Now BrusselsLeaks is back with a new website and a new logo!  Well, the logo is rather basic and it looks like the Ukrainian flag turned upside down.

A couple of weeks ago we wrote a lenghty post about brusselsleaks in which we critisised some of its  features. As far as I can see it the most crucial problems have not (yet) been addressed. (https is nice, but not using tor remains a security flaw!)

The new website  is based on the wikileaks theme (not sure whether that is such a good idea as it looks like a copy cat now) and the first item is a mirrored cable – originally published by wikileaks (not sure why it is there). Let’s hope this is just a test and the real stuff is coming soon…

More problematic for a website dedicated to leaking documents is the usage of google analytics. Google analytics   can be used to trace back visitors and it generates very  detailed (some might say too detailed!) user reports. The problem with Google Analytics can be practical (if someone hacks into your GA account or gets hold of the google account password) or indeed legal (you might be required to hand over the logs, or google might help some investigators without telling you …you never know!) – both scenarios are certainly no good news  for any potential whistle-blower.

OpenLeaks 101 from openleaks on Vimeo.

Ok, there might be constant leaking in EU institutions anyway – but who knows, maybe there is a potential for more scoops. And it is also no secret that even the most “top secret” EU facilities are not really secure. I am generally a big fan of wikileaks and similar projects. I think Brussels is the perfect place for such an endeavour as the city is full with potential stories based on leaks – not only EU institutions – also consultancies, embassies, lobbies and advocacy groups! The point is that there is not enough transparency in general,  the media doesn’t care about it  – so ultimately every effort to change this should be welcomed! And a website that encourages leaks is something desperately needed! (The problem how to motivate EU officials and other people in Brussels to actually use the website remains a challenge!)

In a true wikileaks spirit everything is still mysterious. For the time being, the website is only a wordpress.com site with a few Q&As – which I don’t think is a problem. Let’s give them some more time to develop. Not surprisingly the identities of the people involved have not been revealed. The first interview can be found here – curtsey of the European Journalism Centre. There is a twitter account where questions are answered. Looks good so far. However, if I had a document I wanted to leak I might go for the original or to the (soon to be launched)  openleaks.org. Brussels is quite a small city; especially the EU community is well connected so I am no sure whether I would leak a document to a group of “unknown”  Brussels based experts (presumably made up of journalists, consultants, NGO people). I think it is just too risky that  somebody of that group knows somebody that knows somebody … I am sure you get the point! And another question needs to be asked:  Wouldn’t it be much more efficient if the people behind BrusselsLeaks would cooperate with something like openleaks.org?

Ok, they claim they are not connected to political group or a specific lobby. But can we trust them? The answer:

We are trustworthy, reliable professionals with excellent Brussels contacts.

Most of us have been in Brussels for a long while working in various capacities for media outlets. Nobody here is affiliated with an industry or other lobby group.

Somehow I have the feeling that Brusselsleaks is mirror of how the EU and how Brussels in particular works. I think this sums it up:

We merely want to disseminate information to responsible people – be it in media, NGOs, trade unions and other groups. Therefore we will mainly look at act as an intermediary, passing information to responsible parties.

We or others won’t publish it straight away (or perhaps at all), but you can be sure we will do the right thing.

And how are they going to evaluate leaks?

First, we need to be sure that the information we receive is true. This means research, and that takes time. Especially as this isn’t a full time job. If we are confident it is true, then we start to activate our network to find ways of getting the information out there, and out there in the right way to ensure it is for the public good.

Ok, so you “activate” your network.  And you want to do the  “right thing”?  You will contact “responsible people”? Thank you!

So basically you don’t trust the public and the ordinary citizen! (a similar point made by the FT Brusselsblog) How do I know who is in your network? You might not publish anything – the only time we might hear something of BrusselsLeaks is  if I happen to be in your network (unlikely after this blog post -  or if you contact a journalist because you (and not the source) think the story might be useful for a media outlet. Most of the time things will just be emailed around Brussels from one “responsible person” to another?  But isn’t that exactly how it works at the moment? With one exception: You make sure that you are the first person to see the document…

This is not what modern leaking is about!  Leaking is about political impact, and political impact is generally achieved with the media. Ideas about crowdjournalism or indeed the whole wiki approach is missing from Brusselsleaks. Why should I leak a document to a website that only distributes among an anonymous network in Brussels? I can do that myself – and probably every EU official or consultant could do the same. Leaking is about making things public not keeping them secret and passing them around! You just create another secret network of people. This is not the kind of transparency we need.

[I am critisiszing BrusselsLeaks  for one reason: I want them to be successful and trustworthy. But as long as the points above are not adequately addressed I don't think that the platform will work. BrusslsLeaks need to learn from the mistakes wikileaks did and not take a "wait and see approach". I know it is incredibly difficult to launch a project like that and get everything  right from the start - but BrusselsLeaks looks like an alpha version, not even like a beta!]

And now it is getting a bit geeky. From a technical/IT perspective Brusselsleaks as a platform is not finished  -  so I hope there will be some improvements. However,  encouraging people to leak sensitive documents to an unfinished platform is irresponsible. Let me explain:

Is hushmail suitable for anonymous leaks?

Short answer: NO! Don’t get me wrong. Hushmail is a great service for encrypted emailing! However, hushmail as a stand-alone tool is not suitable for the complete process of leaking. Only in combination with other tools it should be used. Brusselsleaks recommends to use tor – but only if  you are “worried about your browsing security”, sounds like an option but in fact it is a necessity. If you don’t use Tor, freenet or some other darknet, your IP is always visible to the server. It doesn’t matter if your emails are encrypted  or not, the sender can still be identified.

What is going to happen if you leak a document using an email encryption system?

1. You send the email or login to an email service provider (if you use SSL it is secure)
2. The email service provider will see your IP in the logfiles weather you use a webmail client or an email app (not secure)
3. You transfer your encrypted email
4. Result:  Nobody can read your emails but everyone knows that you sent it.

So remember: The IP in the log-files combined with a valid court order and you can be tracked down quite easily. One phone call to your internet service provider (ISP) will reveal, at least from where you have logged in. So, using encrypted emails is a very good idea, but you actually don’t need a special email provider, tools like GPG might also do the trick. In that context it is also interesting to read emails from Brian Smith, the CTO of hushmail (following an incident a couple of years ago- read details here and here). The email conversation can be found in this pdf file:

There are situations where Hushmail is an appropriate tool and situations where is not.

It is useful for avoiding general Carnivore-type government surveillance, and protecting your data from hackers, but definitely not suitable for protecting your data if you are engaging in illegal activity that could result in a Canadian court order.

That’s also backed up by the fact that all Hushmail users agree to our terms of service, which state that Hushmail is not to be used for illegal activity. However, when using Hushmail, users can be assured that no access to data, including server logs, etc., will be granted without a specific court order.

So, if Brusselsleaks really wants to get into the leaking business it needs to use some sort of darknet. The crucial part in leaking is not the encryption but the secure and anonymous transmission of the information.

The other important questions remain:

1. What will happen with the leaked information once it reached BrusselsLeaks? (and yes we know about “activating the network of responsible people”…)
2. Is BrusselsLeaks  going to make documents available to the public – or will leaked documents end up in various email inboxes of “responsible” people in Brussels (or indeed /dev/null for material that does not suit the editors?)
3. What terms of service will be used?
4. Is there a BrusselsLeaks business model or is it just a hobby? Will there be exclusive rights to certain media outlets?
5. Why not take advantage of the legal framework in Belgium  (instead of the US based wordpress.com)?
6. Are you sure that you are not violating the wordpress.com terms of services?

Update 15/12: Brusselsleaks relpied to this post on twitter.

• We don’t know enough. So far wikileaks published 220 out of 251287 diplomatic cables. Wikileaks announced that they would release cables in stages over the next few months. They learnt a lesson how to keep the media interested. Remember the Daily Telegraph and the expense scandal in the UK? They published something every couple of days – which made it much more damaging and created a huge political scandal. So, I guess we need to wait and see what else will happen. According to wikileaks the cables can be broadly labelled as follows.

• 15, 652 secret
• 101,748 confidential
• 133,887 unclassified
• Iraq most discussed country – 15,365 (Cables coming from Iraq – 6,677)
• Ankara, Turkey had most cables coming from it – 7,918
• From Secretary of State office – 8,017

• Wikileaks continues with its model to work with a couple of selected media outlets.  Spiegel, The Guardian, El Pais, Le Monde,  The New York Times (via the Guardian)  got access to the files after signing an agreement of confidentiality. Not sure what the role of owni.fr is – they seem to provide tools but did not have access to the files.   Some might criticise that because many other journalists do not have the opportunity to analyse the data thoroughly prior to publication. However, wikileaks learnt that without such a process most files will go unnoticed and much of the momentum gets lost. At the same time it is quite a good business model as it guarantees mainstream media a degree of exclusivity – something the wikileaks team members announced already a year ago. Wikileaks need the mainstream media to be successful – and the mainstream media only need wikileaks if they can get some exclusive rights. (Personally, I think wikileaks should return to a more collaborative and participatory approach instead of focusing on high profile and “event like” leaks…)

• There are – as usual- too many pundits that claim that they know the implications of the leak already. The newspapers will focus on the “funny” headlines how diplomats describe certain politicians etc. I doubt that many will actually put cables in context and try to explain why they were written.  It is also important to note that although a certain ambassador might be ‘quoted’, the cable was written by other policy analysts that work in political reporting. The ambassador might have not even read the report! As far as I can see it there are no “top secret” cables which makes it even more likely that most of the content was routine stuff.  Anyway, to get a basic idea about the cables, the most important article you should read is by Simon Jenkins in the Guardian who not only states  that “the job of the media is not to protect the powerful from embarrassment” – but more importantly he highlights a crucial fact that most commentators will fail to report:

The state department knew of the leak several months ago and had ample time to alert staff in sensitive locations. Its pre-emptive scaremongering over the weekend stupidly contrived to hint at material not in fact being published. Nor is the material classified top secret, being at a level that more than 3 million US government employees are cleared to see, and available on the defence department’s internal Siprnet. Such dissemination of “secrets” might be thought reckless, suggesting a diplomatic outreach that makes the British empire seem minuscule.

The revelations do not have the startling, coldblooded immediacy of the WikiLeaks war logs from Iraq and Afghanistan, with their astonishing insight into the minds of fighting men seemingly detached from the ethics of war. The disclosures are largely of analysis and high-grade gossip. Insofar as they are sensational, it is in showing the corruption and mendacity of those in power, and the mismatch between what they claim and what they do.

• It is very likely that other secret services have seen this kind of “intelligence” before. If wikileaks manages to get hold of this dataset it wouldn’t surprise me if others also managed to do so. After all, any network that can be accessed by millions of government employees is not that difficult to hack. And more importantly no “real” secrets are shared within such a network.
  

• The most striking implication is the likely transformation of diplomacy. Diplomacy changed over the years but it never experienced radical change. The system always relied on written and unwritten rules of secrecy. Moreover, “traditional political reporting” assumes that only staff in a particular city are able to gather facts of the political situation in this country. This also includes newspaper summaries – and  many policy officers do rely on media reports. Well, somehow diplomacy  is still the same system as several hundred years ago – with the exception that cables are now electronic. But it is obvious that “cablegate” would have not happened if diplomats still communicated with letters. Diplomacy entered the 21st century! Generally, diplomats must develop a better understanding of the internet.

• It is not a US problem. It can happen to every service everywhere. We live in a age of information and it is inevitable that these things happen. At the same time, diplomacy and foreign policy need to become more accountable. As long as diplomats do not learn from previous mistakes, as long as they behave as if they can act in a small secret bubble, as long as they think they can get away with everything -  these leaks will continue and indeed help to bring transparency to international politics.

• An unindented consequence might be how the internet is perceived by decision makers. Concerns of privacy and transparency might become a greater issue in the future. Surely, diplomatic services around the world will tighten their intranets and take IT guys more seriously.  But again,  there is always a human factor involved in leaks. As soon as people have access to a network of information leaks are possible!

• “Cablegate” represents a demystification of diplomacy and foreign policy. We get a first hand account of how embassies work and that political reporting is in fact done by human beings. The problem is that some private conversations will now be in the newspapers which can be a problem for some people. Obviously there will some sensitive material which will result in major political scandals. A taster for this kind of information are the revelations of  misbehaviour of US diplomats at the UN headquarters  as well as  signs of corruption in US aid programmes. However, the implications might be more problematic for autocratic and dictatorial regimes as they often act differently in international diplomacy than they do “at home” (in regards to Iran for example). The cables about the thinking of Arab leaders regarding Iran seems to be the most interesting revelation so far. Especially in these cases a more honest and transparent diplomacy might be the result! In countries like Germany or the UK most cables could have been written by an average political analyst (or blogger!).  So far, most cables correspond with the mainstream analysis of US foreign policy (and indeed domestic politics!). However, it will be interesting to compare media reporting in different countries.

• The cables are great for research. In the words of  Timothy Garton Ash:  It is the historian’s dream. It is the diplomat’s nightmare.

• And last but not least. What about the EU? There is category for the US mission to the EU and a EU search tag. There are some mentions of the EU in cables from the several US embassies in Berlin, London, Paris and Rome. Not sure whether we will see a lot of revelations there.  MEP Marietje Schaake asked the European Commission a couple of questions regarding the leaks here. And the answers are here. Not surprisingly, and now confirmed by Der Spiegel, we learnt that Obama has “no emotional relationship with Europe,” and that he prefers to focus  on Asia instead. However, the most interesting case to follow could well be the 7,918 cables from Turkey.

To be continued…

What exactly is included?

‘Preparatory documents’ means all documents corresponding to the various stages of the legislative or budgetary process. They include Commission legislative proposals, Council common positions, legislative and budgetary resolutions and initiatives of the European Parliament, and opinions of the European Economic and Social Committee and of the Committee of the Regions, etc.

Directory of Community legislation in preparation

VoteWatch.eu, announced already a while ago, was finally launched today. It is quite a complex tool, which analyses various aspects of the parliamentary activity, from the MEPs attendance and number of reports drafted, to the political groups cohesion rates and voting coalitions. Beyond the statistical gimmicks (limited to the quantitative aspects), VoteWatch.eu also presents the content of the MEPs’ activities: on their profiles there are direct links to the reports drafted, the amendments written, the interventions in plenary, etc. Moreover, according to these criteria, you can compare, with a click, the respective MEP with all the others. The tool is, undoubtedly, useful for researchers and journalists with an interst in the EU and with a basic understanding of how the institutions work. However, it might prove to be a bit too complex for the normal citizens who want to find out what their MEPs are doing.

VoteWatch is a non profit project but it is sponsored by the Open Society Institute, Burson-Marsteller and ElectionMall.com (more to come apparently!) and developed by a team of experts including Sara Hagemann (EPC), Doru Frantescu (QVORUM), Simon Hix (LSE) and Abdul G. Noury (ULB).

Tony Barber writes on his Brussels Blog that the votewatch.eu will be expanded “later this year or early in 2010 (…) to include coverage of votes in the EU’s Council of Ministers”. And that is indeed long overdue and will defintely be a major step towards more transparency in the EU!

Leaving aside the fact that it is probably not used and valued at its full capacity, the Calendar is a great service, offering access to information on EU affairs, agendas of the EU institutions, schedules of legislative debates, activities and events related to the EU. Moreover, it is quite an attractive, user-friendly tool, that can come in very handy when monitoring EU affairs, as you can search the information by topic, by institution or by date. Its added value rests in the fact that it brings together all these bits and pieces of information, otherwise scattered on the Europa server. That being its main goal, one would imagine that such an instrument would feature very visibly on the EU website, being mentioned quite a few times, if not on the main policy areas pages. Well, it seems that is not exactly the case, as we are facing yet another example of the series: “Let’s make EU transparent…but can we keep this secret?”

It almost seems as if the EU’communication policy is governed by a set of rules that, instead of increasing the efficiency, make it completely counterproductive. Here are a few of them, as they apply to the EU calendar case:

1. Create a useful tool that can actually shed light on what the EU is doing and make it easier for people (journalists, academics, lobbyists, etc) to follow;

2. Try (hard) not to make it visible on the main website (www.europa.eu); that hard that even if its URL is http://europa.eu/eucalendar/, it cannot be reached from the front page;

3. Try (harder) not to link it on any other page where its use could be relevant. After all, if people are so determined to find out what you are doing, they will do their best to find it;

4. (follow up of rule 3) Avoid at any cost any reference to the tool, within or outside Europa.eu. We already have enough banners and initiatives and we don’t want people to get confused.

5. Do not even think of a public launch event. People might actually find out about it and start using it. Keep it “low key”, otherwise we are again accused of propaganda and we definitely don’t want that.

It seems the EU still can’t figure out what types of information and what services are the most suitable (and necessary) to disseminate its policies. That is quite a pity, as some very good initiatives, such as the EU Calendar, become “hidden gems” instead of reference tools, a well-deserved price for those either connected to the designer or stubborn enough to spend hours searching for it.