News Item

HED: Wikileaks: Controversial, But is it NSFW?

DEK: As companies look to bar access to the WIkileaks documents (or not) Web filtering providers must decide how to categorize the leaked documents. 

The controversy surrounding leaked diplomatic cables prompting organizations to weigh whether or not to block access to the leaked documents. But a poll of prominent Web filtering firms by Threatpost suggests that most consider WIkileaks sites to be sources of "news and politics," not suspicious and malicious Web sites that demand blocking or extra security. 

Employee access to the leaked documents became a headline issue this week after it was reported that the U.S. Air Force is blocking its computers ability to access not just the Wikileaks Web site and mirror sites, but also the Web sites of news organizations, including that of the New York Times and 25 other news websites, that published the classified documents. (http://www.nytimes.com/2010/12/15/us/15wiki.html). In an unrelated story, the operators of a prominent WikiLeaks mirror Web site found its domain classified as "suspicious" by anti spam group Spamhaus. (http://www.theregister.co.uk/2010/12/16/wikileaks_mirror_malware_warning...) As corporations and governments weigh their "position" on Wikileaks, Web content filtering firms find themselves on the front lines: providing the tools to block access to those sites and, in some cases, helping define exactly what WikiLeaks "is" and "is not." Our poll shows that, while there's no consensus on how to characterize Wikileaks and its mirror sites, most content monitoring firms are treating the leaks site as a source of news and information, but leaving it up to customers to decide for themselves. 

Writing for Blue Coat Systems, malware researcher Chris Larsen said that his company is "neutral" when it comes to classifying the Wikileaks content, saying that its customers make decisions about what content to allow or block their users from seeing. Wikileaks documents are no different from other classes of content - including porn: some customers will want to block it and others won't. Blue Coat Webfilter categorizes Wikileaks and its mirror sites in two categories: Political/Activist Groups and News/Media. The former are described as "sites sponsored by or that provide information on political parties, special interest groups, or any organization that promotes change or reform in public policy, public opinion, social practice, or economic activities." The latter, News/Media sites, are defined as "sites that primarily report information or comments on current events or contemporary issues of the day. This category also includes news radio stations and news magazines but does not include sites that can be rated in other categories," according to Blue Coat. 

Blue Coat customers can create policies that target specific sites within those categories to avoid overblocking content, according to Jennifer Arculeo, a spokesperson at BlueCoat. 

Wikileaks and its mirrors are "News and Media" sites for security firm Fortinet, too, said Ken Lin, a member of Fortinet's FortiGuard security team. 

Over at McAfee, Wikileaks and its mirrors are classified as “Politics/Opinions” sites - one of over 90 different categories that McAfee lets customers choose from. Customers can also add their own sites to the filter in accordance with their policies, the company said in an e-mail statement. 

A Cisco Systems spokesman said that organization didn't categorize Wikileaks and its mirrors one way or the other, though that would change if they started pushing malicious code or other threats. The same was true of Kaspersky Lab, though the sites do run afoul of Kaspersky's parental controls for frequent mentions of war and violence, said Andrey Nikishin, General Manager of Kaspersky's Cloud & Content Technologies.

Calls to censor Wikileaks within the U.S. have escalated since the release of "Cablegate," a collection of more than 200,000 pages of sensitive diplomatic cables. This week, U.S. Senator Joe Lieberman called publicly for investigations of news organizations that published the cables (http://thinkprogress.org/2010/12/07/lieberman-understand-doj-treason/), including The New York TImes, while other politicians suggested Wikileaks founder Julian Assange should be tried under an 80 year old "Espionage Act" in the U.S. A newly elected U.S. Representative from Florida, Allen West (R-Fort Lauderdale) was quoted saying that media organizations that published leaked documents should be censored (http://floridaindependent.com/17394/allen-west-calls-for-censoring-news-...), though West later said he meant to say "censured," not "censored."