Wikileaks Lessons for Privacy-Enhancing Technologies
I had been studiously avoiding writing about Wikileaks. I’ve been interviewed a couple of times in the last few days on various aspects of the ongoing saga, though, and it has highlighted some points that I think are worth mentioning. (Slightly misquoted in BBC News online here, and brief comments about digital activism on BBC Radio 4’s World at One, about 25 minutes in, here.)
One of the most interesting aspects of the Wikileaks saga, from the point of view of research into privacy-enhancing technologies, is how totally uninteresting it is. Given that we have spent years researching means for sender- and recipient-anonymous communications and censorship resistant access to content, a hugely subversive and risky site like Wikileaks is nothing more than a website with an encrypted submission form. Use of Tor is advised, but for the highest levels of security postal submission is still considered the gold standard.
In a similar vein, both the attempts to block Wikileaks and Wikileaks’ response to those attempts have been brutally practical and theoretically unexciting. Rather than firewalls and DNS or IP blacklists, we see political and economic pressure on hosting companies and DNS registrars. Rather than untraceable distribution of content and proxying of blocked connections we see Wikileaks’ hosting hopping between countries and companies, and appeals to the community to mirror content widely. Rather than mixes and onion routing, we see reliance on just how difficult it is to track even normal Internet connections in a real-world environment.
For Wikileaks, the danger is largely for contributors rather than the consumers. Viewing Wikileaks is, in most cases, unlikely to have serious consequences for the average reader. Even if it were, the chances of being singled out amongst the millions of hits is protection enough for all but the most paranoid. Submitting documents, however, potentially puts users at great risk. A practical tradeoff between security and usability has been made, though: standard web access is “anonymous enough” even for such potentially dangerous content.
Rather than being concerned with theoretically strong security, privacy or anonymity, Wikileaks’ success has stemmed from the social issues of getting access to information and distributing it. It has developed and promoted a brand, ensuring that it is the market leader for leaks, if not an outright monopoly. The current media storm, involving issues far beyond the original leaked content, is advertising beyond Wikileaks’ wildest dreams, and all but guarantees that the next person who finds themselves holding a potentially explosive set of revelations will be knocking on Wikileaks’ door. Certainly from the point of view of research into censorship-resistance, there are lessons to be learnt here.
Of course I don’t think that technical research is of no use, or that we should stop developing interesting and useful new privacy technologies. Wikileaks is a single scenario with given goals, and there are many cases where we would require different or stronger guarantees of various forms of privacy. What I feel is that, as a community, we need to recognise and interact with the wider issues that surround our technologies. This has been known for a number of years in the security community, where research into security economics and security psychology have produced significant results. When we think about new developments in privacy-enhancing technologies, we need to start thinking in the same terms.