10 Jan 2011

Businesses can learn from WikiLeaks

WikiLeaks may have exposed some of the inner workings of governments across the world but another repercussion of the story could be the influence it has on businesses, who will be looking long and hard at how to control their internal communications. Sometimes it takes something like the WikiLeaks story to make people sit up and take notice.
There are now many and varied ways in which confidential information can be shared instantly. Legally or not, information travels fast because the nature of publishing has changed.
There is no such thing as a completely secure system. A business generates a huge amount of internal correspondence and documentation, from mundane administration emails to complex plans for growth and productivity, and it is up to companies to understand the risks involved in data breaches and to make their systems as secure as possible. Even the most vigilant businesses, however, should plan for the possibility of confidential data being leaked into the public domain.
In my view, transparency is the best policy. If business leaders are up front with their employees and discuss the danger posed to all organisations by data breaches, they can go on to advise on what information is appropriate to exchange via email or instant messenger tools, and what is not. This process of education should help prevent employees forwarding sensitive material to friends, for example, who may then disseminate the confidences still further. Before they know it, company bosses can be in the midst of a large scale crisis.
It is important to show confidence in your employees to be sensible and help protect the company but, if your business deals with a significant amount of sensitive information, some of that should only be available to staff on a strictly ‘need to know’ basis. Carefully segmented systems ensure that people only have access to what they need to do their jobs effectively and, in the event of a system failing or being breached, limits damage and prevents exposure across the board.
If the worst does happen and data is breached, small business owners must be ready to respond quickly in order to limit damage and regain trust. The likelihood is that, if you don’t run a large, high-profile company, the bad news won’t be splashed over the national media but customer confidence should be the priority, regardless. If the leak is addressed quickly and customers are reassured that everything possible is being done to prevent a similar thing happening again, damage will be minimised.
The WikiLeaks episode has certainly caused a stir in political circles but business leaders will have read the story in a different way; it comes as a salutary warning to companies that tightening the security of internal communications as much as possible should be their first New Year’s resolution.
from: http://www.telegraph.co.uk/finance/businessclub/8249970/Businesses-can-learn-from-WikiLeaks.html

Singapore: WikiLeaks 'Disastrous' For US Diplomacy

Singaporean officials must be more cautious in discussions with U.S. diplomats, the country's foreign affairs minister said Monday, calling the release of classified documents by WikiLeaks disastrous for American diplomacy.
Singapore officials will be less open when speaking with U.S. diplomats for fear their conversations will be made public, Foreign Affairs Minister George Yeo said in parliament.
"The WikiLeaks disclosures have been disastrous for U.S. diplomacy," Yeo said. "We have to be more guarded in our communications with U.S. diplomats. If it happened once, it can happen again, so we've got to be more careful."
Last month, WikiLeaks released a document showing Singapore statesman Lee Kuan Yew describing Myanmar's junta leaders as "stupid," and calling North Korea's leaders "psychopathic types" in conversations with U.S. diplomats.
Another confidential cable quoted Singapore diplomats making unflattering remarks about Malaysia, India, Japan and Thailand during meetings with U.S. officials.
Yeo said he would not comment on specific leaks.
Home Affairs and Law Minister K. Shanmugam warned news media and private citizens they could be prosecuted under Singapore law for receiving or publishing confidential government information.
"Everyone involved with the leak of information, whether in government or outside, should be dealt with firmly," he said Monday in parliament. "Public interest in the free flow of information cannot justify the abuse of confidential information."
WikiLeaks is an international, tech-savvy operation that has angered and embarrassed Washington with a series of huge leaks of classified information on its website.
The U.S. says the disclosures have damaged international diplomacy and put the safety of informants and foreign human rights activists at risk. WikiLeaks has dismissed the claims, but Washington has been trying to find a way to prosecute the group and its leader, 39-year-old Julian Assange, who is currently in England.
from: http://www.npr.org/templates/story/story.php?storyId=132797289

Twitter takes WikiLeaks subpoena public; Google, Facebook under scrutiny

Twitter's fight to make public the fact that it has been subpoenaed by the U.S. government seeking details about all WikiLeaks-related accounts has now put the light on other internet majors such asGoogle Inc and Facebook.

The microblogging site, which recently faced questions over keeping WikiLeaks off the Trending Topics list, has now landed the likes of Google and Facebook under the public scrutiny after it legally fought and won on Friday the right to inform the people whose records the government was seeking.
The Court Order
The government had asked Twitter to hand over private messages or communications that took place between WikiLeaks founder Julian Assange, other WikiLeaks staffers, associates, volunteers, WikiLeaks, Pfc., as well as Bradley Manning, the man suspected to be the source of the cables leak.
The court order was sent to Twitter by the Department of Justice on Decemer 14, 2010. The United States district court for the Eastern District of Virginia, which stated that the information that Twitter had was revelant to the WikiLeaks investigation, ordered hand over of data dating back to November 2009 to the present.
The information sought included:
- Subscriber names, user names, screen names, or other identities
- Mailing addresses, residential addresses, business addresses, e-mail adresses and other contact information
- Connection records, or records of session times and durations
- Lenght of service (including start date) and types of services utilized
- Telephone or instrument number or other subscriber number or identity, including any temporarily assigned network address
- Means and source of payment of such service (including any credit card or bank account number) and billing records
- Records of user activity for any connections made to or from the account
- Non-content information such as IP addresses and source or destination email addresses
- Correspondence and notes of records related to the accounts
The subpoena obtained by the U.S. Department of Justice was spilled out to the public on Friday after Twitter won a legal battle requesting a right to inform the individuals involved.
WikiLeaks slams "double standards"
Slamming the government for having "double standards", WikiLeaks tweeted on January 8, "If the Iranian govt asked for DMs of Iranian activists, State Dept would be all over this violation of "Internet freedom" #doublestandards."
"There are many WikiLeaks supporters listed in the US Twitter subpoena."
As per media reports, all 650,000 Twitter followers of WikiLeaks are now under the American government microscope.
"Too late to unfollow; trick used is to demand the lists, dates and IPs of all who received our twitter messages," whistle-blower webiste remarked.
Twitter's compliance to government request
Even though Twitter does provide a certain extent of privacy to its users, the site just like any other internet company is required to comply to request from governments and law enforcement into criminal investigations.
On Privacy, Twitter says, "We do not disclose your private information except in the limited circumstances". One of the listed circumstances include "Law and Harm", elaborating on which the company says, "We may disclose your information if we believe that it is reasonably necessary to comply with a law, regulation or legal request; to protect the safety of any person; to address fraud, security or technical issues; or to protect Twitter's rights or property."
Twitter's 'spy guide', which basically contains details on its response to requests from authorities, says "In accordance with our Privacy Policy and Terms of Service, non-public information about Twitter users is not released unless we have received a subpoena, court order or other legal process document."
Although on these terms Twitter is expected to release the information required by the government, its move to go public has elicited interesting responses.
Suspicious Silence of Google and Facebook
Questioning the silence of other internet giants, the WikiLeaks tweeted, "Note that we can assume Google & Facebook also have secret US government subpeonas. They make no comment. Did they fold?"
Many media outlets have also raised concern over the matter.
"Google and other web and social media services all have the same kinds of spy guide documents governing compliance; we'd be shocked if Twitter was the only company that got a WikiLeaks-related court order to surrender information," a report on the popular tech blog, Mashable read.
Reading the development at another level, a report on The Telegraph observed that the request for information from the government is noteworthy as it put the spotlight on the "secret subpoenas", which have come under attack as misuse of secrecy provisions and of exemplary privacy ethics.
Law and Privacy
Amid the increasing number of requests from governments across the world, Google last year set up an online tool, called The Transparency Report, showing the frequency of these requests. In 2009, Facebook had revealed to the media that it received subpoenas and other orders at a rate of 10 to 20 a day, while in 2007, Verizon had revealed that it received 90,000 such requests each year.
The law currently governing communication privacy was enacted in 1986. This was before the advent of the cellphones and the internet, and before internet became the space for people to store e-mails, photographs, contacts and other private documents.
Although internet companies have in the past validated the government requests as "legitamate" to investigations, the 1986 Electronic Communications Privacy Act, some legal observers believe, needs to be appropriated as per the requirements of the day - as the world is torn between the need for individual privacy and the constant fear of terrorism and crime.

from: http://www.ibtimes.com/articles/99141/20110110/twitter-wikileaks-google-facebook-us-government-court-secret-private-data-information-julian-assange.htm

US government issues Twitter subpoena over Wikileaks founder Julian Assange

Twitter has been issued with a subpoena by the US government to release the personal details of people connected to Wikileaks, including founder Julian Assange.
According to an order issued by the District Court for Eastern District Virginia, Twitter has been directed to disclose the records of Julian Assange, Bradley Manning, Dutch hacker Rop Gongrjp and member of parliament in Iceland Birgitta Jonsdottir on the grounds that it believes they are relevant to an ongoing criminal investigation.
Jonsdottir, who had previously been a vocal supporter of Wikileaks, tweeted this morning: "The US is government is trying to criminalize whistleblowing and publication of whistleblowing material, puts journalists at risk in the future."
The information sought includes mailing addresses and billing information, connection records and session times, IP addresses used to access Twitter, e-mail accounts and the "means and source of payment".
Twitter has notified all users in question and said it would respond to the request within 10 days from the date of the notice, unless they decide to fight the order in court.
It is thought Google and Facebook have also been ordered to reveal details of user information.
from: http://www.computerweekly.com/Articles/2011/01/10/244801/US-government-issues-Twitter-subpoena-over-Wikileaks-founder-Julian.htm

WikiLeaks demands Google and Facebook unseal US subpoenas

WikiLeaks has demanded that Google and Facebook reveal the contents of any US subpoenas they may have received after it emerged that a court in Virginia had ordered Twitter to secretly hand over details of accounts on the micro-blogging site by five figures associated with the group, including Julian Assange.
Amid strong evidence that a US grand jury has begun a wide-ranging trawl for details of what networks and accounts WikiLeaks used to communicate with Bradley Manning, the US serviceman accused of stealing hundreds of thousands of sensitive government cables, some of those named in the subpoena said they would fight disclosure.
"Today, the existence of a secret US government grand jury espionage investigation into WikiLeaks was confirmed for the first time as a subpoena was brought into the public domain," WikiLeaks said in a statement.
The writ, approved by a court in Virginia in December, demands that the San Franscisco-based micro-blogging site hand over all details of five individuals' accounts and private messaging on Twitter – including the computers and networks used.
They include WikiLeaks founder Julian Assange, Manning, Icelandic MP Brigitta Jonsdottir and Dutch hacker Rop Gonggrijp. Three of them – Gonggrijp, Assange and Jonsdottir – were named as "producers" of the first significant leak from the US cables cache: a video of an Apache helicopter attack that killed civilians and journalists in Baghdad.
The legal document also targets an account held by Jacob Appelbaum, a US computer programmer whose computer and phones were examined by US officials in July after he was stopped returning from Holland to America.
The court issuing the subpoena said it had "reasonable grounds" to believe Twitter held information "relevant and material to an ongoing criminal investigation".
It ordered Twitter not to notify the targets of the subpoena – an order the company successfully challenged.
The court order crucially demands that Twitter hand over details of source and destination internet protocol addresses used to access the accounts, which would help investigators identify how the named individuals communicated with each other, as well as email addresses used.
The emergence of the subpoena appears to confirm for the first time the existence of a secret grand jury empanelled to investigate whether individuals associated with WikiLeaks, and Assange in particular, can be prosecuted for alleged conspiracy with Manning to steal the classified documents.
The US attorney general, Eric Holder, has already said publicly that he believes Assange could be prosecuted under US espionage laws. The court that issued the subpoena is in the same jurisdiction where press reports have located a grand jury investigating Assange.
It has been reported that Manning has been offered a plea bargain if he co-operates with the investigation.
The emergence of the Twitter subpoena – which was unsealed after a legal challenge by the company – was revealed after WikiLeaks announced it believed other US Internet companies had also been ordered to hand over information about its members' activities.
WikiLeaks condemned the court order, saying it amounted to harassment.
"If the Iranian government was to attempt to coercively obtain this information from journalists and activists of foreign nations, human rights groups around the world would speak out," Assange said in a statement.
Jonsdottir said in a Twitter message: "I think I am being given a message, almost like someone breathing in a phone."
Twitter has declined to comment, saying only that its policy is to notify its users where possible of government requests for information.
The specific clause of the Patriot act used to acquire the subpoena is one that the FBI has described as necessary for "obtaining such records [that] will make the process of identifying computer criminals and tracing their internet communications faster and easier".
The subpoena itself is an unusual one known as a 2703(d). Recently a federal appeals court ruled this kind of order was insufficient to order the disclosure of the contents of communication. Significantly, however, that ruling is binding in neither Virginia – where the Twitter subpoena was issued – nor San Francisco where Twitter is based.
Assange has promised to fight the order, as has Jonsdottir, who said in a Twitter message that she had "no intention to hand my information over willingly".
Appelbaum, whose Twitter feed suggested he was travelling in Iceland, said he was apprehensive about returning to the US. "Time to try to enjoy the last of my vacation, I suppose," he tweeted.
Gonggrijp praised Twitter for notifying him and others that the US had subpoenaed his details. "It appears that Twitter, as a matter of policy, does the right thing in wanting to inform their users when one of these comes in," Gonggrijp said. "Heaven knows how many places have received similar subpoenas and just quietly submitted all they had on me."
taken from:http://www.guardian.co.uk/media/2011/jan/08/wikileaks-calls-google-facebook-us-subpoenas