BU Today

Science & Tech

Don’t Mess with Wiki

BU prof says controlling online content will fail

18
AzerInOffice.jpg

“It’s impossible to police the whole Internet,” says Azer Bestavros, a CAS professor and former chair of computer science. Photo courtesy of Azer Bestavros

Last week, a federal judge ordered the shutdown of Wikileaks.org, a Web site on which government and corporate whistleblowers anonymously could post confidential documents with the purported aim of undermining “unethical behavior.”

The judge’s order was sparked by a Wikileaks posting of confidential records from Julius Baer Bank, a Swiss bank with a Cayman Islands branch. The anonymous poster claimed to be a former employee of the bank and said the documents were evidence of money-laundering and tax-evasion schemes. The bank filed suit against Wikileaks for defamation. They also tracked down the Web site’s hosting company, Dynadot, which agreed to yank Wikileaks from its servers, an agreement that the presiding judge wrote into the order.

The judicial shutdown of Wikileaks appears to be vulnerable to appeal on the grounds that it is a classic case of “prior restraint” on First Amendment rights, for which the Supreme Court set a very high bar in 1971 when it ruled against the federal government’s attempts to stop the New York Times from printing excerpts of a leaked report about America’s Vietnam War tactics and strategy.

Still, when it comes to information in the decentralized world of the Internet, it’s unclear how much judicial rulings from any jurisdiction matter, whether they are attempting to suppress the spread of information or upholding the right to publish. For instance, after word of the bank’s suit against Wikileaks spread online, people started downloading and distributing the leaked bank documents. Web users also continued to visit Wikileaks on the “mirror” sites on servers around the world that were untouched by the judge’s order, such as www.wikileaks.be.

Other attempts to control the flow of information online range from commercial Web site filter software to Pakistan’s decision earlier this week to try and block the video-sharing site YouTube because of content that includes images of the Prophet Mohammed that many Muslims deem blasphemous. It also raises the issue of whether legal privacy and confidentiality protections can be enforced in the digital age. Is free speech different online? For answers, we turned to Azer Bestavros, a professor of computer science and former department chair in the College of Arts and Sciences. In the summer of 2007, Bestavros served as an expert witness against a subpoena seeking the identity of BU students accused of illegal music file sharing by the Recording Industry Association of America (RIAA).

BU Today: The bank says the documents are confidential, the leak is illegal, and the publication amounts to defamation. But Wikileaks’ defenders says the First Amendment protects their right to publish these documents. Who has the better argument?
Bestavros: I’m not a lawyer. But it seems to me that the bank is caught between a rock and a hard place. They gave promises or guarantees to their customers on which they clearly cannot deliver. You expect a bank to have these confidentiality agreements and to be able to do follow-through. But in the digital age that we’re in, that’s almost impossible unless you don’t give your employees access or you don’t fire anybody who might want to take revenge.

It just reminds me so much of the RIAA debate over music sharing. How can you protect this content? You just do not fight this fight, because it’s impossible to stop content from being shared and disseminated. It was amazing how uninformed the judge who shut down Wikileaks was about how the Internet works. Actually, lawmakers in general often pass laws about the Internet that are either impossible to enforce or just uninformed.

In other words, the bank is out of luck?
Legally, they can go after this employee who leaked the documents, but they should also understand that once the information makes it to the Internet, it’s impossible to take it back.

It’s the same sort of thing, whether it’s companies or countries such as China, where they have a whole operation of people closing off Web sites and targeting IP addresses. They all think that you can control access to content. They’re sort of hanging on to this belief that you can do this. Sure, they can make it slightly harder for people to get the content. But in the same vein, just by making the attempt, you are in a sense making the content more available, because now everyone wants to see it. People who are very motivated to ensure the free flow of information online will take on the cause even though they have nothing to do with the original dispute. This is where the world’s going, and they are just going to have to deal with it.

So beyond this particular case, you think that no legislation or lawsuit will be able to quarantine information once it’s online?
I would predict that any such efforts would fail. It is possible, certainly, that if the lawmakers figure out ways to go after people who operate these mirror sites and punish them, the free flow of information will be restricted to make sure that it’s legal. But I doubt something like that will be possible. If there is a juicy story that people are interested in, it will find its way online. It’s impossible to punish millions of people. It’s impossible to police the whole Internet. I don’t think lawmakers understand how pervasive this technology is.

What does this mean for privacy as more and more of our lives — from medical records to private correspondence to tax returns — end up on a server somewhere?

The issue of privacy is a centerpiece of what we struggle with in computer science. It provides fantastic research opportunities. Banks, hospitals, and even the government are not using the right technology to store their content. If this fellow from the bank steals documents and puts them on the Web, the reason he or she can do that is because the document is not secured or encrypted. If it’s encrypted, there’s no way to publish it. Now, you’ll say, if the guy is inside the corporation, then he’ll have ways to decrypt. But there are ways in computer science where, for example, a single person cannot decrypt a document. It’s much more expensive; it requires changes in the infrastructure in which we work. It’s not that it’s impossible to keep information private; it’s that once it becomes public you cannot just remove it.

So what’s the solution?
Places like this bank should use much better technologies to protect their content. It’s very expensive and will take a long time.

It just shows how important the role of computer science is in educating the population so they can look at these promises of privacy and be able to assess them. I don’t think we’re doing a good job in this country of preparing students to understand technology and to be good users of it. For example, if a health insurance company uses new technology to protect medical records and advertises that service, it could gain a competitive advantage. But the reason this isn’t happening is because the population doesn’t understand this, and so they don’t demand it.

Until then, we have to accept that privacy is very hard to expect. For me, I’m at peace with it. Everybody is in the same boat.

Chris Berdik can be reached at cberdik@bu.edu.

18 Comments

18 Comments on Don’t Mess with Wiki

  • Anonymous on 02.27.2008 at 10:18 am

    Bank Leak

    There is another interesting thing about this case which the article does not really address… If in fact the bank was doing something illegal, or against the trust of its clients or the public, don’t they have the right to know? And if they were to be acting more ethically, wouldn’t they have less to fear from such compromises that exist in technology?

    Those are the thoughts that this issue raised for me.

  • Stephanie on 02.27.2008 at 10:24 am

    “If this fellow from the bank steals documents and puts them on the Web, the reason he or she can do that is because the document is not secured or encrypted.”

    Or it’s because he had access to the original paper copy of the document and just scanned it himself. Or maybe he never had any original document and it was a vindictive forgery. In any case their response would make more sense to focus on demonstrating that the leaked information is false (if it is) or convincing consumers of their commitment to improve control over their confidential materials (if it was a real leak) in order to reassert their character, instead of trying to shut down internet sites that will only make people want to find more ways to disseminate the information further.

  • Azer Bestavros on 02.27.2008 at 7:36 pm

    Paper copy versus digital copy

    “Or it’s because he had access to the original paper copy of the document and just scanned it himself.”

    Absolutely! This is why we are safer with only electronic copies of documents (but properly protected). The same argument applies to credit cards and SSNs. They are vulnerable (and hard to keep secret/private) precisely because they are accessible in their original form. Check what our resident expert in security Leo Reyzin says about this http://www.bu.edu/today/world/2007/09/16/safety-numbers

    “Or maybe he never had any original document and it was a vindictive forgery.”

    Sure, but here again the answer is to use the proper technology that can check authenticity of digital content.

    The issue is not that we don’t know how to solve some (if not most) of the challenges posed by the pervasiveness of the Internet, the issue is that we as a society are not demanding the necessary changes to allow the deployment of such solutions.

    –Azer

  • Azer Bestavros on 03.03.2008 at 9:19 am

    Guardian's coverage

    More coverage of the story is available at
    http://www.guardian.co.uk/theguardian/2008/feb/23/internet.usa/print

  • forex trade on 07.11.2008 at 12:24 am

    t’s because he had access to the original paper copy of the document and just scanned it himself. Or maybe he never had any original document and it was a vindictive forgery. In any case their response would make more sense to focus on demonstrating that the leaked information is false (if it is) or convincing consumers of their commitment to improve control over their confidential materials.
    Thanks for this wonderful post.

  • Anonymous on 10.13.2008 at 9:56 am

    “after word of the bank’s suit against Wikileaks spread online, people started downloading and distributing the leaked bank documents.”…

    Exactly, the more restrictions you put on something, the more popular and wanted it becomes.
    And come on, this is the Internet! Do you think that shutting down one or a million websites will really solve the problem? The only thing they achieved from this is making more buzz about it and now many other people are searching for the documents and they will find them somewhere on the world wide web.
    Not so smart!

    ");

    Where to Buy Real Viagra? Online Pharmacy

    Expert instructions that are designed to help about where you can buy real Viagra tablets online in a safe way so that legal Viagra is what you get. If you are familiar with Viagra pills sold online then you know that in order to buy genuine 50 mg Viagra online for men’s impotence therapy you need a prescription from your doctor.
    ");

  • dizi izle on 12.05.2008 at 5:27 am

    thanks for information..

  • free on 01.26.2009 at 12:21 pm

    thanks

    Very interesting site. Hope it will always be alive! 

  • Anonymous on 02.10.2009 at 1:55 pm

    Great .Now i can say thank you!

  • Anonymous on 02.11.2009 at 10:47 am

    Great site. Good info

  • Anonymous on 02.13.2009 at 4:49 pm

    I want to say – thank you for this!

  • Rob Gardner on 11.09.2009 at 10:32 am

    WikiScanner

    My favorite wiki outing tool to pop up is wiki scanner. Seeing corporations and news outlets exposed for self edits and edits on competitors was/is comedy gold.

    Russ Dalbey, the idiot infomercial guy, who runs Winning-2009.com even got busted.

  • Nice on 02.04.2010 at 10:50 pm

    Really Good!

    This pot reminds me of something back happened to me in my past. :(

    Medical Assistant Jobs
    Mediterranean Cruises

  • Anonymous on 07.30.2010 at 12:15 pm

    Yes, people will likely want to view things that are restricted. They curiosity is aroused as to what could be the content. They will always try to find ways to satisfy their curiosity. That is why, when it becomes public, it is difficult to take it back.

  • Sarah the Maine Coon Companion on 08.05.2010 at 3:11 pm

    Attempts to police the web and flow of online information are not well known to the general public but more intervention will eventually take place

  • pradeep on 08.25.2010 at 3:38 pm

    Comment

    “Or maybe he never had any original document and it was a vindictive forgery.”

    Sure, but here again the answer is to use the proper technology that can check authenticity of digital content.

    The issue is not that we don’t know how to solve some (if not most) of the challenges posed by the pervasiveness of the Internet, the issue is that we as a society are not demanding the necessary changes to allow the deployment of such solutions.

  • Tom on 08.30.2010 at 10:29 pm

    "Shutting Down" a site doesn't do anything

    It’s quite easy to move a site. With Wikileaks in getting lots of press, companies with lots of server resources have publicly offered to help.

  • Dennis Ejaz on 05.27.2011 at 2:22 am

    Yes, people probably...

    Yes, people probably do not want to see things that are limited. Their curiosity is aroused, what could be the content. They are always trying to find ways to satisfy their curiosity. Therefore, when it is published, it is difficult to take back.

Post Your Comment

(never shown)