Paul Holmes 28 Feb 2011 // 10:24PM GMT
I suppose the charitable response to the news that Bank of America hired security firms to analyze the threat posed by WikiLeaks would be to acknowledge that at least the company is taking the issue seriously. But given the quality of the documents that found their way into the blogosphere this week, that would be an extremely generous response. Because it’s hard to imagine a more wrong-headed, counterproductive strategy than described in those documents. A brief summary of events is perhaps in order. Toward the end of 2010, WikiLeaks founder Julian Assange said in an interview that he intended to “take down” a major American bank and expose an “ecosystem of corruption” using data obtained from an executive’s hard drive. It didn’t take long for speculation to focus on Bank of America, and for the bank to begin its crisis response. Part of that response involved hiring three private security firms to help it develop a strategy to counter any attack from WikiLeaks. One of those firms bragged in the Financial Times that it had evidence that could lead to the arrest of several members of Anonymous, a group of hackers supporting WikiLeaks. The security firm was promptly hacked by the group—surely proof enough that these people have no clue what they’re doing—and the confidential report it produced for BoA obtained and published. If the bragging and the hacking were insufficient evidence of the security firms’ incompetence, the strategy document should leave no doubt. The aspect that has generated the most scorn is the recommendation that BoA attempt to bring commercial pressure to bear on civil liberties blogger Glenn Greenwald (identified as a key WikiLeaks supporter) by forcing him to balance “professional preservation” against his “cause”—a strategy that even a casual reader of Greenwald’s work would recognize as delusional. But the rest of the strategy is equally dumb. Put simply, the approach suggested by the security firms—a campaign of disinformation that is clearly unethical and borderline illegal—is one that only a company with massive amounts to hide would even consider. It is axiomatic that cover-ups typically create problems significantly worse than the original acts they are designed to obscure. It seems companies are going to have to learn to deal with a new environment, one in which such leaks are the norm rather than the exception. The best way to do that is to follow some simple, age-old public relations advice: don’t say or do anything you wouldn’t want your mother to read about on the front page of The New York Times. It certainly doesn’t involve hiring thugs to intimidate those reporting the leaks.