Web wars

The long-term political fallout of the WikiLeaks affair may be more limited than Julian Assange and his supporters would have hoped, but the furore has acted as a catalyst for an unprecedented effort by governments and companies to manage the flow of online information. The eventual impact on the way both sides—those with secrets, and those who wish to reveal them—use the web will be evident. Expect a radically secured, much more tightly-controlled internet, and a growing struggle for the upper hand in the battle for secrecy.

What will change? For a start, we will see major alterations in the way web activity is overseen and controlled. Many of the systems that we use online, including government systems, were designed for efficiency, reliability and adaptability—rather than effective rights management or user tracking. Calls by law enforcement agencies to have all internet usage logged and open to inspection will grow louder. And measures such as the EU data retention directive—which requires communications providers (everyone from mobile phone to internet service providers) to trace and identify sources and recipients of communications, and store that data for up to two years—will be reinforced and extended.

Ultimately, this could mean that every time you send an email, visit a website or tweet, someone will be logging the fact and keeping a record for as long as five years.

Initial attempts to limit the spread of files hosted by WikiLeaks were largely focused on the points where the virtual meets the real, showing the degree to which online activity relies on real-world systems managed by companies that are subject to the rule of law, and sensitive to political pressure—businesses including Visa Europe, PayPal and MasterCard all withdrew their services from WikiLeaks. The whistleblowers’ site was generally accessed through a website which required the things all websites require: a computer to run the server, a disk to store the information, a connection to the internet to transmit the files along with one or more internet addresses, money to pay for all of this, and a domain with a valid entry in the domain name system. Yet though it lost its main web hosting provider and access to funds through major payment services, and was even briefly inaccessible via the wikileaks.org domain, it did not take it long to find alternatives and get back online. In any case, the information had been copied by people willing to take the risk, and had been pored over by several media outlets.

So although these “real world” pressure points will probably be targeted again, governments and businesses will devote most of their energies towards changing their information systems, in order to stop vast quantities of data being siphoned off by a hacker or disgruntled member of staff. The US diplomatic cables were clearly stored as plain text, but they could have been kept in encrypted form so that each one was only made readable when viewed. This would not impede legitimate access, but would mean creating proper access controls and make a data dump very hard to read. Expect also to see better audit trails inside organisations, with all access logged to increase the chances of tracing a leak. Expect, too, a new generation of firewalls limiting access to selected areas of the internet at judicial demand—which is a technical way of saying that the US government would have loved to have been able simply to turn off wikileaks.org at will, as the Chinese government did.

WikiLeaks will have been digesting the implications, too, and thinking up ways to circumvent these new controls. As a model (in terms of structure rather than aims) we can expect to see something more like al Qaeda: decentralised, loosely connected, a collection of affiliated groups and like-minded individuals rather than a coherent body with a website, a domain and a structure to attack. Key to this will be peer-to-peer file sharing. WikiLeaks already makes its caches of information available as torrent files, accessible over BitTorrent, and this will become the default. Torrent files—which, in essence, scatter bits of data over lots of computers rather than storing it in one place—are hard to locate and almost impossible to remove from circulation, which is why they are used to distribute unlicensed copies of songs or movies, and they can be uploaded from any computer.

Non-governmental groups will also be resorting to ever more secret methods. WikiLeaks itself had a whistleblower—it used a mailing list to co-ordinate its activities, and saw much of its contents leaked by an early participant who became disillusioned with the organisation. The way round this will probably be to use encrypted communications over messaging services and keep no records. In addition, just as WikiLeaks has developed what it believes is a secure way for anyone with files of interest to upload them anonymously, it will try to create new and similar tools to keep its work from prying eyes.

Who, if anyone, will win this cat-and-mouse game is hard to say. But for most of us, the result will be vastly increased surveillance of everything we read, watch, listen to or do on the web.