Here Comes OpenLeaks: How It Won't Be WikiLeaks

Almost exactly a year ago I spoke via email with ex-WikiLeaks spokesman Daniel Domscheit-Berg. He and the four or five others who’d defected from WikiLeaks in September of 2010 were already at work on OpenLeaks, a successor organization with the same basic goal: to maintain a secure platform where sensitive documents of interest to the public can be uploaded by whistleblowers and anonymously distributed to the press.

Now OpenLeaks is just about ready to launch. Domscheit-Berg gave a presentation on the project some days ago at the Share 2 conference in Belgrade, and I just had to get over there to hear it. (I don’t know! All of a sudden I was in Belgrade narcoleptically passing out in my soup, and also attending this surprisingly inspiring tech conference.) I was able to meet and speak at length with Daniel, and learned a ton about OpenLeaks and the future of whistleblowing.

The Serbian capital has an ex-totalitarian air, the monuments and public buildings seeming to have been built with the principal aim of intimidation, rather than beauty. Though there is beauty, too. There are a lot of huge, dark bronze sculptures of stern-looking giant guys. There are also wonderful old parks, old trees, lovely wrought iron gates, cobbled walks. Tons of people in the street, day and night, safe to walk, lots of women walking on their own. Beautiful old electric trams in a wonderful rich aged red color, very noisy; I hope they keep them always, like the San Francisco cable cars.

The conference took place against a backdrop of heightened political activity in Belgrade. Serbian elections took place yesterday. Nerves were just generally inflamed, it seemed. Their ultra-nationalists are far from down for the count. Indeed, the ultra-nationalist group Nasi (“Ours”) threatened to disrupt even the groovy little Share 2 tech conference, once it became known that an independent media group and web portal called Kosovo 2.0 intended to present there. “Nasi’s announcement condemned the webportal as ‘a direct promoter of the narco-state of Kosovo as independent and not a part of the Republic of Serbia,'” according to Lily Lynch at Bturn.com, a Balkan culture blog. These splinter groups are known fomenters of ultra-violence along with their ultra-nationalism. Lynch writes, “Members of Nasi have been participants in all of the worst shit that has gone down on the streets of Belgrade during the last several years: the violence following Kosovo’s 2008 declaration of independence in which the American embassy was set on fire and one individual was killed, and the 2010 Pride Parade in which 147 policemen and nearly 20 civilians were injured.”

And so Kosovo 2.0 withdrew rather than risk upset at the conference, passing out flyers and stickers instead of speaking. Opinions were split about whether or not the Kosovo group should have withdrawn, and the mood was thoughtful. These kids are so like ours: sleeve tattoo, short beard, left politics, electronica, coding, non-materialism, bicycle, veganism, Internet. I am in great hopes for them.

Domscheit-Berg’s presentation on the second day of the conference was mobbed, and the audience was focused, attentive and respectful. This makes quite a change from his circumstances eighteen months ago; when he left WikiLeaks, he was almost insantly pilloried in the media and in the hacker community, owing in large part to the high regard in which Julian Assange, the original founder of WikiLeaks, was held at that time. Daniel’s book, Inside WikiLeaks: My Time with Julian Assange at the World’s Most Dangerous Website, was routinely dismissed as the vengeful act of a “disgruntled former employee” (though not by me). He was tossed out of the Chaos Computer Club, the hacker collective he’d been part of before he’d ever heard of WikiLeaks. He was denounced as untrustworthy by Andy Mueller-Maguhn, former WikiLeaks/OpenLeaks go-between (and Chaos Computer Club board member) in Der Spiegel.

But what if the “former employee” had very good reasons for being disgruntled? Since reading his book, I’ve always thought that Daniel Domscheit-Berg was being made to suffer exactly as whistleblowers often are: blamed for speaking up and accused of self-aggrandizement, sabotage or pursuing a private agenda.

A lot has happened at WikiLeaks since the fall of 2010. Most notably, through a breathtaking series of gaffes, the Guardian, its investigations executive editor David Leigh and WikiLeaks accidentally made available a working password that unlocked the entire unredacted trove of over a quarter-million State Department cables leaked to WikiLeaks and known colloquially as “Cablegate.” By the time the password leak was discovered, the encrypted archive had already been distributed far and wide on the Pirate Bay—exactly how and by whom has never been made precisely clear—so there was no way of putting the cat back in the bag.

The publication of the Cablegate password in David Leigh’s book, which came out in December of 2010, meant that all the names and identities of confidential informants in the cables were compromised. Fortunately, though, by the time the password was published, the State Department had certainly known of the leak for many months, the first of the cables having been published in February 2010. There is grounds for hope that nobody was harmed as a result of the negligence of Assange, Leigh or the Guardian. But that’s all just luck, seemingly; their carelessness might easily have compromised much more sensitive information.

There were various accounts of the Cablegate password fiasco, some blaming WikiLeaks, others David Leigh, still others The Guardian or sometimes all three. Some, including Glenn Greenwald, sought to implicate Domscheit-Berg, though he was never directly involved with Leigh; nor, he claims, did he have access to the ill-fated password. Greenwald’s September 2011 remarks regarding Domscheit-Berg’s role in the affair were uncharacteristically incoherent.

To my mind, the real upshot of the Cablegate debacle was that it put paid to the likelihood of anyone’s sharing so much as the contents of a fortune cookie with Julian Assange ever again. He is currently holed up in the UK, enduring a kind of extra-fancy house arrest while he resists extradition to Sweden on charges of sexual misconduct. His relevance in world affairs diminishes by the day, despite his rather grandiose Twitter feed. Recently, he’s been taping “The World Tomorrow,” a chat show sponsored, improbably, by the mostly Russian-state-owned TV station RT.com. The latest episode features Assange talking to very little purpose with Slavoj Žižek and David Horowitz.

The 2010 rupture between Domscheit-Berg and Assange has proved absolute. These two approach life itself in fundamentally incompatible ways, it would seem.

On the day of his presentation, Domscheit-Berg texted me, explaining that he was upstairs at the conference center working, and that I could wander over and talk with him, if I liked. He was all on his own, bashing away at a laptop. A lot of media people came and went, asking questions, filming, photographing. He handled them all with a practiced grace and generosity; he likes talking to people, he says. The fluidity of Daniel’s talk is ornamented rather than otherwise by his marked German accent.

MB: I find it fascinating how you wandered into the WikiLeaks project with Assange, just like, hey, that is a good idea, and the next minute you’re caught in a web of geopolitical intrigue. I can see how that would be bound to drive anyone a little crazy. This rare phenomenon of what just two people are doing kind of on their own suddenly having global significance. How do you think that affected your character and personality afterward?

DDB: That’s a really good question. It affected me in a couple of different ways. At the beginning, I liked a lot that we were getting a lot of media attention, and this was a big high, and I felt that this is kind of proving that what I’m doing is worthy, validating it in some way. But that has changed to the exact opposite; I haven’t really read any piece of news on me, with me, whatever, in the last year at least [...] because I feel that in some way I’m kind of terrified, by now, to take this too serious or to take myself too importantly. That’s one of the consequences of seeing what happened to Julian. From my perspective… at the beginning, we didn’t let any of this go to our heads. At some stage, I think it went to his head, and that’s where a lot of things changed and it became difficult. [...]

MB: Whatever the man’s problems are, he’s also been stuck in this English guy’s house for a thousand years.

DDB: Well, that situation needs to be resolved by courts of law. Whether in the UK or in Sweden. Just certainly not in the U.S.

(Just to note, for those who may have forgotten: the criminal allegations against Assange in Sweden are minor enough that they would not ordinarily be pursued against a foreign national on foreign soil to anything like the degree experienced by Assange in this case. So one really can’t blame Assange and his associates for supposing that the ultimate goal of the Swedish charges is extradition to the U.S. in connection with, for example, the release of the Collateral Murder video.)

Meanwhile, Domscheit-Berg’s reputation has slowly mended. For example, a matter of weeks ago he was voted back into the Chaos Computer Club, and Andy Mueller-Maguhn was booted off their board. These developments indicate that the steady vindication of Domscheit-Berg, in the hacker world at least, is more or less complete.

Since Domscheit-Berg left to start OpenLeaks, along with several others including the mysterious programmer known only as “The Architect,” who took some or all of the code he’d written with him when they left, WikiLeaks has been unable to accept submissions of new documents. I’ve thought ever since I first looked into this story that OpenLeaks would eventually pick up the ball, so it was gratifying to learn about the progress they’ve made.

There are only five or six people working on the project so far, and it is privately funded by them alone. Daniel said, “There is no sponsor, there are no foundations, no corporations, there are no people paying us for what we are doing. This is all just 100% privately funded by me and the others. This is good because right now we are independent and there’s no one that can tell us that we need to hurry up a little bit more.

“Have you guys thought about doing a Kickstarter?” I asked.

He answered: “Yeah, we certainly have. But we are not formally organized yet, and as long as that hasn’t happened we will not take any money from the outside. Maybe when we are properly constituted.”

I knew I wouldn’t learn a thing about him, but couldn’t resist asking: “Oh, everybody wants to know about The Architect.” Daniel said, “Yeah, I know. And he knows. He just prefers to remain private and able to get work done as long as the world is full of all this drama.” Hmm, we are liable to have still a bit of a wait, then.

WHAT WILL BE DIFFERENT ABOUT OPENLEAKS?

From its inception in September 2010, OpenLeaks was designed with all the painful lessons of WikiLeaks in mind.

The key difference is that where WikiLeaks itself participated in the vetting, editing and publication of leaked documents, OpenLeaks won’t even be able to read them. OpenLeaks provides only the platform for submissions, which will be encrypted and visible only to publishing partners designated by the source. OpenLeaks is pursuing a course of total neutrality. This is in sharp contrast to WikiLeaks, which worked closely with major news organizations, an approach that sometimes resulted in a lot of friction.

DDB: When WikiLeaks [...] started to work with the Spiegel, and the Guardian and the New York Times, the problem is the moment you get these players, they will start to put you under pressure, because they want to remain exclusive. This is unfortunately what the media landscape is like; fixated on scoops, not on maximizing enlightenment [...]

So our approach in the design that we have takes this problem into account, because we let the source decide who gets the information and how it flows from there. This way, we cannot steer anything. We cannot become good friends with one organization, that we have to do a favor or something like this, because we have no control at all; it’s just the source that is deciding. We cannot even see what kind of information is put into the system. [...]

MB: But when you have a scoop, then you can put a spotlight on it. There is an upside, right, to the WikiLeaks approach? Like when the Collateral Murder video came out, there was such a buzz on that—as a journalist, you try to create something that you know people are going to click, they’re gonna look, you make it like what they call “sexy” or whatever, by having a provocative headline. At OpenLeaks, then, you’re giving that up.

DDB: We’re not really giving it up. Because there’s one organization that receives the stuff. If the source for such a video trusts you as a journalist, and they give it to you, then you are the one that can put on the spotlight. [...] And as a source, if I give you information, I can specify how long this information will remain exclusive with you. So I can say, for two weeks that scoop is yours. But if you decide, this is not my topic, or your publisher might say, “This is an advertiser of ours, you’re not going to run the story.” Then after two weeks, the other organizations that are part of our network will get access to this information, if that’s what the source wanted.

MB: All at once?

DDB: Yes. Right now there’s just all or nothing.

MB: Two levels.

DDB: Yes. It’s very confusing for sources if they can specify, which organizations should and which shouldn’t. So if you run with the scoop, and the source has specified that it can be distributed, the moment that you run the scoop [all the other organizations] have access to it as well. So now other newspapers in your country that might even be your competitors can use the original material. And that’s not what’s happening today. Today all the journalists are sitting on their material, and trying to protect it from other people, because they can continue to milk it all the time. And that doesn’t help society. Because that’s where we are today: people are just copying and pasting the news agency stories because they don’t have access to original materials.

Several news organizations have already begun work on implementing secure sites for the receipt of materials through the OpenLeaks network.

DDB: Now, the media partners so far have been very much smaller, and internationally we have just one newspaper from Portugal, and one from Denmark, and nobody from the States, for example, and that’s for a couple of reasons. I mean, we’re open to collaborate with anyone who has an interest. But for what we’ve done so far, it was much easier to stick to organizations closer to us in order to make some first experiences.

At OpenLeaks, partners—publishers, groups of journalists, NGOs—will be required to set up their own websites within the OpenLeaks network in order to receive material. But they and they alone will be able to see that material; it will be up to them to verify, authenticate, edit and decide how and when to publish.

Any U.S. group wishing to set up as an OpenLeaks partner will have to send web developers along to Germany for a five-day workshop, during which they will be provided with the initial specs and training required for setting up such a website.

Regarding these workshops, Daniel said: “For now this would be for developing a front end. How do you develop a website that’s secure, what kind of stuff about anonymity do you have to consider, how might you integrate this in a meaningful manner with your existing website [...] we’re doing the workshops in the countryside so there’s no distraction at all, other than the possibility for people to take a walk in the woods or something to get a fresh head, but it’s meant to be quite intense.”

He continued: “You have to find out what is possible and what is not possible, technically. And once you have an educated opinion on this, only then will you be able to say if you want to run such a site or not. There cannot be a promise that once you have done this workshop, you will be enabled to [implement a site.] Especially if you are in the U.S., that’s a really big problem because of all these technological details. But you will understand the constraints and be able to take a well-informed decision. We’re really eager, and all for creative solutions. So whoever has an interest, that is great and let’s take it from there.”

Travel to Germany will be required because the OpenLeaks crew, having been as deeply involved as they were with WikiLeaks, prefer not to visit the U.S. in case they get into some kind of hot water over here.

MB: Do you feel like you’re being watched?

DDB: No. Not at all. I don’t have the feeling of being watched, and I refuse to give in to whatever kind of paranoia I could be making of it. I’m trying to remain realistic about it. Then again, I assume people are listening to my phone calls, because it’s too cheap not to do it.

MB: They’re listening to everybody’s, I guess.

DDB: Exactly. But I haven’t ever noticed that I am being followed; the house I am staying in is not under surveillance, as much as I can tell, and it’s highly unlikely that anyone has ever been in my place when I was out, you know. I’m careful about these things, and I’m pretty sure I would notice.

MB: Do they bother you at the airport?

DDB: No, never.

MB: Never?!

DDB: No, never ever. And I’m traveling a lot. [...]

MB: Wow. I am stunned.

DDB: So the question is, why is that? And I could get super paranoid about the fact that this is the case, but rationally, I have no explanation for it.

Daniel was accompanied at the conference by his wife, Anke Domscheit-Berg, who, as an expert in Open Government issues, is a noted activist in her own right. At the conference, she had a presentation and was on several panels. She also gave a presentation on guerrilla knitting and yarn-bombing; in the photo here she’s working on a sort of handrail-cozy that she installed on the handrail just outside the conference amphitheater.

Daniel describes meeting his wife in Inside WikiLeaks; the two are clearly very close partners, in their activism and work, and in life, too. “You’re in love!” I observed to Daniel. “I’m writing that down.”

“I don’t mind,” he replied. “It’s a known fact.”

I wondered how OpenLeaks would be dealing with the rapid changes in the security landscape online. Daniel is mainly a network specialist, so this is his particular area of expertise.

MB: You saw the Wired piece in April about increased attention from the US government, throwing so much computing power at cracking encryptions. How does that affect your work?

DDB: Hmm. It doesn’t directly affect our work, because we’re not trying to develop an off-the-shelf product. But it certainly affects the considerations around security and secure communications. So it affects what is possible for our partners and what is not, and it is what we are educating them about. Ultimately, to some extent—it’s a really good question, how secure any communication on the Internet today can actually be.

MB: This is my question exactly. The more important, the more visible you get, the more scrutiny there is.

DDB: Yes. Generally, there are questions like, how reliable is SSL encryption? That’s a very basic question for any kind of web communication via the HTTPS protocol, you know. If SSL is broken, and I think largely it is broken, then the question becomes ultimately how much can you rely on the most widely deployed encryption technology on the web.

Now for actually 99.99-whatever percent of all the cases of whistleblowers, their material is not of interest to the NSA. But there’s this small, very small fraction where it would matter, and you never know what’s coming. So the question is, how much can you offer an online whistleblowing solution when there is the chance for that one case where a whistleblower has something that might draw the attention of the NSA, and it might then screw that person.

So this is why it’s more complicated than just delivering a solution.

For those who haven’t been keeping score in the U.S. regarding whistleblower protections: we are sohosed. Though we were promised strengthened whistleblower protections in the 2008 presidential campaign, that has in no way come to pass. Though that’s likely not really Obama’s fault—it has been just one more fallout from our catastrophically locked legislative and executive branches. (For technical details on the “national security” overreach of governmental snooping, the Bradley Manning story, and matters pertaining to whistleblowers in general, please do consult Glenn Greenwald, whose counterproductive, combative rhetoric drives me nuts, but there is no denying that he has been consistently right on the facts regarding these issues.)

The Q&A period after Daniel’s presentation was held in a smaller room at the Dom Omladine center, upstairs from the amphitheatre. Maybe thirty people showed up. The audience was young, very young. Equal parts rage against the machine, and idealism: Brains, energy, drive, engagement.

“Why are they so great?” I asked Daniel afterward.

“It’s this generation. They are networked, and they get perspectives from other people.”

“They are citizens of the world. Like, the first ones.”

There was one tall, pale, dark-haired bearded boy, furious, pleading. He said to Daniel: “Let’s say you publish a newspaper in Serbia, that is published, that doesn’t mean anything, nobody goes to jail, there are no consequences, there are no legal actions, there’s nothing. So you publish it, it goes in a story for a week, some person stole, I don’t know, ten million dollars from the state, but nobody cares, in ten days it goes away, nobody remembers it. So did you ever consider that some database could be formed, just as a memory for future generations. To retain that information, that Google cannot delete it from search engines. So their children are not like oh, my father was a great citizen, a very competitive and capable businessman, no!—he was a thief! And like no matter that he doesn’t suffer legal consequences, but in memory, like, here are the evidence.”

Our later talk addressed this general frustration with media and politics.

MB: I think the big problem is that people don’t understand that they have agency themselves. You touched on this yesterday, just for a second; but people don’t have faith that any move I can make as an individual is going to have an effect, out there.

DDB: Yeah, but it does. And that’s again what the Internet is good for, because it helps you to understand that. Because you are connected to all these other people and you will see that whatever you do, it causes some kind of a ripple or whatever you call this, and you can see it echoing somehow. Change can begin with every single small decision we take.

If conventional news organizations aren’t going to step up to participate in OpenLeaks, it would be possible to form an association of journalists through an NGO to participate. There are a lot of ways whereby journalists can become involved in this effort. I hope that one way or another, a lot of U.S. groups will jump in. Initiatives like these are almost the only way left open to American journalists to combat the vast and illegal snoopings of the government on our activities. Indeed, instead of providing the added protections promised in the 2008 campaign, the administration has stepped up its efforts to prosecute whistleblowers.

American journalists would do well to heed the remarks of a national security representative at an Aspen Institute meeting last year between journalists, Congressional staffers, lawyers and spooks: “We’re not going to subpoena reporters in the future. We don’t need to. We know who you’re talking to.”

So time’s a-wastin’, with respect to restoring First Amendment rights.

DDB: We haven’t come up with a fixed schedule yet. But it might make sense to talk to editors as well, and to make them understand how to deal with digital content, educate them about metadata and document formats, how to clean documents of traces, these types of things. We will also do security workshops for journalists so that non-technical people get security training. The spectrum of what is possible is actually pretty broad. And we’re very open. Also people should roughly know where our expertise lies, and if there is anything that we haven’t thought of yet, and somebody wants to know if we can do it, we’re open.

MB: If I run across different press outlets that want to get involved, how do they go about it?

DDB: Just put them in touch.

MB: ddb@openleaks.org



Maria Bustillos is the author of Dorkismo and Act Like a Gentleman, Think Like a Woman.