WikiLeaks in Sweden: A note on local source protection in a global online world
While the internet has enabled almost limitless possibilities to publish and disseminate large quantities of data, and opened up whistle-blowing opportunities in numerous contexts, the case of WikiLeaks has shown that protection of sources has become a critical issue.
Soon after it was established in 2007, WikiLeaks moved its content to Swedish and Belgian servers to enjoy the strong legal protection of free speech that these countries provide.
WikiLeaks was not the only whistle-blowing site around, but it had slowly built up confidence in the internet community through strong encryption technology and security routines. Together with some very extraordinary leaks during 2010, the site developed into the most well-known global whistle-blowing site in the world.
Since its inception, WikiLeaks has created major controversies, whether through making information publically available, or being blocked from credit card donations, or through accusations of sexual crimes against its founder, Julian Assange.
This report focuses on WikiLeaks’ presence in Sweden, and what WikiLeaks may have achieved or not achieved through this. The rape allegations against Assange and the issue of his extradition to Sweden have deliberately not been dealt with. For one, the situation has the potential to cloud the issue of the function of WikiLeaks and fundamental civil rights. Some might argue that the accusations are part of attempts by the Swedish state in collusion with the United States (US) authorities to continue to discredit WikiLeaks, and to deny its potential as a powerful human rights tool. Others may argue that Assange, by using WikiLeaks as leverage to avoid personal legal proceedings, is jeopardising the future of WikiLeaks. How the controversy fits into the scenario is currently open to speculation only.
Policy and political background
Freedom of expression has a long history in Sweden, and the first law protecting free speech dates back to 1766. In addition to the right for any individual to express oneself freely there is strong and comprehensive protection for the press through two constitutional laws, the Freedom of the Press Act SFS 1949:105 and the Fundamental Law on Freedom of Expression SFS 1991:1469.
The legislation, which establishes protection from interference from the government and other state bodies, is detailed and describes a number of requirements to qualify for protection. These relate to how, in which form, to what purpose and through what media the material is being published, but do not relate to the actual content of the publication. For example, commercial advertising does not qualify because of its commercial purpose and, similarly, private email does not qualify because it is not intended to be published publicly.
The main requirements for protection of internet content are [The Fundamental Law on Freedom of Expression, Article 9, Chapter 1]:
- That the material is provided upon specific request from a user (i.e. not through using automatic website pop-ups)
- That the website appears as a uniform product (e.g. it should have a coherent design and cannot be a mass of unformatted or unedited data or text simply put online)
- That the website content cannot be altered or changed by anyone other than the editorial staff running the website.
If these requirements are fulfilled, the editor may file for a so-called “Certificate of No Legal Impediment to Publication”, which certifies that the website and its content, as well as the editorial staff and their sources, are protected through [The Fundamental Law on Freedom of Expression, Chapter 2]:
- Source protection – sources have the right to stay anonymous and it is a criminal offence for editorial staff to reveal any information about the source
- Inquiry protection – no public authority or other public body may inquire into the identity of the source [The Fundamental Law on Freedom of Expression, Article 4, Chapter 2]
- Prohibition of censoring [The Fundamental Law on Freedom of Expression, Article 3, Chapter 1] – any scrutiny of content prior to publication or similar act of censoring from a public authority or other public body is prohibited.
However, a Certificate of No Legal Impediment to Publication not only entails protection, it also means responsibilities: it requires the appointment of a named responsible editor who is liable for all content on the website. This is only in relation to an exclusive and limited list of criminal offences, which can only be prosecuted by the Chancellor of Justice in accordance with the rules laid down in the Freedom of the Press Act. [The Fundamental Law on Freedom of Expression, Article 1, Chapter 7, with reference to Freedom of the Press Act, Article 1-4, Chapter 9]
The principles behind the constitutional protection can be compared to that of a boxing ring. Boxers enter the ring knowing that in the ring certain rules apply, protecting them from illegal actions; but they are at the same time subject to certain physical risks that are allowed by the same rules that protect them in the first place. The risk of taking on the liability of being a responsible editor is something the editor would have to accept to be able to enjoy the benefits of source protection, inquiry protection and prohibition of censoring.
It is, however, important to understand that the protection of sources only relates to the protection of anonymous sources, and not the protection of a whistle blower as such. If an anonymous source is revealed, the protection for the individual is very limited. The Swedish legislation does not provide any protection from retaliatory actions taken by, for example, private companies or foreign governments. It is therefore critical to protect the anonymity of the source in the first place, particularly in the case of international leaks, where the source may come from a country with poor rule of law, and therefore may face arbitrary retaliation from the state.
The benefits of legal uncertainty...
Being a whistle-blowing site, WikiLeaks is critically dependent on sources for information, and on the protection of these sources. One of WikiLeaks’ strong advantages, which has contributed to the success of the site, is its reputation of being able to keep its sources completely anonymous.
WikiLeaks source protection is primarily technical, with a sophisticated and partly secret system where individuals can file information in a “drop-box”. This first step is important as it avoids any face-to-face interaction between the source and WikiLeaks. While traditional journalists often have to build up trust with sources to develop a story, the drop-box system enables leaking at anytime by anyone, without a relationship being developed between two individuals.
After the drop-box system, multiple servers in different countries create a complex system of information flow that makes it virtually impossible for any individual within the WikiLeaks organisation to identify a source without collaborating with numerous other colleagues in the organisation. This way WikiLeaks has ensured technical measures as well as organisational structures and staff routines to protect the sources.
When looking for strong legal protection, the step to Sweden was not a long one; already early in the history of WikiLeaks, the organisation had put many of its servers in Sweden with help from companies with a background in the Swedish file-sharing site Pirate Bay.
As described above, the Swedish legal protection offered to sources is strong – as long as the leak is kept anonymous. Locating its servers in Sweden also means that any foreign government that would be interested in investigating a leak, or in tracing the information back to a possible leak, or even taking measures to prevent the publication of a particular leak, would have to take legal measures in Sweden. Generally this would not be possible without collaboration with Swedish public authorities. Any such collaboration would mean that Swedish public authority officials would be guilty of violating the law, which is punishable by a fine or imprisonment for up to one year. [The Fundamental Law on Freedom of Expression, Article 5, Chapter 2]
They could also face being fired. Of course, it does happen that Swedish public authority officials violate the freedom of the press laws, but generally the laws are well known and well respected, and cases of violations are brought to court in accordance with the special procedures set forth in the Freedom of the Press Act. [The Fundamental Law on Freedom of Expression, Article 1, Chapter 7, with reference to Freedom of the Press Act, Article 1-4, Chapter 9]. This means that foreign governments or other actors would be left to take measures against WikiLeaks entirely on their own, without support from Swedish public authorities.
With this protection in sight, WikiLeaks decided to apply for the Certificate of No Legal Impediment to Publication in accordance with the Fundamental Law on Freedom of Expression. [The Fundamental Law on Freedom of Expression, Article 4, Chapter 2] Appearing to comply with the requirements for the certificate, this was a natural step to enjoy strong legal protection. An important factor here was that WikiLeaks, in spite of its name, is not a wiki: its content is not user-generated. All content is submitted or leaked through the drop-box system, but then, as a second step, published by the WikiLeaks organisation. This level of gatekeeping means that it functions more like a traditional media outlet.
For WikiLeaks to receive the certificate, the organisation needed to appoint a responsible editor, and this editor needed to be accountable in Sweden, which means the editor would need to be a Swedish citizen or have valid Swedish residence and a work permit. Assange was appointed responsible editor and applied for Swedish residence and a work permit at the Swedish Migration Board.
The application for residence and work permit was, however, denied and WikiLeaks did not qualify for the Certificate of No Legal Impediment to Publication. The reason behind the decision by the Swedish Migration Board is not available as the board’s decisions are not public. At the time of writing, the grounds for the decision of the Swedish Migration Board have to the best of my knowledge not been leaked by the Board, nor by Assange himself.
Being denied the certificate means that WikiLeaks did not become expressly protected by the Swedish constitution. But since the website may comply with the requirements for protection, the site may still be considered protected, as the legislation provides for automatic protection in some cases, including for some mass media organisations. [The Fundamental Law on Freedom of Expression, Article 9, Chapter 1] This second type of protection, which includes the same protection as the “regular” protection, automatically applies and is in force without any form of prior registration or application process. Whether WikiLeaks should be considered protected or not, under the automatic protection for mass media organisations, currently remains unclear.
The denial of the application is, of course, a setback for WikiLeaks. However, the fact that WikiLeaks may enjoy protection without the Certificate of No Legal Impediment to Publication is an uncertainty that in itself is a protection from interference from any inquiry, scrutiny or censoring from a Swedish public authority. The uncertainty is likely to deter most Swedish public authorities and their employees from investigating leaks and sources, as well trying to interfere with what is being published, as the individual conducting the search or action faces the risk of criminal charges. As a result, the uncertainty may still work in WikiLeaks’ favour.
Even if Assange was given a work permit, enabling WikiLeaks to be granted the Certificate of No Legal Impediment to Publication, would this then have been something valuable for WikiLeaks?
Clear legal protection often implies being subsumed into a legal system, a system which might not be adapted to all the needs of WikiLeaks. The Swedish system for the protection of the press is aimed at traditional printed newspapers, with adjustments that cater for online supplements to newspapers and, more recently, to online databases.[The Fundamental Law on Freedom of Expression, Article 1, Chapter 1]. Instead of publishing traditionally edited articles, original documents are published on WikiLeaks after a somewhat limited fact check. This model of mass media might not fit perfectly well in a system which requires a single responsible editor, which is the main requirement for enjoying full protection in Sweden.
Instead, the legal uncertainty of WikiLeaks, which is currently the case, may work in WikiLeaks’ favour.
The process of WikiLeaks’ endeavours to enable safe and secure leaking is an ongoing story which is the case for anyone dealing with the publication of sensitive content online. In the case of WikiLeaks the outcome is unclear, with more questions than answers. However, some conclusions can be drawn:
- Source protection, legal as well as technical, must build upon strict procedures and routines.
- Legal source protection should always be combined with technical protection and vice versa.
- Legal source protection is normally not the same as whistle-blower protection. Even under Sweden’s legal protection, an individual source who is revealed would only enjoy very limited protection, particularly in an international context.
- Strong legal protection might not always be the best option – stronger technical measures that protect the anonymity of sources, including mirroring servers in different parts of the world, may prove more effective.