The £12m question: how WikiLeaks gags its own staff

“A typical open market valuation.”

This blog has previously described the bizarre legal world of WikiLeaks where, for example, the organisation claims some form of commercial ownership over the information that has been leaked to it.

Today, the New Statesman can reveal the extent of this legal eccentricity as we publish a copy of the draconian and extraordinary legal gag that WikiLeaks imposes on its own staff.

Clause 5 of this "Confidentiality Agreement" (PDF) imposes a penalty of "£12,000,000 – twelve million pounds sterling" on anyone who breaches this legal gag.

This ludicrous – and undoubtedly unenforceable – amount is even based on "a typical open-market valuation" for the leaked information that WikiLeaks possesses.

This phraseology is consistent with WikliLeaks's perception of itself as a commercial organisation in the business of owning and selling leaked information. Indeed, there is no other sensible way of interpreting this penalty clause.

Other parts of the legal gag are just as extraordinary. The second recital paragraph, "B", provides that – like a superinjunction – the fact of the legal gag itself is subject to the gag.

So is "all newsworthy information relating to the workings of WikiLeaks". On the face of it, even revealing one is under this agreement could result in a £12m penalty, as would sharing information on how the directors conduct the organisation.

The fifth recital paragraph, "E", is just as astonishing. It purports to extend what WikiLeaks can sue for beyond any direct loss that it might suffer if the gag is breached. WikiLeaks says it can sue for both "loss of opportunity to sell the information to other news broadcasters and publishers" and "loss of value of the information".

All this legalese can only mean that WikiLeaks takes the commercial aspect of selling "its" information seriously: there would be no other reason for this document to have such precise, onerous and unusual provisions.

On the basis of this legal gag alone, it would be fair to take the view that WikiLeaks is nothing other a highly commercially charged enterprise, seeking to protect and maximise its earnings from selling information that has been leaked to it. If so, WikiLeaks is nothing other than a business.

One suspects that the various brave and well-intentioned people who have provided the leaked information would be quite unaware of – and perhaps horrified by – the express commercial intentions of WikiLeaks, as evidenced by this document.

However, for some time it has been apparent that WikiLeaks and its founder, Julian Assange, have had a "pick'n'mix" attitude to legal obligations. They seem to feel free from any restrictions in respect of confidentiality and official secrecy; but on the other hand they make routine legal threats, especially against the Guardian, so as to uphold their perceived rights to their supposed commercial "property" – leaked, sensitive information. Abidance by the law is, it would seem, something for other people.

And, as the legal gag shows, WikiLeaks sought to use the full force of the law to deter or punish anyone who leaks against it – to the tune of £12m a time.

David Allen Green is legal correspondent of the New Statesman and is a practising media lawyer. He was shortlisted for the George Orwell Prize for blogging in 2010.

David Allen Green is legal correspondent of the New Statesman and author of the Jack of Kent blog.

His legal journalism has included popularising the Simon Singh libel case and discrediting the Julian Assange myths about his extradition case.  His uncovering of the Nightjack email hack by the Times was described as "masterly analysis" by Lord Justice Leveson.

David is also a solicitor and was successful in the "Twitterjoketrial" appeal at the High Court.

(Nothing on this blog constitutes legal advice.)

Google Allo
Show Hide image

Google Allo: a chat app like WhatsApp – but with only a cursory consideration for your privacy

When will we stop sacrificing security for stickers of muscular bulls wiggling their butts? 

The world already has enough chat apps. When Google’s latest messaging service Allo launched this morning, a cursory glance showed us it had much the same features as Snapchat, WhatsApp, and Facebook Messenger before it. You can doodle on your pictures! Here’s an emoji with heart eyes! Look at this sticker of a bull twerking! Oh-by-the-way-we’re-reading-your-messages-hope-that’s-not-a-problem-bye!

Just like Facebook, Instagram, Skype, and Snapchat, the messages you send on Google Allo are not automatically end-to-end encrypted. This type of encryption – which Whatsapp began using in April – means that only you and the recipient of your message can read it and nobody in between. Messaging apps without end-to-end encryption can store your messages on their servers and access them at any time, as well as hand them over to the government if required by law. The technology academic and author John Naughton has likened it to “sending your most intimate secrets via holiday postcards” and Edward Snowden went as far as too call Google Allo “dangerous”.

But Google has a reason for not using end-to-end encryption (whether it’s a good one or not is up to you). The app includes Google Assistant, a tool which can answer your questions within any chat. In order for this to work, Google naturally needs to access your messages. Its new “Smart Reply” feature also means it reads and analyses your conversations to give you personalised auto-reply suggestions. Despite originally promising that it would only store your chat history for a limited amount of time, Google has now admitted that it will retain the data unless you personally choose to delete it. The app is actively trying to learn as much about you as possible, and then storing the data. 

But while Google Allo doesn’t automatically offer end-to-end encryption, it is receiving praise for the ability to opt in via “Incognito mode”. Once this mode is selected, you have end-to-end encryption on your messages, and you can set them to expire after a certain period of time. Wonderful. Brilliant. Article over. No more worries.

Except by placing the onus on the user to opt in to privacy (rather than opt in to Google Assistant) Google has played a trick that many companies have played before. Amazon recently launched a UK version of Echo, a “constantly listening” smart device that records and stores all of your questions, and gave users the option to mute the machine if they were concerned about privacy. But by its very nature, no one who desires this device is concerned about privacy.

And so too with Google Allo. Anyone worried about Snowden’s warning won’t download it, and those who do download it are unconcerned about, or unaware of, the lack of end-to-end encryption. Even the name, “Incognito mode” makes it sound like something that should be used for shady or saucy goings-on, instead of accepting that, by default, all of your private conversations should stay private.

Which begs the question: why don’t most of us care? Allo’s opt-in encryption is actually a vast improvement on Facebook Messenger’s complete disregard for this privacy measure, and that app has one billion active users. Are we truly so distracted by stickers and emojis that we don’t spare a thought for security? Our general apathy towards personal privacy sets a precedent for a future in which – and really, no tinfoil hats are needed here – none of our conversations are ever private.

You probably don’t care because your conversations are boring (no offence). It doesn’t worry us that the government or the police or big businesses are listening because all we’re talking about is whether to meet the lads in Nando’s at six or six-thirty. But no matter how inane our conversations, we should always protect ourselves from eavesdropping.

This is because, as the way Google search histories are used in court shows, your personal data can easily be misconstrued. If you ever did get in trouble with the police, can you really trust them to understand the private jokes between you and your friends, and not construe malicious meanings in your messages? What if third parties accessed your conversations? Companies already use our social media profiles to target advertisements towards us, but what if they scanned our messages to understand us better? Could your offhand conversation about how sick you’re feeling affect your health insurance claims? Will your message about money trouble prevent you from getting a loan?

These are all hypothetical questions, yes, but they are a path our apathy is driving us down. We’d much rather skip through the Terms and Conditions to get a new flashy feature than really scrutinise the data we’re giving away and how it’s used. Companies know this, which is why they hide behind opt-in features like “Incognito mode” and the “delete chat history” button. They can defend themselves by saying the option is there while simultaneously knowing that most people will never actually use it.

There is no easy way to get the wider world to care about privacy, but thankfully there’s probably no way to get them to care about Allo either. It’s not certain whether the messaging app will fail, but given the success of Google's previous chat apps (Talk or Hangouts, anyone?), it seems likely. Then again, none of those had a sticker of a muscular bull wiggling its butt.

Amelia Tait is a technology and digital culture writer at the New Statesman.