Obscured by the daily scramble of news stories about WikiLeaks, its pompous and self-aggrandizing spokesperson, Julian Assange, and the classified information that was revealed, is a phenomenon which profoundly affects the way each of us as individuals conduct our daily lives and protect our privacy and assets from theft. We all are aware of computer hacking, fraudulent websites and so-called “phishing” expeditions which seek to trap us into revealing bank accounts, social security numbers and credit card records. We are learning to live with a myriad of passwords and procedures which are designed to keep intruders out of our hard drives just as we lock our doors and windows to keep burglars from access to our homes and private property. But, just as experienced burglars can pick even so called unpickable locks, we now see writ large that online thieves are able to access our privacy and property despite the passwords we deploy to stop them. If the U.S. State and Defense Department codes and records can be stolen and downloaded by a simple army private, then our checking accounts should be child’s play for a determined online thief.
The Assange and WikiLeaks matter is quite serious and may be prosecutable although that is not a lead pipe certainty. Assange is certainly not a traditional journalist and his refuge in the First Amendment guarantee of free speech seems terribly misplaced. His claim and the claim of his supporters, who despise the military, that he is a whistleblower stretches that term to absurdity. Whistleblowers expose crimes. Conversation between diplomats even if it is “disinformation “ is not a crime. That is what diplomats are sent abroad to do. Whether Assange stole information from the government or conspired with Private Bradley Manning to steal information is a matter for the courts. Whether he is guilty of infractions under the Espionage Act of 1917 is also a legal issue.
There have been few successful prosecutions under that World War I statute which requires that the government must demonstrate that the person disclosing information knew that the information he was disclosing would damage national security. As attorney Baruch Weiss wrote in the Washington Post on December 5, 2010 (disclosure: Mr. Weiss is a law partner of one of the co-authors of this column at the Washington DC law firm, Arnold & Porter LLP):
Here, Assange can make the department’s case especially difficult. Well before publishing the cables, he wrote a letter to the U.S. government, delivered to our ambassador in London, inviting suggestions for redactions. The State Department refused. Assange then wrote another letter to State, reiterating that “WikiLeaks has absolutely no desire to put individual persons at significant risk of harm, nor do we wish to harm the national security of the United States.”
In short, this matter is not as easy as syndicated columnist Charles Krauthammer suggested when he said in a recent column “this is a country where a good prosecutor can indict a ham sandwich.” The real question is not whether a prosecutor could indict but whether he or she can obtain a conviction. Mr. Krauthammer fears that not prosecuting would expose “the helplessness of a superpower that not only cannot protect its own secrets but shows the world that if you violate those secrets — massively, wantonly and maliciously, there are no consequences. But if the government were to indict and lose at trial the result would be to expose the fact that the government has no tools to enforce secrecy.
Make no mistake about it, if there is a clearly winnable case, Mr. Assange should be prosecuted. He has taken it upon himself to decide whether revealing information he knew was stolen would be harmful to the nation. What is necessary, however, is a new law designed for the cyber age which makes it a crime to obtain information through the equivalent of theft or to disseminate information that the government restricts as classified. Any such statute will have to be carefully drafted to withstand the inevitable First Amendment challenges it would face. Moreover, the Congress cannot delegate enforcement to the FCC which has shown under its current chairman a propensity to expand its regulatory reach so as to govern the internet.
Which brings us back to the wakeup call we have all just received. WikiLeaks has been saying for weeks that it has a trove of documents from a major national bank that it plans to disclose. If tens or even hundreds of thousands of bank records can be hacked and stolen, how confident can we be with such modern conveniences as online banking or online shopping?
Once we avail ourselves of the wonders of email, or accessing websites, whatever we are saying or reading on the websites we visit is “out there” for the world to know as soon as we hit the “send” button. New laws alone dealing with banking or cyber theft, while necessary, will in and of themselves not be enough. The technology for protection must be substantially improved. In our desire for speed in communicating and sharing information, we have exposed a massive vulnerability to our privacy. An analogy to weapons systems is apt here. Ballistic missiles spawned anti-ballistic missiles, which, in turn, gave rise to multi-headed missiles designed to escape and avoid the new sophisticated defenses. And on and on.
We have already entered an age where cyber-attacks could virtually cripple a nation. This year we witnessed an attack aimed at Google (who could be more sophisticated about cyber space than Google?) and an as yet unidentified “worm” allegedly aimed at slowing Iran’s nuclear centrifuge program. Articles have been written discussing the possibility of disabling our national power grid, the programs through which stocks and bonds are traded, and daily bank clearances. As whole industries have gravitated toward what is referred to as a “paperless society,” the old manual hard copy infrastructure is becoming obsolete. Last week a group supporting WikiLeaks triggered attacks against major Web servers including Master Card and Visa. These attacks can virtually shut down an institution’s servers. As the Wall Street Journal editorialized on December 12:
It is clear that as the Internet’s inherent technical vulnerabilities are exploited in this way — both by the politically aggrieved and criminal gangs — it will be pushed steadily toward a state of chaos and anarchy. … The better course is to establish rules and criminal statutes for the Internet similar to those we use to govern the rest of civilized society.
Any such criminal statutes must have penalties that bite.
Laws alone will not be sufficient to protect individuals from the theft of privacy, although they clearly would help as a deterrence if the language were clear enough and the penalties stiff enough. We need to develop personal encryption devices which, while they probably would not be foolproof, could make it far more difficult for thieves to gain access to our records and hack into our privacy. We also need laws restricting the information many purveyors of online goods and services require of us in order to open an account or complete a transaction. Much of that information is unnecessary to prevent fraud and only serves to expose more of our private lives to information sharing with the entire world.
The Assange/WikiLeaks episode shows us that the time is now to put modern laws in place and to develop methods for individual users to encrypt the information on their computers to make us more personally secure. If we do not respond to the challenges and threats that brilliant new technology has created to allow us to do our shopping and banking from home and instantly to communicate with people halfway around the globe, many people will stop availing themselves of the wonders of the cyber age, the consequence of which would slow the growth of an industry upon which we are pinning many of our hopes for future economic growth and a robust revival of our economy. Surely this is a challenge we can meet.