It forces us to ask us how comfortable we are with the actual shape of democratization created by the Internet. The freedom that the Internet provides to networked individuals and cooperative associations to speak their minds and organize around their causes has been deployed over the past decade to develop new networked models of the fourth estate. These models circumvent the social and organizational frameworks of traditional media, which played a large role in framing the balance between freedom and responsibility of the press. At the same time, the Wikileaks episode forces us to confront the fact that the United States government can bring to bear new kinds of pressure on undesired disclosures in extralegal partnership with the commercial owners of the critical infrastructures of the networked environment. The members of the networked fourth estate turn out to be both more susceptible to new forms of attack than those of the old, and to possess different sources of resilience in the face of these attacks. (p. 1)

Outline:

Parts I and II tell the story of Wikileaks, the release of the documents, and the multisystem attack on the organization, the site, and Julian Assange by both public and private actors. Part III explains the constitutional framework, and why it is not, as a matter of law, sustainable to treat Wikileaks or Assange any differently than the New York Times and its reporters for purposes of prior restraint or ex post criminal prosecution consistent with the first amendment’s protection of freedom of the press. … Part IV explores the ways in which the Wikileaks case intersects with larger trends in the news industry.” (p.3)

On NYT et al.’s retaliatory behaviour:

As a practical result, the traditional media in the United States effectively collaborated with parts of the Administration in painting Wikileaks and Assange in terms that made them more susceptible to both extralegal and legal attack. This part suggests that the new, relatively more socially-politically vulnerable members of the networked fourth estate are needlessly being put at risk by the more established outlets’ efforts to denigrate the journalistic identity of the new kids on the block to preserve their own identity. (p. 4)

Conclusion

It teaches us that the traditional, managerial-professional sources of responsibility in a free press function imperfectly under present market conditions, while the distributed models of mutual criticism and universal skeptical reading, so typical of the Net, are far from powerless to deliver effective criticism and self-correction where necessary. The future likely is, as the Guardian described its own experience with Wikileaks, “a new model of co-operation,” between surviving elements of the traditional, mass-mediated fourth estate, and its emerging networked models. The transition to this new model will likely be anything but smooth. (p. 66)

“Rarely in the history of the cybersecurity industry has a company become so toxic so quickly as HBGary Federal.” (Andy Greenberg, Forbes)

Nate Anderson, arstechnica, has the story. Spy games: Inside the convoluted plot to bring down WikiLeaks

“Barr was brought in from Northrup Grumman to launch the operation. …  Less than a year into the job, HBGary Federal looked like it might go bust. … And then, unexpectedly, came the hope of salvation. … That law firm was DC-based powerhouse Hunton & Williams,… [They] had a client who wanted to do a little corporate investigative work”

“But it soon became clear what this was about: the US Chamber of Commerce wanted to know if certain groups attacking them were “astroturf” groups funded by the large unions.”

“Palantir would provide its expensive link analysis software running on a hosted server, while Berico would “prime the contract supplying the project management, development resources, and process/methodology development.” HBGary Federal would come alongside to provide “digital intelligence collection” and “social media exploitation”—Barr’s strengths.”

“HBGary had long publicized to clients its cache of 0-day exploits—attacks for which there is no existing patch”

“Ironically, when Anonymous later commandeered Greg Hoglund’s separate security site rootkit.com, it did so through a spear phishing e-mail attack on Hoglund’s site administrator—who promptly turned off the site’s defenses and issued a new password (“Changeme123″) for a user he believed was Hoglund. Minutes later, the site was compromised.”

HBGary’s Barr involuntarily shares details on his intelligence successes, “Final – for me. – Sun, 6 Feb 2011 00:40:11 -0500″

“What I did using some custom developed collection and analytic tools and our developed social media analysis methodology was tie those IRC nicknames to real names and addresses and develop an clearly defined hierarchy within the group. Of the apparent 30 or so administrators and operators that manage the Anonymous group on a day to day basis I have identified to a real name over 80% of them.”

Hackers Reveal Offers to Spy on Corporate Rivals – NYTimes.com

Forbes with an update Revenge Still Sweet As Anonymous Posts 27,000 More HBGary E-Mails – Parmy Olson

“Crowdleaks: HBGary wanted to suppress Stuxnet research”

“HBGary Email Viewer: Portal – AnonLeaks”

Realist that I am, I believe that human beings are more likely to misbehave if they think they can shield what they are doing from public view. For that reason, I also believe that democratic societies are more likely to adopt better policies when information is plentiful and when government officials cannot determine which facts are available to the public and which are not. Because its primary function is to make more information available on issues that concern us all, I therefore conclude that what Wikileaks is doing is on balance a good thing.

The German liberal, internet-politics blogosphere and IT magazines still appear to have visions of transparent, democratically organised Wikileaks clones. I’m wondering how such an organisation would transparently and democratically deal with the spectre of their members being declared “enemy combatants”.

“Potentially what one could mine from a huge data base like this are vulnerabilities in terms of how we operate, our tactics, our techniques, our procedures, the capabilities of our equipment, how we respond in combat situations, response times — indeed how we cultivate sources,” Morrell said. “All of that, [given the] thinking and adaptive enemy we’ve been facing in Iraq and Afghanistan, can be used against us.”

(Source: Smallwarjournal.com; similar in an press conference early August)

Openness, i.e. sharing operational and tactical information with adversaries, can create opportunities for adversaries to mitigate attack or defence capabilities. Can. Potentially. But what are the real costs of openness? And how do they compare to societal, political, and humanitarian costs of closure?

China spearheads the anything-goes movement of technology-based societal control, authoritarian countries worldwide follow suit, and we yet don’t know whether western democracies will manage to at least remain in their currently mediocre shape if one of the many ongoing global developments and crisis should ever have a major and disruptive societal impact. From the perspective of the freedom and unhindered flow of information, the internet makes a bad expression these days and things haven’t changed for the better in the last year and the naughties.
John Perry Barlow’s “fuck them” against the dark priests of internet regulation has died away, the rejected kings have given a dam, the doers of power moved on – internet governance has covered a long distance in the last decade. Yet, the fundamental conflict is still ongoing and presumably will, as long as the Internet remains the world’s leading communication infrastructure and the constant flux of innovation raises again and again new opportunities that actors consider to take advantage of pursue their agenda.

Just as every year, the Chaos Computer Club has held its annual Chaos Communication Congress. Being the 26th instance of this post-Christmas meeting, it was aptly named 26C3. The motto of the congress “Here be dragons” was, as Frank Rieger explained in his keynote (summed up in a CCC blog, video streams of all presentations), a text-label used on old sea maps to mark uncharted territory where dangers, dragons, sea monsters or treasures were assumed. According to this analogy, the CCC community aims at playing a more avant-garde of a role, an exploratory force with “small ships ahead of the masses” looking into potential traeasuries and dangers lying the yet not fully charted territory of societal and cultural usage of information technology.
Whereas other actors contemplate launching military invasions to fight the unknown unknowns, 26C3 prefers a more playful search for truths of and possibilities for the use of information technologies. Playful indeed was the scenery on the floors and in the basement of the Berlin Congress Center with all these flying quadrocopters, Lego-based machines and robots and all these blinking hackerspaces. And Berlin couldn’t have welcomed the geeky crowd better than with the mystique of a freezing, snowy, quiet post-cristmas days setting.

Rieger outlined his ideas of a political agenda for the CCC and the hackers’ community for the months and years to come. He called for nothing short of a roll-back of data breaches and mass data collection, individual liabilities of business and public administration executives for “data crimes”, data protection quality ratings by publicly funded research institutes. He explicitly excluded the German Federal Office for Information Security (BSI) from the list of possible organisations to excert such ratings. While formally responsible for enhancing user security on the internet, the BSI had, accroding to Rieger, recently been granted the right to intercept inter-administrative traffic in Germany — a development one should have in mind when discussing the cooperation between German internet providers and the BSI.

The community should, Rieger asked, start activities to upgrade and invent systems needed for the “technical defense of our communicative habitat” — just in case. My impression that no one really doubts that the judicial, business and political sphere will put more pressure on the that “digital habitat”. Thus, the conceptualization of internet security from the perspective of the CCC congress is very different from what is usually discussed on conferences where the majority of attendees has an LE, policy or business background. (I wonder whether my Giganet paper, in which I have tried to conceptualize internet security, will ever go online :-/)
Rieger, who has a strong technical background in cryptography for mobile communication, asked the crowd to technically improve tools and software, e.g. to correct OpenSSL, to speed up and increase the scalability of Tor, and to find ways to technically circumvent the presumably upcoming mass usage of deep packet inspection. Decentralized technologies would be the route to go.

Austrian journalist Erich Möchel has covered IT politics and European data surveillance policies for more than a decade. In the late 1990s, he was the first to cover Enfopol, the then emerging transatlantic Europol-FBI surveillance system. On 26C3, he gave a follow up on US-EU data retention activities.
In the last couple of years internet security politics would have changed in a way, that Möchel describes as an ongoing “militarization of cyberspace”. The working group of the European Technical Standards Institute (ETSI) that is responsible for defining technical standards for exchange of data retention data has been staffed with personnel with significant military intelligence background. Möchel concludes that the British GCHQ is in a key position to control activities within these working groups and influences technical standards.
The technical standards for exchanging data gathered via data retention comprises data fields that are forbidden to collect according to current legislation in most EU states. The ETSI standards go way beyond what is defined as mandatory by data retention laws, comprising optional data fields such as lists of all the devices with which a user uses a service, ring duration of failed attempted calls, billing details such as customer numbers at the billing provider or the list of billing numbers used to pay the providers services. The resulting list of BIC and IBAN numbers can then be used to link retention data with SWIFT data.

Möchel’s investigations on the realities of internet surveillance could indeed have enticed the audience to daydream about how it all could be if only…. Sandro Gaycken, technology thinker, philosopher and regular speaker at CCC events, used the opportunity to link Hackers’ visionary thinking with Utopian theory in an inspring, thoughtful and relaxedly academic presentation. (Christian Scholz has the details and a transcription of the presentation.)
Unfortunately, utopia and dystopia are related, and the features of today’s information technologies could too easily be combined with authoritarian forms of governance and result in a real 1984. The recent trends in internet politics make a dystopian outcome more and more feasible. Historically, the emergence of authoritarian or totalitarian regimes would happen every once in a while, Gaycken said.
On the other end of the spectrum is, what Sandro Gaycken calls the “Hacker’s utopia” of the “Free Information society”. Its genuine agenda is derived from the idea that major societal problems could be overcome by establishing a free flow of knowledge and information. This leitbild of a free information society serves as a powerful idea that structures activities against an IT-powered decay of our societies into more authoritarian (I prefer this term over the term “totalitarian” used by Sandro) systems — activities such as the anti-surveillance, anti-censorship or open source movements.
Sandro contrasts the idea of a “‘Free Information’ society” with the idea of a “free ‘Informatized Society’”, in which hackers ought to address any societal problems as soon as ICT is involved. The latter idea leads to an overstretch of hackers responsibilities. Sandro obviously advises hackers to be careful about extending their activities into too many societal territories and political conflicts. “Hackers’ utopian ideas were never meant to constitute a full-fledged social utopia”. As a consequence, an extension of the agenda of hackers’ ethics into more political arenas would “blur the agenda” and create entanglement in left-right infopolitics conflicts.

The politicization of illegal downloads would serve as an example of an overstretch of the hackers’ agenda. While striving for a property rights reform would be a legitimate goal, Gaycken is doubtful whether Christina Aguilera’s albums should be considered as important societal knowledge and thus be part of the public domain. He pointed at how an extended hackers’ agenda aiming at free-beer-not-free-speech filesharing would lead to conclusions about the role of the state and of law that are detrimental to the free information interests that are at the core of the Hacker’s ethic. In short: “Filesharing politicization promotes the surveillance of the internet.”
Instead, Sandro proposes the Hackers’ agenda to be clarified. Concentration on hackers’ core idea of a “free information society” and on neutral and clear infopolitics would be favourable and necessary in order to not get hampered by right-wing/left-wing-types of conflicts.

I have an idea what Sandro might be up to: ensuring the coherence of the hackers’ coalition by selecting “things we can change” — that’s what utopias are about, as he said in his introduction. And never get engaged in fight you can’t win or that would bust the coherence of your troops, one could add. While there might be a difference between the “hackers’ core agenda” and hackers’ extended agenda, I would love to see a more elaborated and precise elaboration about these two concepts beyond the filesharing discussion.
Apropos filesharing. In the advent of 26C3, there has been a bit of a quarrel between Sandro and official CCC representatives around Frank Rieger about filesharing in the German weekly Zeit. An inattentive reader probably has the impression, that Sandro Gaycken considered filesharing not worthy to be politicized whereas Rieger&Co had argued that filesharing is a politically important technology.
In his 26C3 presentation, Sandro Gaycken stated that “filesharing politicization promotes the surveillance of the internet.” Of course, the “politicization of filesharing of copyrighted material” would be politically stupid or hyper-bold, but has it ever been proposed anywhere but in teenagers’ forums? But my impression is, that the alleged ‘politicization of filesharing of copyrighted material’ would more likely be a defensive reaction to copyright holders’ strategy of equating filesharing of copyrighted material with robbery and their attempts to criminalize filesharing in general. Filesharing, i.e. the distribution of files based on peer-to-peer technologies, is indeed a technology that is highly valuable. Peer-to-peer technologies are indispensable for the “hackers’ core agenda” (Sandro Gaycken) and the goal to ensure “free communication with any protocol” (Frank Rieger). Sandro’s argumentation slightly suffers from his definitional looseness and the at least implicit equation of the “politicization of filesharing” to the ‘politicization of filesharing of copyrighted material’. These two things are quite a different thing, just as “filesharing” and “filesharing of copyrighted material” are fundamentally different, politically and economically and judicially.
Having followed Frank Rieger’s presentation, my impression is that the hackers’ community feels being forced into the defensive. Why else should Rieger announce that CCC will come up with a financial concept for artists in the next couple of months. While I’m curious to see the plan, my hunch is that it is going to be a piece of cake for the content industry to get a dozen of talking heads and fora to squash the plan. I couldn’t imagine anything more remote from the hackers’ agenda than the development of a business plan for a whole industry, and anything fitting less to the forthcoming general political agenda than rhetorics like “the state has to guarantee the income of artists” (Rieger at 26C3). Content managers must be cheering for joyful anticipation.

Christian Bahls was a major pillar of the German anti-filtering movement last year, which urged the newly elected coalition of conservatives and free-market partisans to distance itself from its predecessors web-fiiltering legislation to allegedly promote child-security. Christian gave a short summary of last years activities and identified the centralized ownership of critical internet infrastructures such as DNS servers as a major security threat for internet freedom. As providers like Vodafone block port 53, alternative DNS server would not always an option to circumvent illegitimate filtering attempts. Thus, Bahls proposed and briefly showcased stumbling code that implements three technical approaches to counter the vulnerabilities that are intrinsic to DNS as a scarce internet ressources: 1) DNS-via-HTTP(s)-Tunnel, 2) DNS-with-Cache-in-DHT (distributed hash tables), 3) HTTP-Prody-with-Cache-in-DHT.
The latter two approaches reminded me of Yochai Benkler‘s 2004 paper on “Peer Production of Survivable Critical Infrastructures“, in which he proposed the use of peer-to-peer systems for three critical internet components, namely networks, storage and computing ressources. While network connectivity should be ensured by using ad hoc mesh wireless networks, resilient distributed data storage is to be implemented by peer-to-peer file services and the availability of computing ressources by distributed computing. In a sense, Bahls extends this peer production approach of technical internet security to secure “information freedom”, which is threatened activities of national governments ironically pursued in the name of enhancing internet security.

Daniel Schmitt and Julian Assange of Wikileaks rocked the floor at 26C3 last week in Berlin by revealing a plan to use to cooperate with Icelandic politician to turn the island into a “Switzerland of Bits”. Icelandic population, threatened by IMF’s widely feared euphemistically called structural adjustment programmes, is highly supportive of Wikileaks’ recent activities to keep documents in the public sphere that were gagged by Icelandic jurisdiction.

Wikileaks describes itself as a “disclosure portal for classified, restricted or legally threatened publications” and an “anonymous safe harbour for the submission and uncensorable provisioning of documents”. According to “The National”, an Emirates based e-magazine, “Wikileaks has probably produced more scoops in its short life than The Washington Post has in the past 30 years”.

Their track record for 2009 is indeed impressive: Trafigura, Toll Collect contracts, the Kunduz Feldjaeger report, the 911 pager messages, the EUISS report proposing a built up of European military and police forces to protect alleged European interests abroad and seal off Europe for migrants, US special forces manual on unconventional warfare for special forces units and intelligence staff.

And now this: a plan for an “offshore publication centre” that “provides a specialized set of laws”, which would “fit the freedom of information needs of the information society”. In short: “a safe haven for data and communication”. While Avi and Randy in Stephenson’s legendary novel were in for a “thick river of gold”, Daniel and Julian want to provide the public with streams of information and make sure that publicly relevant information cannot be hidden from the public by inept court activities or economic or political pressure against media publishers.

As again displayed by the presidential decision to block payments to Dutch and British savers, Iceland is playing a tough political game these days, anyway. According to Roubini.com, the economic analysis website of Noriel “Dr. Doom” Roubini, Iceland is flirting with doom: “Not passing the bill could even lead to Iceland defaulting on its debt.” (Roubini.com Daily Newsletter, 6 Jan 2010) Has Iceland started a campaign of vengeance or would they use the leaking data center as capital that could be traded in in negotiations with EU countries?

Neil Stephenson’s Cryptonomicon figures faced a similar dilemma with their plan of a “data haven”, a “secure, anonymous, unregulated data storage”.

“What if … the good Sultan changes his mind, decides to nationalize your computers, read all the disks? What is needed is not ONE data haven but a NETWORK of data havens–more robust, just like Internet is more robust than single machine.” Neil Stephenson, Cryptonomicon

Decentralisation technologies might indeed be the way to go.

The legitimacy of the parliamentary democracy stems partly from the problem of aggregating individual interests into societally binding decisions. Technology might act as a game changer here. Moreover, the potentials of social technologies appear to be so enormous and presumably inline with majorities interest, that it is hard to envisage how the the currently predominant political system in western societies, representative liberal democracies, will remain unchanged. That is unless no massive backfiring by plutocratic interests—in opposite to democratic interests—will set in. Which will, dead certain, happen or better: does happening right now. Even mainstream media is starting to get it: Germany’s conservative daily FAZ (Frankfurter Allgemeine Zeitung) had an article today titled: „The state is reclaiming the net“ (in German, though). Baseline: There is a global trend driven by states to get the internet into their hands. Indeed. But that’s only one part of the story.

Wikileak has just published 10,000 pages of one of the best hidden secrets in German politics in the last couple of years: the contracts between the Federal Republic of Germany and Toll Collect, a joint-venture of Daimler-Chrysler, Deutsche Telekom and Cofiroute. Toll Collect had developed a fully automatized system to collect tolls payable for utility vehicles on the German autobahnen. The system consists of integral boxes with GPS receivers and obligatory for any utility vehicle driving on highways, a system of physical bridges receiving information from the boxes as well as holding cameras with OCR technology to identify potential free riders.

(In the Netherlands, there is currently a debate about a comparable toll-collect system for any vehicle. The early promises that the foto&OCR system would only and exclusively be used for toll-collection purposes have long been forgotten. By now, it also serves as a public surveillance technology.)

While the system by itself is a solid piece of engineering, it has been criticized for its non-pragmatical, overly ambitious and expensive approach. The biggest burden for federal finances however was caused by a delayed roll-out of Toll Collect’s solution, as billions of toll revenues didn’t made their way to federal accounts. While one would assume that a decently brokered contract would provide indemnifications by the service provide for the purchaser, this hasn’t allegedly been the case with Toll Collect. While politicians ranted about Toll Collect’s failure, the federal government acted as if it didn’t really want to get compensations from Daimler-Chrysler and Deutsche Telekom. In addition, the secrecy of the contracts for the operation of the toll collect system has aroused suspicion from the onset.

Wikileaks has become a major obstacle for those who are in favour of a plutocratic interpretation of democracy and it’s proneness to behind-the-curtain deals. Some private-public partnership and cross-border leasing deals would have had more difficulties in passing legislation if municipal, state or federal parliaments had known the contracts beforehand and been able to understand them. Regulatory capture precludes secrecy and intransparency of bureaucratic and managerial activities. Stern.de, a Bertelsmann subsidiary product, has called Wikileaks the „Robin Hood of the Internet“ (German). His popularity and his fate are legend.

While a lot has changed since those times, post-noble dukes still don’t like being ridiculed by mere peasants. These days, business interests feel plagued by flash-mobs and are weakened by the ability to organize labour interests by social technologies, maneuverability of national governments is reduced by the abililty to instant vet governmental activities (if public knowledge brokering services like Wikileak continue to grow), and mass media has suffered some dents in their credibility by their reduced use of investigational methods and easy alignment with business and government interests. These actors are those who a are set on a slippery slope, who are in descent. For them, the biggest problem is three-fold: technically enhanced trooping and rallying by like-minded interests, social motivation, the ease of achieving transparency by, say, Wikileak, and the ability of social investigation. But then, state institutions dominate the spheres of law and law enforcement. Laws and law enforcement are the tools for vested interests to make their wills publicly binding. We might very well see legislation upcoming that would go beyond some kind of Prohibition on the internet. Some vested interests would rather prefer thick digital walls and high barbicans.