Transcript of OpenLeaks video

Daniel Domscheit-Berg, formerly of Wikileaks and now working on the OpenLeaks project, recently gave a presentation at 27C3. Because the talk is dense and the video long, I had it transcribed today. It’s long and, in the manner of long, complex talks, it isn’t a perfect, linear read. I haven’t cleaned it up, or read or analyzed it fully yet, but it seems important, so I am posting the transcript here, as raw material.

Daniel Domscheit-Berg’s talk on OpenLeaks

Hi. First of all, I’m happy to see so many people that have come, even though it’s on such short notice and in competition with the security nightmares talk. So it’s good to see you all and it’s good to see that you have an interest in I guess the topic I should have been talking about from the beginning on.

Just one short correction. This is not my project. I have to make that perfectly clear. I’m just one of the few people and actually one of the people that can’t really invest too much time at the moment, so there are many others that are working on this idea. I just wanted to make that clear in the beginning.

So actually, now I realize that I do not have the slides on that screen here. Well, anyway.

So what I’d like to do is I try to explain to you why actually we are working on this project, and a bit what the history behind it is and why we have chosen to do this the way we want to do it.

So what is the problem? The problem is that there currently is just one or two or maybe a handful of sites by now that deal with the topic around distributing material from anonymous sources to people that have an interest in receiving such materials. So as we’re all pretty much aware, I think centralism never is a good thing, neither if it comes to technology nor any aspect of society. So ideally, there should be 1,000 WikiLeaks sites or 1,000 [indiscernible 1:58] sites or whatever. So why aren’t there 1,000 of these yet?

So there are a couple of reasons for that. One is that not everyone has the guts to do that, so that is something we have found out. In the same way that you won’t find lots of ISPs that are as good as PRQ in Sweden, for example, that stand up to you as a customer and not back down to the first legal request they get, in the same way, you won’t find too many people that are willing to create such a project and run into some hazard with it, maybe get into some terrain with it and don’t understand what they’re heading into.

Another thing, and that is probably one of the biggest barriers, is that there’s an enormous lack of knowledge on how to do that, and that’s what we found out in the last three years as we’ve—in the WikiLeaks project and people in surrounding projects have built up lots of expertise on how to do these things correctly and what are actually the things you need to consider, what do you have to take into account. So what is the legal and the technical side of all of this, and how do we manage that knowledge?

And the third part is that if you’re dealing with full documents and not just stories, first of all, you need these documents to be writing any stories at all. And on the other hand, restricting the flow of these documents can prevent any good stories from coming out. So the flow of these documents is way more rigorously controlled or people are trying much harder to control that flow of information much harder than they can try to control the flow of stories, for example. So you would try to do whatever you can to prevent any source document from getting out there in the first place.

And these are the three barriers that need to be addressed and that need to be regarded and taken into account of why there are not 1,000 sites doing that already. So it’s just especially the second point is not trivial and has to be regarded.

So the question is basically how do we get from a few projects to a lot of projects? And how do we diversify this whole field? And there are a couple of approaches you can take to that, one very obvious one. Or that’s first of all the process in general, so you understand it.

We have the knowledge about something, and whether that is the knowledge about a document or the knowledge about how to build a system that can accept the document.

That information then goes into the whole submission process, so it’s either creating a technical side that can accept submissions, or it is a submission itself.

There’s a cleaning process after that where the information that is received has to be cleaned in some form or another. That also has a technical counterpart again, so you need systems and processes that can deal with anonymizing information, stripping out metadata, bringing information into a format that everyone can use, into a standardized format.

Then, there’s the whole review part. That review part is basically what journalists are doing, so they are reviewing a document, they are verifying if it’s true or not, if it’s a forged document or not. They verify the contents of the document. They do an analysis. They write up stories about it, whatever. So that is actually a really big chunk of work there.

And in the end, you have a release part, and that release part has different angles again, too. So you might just want to release a story based on the document, or you would ideally want to release the document yourself, or itself. If you release the document itself, that is totally different from the requirements you have from releasing just a story based on it. But all of these things have very different requirements, and it’s very important that all of these requirements in some way can be addressed. Because if just somewhere within that chain you do not have enough resources or you do not have enough manpower or experience or whatever, then the whole process is being impacted, and what you experience is bottlenecks.

And in the past, we have experienced a lot of these bottlenecks, which made us very unhappy. And if you give a promise to neutral parties that you will deal with what they give you, then you have to sort of stick to that promise. So getting rid of these bottlenecks is one of the things that we try to achieve.

So how do we get from a few to many sites? Sorry. There still is one more slide, just to show you these are all the parties involved. We have sources. There are volunteers that want to help out. That’s one of the experiences we made, also. It’s very, very complicated to manage lots of volunteers, so just from the beginning or from December last year when we were here in the Congress, in the following three or four months there were maybe 800 programmers that turned up. And this was great. It was such a good experience. But it was a very bad experience on the other hand too because we couldn’t get them anything—get them to do anything. Just because some people were just writing us they want to help, and then others sent in CVs of ten pages, so you had this immense gap between not knowing anything about someone, and then knowing way more than you want to know.

And it’s pretty hard to standardize that as well, to know actually who are the people that you could use because they speak the programming languages you can use or because they have certain skills or not. And all of that filtering is very problematic. So that has to be addressed, too. And these people have different requirements.

So then there’s reviewers, people that can understand material, that can read a document, that can have a look at documents and understand if these documents are real or if it looks like a forge.

There’s project staff that has to manage all of this, that has to take care of all the servers.

There’s the whole public that wants to be informed, that wants some buzz going on, some website they can go to and see what’s happening.

There are NGOs. There’s the press. There potentially is the government that has their own interests.

So these are all sorts of different parties. And what we found out what is one of the most important points here is that they all scale completely differently. Some of these are very quick. They are very dynamic. If you had a system to manage them efficiently, you could pull in a lot of resources. And others are very slow. They need time to do work properly. They are stuck in their own organizations that have slow processes or whatever. So they all have different capabilities to scale, and that’s why all of that has to be broken down somehow, so that you can address all of these areas in the fashion that is most suitable for them.

If we look at how leaks work, actually, we can see two different areas. Or basically actually that is a—it’s going from the local scale to a global scale, and there’s a lot in between. But if you look at the local scale, on a per-country level for example, or if you go even lower in the regional or physically local level, then these have localized problems. So you need to make sure that you transport the information as close to where it matters as possible, just because something about corruption in a small department in a small town here in Germany or in another place in the world will just drown in the flood of let’s say in the vicinity of a release of a few thousand documents from a war, or diplomatic cables or whatever.

So these two cannot compete with each other, or they cannot even coexist with each other, because one thing is just going to shut up the other thing. So what you need to make sure is that you distribute the material as close to where it matters as possible. And that is especially true for all the local stuff. So the local stuff also is much more loosely coordinated. So if you think about having let’s say 100 local newspapers or organizations that are active on a local level involved in something that is coordinating all these efforts, then what you will find is that they don’t need to talk to each other very much. So if something is happening in a small town in Bavaria, it doesn’t—I mean, it’s good for that local newspaper maybe, but that local newspaper doesn’t have to coordinate with a local newspaper in Kiel or wherever, just because they don’t have anything to do with each other.

That’s what’s different for all the global stuff. Just because the bigger something gets and the more area it touches, the clearer it is that there are many parties that would want to be involved and that also could potentially cooperate with each other in achieving a more efficient goal or something more worthwhile, getting more information or a better analysis, whatever.

So you have to scale from a point where you have to be able to have one entity, one small entity, maybe working on something very small, and still be able to pull in lots of small entities to form a big union that is working on a large publication, for example.

So yeah, work on such data amounts. If you look at, I don’t know, the cables, the Iraq stuff, the Afghanistan war logs, all of that, these are really large amounts of data, and processing that data, standardizing it, working on all these things, is a tremendous amount of work. And you can only address that in any way if you can scale to that problem.

Yes, so what are the concepts that we can use to address that? We could just make a clone. So we pull together an all-in-one website that is combining everything that we talked about before, that is trying to address all these different entities or individuals that it would have to reach. It is still only one more, so even if you make one clone, what comes out is just one more. So we would need, like, 1,000 groups of people that would make a clone in order to get to the 1,000 websites that we would want to have.

It does not address the structural problems the one-in-all solution has. So you still have all these problems of bottlenecks, of accumulating power, of potential for abuse, whatever. All of that is still trapped within one organization, and you cannot resolve these structural problems.

You have outsider attack vectors that interfere with the scaling of internal processes and overall effectiveness. So let’s say if you manage to keep a key person in that organization busy for long enough, then what happens is that you’re stuck in that position. So that can all have a very easy impact on internal processes just because it’s not distributed enough and it’s just too centralized.

And the last point is important. We never—that’s why it is important to understand also that we are not a competitor in respect to WikiLeaks. What we are doing is not competition. We just feel that the approach should be different, and that’s I think hopefully everyone here understands that, just because most of you probably have developed open software at some point in time. There’s a perfectly valid reason for lots of different approaches to the same problem, just because it will make sure that you hopefully can address that one problem from a lot of different angles, and therefore cover all the requirements that different interest groups have.

So what we do is, as much as we can tell right now and as we feel it, is a different approach. And I think it’s going to be a more effective approach, more efficient approach also. But it’s not that we would deny WikiLeaks’ place in this world or anything like this. It’s a tremendously important project, and it has caused a lot of things that we wouldn’t be talking about today if it hadn’t been there.

Yes. So another possible concept would be that you just commercialize it. So you can just create a company that is dealing with this issue that is building up a structure that can carry 1,000 users. Doesn’t help you because if it is a commercial company and it is run as such a company, I’m pretty sure that you would face a lot of political pressure that that could not sustain, either, just because it’s commercially oriented. You could just cause the whole economic side so much trouble that it wouldn’t be a worthwhile endeavor anymore.

So I’m not sure how much such an idea would work out commercially anyway because there’s just too much idealism that is involved in this. And the idealism always has to carry heavier, to weigh more, than whatever the financials of such a project look like. So even if it is not worthwhile doing it for the money, or if you constantly have to spend more than you get in donations or so, that would be unfortunate, but it would still be necessary. So you cannot focus on a commercial side of that just because you would probably—it wouldn’t make sense from a business perspective. Yeah, there’s a whole fragility if you run a business, the way that political pressure can be exercised on a business. All these things do not make it worth going in that direction.

Also, if you’re the only company that is offering this, or if you commercialize it, you would not have an interest in sharing the experiences you have and sharing the knowledge you have and that you build up over time with others because that is your unique selling point. That’s your value in the market, so to say, and as soon as you start giving away that knowledge, opening it up for others, again you’re destroying your commercial [fundament 17:01]. So that whole commercial idea doesn’t make any sense, either.

There’s another solution, which is the pure academic solution. So all you do is—all you could do is just put up all the information, the documentation you have, all the knowledge and technical developments, and put that all together, and then hope that lots of people are just picking this up and using it. But then again, how do you make sure that you document this all in a fashion that someone just has to read that? You don’t know where he’s coming from. You don’t know how much he understood before, what else he knows. So how do you make sure that someone, after taking this information, actually has a good basis for creating such a project?

So in the end, what would turn out is, as we see a bit what’s happening today with all these Indoleaks and Brussels Leaks and I don’t know what other websites are coming up, it’s a great development and it’s very important, but I do not see any knowledge transfer happening yet, and I have no idea what the technical basis is these people are using. And the technical basis is very complex, and the worst thing that could go wrong is the technical side, which would compromise a source or which would, I don’t know, have some safety problems, security problems. And then, it’s all for nothing. So if that end fails, it was all for nothing.

So how do you make sure that these match up? That’s not something you can do with a pure academic approach. All you would do is foster some unknown number of projects where you do not know how good it is implemented or whatever.

So this brings us to a solution that we have thought about, which is just as it’s pretty popular in cars these days: we just make a hybrid and take the best things out of all these different concepts.

So what we did is we identified all the functions within that process, within the process from where a document comes in until the point in time where it gets out again to the public, and we identified whatever has to happen in between. And then, we started dividing all of that stuff up a bit and see if it can be sort of clustered into different areas of work that belong with each other but are not necessarily related to each other.

I mean, that’s a really simple graphic, but basically if you see that middle part as the system, basically what a regular site would look like, you would just have one arrow on the left and one on the right, and no cut in the middle. And it would all just be one block. So something goes in and it goes out somewhere. So we’d like to open up the amounts of ways how something can come in, and essentially at some point in time, someone will open up the ways of how it can go out, too.

But these two have to be separated from each other. There has to be one component which is only taking care of receiving things, and then another solution for taking care of how to publish all these things. Both of these sides, left and right, they have very, very different requirements. And what we learned, too, is if you put both of that into one organization, you will fall prey to becoming too powerful. Because it is you that decides on how things are being prioritized and it is you who decides who you work with on publications and all these things, and by all these decisions you have to take, you are leaving a standpoint of neutrality. And that standpoint of neutrality is very, very important because what all of that only can be is a service. It’s just a service that is being offered, and it must not contain any politics and any personal preference or any personal dislikes about whatever you’re going to publish or what you must not publish.

As soon as you leave that standpoint, you’re just a tool for whatever power is using your tool or maybe your own interests in power, and that’s not what technology should be for. Technology should be neutral, and it should be equally given to whoever has an interest and a need in it, and that’s the only way I think it will help society to develop anywhere anyway.

So yes, so we’re dividing these two up. That is one important point. And what we do is only the left half of all of this. But I’ll get to that in a point.

So you break down all these functions and different attack vectors, too, so you understand how your organization, the ideal that you pursue, how that can be politically attacked, how it can be technically attacked. And then, you break down all these different parts.

So one thing that comes out of this is that at some point in time, you will be able to scale up to the security and safety needs for those using the system without too much of a sacrifice. So that first of all is for people that want to put in material into that system, so you can focus way better on what the needs for these people are. And on the other hand, you can also focus on providing tools and means to the people that will use the system to get information, to receive documents, and provide them a secure and safe environment in which they can work, in which they can collaborate, in which they can grow a community. That’s what we want to work towards.

And on the other hand, you also, if you have broken down all these parts, you can avoid secrecy for yourself. And that is something we felt is very important, too. I tried to say that yesterday in the talk already. I do not believe that running an organization that is more an underground operation, or however you would want to call that, than a real organized thing is not the way we should deal with this. This topic is way too important, and this whole topic, the right to disclose information the public, the right to break a secret because it’s not moral to keep that secret, all these things are very important for the functioning of our society, and we must not contain that duty to take care of this within something that has to stay in the underground, in the shadows somewhere, that no one can understand, that no one can know about how it actually works. But it must be an organization that is as transparent and as open and as robust as any organization can be.

So that is what we should all work towards is that we can stand in the sunlight ourselves and enjoy that we are creating a more transparent society, and not create a transparent society while sticking around in the shadows ourselves. So when breaking down all these different parts, we can get to that point where we can be more transparent ourselves, too, by opening up how it is working, how it is functioning, why it is working these ways.

That’s basically where it all broke for us. With WikiLeaks, we could not get onto a basis anymore where we had broken down the responsibilities in the organization and had this more clearly defined, and that’s where the road parted.

So what do we do? We provide these three steps. We provide knowledge, we provide means and methods for submission and we provide a cleaning environment for that information that comes in.

We’re starting out with a knowledge base. As I said before, one of the problems you can have is that—or one of the problems that exists is that you need knowledge on how to build this. You need a lot of legal knowledge to understand what are the specific requirements for the press, for publications, for sources, for journalists who protect these sources, in different countries of this world? Ideally, something like this, a very comprehensive collection of such information, should exist for all countries in the world at some point in time. There are different organizations that are working on similar things, but no one has started to collect all these angles together.

So I’m pretty sure that we will work closely with a lot of other existing organizations. Just the Digital Rights Watch, for example, is a good example. They are here, too. I’m not sure if Stefan is in the room. Maybe so. But they have started collecting a meta-collection of different things around freedom of information on the Internet about our digital rights and all these things, and we’d like to bring in that one angle that deals with the publication standpoint and the source protection standpoints.

So we will do what we will create, and that’s going to launch as soon as the website is up, is building up a knowledge base. So gathering information on how the press can receive material, how material can be legally submitted. All sorts of surrounding information that might be interesting to people in this field.

And in the end, map out what the legal landscape looks like and map out how, for each country, for each situation an organization is in, they could in the best way approach being legally protected and still run such an anonymous post-drop.

And once legal and operational issues, that’s how you can start working on it. And if at some point in time, you realize that there’s a need for more of these platforms, you can just use that knowledge, too, and do another fork or create a sister project or a clone or whatever. So do something that just has specific needs for a certain area in the world, or for a certain topic that is important to society.

So we feel that this part is really important, so that people can do it themselves. And we don’t want to be everything anyway, so we don’t want to scale endlessly. We want to provide something that works for a couple of organizations or a few dozen, a few hundred maybe, I don’t know. But as soon as that has reached a healthy size, by that point in time, we hope that others have come up with the same idea anyway and started using the knowledge that we have gathered and built tools for themselves.

The submission system, the second part, is where we focus on technology. That’s where we come from and that’s what we are good at, and that’s what we believe should be focused on to build technical processes and not just too much politics. So there are parties out there that you already trust. If you, for example, look at the role that the CCC has, the CCC is acknowledged as a community that has technical expertise, that acts as an independent reviewer for technology that is being deployed by other people. That just acts as a watchdog in society.

And similarly, we have different organizations that are doing it, and if it’s just [indiscernible 28:50] in some way that is fulfilling such an independent watchdog function. So what you should do is you should team up with all these parties that already exist and work with them, gain knowledge there, have experience transfer, knowledge transfer. And by that, also open up your technical side in a way that it becomes independently verified, that people know they can trust you because they trust another party that trusts you. So build up trust relationships.

On the other hand, also lots of people trust organizations. So not just us, but the people they would want to give material to. So if there had been a good mechanism to provide information from the BP oil disaster easily, securely, to Greenpeace, I’m pretty sure that lots more documents would have been uncovered when that tragedy happened than have actually surfaced. The problem also is that they have surfaced—I mean, a lot of stuff has surfaced, but it has surfaced very distributedly, and you don’t really have an overview about all these things. So you need some way to manage all such information also and make sure that there is an overview, that it gets where it matters.

What we are building, as I said before, is an architecture that can provide for a couple of these things, but it’s not a golden bullet solution for everyone. So we have a vision of a healthy size for what we are building, and as soon as that is reached, we hope that there are already projects that are working on the same thing and that then say, I don’t know, let’s take this to development countries or let’s take this just to Asia or just take it for environmental topics or whatever. So that a lot of clusters start to emerge, and that you at some point in time maybe only have to define interfaces between these clusters, and that you again start information and knowledge transfer all around the world.

Our system is adapted to the requirements of those that have the need to receive leaks and would like to work with us. So we have, over a period of a couple of months now, defined some of these requirements, and we will start a testing phase in January where with five or six organizations, and these are media organizations, NGOs and independent media organizations, too, that we will collaborate with, in order to gain the first experiences in the use of the system. So to make sure that we get feedback on if people get along with what we build, if the tools are good, if they have specific other requirements.

And as soon as we have gained some experience from that, we will move into a beta phase. That beta phase is foreseen, at least as much as I am aware right now, sometime in April or in May, maybe, around that time. And I think by the summer—I’ll talk about that in a bit, too—when the camp is up, we’re in a good position to be either before the launch or use the camp actually to involve more people to help us build the final tools that we need for launching it properly.

Yes, one important—it’s actually the last bullet point here. Oh, no, the second last is important, too. Just to have that explained. So what we found out with this monolithic approach that WikiLeaks has is that you have to leave the standpoint of neutrality because you have to pick on who you’re working with. So in the beginning, the idea was to stay neutral and to just publish things for the public, and the public would read it and would understand it and would maybe even write analysis about the material themselves. But that really never happened because you need someone to spawn interest on a topic.

So especially if you have very complicated information, then people do not understand that complicated information just by looking at it. You need the media. And that is something I’d like to stress: you need the media. Trustworthy media, to give you an introduction into a topic. And ideally, you should have a source document that comes with this introduction in the form of an article, so that you can read the introduction, you can find out wow, this is amazing stuff, this is outrageous, whatever. I want to know more about it. And then, you can read the source document. You can read all source documents that are the basis for that information. And you can first of all dive more deeply into the topic. And you can also have an independent verification of if what has been written about it is actually factually correct, or if it is just political stuff or a spin or whatever.

So the problem is that if you just pump it out, it will drown. And the counter-problem is that media always, or at least in most cases, they want something exclusively, and they don’t want something that everyone else has already, just because that’s not how media economics work.

So the consequence of that was that in WikiLeaks, we started to cooperate with a couple of media outlets. From my perspective, when we started doing this and when we started negotiating these things, last year we had the first collaboration, which was with [indiscernible 34:42] and [indiscernible], on the [indiscernible] material. So the idea there was just to get some feedback, get a feeling for how this works. How does that scale? How do these people need to have access to things? How is communications going? And all these things. Just get a feeling for it.

What has happened over the past few months is that there is sort of—the development in WikiLeaks is going towards having more of a static team, where you’re sort of focused or stuck with the certain partners that you have. But I don’t see that it’s going anywhere. And I think this cannot be solved because you have to take a pick. And if you take a pick, that’s a political decision, in some way. It is a decision that you think someone is doing better work than someone else, or that you think they have a better, more critical angle on something, or whatever.

And the only person in all of this environment that actually should have an opinion on this, and that has a right to have an opinion, is the source. Because that source might know that this is just important to one small town somewhere, and they know who might be interested in it. Or they feel that the newspaper they are reading and they start trusting over time, that these are credible people and that these are the people he would want to give information to. Or maybe he knows that a certain newspaper has just published a story on a certain topic, and it’s about the source’s department he’s working in or she’s working in, and so, she’s giving away these documents to a newspaper because they already had background stories on something like this.

So it’s perfectly natural to give that decision to the owner of the material, if you so want. That’s how you can—as a service provider, how you can stay neutral. You just have to enable lots of entities to receive, and then the source has a free pick.

Now, what happens is that if a source now can pick a newspaper or an NGO or whatever and give them a document, there is a potential that that document will just remain there, and they could decide, “It’s not in our interest to report it.” It’s politically not interesting or economically not interesting or whatever. And not run a story about it, and we could just put it in a drawer somewhere and just let it rot, and it would never come to light.

So that’s not what we want to get at, either. So we need a mechanism to avoid this gatekeeping that might happen. So there will be a mechanism that you as a source, you can specify if you want a document to only remain with one newspaper. That is acceptable in some way, too. Maybe you’re just five people in a department that have this material, and you would know that however the source document is published, it would always compromise you as a source, but you would still want someone to work on the material and create a story. So you can specify that the material should just remain with one particular organization.

The default, though, is that you specify a certain amount of time that each receiving entity can get for a document, and if the document is not worked on in that period of time and is not published by that entity that originally received it, it within the system is distributed to the rest of the community. So that everyone else that is in that whole pool that you now have got, you’ve got tons of organizations in there, they all have experiences. They have resources. They have people that want something useful to work on. They are hungry for new stories. That’s their business.

So you just open something up for someone else. And maybe it’s economically interesting for someone else, or it’s politically interesting. Or you suddenly have material that is so important that from all sorts of different political angles people start to report about it.

So it’s diversifying this whole field. It is creating more dynamics. And that approach in the end will make sure that even if the first recipient did not publish a document, the document at some point in time is always distributed within the system, and as the system is diverse and it involves a lot of different organizations, there certainly is going to be someone who publishes it. And if it is only a project created that does nothing else but publish everything that no one else had an interest in publishing. So these dynamics can make sure that in the end, all information gets to the public. And on the other hand, you can still work with the economics that you have within the given system.

Okay, those were these two points. The last point of what we do is the cleaning of documents. This is a very complicated process. It needs to have a lot of attention. And on the other hand, you need a lot of experience to do it. So again, why reinvent the wheel? Why create one organization that says it has the resources for all of this, it has the resources to understand submissions from whatever department of whatever government in the world, from whatever company, to detect mechanisms to identify a particular copy of a document, to know about all traps that can be somewhere in metadata of documents, to know all about how to redact certain information maybe before publication because it contains personal data that shouldn’t be out there that is not necessary to be put out there.

So why reinvent all of this if you have tons of organizations that have already built up this experience, exactly that experience, over decades? So again, pull all of these people and the experiences together, and use that knowledge to build a system that can safely clean documents and provide them to people that want to review them.

Yes, that’s what we do. We provide documents that are cleaned in such a way that they can be analyzed by reporters and that they can also be published by reporters, if they so want.

What about the release part? Yes, that’s something I’d like to say. As I said before, we are not into releasing documents ourselves. That is really important to understand. We believe that in the same way that lots of people should receive documents, in the same way there should be tons of organizations publishing these documents, so that not the recipient part can so easily be attacked. So you have a vested interest in defending that. If your anonymous post-drop is being attacked, you will have hundreds of other organizations that have an interest in defending your right to have this post-drop because they run one themselves, and that’s what they want to defend.

And in the same way, it’s like peeing into this Internet pool. If just enough people publish stuff, I mean, there’s no way to get something back again. And that’s what we feel it should be worked towards. Not one entity that is publishing something and then making a big hype about any attack on that publication. But rather, just avoiding all of that distraction by publishing it in a fashion that it doesn’t make any sense to try to push anyone into taking it down in the first place.

That choice has to be made by the recipient. So again, the recipient can specify if he would want that data to be published, or if it is something which should be the default, or if they would want to just spread it to someone so that they know about it. And all of that concept in the end will help to protect all of these parties that have an interest in releasing information, too.

So one point that we are facing at the moment is the whole part of how do we involve people or organizations that want to cooperate with us for the alpha test phase beginning in January. As I said, we have six organizations. That is sort of a hand pick. It’s all done by us, just because these are people we have started to establish relationships with in the last few years already. It’s small organizations, too. That is something that’s important. We don’t want to fly as high as possible within the shortest amount of time, but actually go step by step. And the best way to get first hands-on experience with some of that stuff is just to start off slowly and start off with smaller organizations that do not overwhelm you with the interest they have with the attention they get and all these things.

So at some point in time, we’ll have to decide about all these things. So in January, hopefully in January, late January, I guess, we will start looking into creating a German foundation that is supposed to be set up to give this whole idea at least an organizational structure, a body, where we have a proper board, where all sorts of decisions that need to be taken that are political, and some of these will be political, can be justified by running them through a proper board. Where people can answer on why they have been taking that decision, why it becomes transparent, what roles and responsibilities are, and actually who is taking any political decision that might be controversial?

And the same goes for people we want to involve. So right now, we’re looking at just picking 50 percent of the participants of that system by ourselves, just because there are so many contacts we have built up where we felt organizations have been doing good work and reporters are very compatible with us, too. That should be valued in some way, and it’s just the natural way it is. I mean, we’re really drowning in emails from news organizations especially, and NGOs, all over the world that want to start collaborating with us, and it might just be an easier way to just include some of these directly.

On the other hand, we feel that the community should also define that. So that’s why we would at least right now like to split it up 50/50, so that there is first of all a bit more easier process where we just pull in obvious users that I think are beneficial or we think are beneficial. And then on the other hand, have a popular vote for the rest of the participants so that it becomes transparent who you want in there, and you can vote people in or out. And I think that approach makes sure that we’ll see a lot of diversity, too, within that group, and it will make sure that entities for sure get in there that the public also trusts, even if someone might not be aware of such a high level of trust for a particular organization.

So we want to be neutral. That is what we are aiming at, and in that way, we’re not only going to work with established media or even media at all, so there will be independent media, too. But we’re also working with NGOs. And not just Europe but basically all over the world, hopefully. We’re also thinking about maybe involving labor unions or other organizations. There are a lot of research groups where investigative reporters team up in the research group. Or there might be academic groups that have good potential and good funding to work on certain aspects. So we’re trying to get this as diverse as possible, just to make sure that whatever need we have in society at least is covered one way or the other.

Yes, so that’s just some more general stuff. We don’t want a single entity [interlocking 47:16] kind of situation, so we do not want to create something as proprietary that we’re locking ourselves in or so. We want to be as open and transparent about all these things as possible. We want our knowledge to multiplicate, to distribute it to others, to open it up. This is why this whole open thing is in the name as well.

And we want to kick-start a community that gets very efficient tools in collaborating with each other, by then maximizing the impact of these publications by having efficient tools, by having efficient means of communication, of collaboration and all these things. And that cannot only be driven by commercial interests or exclusive contracts or anything at all, but what you need is to build a community that has a vested and shared common interest in pursuing that goal.

We want to lower the entry barrier. We had some of that already before. Make sure that there is different instances of leak sites. Foster and grow competition so that this whole—even people that are building up similar stuff like we do, that this whole field is just being diversified as good as possible and made robust by that.

The devil is in the detail. That’s something important, too. So we’re all pretty sure that we forgot about a lot of things. This is all just an overview also, so there’s more detail that we have already. But for sure, we haven’t covered all of it. So as soon as we launch and as soon as we start putting together the first parts of that community, it will be very helpful to get feedback as well. So we’ll have to see on how to not drown in that feedback. But we also believe in the principal of many eyes. I think that the community here should know about that also. I mean, it just makes sense that you have more people looking onto your concepts and giving them a thought and getting feedback, and then not taking this as stupid criticism by someone that doesn’t understand what he’s doing, but actually taking this as critical feedback that might help you to evolve. It’s the only way how evolution happens in the first place is by someone being critical about something and thinking about how to do it differently or how to do it better.

So yes, we’re going to add all of that stuff. And we even have more information. We have a very nicely animated video that will explain let’s say the whole system a bit better, with a nice voice over text, and all of that is going into the website we’re currently building. That was supposed to be launched already two weeks ago or so. We’re going to launch it in January and at the next camp. And that’s really important. We’ll get going with this community.

We’d really like to have a nicely defined [techathon 50:12] where we would like to give you some challenges that you can work on where you can help us build us some stuff, where at the end of a camp, you hopefully will find out that the few hours you spent on building one of these smaller projects that we might have, that they actually have an impact and that they can readily be used and they make a difference. So we believe that this is the right approach, and that’s what we’re looking for.

So just last slide, a few comments. We do not use any social media at all right now, so whatever Twitter account you see is not ours. Quite unfortunately, someone is blocking the Open League’s Twitter account, and as long as we are not fully armed up to our teeth with trademarks and copyrights and whatever, until that point in time, it doesn’t seem to be possible to get that Twitter name back.

If someone out there has a possibility to help with that, we’d be really, really happy, just because if you look at when the followers dropped in, it was immediately after the name was announced, and they’re not tweeting anything anyway, so it would just be very helpful. And we are Open League. There shouldn’t be a doubt about this, either.

So yeah, consider whatever account you find fake, unless we declare it otherwise on the website. And everyone, please keep in mind that we really have to start from scratch, so we don’t have anything. I mean, even all the money we invested over from our private funds has gone. So we have to start from scratch. And we have the expertise; it will just take some time. And hopefully, some contribution from the community, too.

So yeah, I guess that’s it. We have a few minutes left, if anyone has any questions. I’m in way better shape today, so I hope we can kick this off. And thanks again for all the interest.

2 Responses to “Transcript of OpenLeaks video”

  1. OpenLeaks by glasperl - Pearltrees Says:

    […] Transcript of OpenLeaks video « Clay Shirky Daniel Domscheit-Berg, formerly of Wikileaks and now working on the OpenLeaks project, recently gave a presentation at 27C3 . Because the talk is dense and the video long, I had it transcribed today. It’s long and, in the manner of long, complex talks, it isn’t a perfect, linear read. I haven’t cleaned it up, or read or analyzed it fully yet, but it seems important, so I am posting the transcript here, as raw material. Daniel Domscheit-Berg’s talk on OpenLeaks […]

  2. Social intelligence by open_intel - Pearltrees Says:

    […] one short correction. This is not my project. I have to make that perfectly clear. Transcript of OpenLeaks video « Clay Shirky OpenLeaks CURATION Curation tools Great eating around the Moscone wikitodo [+] On Curation […]

Comments are closed.