In the initial moments after the State Department cables were released, unknown hackers tried to shut down WikiLeaks by exposing its Web site to denial-of-service attacks (discussed in Chapter 4). It is unclear whether the hackers were working on behalf of the U.S. government,
75
CASE but they seemed to endorse the government’s claims that the disclosures threatened national
security.
WikiLeaks’ supporters retaliated with anonymous “hacktivism,” attacking the Web sites of companies such as Amazon, which had thrown WikiLeaks off its servers, and MasterCard and PayPal, which had frozen the organization’s accounts and prevented its supporters from donating to the cause.
Ultimately, all attempts to stifl e WikiLeaks have proved futile. When the organization is blocked from one host server, it simply jumps to another. Further, the number of mirror Web sites—essentially clones of WikiLeaks’ main content pages—had mushroomed to 1,300 by the end of 2010.
Prior to 9/11, the U.S. State Department had operated its own internal cable system and encrypted documents to ensure security. After the attacks, the State Department system was merged into a new digital records system controlled by the Department of Defense. Since the WikiLeaks disclosures, the State Department has temporarily severed its connection to the new system while it takes steps to prevent future unauthorized downloads.
In addition to taking these steps, governments and companies have turned to cyber secu-rity to thwart WikiLeaks. Since 2007, every major secusecu-rity software vendor (e.g., McAfee, www.mcafee.com; Symantec, www.symantec.com; and Trend Micro, www.trendmicro.com) has spent hundreds of millions of dollars to acquire companies in the data leak prevention (DLP) industry. These companies produce software that locates and tags sensitive information and then guards against its being stolen or illegally duplicated. As of mid-2013, DLP software has not been effective.
The failure of DLP software has prompted organizations to turn to network forensics, which is the process of constantly collecting every digital “fi ngerprint” embedded on an organization’s servers to trace and identify that an intruder who has broken into the system.
The Results
In February 2013, Private First Class Bradley Manning admitted to sending hundreds of thou-sands of Iraq and Afghanistan battlefi eld reports, U.S. State Department diplomatic cables, and other fi les to WikiLeaks while working as an intelligence analyst in Baghdad. A U.S.
Army judge accepted the pleas to 10 charges. Manning could face a maximum of 20 years if convicted.
How can organizations and governments respond to WikiLeaks? Lawsuits will not work, because WikiLeaks, as a mere conduit for documents, is legally protected in the United States.
Moreover, even if a company or a government somehow won a judgment against WikiLeaks, that would not shut down the company, because its assets are spread all over the world.
In fact, WikiLeaks has a nation-sized ally—Iceland. Since WikiLeaks discovered the cor-rupt loans that helped destroy Iceland’s biggest bank, the country has set out to become the conduit for a global fl ood of leaks. Birgitta Jonsdottir, a member of Iceland’s parliament, cre-ated the Icelandic Modern Media Institute (IMMI). The institute seeks to bring to Iceland all the laws that support protecting anonymous sources, freedom of information, and transparency from around the world. It would then set up a Nobel-style international award for activities supporting free expression. IMMI also would make Iceland the world’s most friendly legal base for whistleblowers.
In August 2011, a group of FBI agents traveled to Iceland to request that Icelandic police authorities cooperate with the FBI in investigating WikiLeaks. Signifi cantly, Iceland refused.
Instead, the Icelandic Interior Minister ordered police to cease contact with the FBI agents, making it clear that the agents’ presence was not “well seen” in Iceland.
In a related development, an Icelandic district court ruled that Valitor, the business partner of Visa and MasterCard, violated contract laws when it imposed a block against credit card donations to WikiLeaks. The court ordered Valitor to remove the block or it would be fi ned the equivalent of about $6000 per day.
Should WikiLeaks falter, other Web sites around the world are ready to take its place. For example, the Web site OpenLeaks (www.openleaks.org) will not openly publish information
76 CHAPTER 3 Ethics and Privacy
sent to it, but it will pass it on to reporters and human rights organizations to disseminate.
Perhaps the most controversial group is Anonymous, the hacker collective. Anonymous is a decentralized online community acting anonymously in a coordinated manner, usually toward a self-agreed, hacktivist goal. (Hacktivism is a term that refers to the use of information tech-nology to promote political ends, chiefl y free speech, human rights, and information ethics.)
What is the best protection against unauthorized leaks? Icelandic WikiLeaks staffer Kristinn Hrafnsson suggested, rather drily, that companies—and perhaps governments to some extent—
reform their practices to avoid being targeted.
And the fi nal word? In December 2012, Julian Assange, one of the founders of WikiLeaks, stated that WikiLeaks was preparing to publish new secret documents. In April 2013, Assange is living in the Ecuadorian embassy in London to avoid extradition to Sweden to face charges of sexual assault.
Sources: Compiled from “Judge Accepts Manning’s Guilty Pleas in WikiLeaks Case,” Associated Press, February 28, 2013; “Iceland Denies Aid to FBI in WikiLeaks Investigation,” Reuters, February 2, 2013; “FBI Came to Investigate WikiLeaks in Iceland,” Iceland Review, January 31, 2013; “Julian Assange: Expect More From WikiLeaks,” The Guardian, December 20, 2012; K. Zetter, “WikiLeaks Wins Icelandic Court Battle Against Visa for Blocking Donations,” Wired Magazine, July 12, 2012; R. Somaiya, “Former WikiLeaks Colleagues Forming New Web Site, OpenLeaks,” The New York Times, February 6, 2011; A. Greenberg, “WikiLeaks’ StepChildren,”
Forbes, January 17, 2011; M. Calabresi, “Winning the Info War,” Time, December 20, 2010; A. Greenberg, “WikiLeaks’ Julian Assange,” Forbes, December 20, 2010; J. Dougherty and E. Labott, “The Sweep: WikiLeaks Stirs Anarchy Online,” CNN.com, December 15, 2010; E. Robinson, “In WikiLeaks Aftermath, An Assault on Free Speech,” The Washington Post, December 14, 2010; M. Calabresi, “The War on Secrecy,” Time, December 13, 2010; I. Shapira and J. Warrick, “WikiLeaks’ Advocates Are Wreak-ing ‘Hacktivism’,” The WashWreak-ington Post, December 12, 2010; F. Rashid, “WikiLeaks, Anonymous Force Change to Federal Gov-ernment’s Security Approach,” eWeek, December 12, 2010; E. Mills, “Report: Ex-WikiLeakers to Launch New OpenLeaks Site,”
CNET.com, December 10, 2010; G. Keizer, “Pro-WikiLeaks Cyber Army Gains Strength; Thousands Join DDos Attacks,” Computer-world, December 9, 2010; J. Warrick and R. Pegoraro, “WikiLeaks Avoids Shutdown as Supporters Worldwide Go on the Offensive,”
The Washington Post, December 8, 2010; F. Rashid, “PayPal, PostFinance Hit by DoS Attacks, Counter-Attack in Progress,” eWeek, December 6, 2010; “Holder: ‘Signifi cant’ Actions Taken in WikiLeaks Investigation,” CNN.com, December 6, 2010; “WikiLeaks Back Online After Being Dropped by U.S. Domain Name Provider,” CNN.com, December 3, 2010; “WikiLeaks Reports An-other Electronic Disruption,” CNN.com, November 30, 2010; “Feds Open Criminal Investigation into WikiLeaks Disclosures,”
CNN.com, November 29, 2010; L. Fadel, “Army Intelligence Analyst Charged in WikiLeaks Case,” The Washington Post, July 7, 2010; www.wikileaks.org, accessed February 11, 2013; G. Goodale, “WikiLeaks Q&A with Daniel Ellsberg, the Man Behind the Pentagon Papers,” The Christian Science Monitor, July 29, 2010.
What We Learned from This Case
The WikiLeaks case addresses the two major issues you will study in this chapter: ethics and privacy. The two issues are closely related both to each other and to IT and both raise signifi -cant questions involving access to information in the digital age. For example, are WikiLeaks’
actions ethical? Does WikiLeaks violate the privacy of governments, organizations, and indi-viduals? The answers to these questions are not straightforward. In fact, IT has made fi nding answers to these questions even more diffi cult.
You will encounter numerous ethical and privacy issues in your career, many of which will involve IT in some manner. This chapter will give you insights into how to respond to these issues. Further, it will help you to make immediate contributions to your company’s code of ethics and its privacy policies. You will also be able to provide meaningful input concerning the potential ethical and privacy impacts of your organization’s information systems on people within and outside the organization.
For example, suppose your organization decides to adopt social computing technologies (which you will study in Chapter 9) to include business partners and customers in new prod-uct development. You will be able to analyze the potential privacy and ethical implications of implementing these technologies.
All organizations, large and small, must be concerned with ethics. IT’s About [Small] Busi-ness 3.1 illustrates ethical problems at Pinterest.
Small business (or startup) owners face a very diffi cult situation when their employees have access to sensitive customer information. There is a delicate balance between access to infor-mation and its appropriate use. This balance is best maintained by hiring honest and trustwor-thy employees who abide by the organization’s code of ethics. Ultimately this issue leads to another question: Does the small business, or a startup, even have a code of ethics to fall back on in this type of situation?
77
SECTION 3.1 Ethical Issues