White House Strategy to Protect Trade Secrets Mischaracterizes WikiLeaks, Criminalizes Hacktivists
The administration of President Barack Obama released a strategy aimed at protecting trade secrets. As White House press secretary Jay Carney stated, the strategy aims to “protect the innovation that drives the American economy and supports jobs in the United States.” He said, “We know that trade secret theft can cripple a company’s competitive advantage in foreign markets, diminish export prospects around the globe, and put American jobs in jeopardy.” That was why the White House had put together a strategy.
The strategy notes, according to the Office of National Counterintelligence Executive (ONCIX), the “pace of economic espionage and trade secret theft against US corporations is accelerating.” It adds, “US companies, law firms, academia, and financial institutions are experiencing cyber intrusion activity against electronic repositories containing trade secret information.” This is placing the “security of US economy in jeopardy.”
Given how vulnerable companies, law firms, academia and financial institutions seem to be, it is reasonable for the government to want to take some kind of action, especially if “foreign competitors of US corporations, some with ties to foreign governments, have increased their efforts to steal trade secret information through the recruitment of current or former employees.” That is why it is alarming that part of the strategy focuses on the alleged actions of “hacktivists” and also names the media organization, WikiLeaks.
In an executive summary section that outlines key points about “foreign economic collection and industrial espionage,” the strategy suggests, “Cyberspace provides relatively small-scale actors an opportunity to become players in economic espionage. Under-resourced governments or corporations could build relationships with hackers to develop customized malware or remote-access exploits to steal sensitive US economic or technology information, just as certain [foreign intelligence services] have already done.” It then proceeds to assert, “Similarly, political or social activists may use the tools of economic espionage against US companies, agencies, or other entities, with disgruntled insiders leaking information about corporate trade secrets or critical US technology to “hacktivist” groups like WikiLeaks.”
A section on “possible game changers” highlights how “a range of less-likely developments over the next several years” could occur that would increase the “threat.” Just under a description of “hackers for hire,” the strategy describes the “threat” posed by hacktivists:
Hacktivists. Political or social activists also may use the tools of economic espionage against US companies, agencies, or other entities. The self-styled whistleblowing group WikiLeaks has already published computer files provided by corporate insiders indicating allegedly illegal or unethical behavior at a Swiss bank, a Netherlands-based commodities company, and an international pharmaceutical trade association. LulzSec—another hacktivist group—has exfiltrated data from several businesses that it posted for public viewing on its website.
It is a bit ridiculous that LulzSec is named. The FBI convinced hacker “Sabu” or Hector Xavier Monsegur to be a snitch and help the agency bring down the group, which splintered off from Anonymous. The FBI likely used Monsegur to push LulzSec members to commit illegal acts. He likely convinced Jeremy Hammond, who is in prison and on trial for charges of conspiracy to commit computer hacking, computer hacking and conspiracy to commit access device fraud, to engage in the hack against Stratfor.
The “several businesses” are not named, but it is possible the White House is referring to Stratfor as one of the businesses. In any case, LulzSec, to my knowledge, is no more since it was decimated by an infiltrator, who helped the federal government arrest members.
WikiLeaks did obtain documents that allegedly revealed “secret Julius Baer trust structures used for asset hiding, money laundering and tax evasion. The bank alleges the documents were disclosed to Wikileaks by offshore banking whistleblower and former Vice President the Cayman Island’s operation, Rudolf Elmer.” In 2008, the WikiLeaks website was legally attacked and taken down. The Swiss bank pursued a lawsuit that it ended up abandoning after outcry from media and civil liberties groups. In January 2011, Elmer, a whistleblower, handed over two discs allegedly containing information on 2,000 offshore banking clients. The information was never released because it was “dense,” “not self-explanatory” and “difficult to figure out.” Also, identifying account holders would not necessarily mean the organization had found evidence of tax evasion. [Elmer was convicted and fined for providing information to WikiLeaks.]
With regards to the “pharmaceutical association,” who knows what the White House is referencing? There has been no reported release of any information on a pharmaceutical company (though there were revelations on pharmaceutical companies in the US State Embassy cables released).
The strategy makes clear that the White House does not consider WikiLeaks a media organization. It characterizes it as a “self-styling whistleblowing” organization, but the word “self-styled” indicates they are not a “whistleblowing organization” to White House officials.
The organization is listed under a description of hacktivists and even described as an example of a “hacktivist” organization. This is blatantly false and malicious because staffers of WikiLeaks are not known to have hacked into any businesses or organizations to obtain information. They are not even known to have solicited information from insiders. All information released has been the result of submissions from sources they are unable to identify because their submission system was setup to protect the identity of sources or the information has been personally handed over by a whistleblower, who publicly wanted to be identified as the source [as in the case of Elmer].
Regardless of the US government’s prejudice, it is a media organization and a publisher, not some “hacktivist” collective. WikiLeaks has a right to publish just like other news outlets, including those in the United States that are sometimes incredibly subservient to corporate interests or the US government.
By including WikiLeaks in this strategy, the Obama administration is seeking to characterize WikiLeaks as an organization that poses a potential threat to the US economy. Such a characterization is advantageous to military prosecutors in the court martial of Pfc. Bradley Manning, who allegedly provided classified information to WikiLeaks. Manning is charged with “aiding the enemy” by indirectly providing intelligence to al Qaeda through WikiLeaks. His defense maintains WikiLeaks is a media organization that should enjoy the same legal protections the New York Times or Washington Post would enjoy, but if the White House is going to cast WikiLeaks as an actor that might engage in economic espionage, it is much easier to convince the judge that WikiLeaks is some type of info-terrorist organization and that Manning should have known the information could be used to injure the United States.
There is no reasonable justification for including “hacktivists” in this strategy other than the fact that the White House intends to further support the targeting of “hacktivists” by law enforcement and intelligence agencies. “Hacktivists” do not pose any threat to trade secrets and never will. If they truly are political or social “hacktivists” and not thiefs, they will not take anything from any businesses or organizations and they will not destroy any of the business or organization’s website by accessing it through the internet.
“Hacktivists” may engage in digital resistance and take down a website temporarily through a denial-of-service (DDoS) attack. But thwarting DDoS attacks is not anything that should be done with resources that are supposed to be for fighting economic espionage. DDoS attacks are essentially sit-ins that shut down a space temporarily. They end after the point is made and the agency, business or organization being protested regains control of the website. And DDoS attacks are not acts of economic espionage, but they do show an agency, business or organization is vulnerable.
The desire to protect trade secrets from economic espionage is understandable and reasonable, however, labeling WikiLeaks and “hacktivists” a “threat” simply creates a devious pretext for pursuing them vigorously.
In conclusion, this is but another entry in the US government’s war on WikiLeaks. Editor-in-chief Julian Assange, WikiLeaks staffers and those connected to the organization, who are subject to an ongoing grand jury investigation, should continue to be concerned if not afraid, because a framework like this could be part of a build-up toward crafting charges for prosecutions.