[As ever, you can find this on the BBC News website too]
Wikis, or user-editable websites, are one of the most interesting and potentially empowering technologies available on today’s Internet.
Wikipedia, whatever its flaws, has demonstrated that giving people the freedom to add and update material from within a web browser can provide them with an outlet for self-expression in the interests of the wider community, and many organisations use private wikis to enhance communications and planning.
It has become a joke in the tech world that if you’re planning a conference or any sort of meeting you have to start with a wiki, even if you’re working on your own.
And we even have our own private wiki for planning Digital Planet, the World Service technology programme I appear on each week.
Although wikis are generally used in a positive and constructive way a new project, Wikileaks, seems to represent a lot that is bad about the having web pages that just anyone can edit.
Wikileaks calls itself ‘an uncensorable version of Wikipedia for untraceable mass document leaking and analysis’ and claims to combine ‘the protection and anonymity of cutting-edge cryptographic technologies with the transparency and simplicity of a wiki interface.’
In fact it has no connection with the Wikimedia Foundation, and claiming that it somehow a ‘version of Wikipedia’ is misleading in the extreme. Wikileaks is basically a dumping ground for anyone to place documents that they want to see made public.
The people behind it, who currently remain anonymous, believe it will be used by people with access to sensitive government files or documents that embarrass companies or expose great misdeeds. They want dissidents in China and campaigners in the UK to publish what they can, hoping that this will make it harder for authoritarian governments and grasping corporations to pursue their undemocratic goals.
If you don’t think too hard about what they are doing then the plan sounds interesting.
The Internet has opened up channels of communication between people around the world, or at least those lucky enough to live in countries that have easy access to technology, and now we will have a place for material that exposes corruption, embarrasses governments, unmasks evil and does all sorts of good things.
But on reflection I’m not sure the site is a good idea. Even if it is a good idea I don’t trust the people behind it. And even if the people behind it are trustworthy I do not think they can deliver the secure, anonymous and uncensorable site they promise.
For one thing the site is not yet live, and while they claim to have developed a service that ‘integrates technologies including modified versions of FreeNet, Tor, PGP and software of our own design’ which make it ‘impervious to political and legal attacks’ there is no evidence yet that they can in fact deliver this.
For another, they are losing the confidence of some of their early supporters.
One of the problems that a secret site faces is that the domain name system, the service that converts web names into the IP addresses that the servers use, requires a real person to be registered as the owner, even if the location of the physical server is hidden behind layers of obscuring technology.
The Wikileaks team approached John Young, a New York based architect who has run his own public disclosure site at Cryptome for many years, and he agreed to help out. Unfortunately he began to be suspicious of the motives and capabilities of the organisers, and after they failed to reassure them he pulled out – pausing only to publish all of the contents of the supposedly secret wikileaks mailing list on his own site.
So far he has not published names and email addresses, but it is only a matter of time.
This is not just a dispute between groups of plotters and conspiracy theorists. John Young has, over the years, proved his credibility and his commitment to freedom of speech, and if he is worried about the Wikileaks project then we should all be.
One of the big problems is that the security protocols the site plans to use, including the anonymity toolset Tor that tries to hide the location of people who post documents, have bugs and errors in them. This is not a criticism of Tor – all code has bugs. Over the years Tor has been patched and fixed on many occasions, and it will be in future.
This may not seem to matter, but in the last couple of years we have seen a significant shift in the architecture of the internet to support the long-term storage of more and more information about what users do.
Governments around the world, most notably here in Britain but recently in the US, want internet service providers to keep records of which websites we all visit and who we are exchanging emails with.
If a security hole is found in Tor in a year’s time then it is now distinctly possible that the authorities will be able to go back through their data records and unpick the handshaking and message-passing that currently obscures the trail, and if that happens it would be very dangerous.
The fact is that asking people to risk their liberty or even their lives by using software that inevitably has security flaws in it is a reckless and unjustifiable risk, one that is being taken by the posters, not the people writing the code. We should be very careful indeed before we encourage people living in closed and repressive societies to break the law using our software.
There is, of course, another problem. Everyone who leaks a document to the site will have their own agenda, and it may not be the obvious one. It will be difficult or impossible to verify the information posted on Wikileaks, and the claim by the developers that “Wikileaks opens leaked documents up to a much more exacting scrutiny than any media organization or intelligence agency could provide” is yet more vainglorious nonsense.
There is a need for more openness, for governments and companies and individuals to be held to account, but this ill-conceived project is not the way to do it. If the site ever launches, and I doubt that it will in any proper way, it will be abused by those seeking to cause confusion, damage reputations and sow discord (thanks, Jim!), not by genuine seekers after truth. This is one wiki too far.
Surely being an activist/dissident in a repressive country or organisation inevitably entails risks, including that of losing one’s life, whether acting online or offline – one only has to look at Zimbabwe’s beating of Morgan Tsvangirai to see that. What is surely more important is that those who might post on such a site are made aware of the risks and, knowing that, then decide whether they should take that risk or not.