WIKILEAKS AS A SECURITY BREACH

Ryan Calo's picture

Director, Consumer Privacy Project
Bio:
M. Ryan Calo runs the Consumer Privacy Project at the Center for Internet & Society. Prior to joining the law school in 2008, Calo was an associate at Covington & Burling, LLP, where he advised companies on issues of data security, privacy, and telecommunications. 

Calo researches and presents on the intersection of law and technology. His work has appeared in the New York Times, the San Francisco Chronicle, Business Week, the Associated Press, the Wall Street Journal, and other news outlets. Calo serves on several advisory and program committees, including Computers Freedom Privacy 2010, theFuture of Privacy Forum, and National Robotics Week. He also co-chairs the American Bar Association Committee on Robotics and Artificial Intelligence.

Calo received his JD cum laude from the University of Michigan Law School, where he was a contributing editor to the Michigan Law Review and symposium editor of the Journal of Law Reform, and his BA in Philosophy from Dartmouth College. In 2005-2006, he served as a law clerk to the Honorable R. Guy Cole Jr. of the United States Court of Appeals for the Sixth Circuit. Prior to law school, Calo was an investigator of allegations of police misconduct in New York City.


Article: WIKILEAKS AS A SECURITY BREACH

by Ryan Calo, posted on January 4, 2011 – 4:54pm
Stanford Law School, The Centre for Internet and Society

Affiliate scholar Marvin Ammori offers eight good reasons why the United States should not prosecute Wikileaks founder Julian Assange. I mostly agree with Ammori’s analysis and write to emphasize one point: an Assange trial, regardless of outcome, would help the government gloss over one of the worst security breaches in modern history. And the First Amendment could supply this distraction’s brightest fireworks.

Ammori argues quite convincingly that prosecuting Assange would upset a delicate constitutional balance and set a bad free speech precedent. No doubt First Amendment scholars the country over will continue to weigh in on why Assange cannot be held criminally liable for posting or even soliciting leaked documents. The government has very good attorneys who, in turn, will argue that they are punishing conduct, that Assange has no First Amendment rights as a non-resident or citizen, or that prosecuting Assange after the fact differs significantly from halting publication.

I tend to think Ammori, Jack Balkin, and others are exactly right. Prosecuting Assange is against the interest of free speech. But consider the push and pull of this narrative: either Julian Assange did a bad thing and can be prosecuted, or Julian Assange did a bad thing and cannot be. Lost in all this is the atrocious job the United States did in safeguarding private communications with enormous stakes.

When Daniel Ellsberg and Anthony Russo leaked the Pentagon Papers—in essence, a confidential history report—they had to photocopy thousands of pages and smuggle them out of the Pentagon over time in briefcases. Bradley Manning, an intelligence officer in his early twenties, allegedly downloaded hundreds of thousands of private, sensitive communications to a single disk. He then uploaded those documents to a website. He did this not from within the heart of the State Department but from a random military base in Iraq.

The leak represents an appalling security breach—one that makes TJX look like a misplaced diary. As I argue in a previous post, the leak threatens a set of classic privacy harms. One of the central roles of privacy is to help preserve the conditions for intimacy. The leak means that leaders will be less candid with U.S. diplomats going forward, who in turn will report back insights only with great caution. No one will take U.S. promises of confidentiality seriously. At the margins, this shattering of intimacy may take certain diplomatic options off the table. All because the government failed to take minimal steps to keep information within its proper context.

The government can—and in my opinion, should—prosecute Manning. Still, the responsibility for this breach lies squarely with the state. The U.S. hired, trained, and supervised Manning, and it built the system that permitted this young adult to undermine global diplomacy with a Lady Gaga CD.

When a company loses data, it has to come clean. Sometimes it must pay to recompense or monitor victims. It might fire employees. At a minimum, the company must address whatever problem made the breach possible—often under the supervision of a court or agency. What a company cannot do is blame everything on the hacker or identify thief. There will always be thieves; that is why we have locks.

Yet transferring blame is precisely what government officials may be trying to do in isolating and indicting Assange. Rather than own up to, fix, and apologize for an incredible failure—one that may even remove options for soft over hard power—the government may use its monopoly over coercion to transfer attention away from that failure. And it will be quite a show, in part because free speech is at stake. Even if a court ultimately throws out the case against Assange, the government will have succeeded in cementing a decoy narrative.

As Jack Goldsmith concludes over at Lawfare: “The best thing to do – I realize that this is politically impossible – would be to ignore Assange and fix the secrecy system so this does not happen again.” Amen to that.

Affiliate scholar Marvin Ammori offers eight good reasons why the United States should not prosecute Wikileaks founder Julian Assange. I mostly agree with Ammori’s analysis and write to emphasize one point: an Assange trial, regardless of outcome, would help the government gloss over one of the worst security breaches in modern history. And the First Amendment could supply this distraction’s brightest fireworks.

Ammori argues quite convincingly that prosecuting Assange would upset a delicate constitutional balance and set a bad free speech precedent. No doubt First Amendment scholars the country over will continue to weigh in on why Assange cannot be held criminally liable for posting or even soliciting leaked documents. The government has very good attorneys who, in turn, will argue that they are punishing conduct, that Assange has no First Amendment rights as a non-resident or citizen, or that prosecuting Assange after the fact differs significantly from halting publication.

I tend to think Ammori, Jack Balkin, and others are exactly right. Prosecuting Assange is against the interest of free speech. But consider the push and pull of this narrative: either Julian Assange did a bad thing and can be prosecuted, or Julian Assange did a bad thing and cannot be. Lost in all this is the atrocious job the United States did in safeguarding private communications with enormous stakes.

When Daniel Ellsberg and Anthony Russo leaked the Pentagon Papers—in essence, a confidential history report—they had to photocopy thousands of pages and smuggle them out of the Pentagon over time in briefcases. Bradley Manning, an intelligence officer in his early twenties, allegedly downloaded hundreds of thousands of private, sensitive communications to a single disk. He then uploaded those documents to a website. He did this not from within the heart of the State Department but from a random military base in Iraq.

The leak represents an appalling security breach—one that makes TJX look like a misplaced diary. As I argue in a previous post, the leak threatens a set of classic privacy harms. One of the central roles of privacy is to help preserve the conditions for intimacy. The leak means that leaders will be less candid with U.S. diplomats going forward, who in turn will report back insights only with great caution. No one will take U.S. promises of confidentiality seriously. At the margins, this shattering of intimacy may take certain diplomatic options off the table. All because the government failed to take minimal steps to keep information within its proper context.

The government can—and in my opinion, should—prosecute Manning. Still, the responsibility for this breach lies squarely with the state. The U.S. hired, trained, and supervised Manning, and it built the system that permitted this young adult to undermine global diplomacy with a Lady Gaga CD.

When a company loses data, it has to come clean. Sometimes it must pay to recompense or monitor victims. It might fire employees. At a minimum, the company must address whatever problem made the breach possible—often under the supervision of a court or agency. What a company cannot do is blame everything on the hacker or identify thief. There will always be thieves; that is why we have locks.

Yet transferring blame is precisely what government officials may be trying to do in isolating and indicting Assange. Rather than own up to, fix, and apologize for an incredible failure—one that may even remove options for soft over hard power—the government may use its monopoly over coercion to transfer attention away from that failure. And it will be quite a show, in part because free speech is at stake. Even if a court ultimately throws out the case against Assange, the government will have succeeded in cementing a decoy narrative.

As Jack Goldsmith concludes over at Lawfare: “The best thing to do – I realize that this is politically impossible – would be to ignore Assange and fix the secrecy system so this does not happen again.” Amen to that.

Advertisements

2 Responses to “WIKILEAKS AS A SECURITY BREACH”

  1. In a commercial environment a company is responsible for the actions of it`s employees & so the Government is responsible for the actions of it`s emplyees.
    Under International Law It is a crime against humanity to commit genocide or launch a war of agression . It is also International law that whistle blowers that report crimes against humanity not be prosecuted or pursecuted. The statement (The government may use its monopoly over coercion to transfer attention away from that failure),says it all. There is more going on than legitimate confidentiallity. The Information that was released proves coercion, illegal operations & conduct. That is the issue ,a breach of privacy is a miniscule issue compared to massive crimes against all human decency.Comparable to people are arguing over a stolen lollypop while someone empties out the treasury. This argument is another case of rats rectrum. How many degree`s has this feller got ? Maybe we should consider that that intelligence is actually equal & inversely proportionate to how many degrees they`ve got (hey Einstein`s Theories were right ).

  2. samantha castro Reply 07/01/2011 at 10:57 am

    I agree with you Travis – although I do think it is extremely important that we (as in those that support wikileaks and Assange) understand all of the narratives and positions that are out there – I think this article demonstrates a dominant discourse which is ‘well we should just fix this so we can continue with business as usual’ rather than addressing the corruption, collusion, deception, human rights, citizenry rights and war crimes. It is the last gasping breaths of a dying empire and paradigm that is no longer tolerable to the people of this world.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: