Last week, a federal judge ordered the shutdown of Wikileaks.org, a Web site on which government and corporate whistleblowers anonymously could post confidential documents with the purported aim of undermining “unethical behavior.”
The judge’s order was sparked by a Wikileaks posting of confidential records from Julius Baer Bank, a Swiss bank with a Cayman Islands branch. The anonymous poster claimed to be a former employee of the bank and said the documents were evidence of money-laundering and tax-evasion schemes. The bank filed suit against Wikileaks for defamation. They also tracked down the Web site’s hosting company, Dynadot, which agreed to yank Wikileaks from its servers, an agreement that the presiding judge wrote into the order.
The judicial shutdown of Wikileaks appears to be vulnerable to appeal on the grounds that it is a classic case of “prior restraint” on First Amendment rights, for which the Supreme Court set a very high bar in 1971 when it ruled against the federal government’s attempts to stop the New York Times from printing excerpts of a leaked report about America’s Vietnam War tactics and strategy.
Still, when it comes to information in the decentralized world of the Internet, it’s unclear how much judicial rulings from any jurisdiction matter, whether they are attempting to suppress the spread of information or upholding the right to publish. For instance, after word of the bank’s suit against Wikileaks spread online, people started downloading and distributing the leaked bank documents. Web users also continued to visit Wikileaks on the “mirror” sites on servers around the world that were untouched by the judge’s order, such as www.wikileaks.be.
Other attempts to control the flow of information online range from commercial Web site filter software to Pakistan’s decision earlier this week to try and block the video-sharing site YouTube because of content that includes images of the Prophet Mohammed that many Muslims deem blasphemous. It also raises the issue of whether legal privacy and confidentiality protections can be enforced in the digital age. Is free speech different online? For answers, we turned to Azer Bestavros, a professor of computer science and former department chair in the College of Arts and Sciences. In the summer of 2007, Bestavros served as an expert witness against a subpoena seeking the identity of BU students accused of illegal music file sharing by the Recording Industry Association of America (RIAA).
BU Today: The bank says the documents are confidential, the leak is illegal, and the publication amounts to defamation. But Wikileaks’ defenders says the First Amendment protects their right to publish these documents. Who has the better argument?
Bestavros: I’m not a lawyer. But it seems to me that the bank is caught between a rock and a hard place. They gave promises or guarantees to their customers on which they clearly cannot deliver. You expect a bank to have these confidentiality agreements and to be able to do follow-through. But in the digital age that we’re in, that’s almost impossible unless you don’t give your employees access or you don’t fire anybody who might want to take revenge.
It just reminds me so much of the RIAA debate over music sharing. How can you protect this content? You just do not fight this fight, because it’s impossible to stop content from being shared and disseminated. It was amazing how uninformed the judge who shut down Wikileaks was about how the Internet works. Actually, lawmakers in general often pass laws about the Internet that are either impossible to enforce or just uninformed.
In other words, the bank is out of luck?
Legally, they can go after this employee who leaked the documents, but they should also understand that once the information makes it to the Internet, it’s impossible to take it back.
It’s the same sort of thing, whether it’s companies or countries such as China, where they have a whole operation of people closing off Web sites and targeting IP addresses. They all think that you can control access to content. They’re sort of hanging on to this belief that you can do this. Sure, they can make it slightly harder for people to get the content. But in the same vein, just by making the attempt, you are in a sense making the content more available, because now everyone wants to see it. People who are very motivated to ensure the free flow of information online will take on the cause even though they have nothing to do with the original dispute. This is where the world’s going, and they are just going to have to deal with it.
So beyond this particular case, you think that no legislation or lawsuit will be able to quarantine information once it’s online?
I would predict that any such efforts would fail. It is possible, certainly, that if the lawmakers figure out ways to go after people who operate these mirror sites and punish them, the free flow of information will be restricted to make sure that it’s legal. But I doubt something like that will be possible. If there is a juicy story that people are interested in, it will find its way online. It’s impossible to punish millions of people. It’s impossible to police the whole Internet. I don’t think lawmakers understand how pervasive this technology is.
What does this mean for privacy as more and more of our lives — from medical records to private correspondence to tax returns — end up on a server somewhere?
The issue of privacy is a centerpiece of what we struggle with in computer science. It provides fantastic research opportunities. Banks, hospitals, and even the government are not using the right technology to store their content. If this fellow from the bank steals documents and puts them on the Web, the reason he or she can do that is because the document is not secured or encrypted. If it’s encrypted, there’s no way to publish it. Now, you’ll say, if the guy is inside the corporation, then he’ll have ways to decrypt. But there are ways in computer science where, for example, a single person cannot decrypt a document. It’s much more expensive; it requires changes in the infrastructure in which we work. It’s not that it’s impossible to keep information private; it’s that once it becomes public you cannot just remove it.
So what’s the solution?
Places like this bank should use much better technologies to protect their content. It’s very expensive and will take a long time.
It just shows how important the role of computer science is in educating the population so they can look at these promises of privacy and be able to assess them. I don’t think we’re doing a good job in this country of preparing students to understand technology and to be good users of it. For example, if a health insurance company uses new technology to protect medical records and advertises that service, it could gain a competitive advantage. But the reason this isn’t happening is because the population doesn’t understand this, and so they don’t demand it.
Until then, we have to accept that privacy is very hard to expect. For me, I’m at peace with it. Everybody is in the same boat.
Chris Berdik can be reached at firstname.lastname@example.org.