The £12m question: how WikiLeaks gags its own staff

“A typical open market valuation.”

This blog has previously described the bizarre legal world of WikiLeaks where, for example, the organisation claims some form of commercial ownership over the information that has been leaked to it.

Today, the New Statesman can reveal the extent of this legal eccentricity as we publish a copy of the draconian and extraordinary legal gag that WikiLeaks imposes on its own staff.

Clause 5 of this "Confidentiality Agreement" (PDF) imposes a penalty of "£12,000,000 – twelve million pounds sterling" on anyone who breaches this legal gag.

This ludicrous – and undoubtedly unenforceable – amount is even based on "a typical open-market valuation" for the leaked information that WikiLeaks possesses.

This phraseology is consistent with WikliLeaks's perception of itself as a commercial organisation in the business of owning and selling leaked information. Indeed, there is no other sensible way of interpreting this penalty clause.

Other parts of the legal gag are just as extraordinary. The second recital paragraph, "B", provides that – like a superinjunction – the fact of the legal gag itself is subject to the gag.

So is "all newsworthy information relating to the workings of WikiLeaks". On the face of it, even revealing one is under this agreement could result in a £12m penalty, as would sharing information on how the directors conduct the organisation.

The fifth recital paragraph, "E", is just as astonishing. It purports to extend what WikiLeaks can sue for beyond any direct loss that it might suffer if the gag is breached. WikiLeaks says it can sue for both "loss of opportunity to sell the information to other news broadcasters and publishers" and "loss of value of the information".

All this legalese can only mean that WikiLeaks takes the commercial aspect of selling "its" information seriously: there would be no other reason for this document to have such precise, onerous and unusual provisions.

On the basis of this legal gag alone, it would be fair to take the view that WikiLeaks is nothing other a highly commercially charged enterprise, seeking to protect and maximise its earnings from selling information that has been leaked to it. If so, WikiLeaks is nothing other than a business.

One suspects that the various brave and well-intentioned people who have provided the leaked information would be quite unaware of – and perhaps horrified by – the express commercial intentions of WikiLeaks, as evidenced by this document.

However, for some time it has been apparent that WikiLeaks and its founder, Julian Assange, have had a "pick'n'mix" attitude to legal obligations. They seem to feel free from any restrictions in respect of confidentiality and official secrecy; but on the other hand they make routine legal threats, especially against the Guardian, so as to uphold their perceived rights to their supposed commercial "property" – leaked, sensitive information. Abidance by the law is, it would seem, something for other people.

And, as the legal gag shows, WikiLeaks sought to use the full force of the law to deter or punish anyone who leaks against it – to the tune of £12m a time.

David Allen Green is legal correspondent of the New Statesman and is a practising media lawyer. He was shortlisted for the George Orwell Prize for blogging in 2010.

David Allen Green is legal correspondent of the New Statesman and author of the Jack of Kent blog.

His legal journalism has included popularising the Simon Singh libel case and discrediting the Julian Assange myths about his extradition case.  His uncovering of the Nightjack email hack by the Times was described as "masterly analysis" by Lord Justice Leveson.

David is also a solicitor and was successful in the "Twitterjoketrial" appeal at the High Court.

(Nothing on this blog constitutes legal advice.)

Getty
Show Hide image

“A disaster waiting to happen”: Can you trust the government to digitise your personal data?

Privacy and security experts warn against the lesser-scrutinised Part 5 of the Digital Economy Bill, claiming bulk data sharing could be vulnerable to hacks.

Last week, the government’s Digital Economy Bill hit the news because of a proposed ban on pornographic websites that didn’t comply with its planned age verification rules. The news was just the right amount of shocking and yes, sexy, to grab the nation’s attention, but in the meantime other parts of the Bill remained unscrutinised. A distinctly un-sexy aspect of the Bill – Part 5, “Digital Government” – aims to completely revolutionise the way your personal data is shared.

In essence, Part 5 allows the government to digitise your data and bulk-share it without informing you or asking for your permission. This data includes your birth, death, and marriage certificates, as well as information on your taxes, court appearances, benefits, student loans, and even parking tickets. If the Bill passes, your information will be shared with local councils, charities, and even businesses – initially, gas and electricity companies.

Today, the Bill will undergo its third reading in the House of Commons. Last Friday, 26 privacy experts wrote to the Daily Telegraph to call for Part 5 to be removed from the Bill due to the lack of technical and legal safeguards in place.

“It's horrid and it's complex and it's going to impact all of us,” says Renate Samson, the chief executive of Big Brother Watch, an organisation that scrutinises the government to protect individual privacy. Big Brother Watch was invited by the government to work on the Bill as part of the government’s Open Policy Making, but Samson feels it was ignored when discussing the need for strong safeguards in the Bill. “Holding civil registration documents in bulk and sharing them in bulk is without a doubt a data disaster waiting to happen.”

Samson and her team worry that the Bill does not do enough to protect our personal data. “They tell a little story in one of their documents about mothers being able to click and access their baby’s birth certificate instead of having to go and get a copy, which sounds brilliant except they haven’t defined how they’ll know the mother is who she says she is, and how she will know who she can trust on the other end,” she says. “In a perfect, idyllic utopia, it works, but it doesn’t take hacking into consideration.”

According to the National Audit Office, in 2014-15, there were 9,000 data breaches across government departments. The subsequent inquiries revealed that many officials did not know how to report a breach and there was not enough guidance for the authorities involved. “The government is already failing to look after our data,” says Samson. “Fundamentally [Part 5] will lead to data breaches. People’s data will get lost and we won't ever know how or why.”

Though the government denies it, there are additional fears that this digitisation of data is the beginning of an ID database, a policy that was scrapped in 2011. At the time, then-Home Office minister Damian Green said that ending the proposed National Identity Register demonstrated “the government’s commitment to scale back the power of the state and restore civil liberties”.

Whether or not a register is created, however, Samson and other privacy experts, as well as the British Medical Association, take issue with the fundamental justifications for bulk data sharing. “The reason that they've given for wanting to do all this is ‘wellbeing’, which is crap, frankly,” she says. “In the summer, the Scottish Parliament dropped the Named Person Scheme because the supreme court found that ‘wellbeing’ is simply not a strong enough reason to share people’s personal information. Of course they’re trying to do something great but they’re going about it in a really cack-handed fashion.”

One example of this is that the government intends to share your personal information with the Troubled Families programme to identify people who may be at risk. Although this is ostensibly positive, this information will also be used to determine anti-social behaviour. “On the one hand, they’re saying that they’ll make sure that families who need help will get it, but on the other, if it transpires that you’re noisy or you’re difficult on your estate, they will now share that data so you can have an Asbo.”

Fundamentally, then, although the aims of the Bill seem admirable, there are simply not enough safeguards and rules in place currently for it to safely become law. While this partially might be a simple error on the government’s part, Samson argues that the language of the Bill is “as open and broad and woolly as you can possibly imagine”, causing concern about how it might actually be used in practice. In theory, hundreds or thousands of businesses and authorities could have access to your data without your consent.

“No one is opposing the idea of data sharing,” says Samson, “But a) tell us why, b) keep us informed if you’re using our data, and c) let us control our data. That’s the only way this is all going to move forward.”

Amelia Tait is a technology and digital culture writer at the New Statesman.