The simple answer, he says, is that he doesn’t believe Tor alone is enough. “When you force people to use this tool, you put all your trust in it. If someone shows that the circuits are sniffed by the USA or something, it’s broken,” he says. “You’ll have advertised a totally broken system. Tor isn’t the golden bullet of anonymity on the Internet.”
So how does OpenLeaks plan to protect the identity of sources who don’t have the savvy to use Tor or their own choice of proxy server? The OpenLeaker sighs, as if I’ve asked a question with a very long answer. Then he grabs a Club-Mate and sits down.
WikiLeaks, he recaps, used cover traffic to mask which visitors were simply curious readers and which were leakers. A script on the site would run in their browser, uploading a randomly sized document. OpenLeaks will implement cover traffic, too, he says. But implementing that tool on news organizations’ websites won’t be as easy, given that a visit to those sites’ home pages would look different from visits to the leak submissions page. So they’re planning on eventually integrating their submissions page directly into the home pages themselves, a trick that requires coaching their media partners on how to excise security bugs from the most complex portion of their sites.
Once they have what the OpenLeaks engineer calls that “armored car” version of the partner sites set up, they plan to go even further than WikiLeaks, building more convincing cover traffic than has ever existed before, this unnamed engineer tells me. They’ve statistically modeled the timing and file size of uploads to WikiLeaks and have used it to spoof those submissions with high statistical accuracy. Most submissions to WikiLeaks were between 1.5 and 2 megabytes, for instance. Less than one percent are above 700 megabytes. Their cover traffic aims to follow exactly the same bell curve, making it theoretically indistinguishable from real submissions under the cover of SSL encryption, even when the user isn’t running Tor.
“We have over one and a half years of submissions data to analyze. That’s something you can model. That’s mathematics,” he says. “The more submissions we get, the better we model the cover traffic. It’s a feedback loop.”
I ask how it is that he has access to one and a half years of WikiLeaks submissions. And that’s when the man I’m talking to explains to me, without preamble, that he is the Architect.
I’m paralyzed for a moment. Slowly it dawns on me that I’ve stumbled into the man at the technical center of the leaking movement, one whom I’d never expected to communicate with, let alone meet face-to-face. The Architect, whether or not he notices my tongue-tiedness, speaks without pretension. He has a calm and patient authority. I launch into a long list of questions about his mysterious role in WikiLeaks and OpenLeaks, and he declines to answer most of them. He tells me nothing about his background, his career—beyond being a network engineer—or even his nationality.
But there’s one story he will tell: the events of his time at WikiLeaks, and why he decided to leave.
When the Architect was first recruited by Domscheit-Berg, he says, WikiLeaks was essentially a pair of servers, one hosted at PRQ in Stockholm that redirected to another more sensitive server in a data center somewhere else in Europe. “If the authorities had gotten that box, that would have been it,” he says. “Game over.”
The Architect demanded that the entire project be rethought and redesigned, which took the site off-line for months. He didn’t much like the group’s organizational architecture either: He warned Berg that Assange had too much control of the project, and that more of the financial and organizational responsibility should be shared. When Berg mentioned this to Assange, Assange accused Berg of plotting a power grab. “Julian warned me that Daniel was trying to control me,” the Architect says with a bitter laugh. “In fact, it was my idea.”
After the site’s downtime, in April 2010, the Architect had most of WikiLeaks’ materials ready to put back online, and began pinging Assange to get the go-ahead to relaunch the site. But Assange was in Iceland, busy preparing the Collateral Murder video that would springboard WikiLeaks to stardom. The Architect says that he didn’t respond. The video went online while the site was still down, and Assange blamed the technical volunteers working with the Architect for missing an important media opportunity, while the Architect bristled at the insult.
In July, when the group was preparing to publish the seventy-six thousand files known as the Afghan War Diaries, the Architect says he asked Assange to have the index for the release ready two weeks early. In the end, Assange left finishing the index page to the last minute, and it went up four hours late. “That was fine,” the Architect says calmly. “But I told him I wouldn’t tolerate any more major fuckups.”
WikiLeaks had left fifteen thousand files unpublished that the group and its media partners at The New York Times, The Guardian, and Der Spiegel deemed too sensitive—many contained the names of civilian informants to the U.S. military who might face reprisal if they were exposed. The Architect says he recruited a group of forty trusted volunteers to pore over the files to determine how they could be redacted and published. After four weeks of steady work, the files were edited and ready. Then the Architect learned from Assange that he didn’t in fact intend to publish those fifteen thousand documents, and wanted to use the group’s momentum with the media to publish the 392,000 Iraq documents instead. “So it was my job to tell all the guys they had spent four weeks reading shit for nothing,” he says.
The Architect scrambled to work on a document organization system that the group could use for the Iraq files with double-blind reviews and redactions by volunteers. But instead, Assange simply redacted all names from the files with an automated program that deleted words based on their frequency, what the Architect saw as sloppy overredaction.
By this time, Assange had already developed a deep distrust of Domscheit-Berg and begun to see him as a threat and a rival. In fact, it was the Architect, not Domscheit-Berg, who was fomenting a mutiny, the Architect says. He no longer believed Assange was responsible or careful enough to run the organization, IT resources, and finances, and told Domscheit-Berg as much.
The Architect wasn’t the only one turning against Assange. Reporters Without Borders and Amnesty International both issued open letters to Assange criticizing WikiLeaks for failing to more completely redact sources’ names from the Afghan War Diaries. “Indiscriminately publishing 92,000 classified reports reflects a real problem of methodology and, therefore, of credibility,” read the Reporters Without Borders statement. “Journalistic work involves the selection of information.” Even Birgitta Jónsdóttir’s allegiance with the group began to show cracks as WikiLeaks’ publications became larger and less discriminate. “We were very, very upset with [the Afghan War release,] and with the way he spoke about it afterwards,” Jónsdóttir told The New York Times. “If he could just focus on the important things he does, it would be better.”
Domscheit-Berg began to raise questions to Assange over instant messages about his lack of transparency as a leader and his singular control. Assange responded by accusing Domscheit-Berg of making comments to a Newsweek reporter that Assange should be ousted from the group, and demanded the German confess to his insubordinate statements. “If you do not answer the question, you will be removed,” wrote Assange in an instant message to the German.
“You are not anyone’s king or god,” snapped back Domscheit-Berg. “And you’re not even fulfilling your role as a leader right now. A leader communicates and cultivates trust in himself. You are doing the exact opposite. You behave like some kind of emperor or slave trader.”
“You are suspended for one month, effective immediately,” Assange responded.
A few days later, Assange held a group meeting on an IRC chat room he called “missionfirst” to discuss Domscheit-Berg’s behavior and lobby for his expulsion from WikiLeaks.
It was just after the meeting that Domscheit-Berg and the Architect decided t
o stage a partial shutdown of the site. Just for a day, the Architect—one of the few with access to the group’s most sensitive infrastructure—took WikiLeaks’ archive and home page off-line, a kind of strike to get the group’s attention. Assange responded by shutting down WikiLeaks’ Domain Name System entry, blacking out its submissions system, e-mail, and chat rooms in a digital game of chicken. The Architect caved and turned the elements of the site he controlled back on. But he wanted nothing more to do with Assange.
Domscheit-Berg had worked on a system similar to what would become OpenLeaks as part of a failed grant proposal to the American nonprofit Knight Foundation, and the Architect says he developed the idea further in a paper and sent it to Domscheit-Berg, suggesting they leave WikiLeaks to work on it. “The thing between J and Daniel is on a very personal level. But with me, it’s simple. If you fuck with me, I fuck with you,” he summarizes calmly. “My work comes at a price. Not to be famous. I wanted to do something good. And if someone corrupts that, I’ll pull the plug.”
Much of the hardware the site ran on belonged to the Architect or Domscheit-Berg, they say, and they had no intention of donating it to Assange’s project. The Architect says he gave the remaining WikiLeaks staffers two weeks to migrate their data off the servers they owned. A portion of the files were moved, but Assange had only tasked one developer to the operation. When the two weeks were up, that WikiLeaks volunteer had made little progress assembling a secure setup for the Architect and Domscheit-Berg to transfer the files. They gave Assange’s developer another week. When that deadline passed, too, the pair lost patience. So they simply changed the systems’ passwords and took control of all of it: the submissions system, the archive of published documents, and the unpublished submissions collection of three thousand leaked files.
Why disembowel WikiLeaks so thoroughly on their way out? The Architect and Domscheit-Berg claim that they didn’t trust the group under Assange’s leadership to properly protect the material, some of which they say contained data that was sent to Domscheit-Berg personally, and that might identify sources if it wasn’t kept secure. For the nearly one year between their departure from WikiLeaks and the Chaos Communication Camp, they kept the files encrypted and left them in the hands of a third party who didn’t have the key. (“Best to give them to someone who doesn’t even want the shit,” says the Architect.) They had no plans to publish the files, and said they’d offered to return them to WikiLeaks. But they claim Assange never offered a secure method of making the handoff.
“I didn’t mind that [Assange] likes media attention, or even the thing with the girls,” the Architect told me. “But I don’t believe he’s able to handle the basic law that first, you protect the sources. Before the project, before any of the people in it.”
When John Young published a leaked excerpt of Domscheit-Berg’s book in January 2011 on Cryptome that revealed he and the Architect had taken the unpublished submissions, Assange sent me a statement through Icelandic spokesperson Kristinn Hrafnsson that described Domscheit-Berg as an unethical, unstable charlatan:
[Domscheit-Berg] has falsely misrepresented himself in the press as a programmer, computer-scientist, security expert, architect, editor, founder, director and spokesman. He is not a founder or co-founder and nor was there any contact with him during the founding years. He did not even have an email address with the organization until 2008 (we launched in December 2006). He cannot program and wrote not a single program for the organization, at any time.
The statement didn’t once mention the Architect.
When I spoke with that unnamed engineer, eleven months after the rupture, WikiLeaks had neither gotten its unpublished submissions back from the OpenLeakers nor built a new submissions system to replace the one that the Architect and Domscheit-Berg took with them.
The Architect says he has no regrets, either about dismantling WikiLeaks’ technology or cutting ties with Assange. “WikiLeaks is like jumping from an airplane. It’s for the adrenaline junkies,” he says. “At some point you have to open the parachute. Some people open it earlier, some later. Some don’t get the chance to open it at all.”
Only two men have been expelled from the Chaos Computer Club in its thirty-year history. One was a Nazi. The other was Daniel Domscheit-Berg.
On the third day of the Chaos Communication Camp, after OpenLeaks’ fumbled launch, CCC board member Andy Müller-Maguhn and three other Club board members approached Domscheit-Berg at three A.M. outside a party a few tents away from OpenLeaks’ encampment. They handed him a letter on the official CCC letterhead marked with the Chaos Knot, a bundle of tangled cables that serves as the group’s emblem. It explained that his membership had been revoked for “damaging the reputation of the Chaos Computer Club through the public presentation of your talk on the project OpenLeaks,” and “creating the impression that the Chaos Communication Camp and its attendees had taken over a security check for your project and the source protection it promised.”
When Domscheit-Berg shows me that letter, it’s the last day of Camp and he’s pacing around the OpenLeaks tent, quickly and mechanically packing things away. “I don’t need Andy Müller-Maguhn to give us a permit for this project,” he says angrily. “I don’t fucking care.” He stops for a moment and looks out of the tent flap as the first drops of rain began to fall from the dark sky over Finowfurt. “If I had bothered about everything that everyone said about me since I left WikiLeaks, I would be living on a desert island right now.”
He walks back into the tent and asks in an agitated tone if there’s any Club-Mate left. To Domscheit-Berg’s visible relief, it turns out his young stepson has hidden a case under a table as a backup supply. As he opens a bottle, Domscheit-Berg explains what he believes is the real story behind his excommunication. Andy Müller-Maguhn has been asked by Julian Assange to retrieve the submissions that he and the Architect took from WikiLeaks. The fact that the OpenLeakers still haven’t handed the materials over, as Domscheit-Berg tells it, is prejudicing the CCC’s decision making against him.
And why exactly hasn’t he handed those materials over to Müller-Maguhn? The Architect, who is sitting on a couch nearby, answers. “There’s a network of trusted people who handle stuff,” he says nonchalantly, “and he’s not one of them.”
“Besides, this is the guy who is already responsible for the biggest data-handover fuckup of all time,” Domscheit-Berg adds. “He’s not capable of anything serious.”
What does that mean? I ask the pair, confused. They decline to explain.
“Just imagine the worst-case scenario you can think of,” Domscheit-Berg offers after a moment, “and then add a little to it.”
After this foreboding statement, he walks out of the tent and into the rain, closing the flap behind him.
“The more secretive or unjust an organization is, the more leaks induce fear and paranoia in its leadership and planning coterie,” Julian Assange wrote in his “Conspiracy as Governance” essay in 2006. Five years later, that maxim wholly applied to WikiLeaks and Assange himself.
The Architect’s and Domscheit-Berg’s departure from the group with three thousand unpublished submissions represented the first major breach of the organization’s security. In the months that followed, the spillages continued: Rogue WikiLeaks partner Israel Shamir allegedly gave unredacted cables to the repressive government of Belarus, including information that may have been used against the Belarusian political opposition. The freelance journalist Heather Brooke extracted a copy of the cables from the Icelandic WikiLeaker Smári McCarthy and passed them on to The Guardian newspaper, allowing the paper to publish the cables entirely without WikiLeaks’ control and infuriating Assange.
After the OpenLeakers’ departure with WikiLeaks’ submission system and files, Assange began contacting former WikiLeakers and other common associates to beg, cajole, and threaten them into helping him resolve what he called “the host
age situation.” By early 2011, Assange was publicly vowing to sue both The Guardian and Domscheit-Berg, lawsuits that never materialized. As his Nixonian anxiety grew, he went so far as to demand every WikiLeaks staffer sign a nondisclosure agreement that levied a twenty-million-dollar fine for distributing a WikiLeaks document, or even revealing the existence of the NDA itself.
Inevitably, the contract itself leaked. When the document showed up on the New Statesman’s website, Guardian reporter and former WikiLeaker James Ball admitted he was the source. “WikiLeaks is not democratically accountable,” Ball wrote in an editorial for the paper. “It has no board, or no oversight. If any organization in the world relies on whistleblowers to keep it honest, it is WikiLeaks. In such circumstances, silencing dissent is not just ironic, it’s dangerous.”
Like the institutions Assange had once described as his targets, WikiLeaks was compromising its cause in an effort to contain its own employees’ impulses to spill the organization’s guts. And the biggest leak was yet to come.
In retrospect, Andy Müller-Maguhn may not have been the ideal judge of whether the Chaos Computer Club should lend its support to WikiLeaks’ most prominent spin-off group. Long before the CCC board member had expelled Domscheit-Berg from the Club, he already considered the German ex-WikiLeaker a traitor to hacker principles and a possible government informant. “I’ve been a member of the CCC for twenty-six years,” he says as he picks at an arugula salad at an Italian restaurant near the hacker group’s headquarters in Berlin. “Perhaps I have seen too many people’s intelligence files.”
After WikiLeaks’ three megaleaks and Domscheit-Berg’s departure from the group in late 2010, while the U.S. government was coiling into counterattack mode, Müller-Maguhn says Domscheit-Berg began behaving strangely. He was so nervous when Müller-Maguhn ran into him around the Chaos Computer Club headquarters that the younger German’s body shook and he couldn’t complete a sentence, Müller-Maguhn recounts.
This Machine Kills Secrets Page 34
