effects remain unknown for the longue durée.

And to this last point, we can return to Ellsberg’s concluding warning to Kissinger about knowing secrets. It is one that Assange is less keen to quote, but may now be beginning to understand.

You’ll eventually become aware of the limitations of this [secret] information. There is a great deal that it doesn’t tell you, it’s often inaccurate, and it can lead you astray … But that takes a while to learn.

The extent the ethos of WikiLeaks was hacked last week is clear. The extent WikiLeaks can recover a position which claims to impact political ‘truth’ is not.

But, I give WikiLeaks the last word, which shows it knows enough to visibly manage that very perception:

 

A condensed version of this post first appeared in the Australian Institute of International Affairs “Outlook” publication via a Creative Commons Licence (CC BY 4.0) and may be republished or reworked with attribution.

, , , , ,


Leave a Reply

Your email address will not be published. Required fields are marked *