The Age of Easy Leaks

The WikiLeaks revolution is much larger than WikiLeaks.


Of course they made a movie about Julian Assange. He's a complicated character being pursued by some of the most powerful people on the planet. It's a scenario that just screams to be filmed.

But while The Fifth Estate—which opens in theatres Oct. 18—may turn out to be a compelling picture, it probably won't shed much light on the revolution represented by WikiLeaks, Assange's website that specializes in publishing secret information. It's not likely to shed that light for the same reason the story is such an attractive idea for a film in the first place: It's about Julian Assange, a man whose adventures and personality threaten to obscure the conditions that thrust him into the news. Assange may have taken advantage of the circumstances that made the world ripe for WikiLeaks, but those circumstances were here before Assange came along and they aren't going to disappear when he departs.

As the security specialist Bruce Schneier put it, "the government is learning what the music and movie industries were forced to learn years ago: it's easy to copy and distribute digital files." Today anyone with access to the Internet can publish information, and getting hold of that information can be far simpler than it was in the era when files were actual pieces of paper. Edward Snowden, the leaker who exposed the U.S. government's PRISM program, left his job with thousands of documents on a tiny thumb drive. That would have been harder, and the contraband much heavier, in the old days.

Snowden made a big personal sacrifice when he leaked that data, but not every large leak need carry so big a risk. Less formidable federal agencies have secrets, too. So do lower levels of government. So do businesses, unions, charities, churches, universities and political parties. In the age of easy leaks, any institution that has both damaging secrets and disgruntled employees has a reason to fear.

A century ago, North America's most radical union—the Industrial Workers of the World, or Wobblies—understood what a powerful weapon whistleblowing could be. "Workers on the railroads can tell of faulty engines, unsafe trestles," one Wobbly pamphlet proposed. "Marine transport workers would do well to tell of the insufficient number of lifeboats, of inferior belts, and so forth. The textile worker can tell of the shoddy which is sold as 'wool.'…The workers carry with them the secrets of the masters. Let them divulge these secrets, whether they be secret methods of manufacture that competitors are striving to learn, or acts of repression directed against the workers." The Wobblies called that tactic "open mouth sabotage." Now that mouth can open wider than ever before.

If you just focus on Assange and WikiLeaks, you might miss that. Schneier's comparison to the music industry is apt. There was a time when the major labels thought they could stop file-sharing by neutering a company called Napster. They succeeded in plugging that hole, but they couldn't stop the flood. Now those labels are being forced to face a choice they thought they could avoid in the Napster days: Adapt, or suffer the consequences.

That's the same choice that large, opaque, hierarchical institutions face in the age of easy leaks. Some of those organizations are now pondering just what such an adaptation would require. 

Option 1: Track down leakers before they can leak. Two years ago this month, the U.S. government created the Insider Threat Program, describing the effort as an attempt "to ensure the responsible sharing and safeguarding of classified national security information." Among other things, this entails asking federal employees to watch one another for signs that someone might want to spill some secrets.

Yet it isn't always obvious that someone is planning to leak. The authorities have circulated a list of "behaviours that may indicate an individual has vulnerabilities that are of security concern," but they're relying on a dubious, untested profile of a security risk. A workplace where people are encouraged to monitor one another for vaguely defined "indicators" is a workplace that's risking a serious decline in morale. Then you're back at the problem of disgruntled employees with secrets at their fingertips.

Option 2: Give secret information to fewer people. In the United States, nearly five million federal employees and contractors have access to at least some classified data. We're already seeing some efforts to cut that number back: After Snowden's leak, for example, the National Security Agency's director declared his intention to replace the vast majority of the agency's system operators with machines.

But not every job can be automated, and walling off information from the remaining human employees has consequences. As anthropologist Hugh Gusterson pointed out in the Bulletin of the Atomic Scientists, segmenting access to data "runs counter to the whole point of the latest intelligence strategy, which is fusion of data from disparate sources." Centralizing information and cutting off communication make an organization less effective—particularly an organization that is supposed to combat hidden threats.

Option 3: Just don't classify so much. In 2012, the Public Interest Declassification Board pointed out that in Washington, "most classification occurs by rote," with a bureaucratic culture that "defaults to the avoidance of risk rather than its proper management." That is true, and it is worth changing. But it doesn't tell the authorities what to do with the secrets that are left over.

There are other options, I'm sure, and other experiments to come. In the meantime, our intensified ability to copy and transfer information will transform the power dynamics both between and inside institutions. Some of those organizations will react by becoming more horizontal and transparent. Others will clamp down in fear. Still others will haphazardly dabble in both approaches. If The Fifth Estate manages to tell that story, I'll be happily surprised.

This article originally appeared in The National Post.