Original URL: http://www.theregister.co.uk/2008/02/21/wikileaks_bulletproof_hosting/

Wikileaks judge gets Pirate Bay treatment

We're bulletproof, Your Honor

By Dan Goodin

Posted in Law, 21st February 2008 00:52 GMT

Analysis Every now and again, an event comes along and takes our breath away by reminding us just how far out of step the legal system can be with today's changing world. The latest example is last week's attempt by a federal judge in California to shutter Wikileaks, a website devoted to disclosing confidential information that exposes unethical behavior.

Almost a week after US District Judge Jeffrey White unequivocally ordered the disabling of the guerrilla outfit, it remains up, and its foot soldiers are as defiant as ever. More to the point, it continues to host internal documents purporting to prove that a bank located in the Cayman Islands engaged in money laundering and tax evasion - the same documents that landed it in hot water in the first place.

It remains doubtful that Wikileaks will ever be shut down. That's because the site, as reported earlier by the The New York Times Bits blog, is hosted by PRQ, a Sweden-based outfit that provides highly secure, no-questions-asked hosting services to its customers. It has almost no information about its clientele and maintains few if any of its own logs.

Oh yeah, PRQ is also run by Gottfrid Svartholm and Fredrik Neij, two of the founders of The Pirate Bay, the BitTorrent tracker site that, as a frequent target of the Hollywood elite, has amassed considerable expertise in withstanding legal attacks from powerful corporate interests.

Not that attorneys from the Julius Baer Bank and Trust, the bank accused of the misdeeds, haven't demanded PRQ disconnect the site.

"We have the usual small army of stupid lawyers that think we will piss our pants because they send us a scary letter," Svartholm said in a telephone interview. "We do employ our own legal staff. We are used to this sort of situation."

Also making a take-down difficult, Wikileaks maintains its own servers at undisclosed locations, keeps no logs and uses military-grade encryption to protect sources and other confidential information, according to an unidentified individual who answered a press inquiry sent to Wikileaks.

"Wikileaks certainly trusts no hosting provider," the person wrote.

There's a name for arrangements such as these. It's called "bulletproof hosting," and it's historically been used to insulate online criminal gangs against take-down efforts by law enforcers or private parties. As Wikileaks has demonstrated, the measure can also be used by those engaging in civil disobedience. Wikileaks uses a different term: "an uncensorable system for untraceable mass document leaking."

Farewell Smokestacks

All of this seems to have been lost on Judge White. Last Friday, he issued a sweeping court order that directed Wikileaks and a dizzying array of ISPs, DNS hosts and website server providers to suspend all Wikileaks websites. White went so far as to extend his directive to "all those in active concert or participation with the Wikileaks defendants ... and all others who receive notice of this order."

Given the number of internet users who have joined Wikileaks' cause since learning of the case, the order could easily extend to tens of thousands of people or groups, many of them well beyond the jurisdictional reach of White's San Francisco-based court.

Perhaps that's why the only practical effect his ruling had was to force a registrar by the name of Dynadot to suspend the Wikileaks.org domain name. The site remains reachable by accessing its IP address or alternate domain names such as Wikileaks.be and wikileaks.in. That's akin to removing a person's name from the phone book but not disconnecting his phone.

White's lack of internet savvy was in further evidence when he directed that a copy of his order be emailed to Wikileaks within 24 hours of the issuance of his order. The only problem there was that the suspending of Wikileaks.org prevented the organization's email system from working.

It would appear White is still caught up in the age that preceded the internet, when trade secrets were generally written down on paper and a fair amount of effort was required to disseminate them. Back in this smokestack era, broad orders covering anyone involved even indirectly in the appropriation of trade secrets made sense because the orders frequently had the result of plugging the leak.

Not so in this case, where the internet is a central player. White's order has done little to stop the leak, and it can be argued that it has only made the leak bigger. A few days ago, nary a soul had heard of Julius Baer or Wikileaks. Julius Baer's alleged money laundering has since gone mainstream thanks to the order, which has generated an endless series of headlines and provoked the ire of censorship opponents who have begun spreading the internal documents on mirror sites and peer-to-peer networks.

There are also perceived shortcomings in White's order. Specifically, the directive disabling the entire site is perceived by some First Amendment lawyers as a clear violation of free speech. And his prohibition on the publishing of "any other new or additional yet unpublished documents and data" that might belong to Julius Baer, likely amounts to prior restraint, another constitutional no-no.

As Eric Goldman, a professor of Law at Santa Clara University and author of the Technology and Marketing Law Blog, observes: "There's simply no good remedy once confidential information hits the internet, and that's very frustrating to judges who are used to solving problems." Judge White, welcome to the internet age. ®