Wikileaks and the Choice Between Openness and Secrecy
Off the Beat: Bruce Byfield's Blog
The headlines about Wikileaks and its founder Julian Assange are bringing countless issues to the attention of the general public. For instance, what privacy, if any, is possible with modern technology? How does technology change the relationship between those who govern and the governed? And -- on a more personal level -- does being at best a selfish lover and at worst a possible rapist invalidate a man's leadership or the ideals he claims to espouse? But what occupies most of my thoughts is the basic question about the desirability of openness.
In theory, I am all for openness and transparent decision-making. I have a lifelong dislike of hierarchy to begin with, and I could not have knocked about the free software community for twelve years without having thoroughly absorbed those values. Anyone who didn't believe in openness and transparency would have fled screaming after a month.
Consequently, when I hear diplomats bemoaning the gossip that forms the bulk of the released cables and insisting that their work requires secrecy, my response is skeptical.
"Yeah, right," I mutter smugly to the page or the screen. "Better get used to the new world and stop complaining, because there's no going back."
The only trouble is, once the issue moves from the abstract to a concrete example, I am not so sure. What if an organization and people you respected refrained from publicizing an issue, citing the public good, then announced what they had done after achieving a satisfactory conclusion for everybody? What would I think then?
The relicensing of OpenGL
Specifically, I am thinking of a situation that happened a little over two years ago. OpenGL, the specification used for 3-D acceleration in free software, was discovered to be using non-free licenses. The matter was brought to the attention of the Free Software Foundation (FSF) in January 2008, and the FSF began negotiating with SGI, the creators of OpenGL, to change the licenses. Although the situation was an open secret in some circles, the FSF did not announce it until after the licenses were rewritten to make them free.
At the time, Peter Brown, the FSF's executive director, told me, "We didn't want to draw attention to it because we didn't want to pressurize SGI. We wanted to get their cooperation." The alternative, he said, would have been "strains in community relations," and "a huge amount of time and energy and resources that we would have to pump in to replace this code. We started figuring the funding needed to do it, and it was scary, frankly. That is why it was so worthwhile spending all this time speaking to SGI, because the alternative was really frightening."
Nor was this a needless concern. Brett Smith, the FSF compliance engineer told me that news of the situation was getting out, and people were wondering what to do.
"Someone came to me on IRC and asked if people should start sending angry faxes to SGI, telling them to please clean up their licenses," Smith said. "And I was like, 'No, that's not the right message right now.' We were trying to avoid that kind of reaction, because among the people in the GNewSense community, there was a visceral reaction initially, and it took some time for people to realize that we needed to give [SGI] a chance."
However, instead of such confrontation, the atmosphere of the discussions between SGI and the FSF "was friendly throughout the process," according to Brown. "It was friendly throughout the process," Brown stresses. "It was a case of education, then of working together to find an optimal solution" -- which was then implemented and only announced after the fact.
Openness vs. secrecy
At the time, the idealist in me was disturbed by this course of action -- enough so that I remembered the situation when I started thinking of the issues involved. I have never questioned that the FSF was acting in the best interest of its supporters, and doing what it thought best. After all, the FSF is hardly a corporate or government elite. It is a non-profit organization whose employees could probably find positions of comparable responsibility in the corporate world that paid at least half as much again. Much of what they get out of their actions is some brief recognition in the community and personal satisfaction.
Moreover, choosing secrecy worked. And, to the FSF's credit, it announced what was going on as soon as the problem was solved, which suggests that it always viewed secrecy as a temporary measure.
All the same, part of me continues to wonder if a more open approach wouldn't have been more in keeping with the spirit of openness and transparency. For instance, perhaps SGI could have issued a temporary license, or a public declaration that it would not enforce its non-free licenses?
Possibly, though, SGI would not have wanted to spend more time on what for it was a relatively minor matter. Perhaps, too, hostility from the community might have annoyed SGI so much that its executives became uncooperative, and a satisfactory ending became impossible. At the very least, finding a solution might have been more difficult. So perhaps secrecy may have been the most suitable approach after all.
Living with the ambiguity
I do not think that this example is unique, or that the FSF is the only organization that sometimes has to navigate between openness and secrecy. Very likely, there are dozens, if not hundreds of comparable dilemmas each day around the world. However, I have given the example because it illustrates, more clearly than a any hypothetical sitaution, that choosing between openness and secrecy is not always as easy in practice as it may appear in theory.
To this day, I am still not sure whether the FSF acted properly -- and I am extremely glad that I did not have to make the decision myself. Perhaps I simply have to accept that moments of similar ambiguity appear from time to time, in which no position has a monopoly on truth. Or perhaps I should simply decide from expediency, accepting what happened because the resolution was satisfactory? I am comfortable with neither alternative, since both seem a slippery slope that could quickly lead away from ethical behavior.
My only conclusion is that the choice between openness and secrecy is not as easy as I -- and many other people -- often assume. Against all expectations, those who argue that secrecy is sometimes needed may have a valid point after all. If so, then Wikileaks may in the end be less important for the information it reveals than in the way that the controversy focuses our attention on this basic issue of the digital age.
WikileaksThe very real concern of any whistleblower is that the leaking of information on an organisation will be relayed back to that organisation and used to persecute the leaker. The conduct of Julian Assange in the last few weeks must have persuaded the most anxious potential whistle-blower that Wikileaks could be trusted. So expect the volume of inside information provided to Wikileaks to increase in the coming months, hopefully including some from oppressive and corrupt governments which have always been their main targets.
Speaking of Wikileaks, Julia Gillard, the Prime Minister of Australia (Assange is Australian), had fallen into line with the USA position (as is normal with Australian foreign policy), by condemning the organisation. But expect that position to change as polls are showing Australians of all political persuasion support Assange and his cause. He has given recent interviews on television, including the US, vigorously defending the stance of his organisation on freedom of information. For someone whose detractors describe as a ‘cyber geek’, Assange is remarkably poised and articulate, as though he has been in the public spotlight all his life. Whatever position one holds on secrecy or openness, no-one should doubt that Assange is acting on principles in which he sincerely believes.
The benefits of public knowledge of information withheld by governments and large organisations can be seen in examples such as the holocaust, My Lai, the secret bombing of Cambodia and the Watergate scandal. If Wikileaks obtains disclosures on abuse of human rights in China, Zimbabwe and Burma there will be little complaint outside those countries. The risks accompanying the release of sensitive documents are real but so far there has not been a single case of collateral damage cited.
The American reaction on this issue says more about America than it does about Wikileaks. That should be expected since freedom of information is a left-wing cause and American politics is further to the right than most other democratic countries in the West. American big government, big business and big media seem to be acting in concert to attempt to crush Wikileaks and that approach seems to be acceptable to a general US public whose views are largely influenced by such right wing media as Fox News. However it was heartening to see the New York Times questioning this policy (“.. Wikileaks has not been convicted of a crime ..”). http://www.nytimes.com/2010/12/26/opinion/26sun3.html
But the genie may already have escaped. There is now a business equivalent of Wikileaks started and the recent publicity is likely to have spawned other websites offering services for whistleblowers. Hilary Clinton and the State Department may not like it, but the age of the new media has arrived and information looks like being distributed more democratically in future despite the wishes of powerful interests.
Assange would be my nomination for Person of the Year – he’s already been selected by La Monde - but I suspect the US would be more comfortable with someone like Sarah Palin.
HP's annual Cyber Risk report offers a bleak look at the state of IT.
But what do the big numbers really mean?
.NET Core execution engine is the basis for cross-platform .NET implementations.
The Xnote trojan hides itself on the target system and will launch a variety of attacks on command.
Spammers go low-volume, and 90% of IE browsers are unpatched.
Adobe scrambles to release patches for vulnerable Flash Player.
Four-inch-long computer on a stick lets you boot a full Linux system from any HDMI display device.
New statute would require companies to report break-ins to consumers.
Weird data transfer technique avoids all standard security measures.
FIDO alliance declares the beginning of the end for old-style login authentication.