You might not have heard of HBGary Federal before. I certainly hadn’t, or at least not until February 4th when their CEO Aaron Barr boasted to the press that he had unmasked members of Anonymous and was going to pass their details to the FBI. This was presumably in retaliation for Anonymous having slowed down the servers of Visa, Mastercard and Paypal for a few hours back in December 2010, a crime that will no doubt live in infamy.

As it turns out HBGary Federal is a computer security consultancy that does a lot of work for the US government, trading on a reputation as experts in the field. Their CEO was obviously looking to generate headlines with his Anonymous story. And he succeeded, but not quite in the way he was expecting.

Within a few hours of his boasting to the press about having “infiltrated” Anonymous, Anonymous struck back. And they struck back hard. The HBGary Federal website was compromised and defaced, Aaron Barr’s Twitter and Facebook profiles were hijacked, and – most damagingly for HBGary – the company’s email server was breached, the emails extracted and put into the public domain via BitTorrent.

At this point, the damage done to HBGary was already severe. How could “experts” in information security be so thoroughly compromised, so quickly, and in such a humiliating manner? As Aaron Barr put it, soon after the attack took place:

I knew some folks would take my research as some kind of personal attack which it absolutely was not. I thought they might take down our Web site with a DDoS attack. I did not prepare for them to do what they did…

But the worst was yet to come. It took a few days for the contents of the email dump to be reviewed, and what it revealed was even more damning – not just for HBGary Federal, but for the shady culture of impunity it portrayed among firms contracting for the US government.

The new twist in the tale came when a project proposal was discovered among the emails. The proposal, titled “The Wikileaks Threat” (link to the full presentation), had been created by HBGary Federal in conjunction with two other companies for Hunton & Williams, a law firm that works with Bank of America. It outlined a systematic plan of attack against Wikileaks and its supporters which included tactics ranging from DDoS attacks, falsification of information, and what could be seen as extortion of prominent free-speech supporters such as Salon writer Glenn Greenwald. The exact quote about people in this category was that they could be pushed to “choose career preservation over cause”.

Slide from the Palantir, HBGary and Berico proposal

If you want to know more without reading the whole thing, this Tech Herald article has a good overview, but you should definitely read Glenn Greenwald’s response over at Salon:

The very idea of trying to threaten the careers of journalists and activists to punish and deter their advocacy is self-evidently pernicious; that it’s being so freely and casually proposed to groups as powerful as the Bank of America, the Chamber of Commerce, and the DOJ-recommended Hunton & Williams demonstrates how common this is. These highly experienced firms included such proposals because they assumed those deep-pocket organizations would approve and it would make their hiring more likely.

To put it mildly, the tactics outlined in this proposal are indefensible and the other companies involved have since apologised to the proposed victims and distanced themselves from HBGary Federal. Indeed the chief of Berico has called the proposal “reprehensible” (PDF link to company statement).

But this doesn’t bring the matter to a close. The leaked proposal is almost certainly the tip of a very large iceberg, giving us a glimpse of a corporate culture surrounding the US government that has grown accustomed to operating outside the law. As Glenn Greenwald puts it:

The exemption from the rule of law has been fully transferred from the highest level political elites to their counterparts in the private sector. “Law” is something used to restrain ordinary Americans and especially those who oppose this consortium of government and corporate power, but it manifestly does not apply to restrain these elites.

The story began with a so-called security expert bragging to the media and has ended with the disgrace of his company. Andy Greenberg at Forbes:

Rarely in the history of the cybersecurity industry has a company become so toxic so quickly as HBGary Federal …many of the firm’s closest partners and largest clients have cut ties with the Sacramento startup. And now it’s cancelled all public appearances by its executives at the industry’s biggest conference in the hopes of ducking a scandal that seems to grow daily as more of its questionable practices come to light.

These questionable practises, which are still being uncovered, are too many to list here, but this timeline over at Ars Technica is worth a read if you want to know more about Aaron Barr’s techniques.

It’s a shame that this story isn’t getting more press attention, because it reveals a lot about what’s happening on the front line of the struggle for internet freedom – and by “front line” I mean the hand-to-hand trench combat as opposed to the high-profile court cases taking place in the US and in the UK.

But it’s unlikely to get much coverage because it’s a messy, data-intensive, and fast-changing story; in other words, the type of story that is extremely difficult to get across within the constraints of traditional news media forms. Traditional media seems to be more comfortable talking about Julian Assange’s personal hygiene or Downing Street’s new cat than covering this sort of thing.

In a bizarre twist, Amazon is currently selling a Kindle book that contains the Wikileaks diplomatic cables. Obviously it’s not going to be up for much longer but it’s still a strange development:

As you’d expect lots of fun is being had with Amazon’s user-generated tags:

But the reviewers who are laying into Amazon are missing the point, which is that the book is obviously going to be taken down in the next few hours, if not minutes. There’s no way anyone at Amazon has done this deliberately – a Kindle seller has uploaded this and it’ll be gone soon.

It’s either naked commercial opportunism or a cheeky prank. Even still, it’s pretty odd.

Update at 18:11 GMT – well I was wrong, a few hours have passed and the book is still on sale. And Amazon can hardly be oblivious given that even the BBC has picked up on it:

“In a twist to the story it has emerged that Amazon, which last week refused to host Wikileaks, is selling a Kindle version of the documents Wikileaks has leaked…”

So what’s going on at Amazon? Are they just being cynical?

Update at 21:11 GMT – it’s finally been taken down! I wonder what’ll happen to the copies that people bought and downloaded? Will Amazon offer refunds?

"Bye bye book"

I’m not sure exactly how much I’ve spent with Amazon in the last year, but it’s a lot. If I buy something online, I’ll probably buy it from Amazon even if it’s slightly cheaper elsewhere. I buy books, MP3s and big-ticket items like computers too. So I guess I have a strong “brand relationship” with Amazon.

Like many people, I’m re-evaluating this relationship after Amazon dropped Wikileaks in an apparent concession to US government pressure (their official statement didn’t impress me much either) and I may stop buying things from them.

But here’s a good question – if you plan on boycotting Amazon for not hosting Wikileaks, why not boycott every firm that doesn’t host Wikileaks? This is my answer, and it’s grounded in Amazon’s ambitions (specifically the Kindle) rather than a general sense of corporate morality.

The Kindle strategy: mediate between reader and book

When Amazon started out, it just sold books. As it grew it started selling lots of other stuff (encountering more than a few UX problems along the way) but books and their readers remained key to its identity, as was affirmed by the launch of the Kindle in 2007.

Before the Kindle, Amazon’s relationship with the reader began with browsing for a new book and ended soon after it arrived. The packaging discarded, the book was opened and Amazon was forgotten: the relationship was now directly between the reader and the book.

With the Kindle, this relationship was to change. Rather than just enabling the book’s purchase, Amazon would remain in the equation while the book was being read. The relationship, instead of being a direct one between reader and book, would – through the Kindle – be mediated by Amazon, who would enjoy a more meaningful connection with the reader.

It’s a great strategy, and well-executed too: the Kindle is a joy to use. But underlying this strategy – and this is where Wikileaks becomes relevant again – is the increased need for trust between Amazon and the reader.

Trust, neutrality, and moral failure

Trust isn’t important when Amazon sells me a book. I need to trust that they won’t rip me off, yes, but that would be illegal – the trust is backed up by law. And once I’ve got the book in my hands, what can Amazon do? They can’t stop me reading it.

In the world of the Kindle, however, trust changes and becomes absolutely essential. This is because, in this transformed relationship where Amazon is the mediator, Amazon can remove books from your Kindle. It can do so remotely, without warning, at its own discretion, even if you paid for them or got them elsewhere. The reader must therefore trust Amazon not to do this. If she doesn’t, her relationship with the written word is no longer free.

When Amazon remotely wiped 1984 and Animal Farm from Kindles in 2009  this trust was damaged. That was due to rights & ownership problems – it wasn’t political, it was commercial. But the Wikileaks incident shows that Amazon will remove content for reasons that are ultimately political.

This doesn’t just damage that trust, it destroys it completely, and with it Amazon’s credibility as an organisation fit to mediate my relationship with the book. What if there was political uproar over a controversial novel, and Amazon was pressurised to remove it from the possession of people who had paid for it? We know now that they’d do it, and the implications are depressing.

In fact they’re so depressing that I feel glad that the Kindle wasn’t invented a century earlier. How much more effective would Soviet suppression of samizdat have been if the Kindle was in widespread use back then? What would have happened to Lolita, Lady Chatterly’s Lover, Ulysses, or any of the hundreds of books that were banned and burnt in supposedly less enlightened eras? How much would we have lost?

The banning of Wikileaks raises questions that are particularly sensitive given Amazon’s lofty aspirations. How can you promise to manage someone’s relationship with the written word – and therefore with culture, politics, literature, and arguably thought itself – when you can’t be trusted to remain neutral and impartial? Amazon has to be held to a particular moral standard, and it is this standard it has failed to meet. We were within our rights to expect more.