The fallout from the Panama Papers continues as people start looking closely at what the documents reveal about the function and purpose of the shell companies that people can set up that can be used to hide assets and thus avoid taxes and launder money. These companies often offer no more information than an address, a phone number, and the name of a contact person who frequently cannot be contacted at the address or phone number.
British prime minister David Cameron is under scrutiny for his late father’s role in one such company. Cameron has been offering multiple evasive responses about how much he benefited from his father’s activities and stands accused of still hiding information. Meanwhile, China has clamped down on stories about the role of members of the leadership and their families in these shell companies and you can be sure that political leaders in other countries are in full damage control mode.
These documents reveal massive crimes against a vast number of people but the irony is that the people who are most hurt by these tax avoidance shell games are those who may not even realize how much they have been harmed.
As revelations emerge from the cache of documents about how the rich and powerful conceal and protect their wealth in offshore tax havens, some of the politicians named in them have scrambled to deny wrongdoing. Yet between the lines of the Panama Papers’ 11.5 million files are the untold others — the unnamed victims who suffer daily as a result of these diverted dollars. They are citizens of developing nations who, thanks to the massive sums — estimates range from $213 billion to $1.1 trillion in a single year — that these countries lose annually to tax avoidance and evasion, are deprived of critical funding for education, healthcare and other fundamental infrastructure, analysts say.
“Those governments just can’t collect enough tax, because their systems are so exposed to abuse from tax havens,” Richard Murphy, a professor of practice in international political economy at City University London, said. “They can’t provide healthcare, they can’t provide education, they can’t provide investment in infrastructure,” he added. Ultimately, their citizens pay a hefty price, Murphy said.
Ronan Palan, who studies tax havens, lists six things he has learned from the release of the documents. He says that the techniques used are familiar, a lot of it legal, and have become part of doing business, He also says that we have a long way to go in fighting tax abuse and that a large public outcry will be necessary in order to force governments to do so.
He also warns that the whistleblower is in danger.
The person who is likely to suffer most from the leak is its originator: the whistleblower. Their life – if they are identified – will be hell. Members of our globe-trotting elites will make sure of that. They are as likely to suffer from Putin’s henchman as from the courts of a leading and supposedly fair nation such as Sweden or the UK where they could be sued for the theft of the data.
The whistleblower who exposed wrongdoing at HSBC’s Swiss bank, Hervé Falciani, was sentenced to five years in prison by a Swiss court for industrial espionage, data theft and violation of commercial and banking secrecy. He has managed to escape imprisonment by living in exile in France, but it goes to show that whistleblowers do not necessarily have the law on their side. Edward Snowden who released the Wikileaks files remains in Russia, hiding from US prosecutors.
Andy Greenberg provides the backstory on how the Panama Papers were leaked and how the many journalists who were given access to the cache of 11.5 million documents managed to keep them secret while they worked on them for a year.
The Panama Papers leak began, according to ICIJ director Ryle, in late 2014, when an unknown source reached out to the German newspaper Suddeutsche Zeitung, which had reported previously on a smaller leak of Mossack Fonseca files to German government regulators. A Suddeutsche Zeitung reporter named Bastian Obermayer says that the source contacted him via encrypted chat, offering some sort of data intended “to make these crimes public.” But the source warned that his or her “life is in danger,” was only willing to communicate via encrypted channels, and refused to meet in person.
…Obermayer tells WIRED he communicated with his source over a series of encrypted channels that they frequently changed, each time deleting all history from their prior exchange. He alludes to crypto apps like Signal and Threema, as well as PGP-encrypted email but declines to say specifically which methods they used. Each time the reporter and source re-established a connection, they would use a known question and answer to reauthenticate each other. “I’d say ‘is it sunny?’ You’d say ‘the moon is raining’ or whatever nonsense, and then both of us can verify it’s still the other person on the device,” Obermayer says.
…Meanwhile, the shipments of leaked data continued piecemeal. “Over time we got more and more until we had all 11.5 million documents,” Ryle says. Obermayer declined to explain how their leaker sent Suddeutsche Zeitung hundreds of gigabytes or even terabytes of information at a time. That’s far too much to send over email, of course, though that quantity of data could easily be sent anonymously in the form of shipped encrypted hard drives. “I learned a lot about making the safe transfer of big files,” Obermayer says elliptically.
The ICIJ’s developers then built a two-factor-authentication-protected search engine for the leaked documents, the URL for which they shared via encrypted email with scores of news outlets including the BBC, The Guardian, Fusion, and dozens of foreign-language media outlets. The site even featured a real-time chat system, so that reporters could exchange tips and find translation for documents in languages they couldn’t read. “If you wanted to look into the Brazilian documents, you could find a Brazilian reporter,” says Ryle. “You could see who was awake and working and communicate openly. We encouraged everyone to tell everyone what they were doing.” The different media outlets eventually held their own in-person meetings, too, in Washington, Munich, London, Johannesburg and Lillehammer, Ryle says.
…Mossack Fonseca and its customers won’t be the last to face an embarrassing or even incriminating megaleak. Encryption and anonymity tools like Tor have only become more widespread and easy to use, making it safer in some ways than ever before for sources to reach out to journalists across the globe. Data is more easily transferred—and with tools like Onionshare, more easily securely transferred—than ever before.
…Dozens of media outlets, including the Intercept, now host anonymous upload systems that use cryptographic protections to shield whistleblowers. All of that—unfortunately for companies and governments trying to keep hold of their dirty data, but fortunate for public interest—means that the widening pipeline of leaks isn’t likely to dry up any time soon.
The cache of documents are reportedly being stored on an Amazon cloud server and about 400 journalists have the keys to the encrypted searchable database and this raises issues similar to the ones revealed in the Apple-FBI standoff about what Amazon, a global company, can and will do if pressured by any government to provide access to the files. Back in 2010, Amazon succumbed to pressure from the US government via US Senator Joe Lieberman and cut off WikiLeaks’s access to its servers.
All of which raises the question of what Amazon is legally required to do if the United States or any number of foreign governments come knocking. Could Jeff Bezos’ behemoth be forced to disclose the documents to law enforcement? International security experts say there is no clear answer given the jurisdictional scope of the situation. At last count, the Panama Papers contain details of the offshore activities of politicians from at least 50 countries while Amazon’s cloud computing division operates in a dozen geographic regions.
…Mossack Fonseca, the Panama law firm at the center of the debacle, said in a statement the documents in question are stolen property and vowed to “ensure the guilty parties are brought to justice.” But as far as anyone knows, the leaker is anonymous.
This is why the efforts of the various governments, including the US, to stop more powerful encryption methods being developed are harmful. While they may claim that it is to fight terrorism, such efforts will also make it harder for whistleblowers to remain anonymous and in the long run prevent individuals like Edward Snowden and this whistleblower from revealing information that is in the public interest.
Seen on Twitter:
The efforts are not harmful, they are worse than that -- they’re futile. Anyone with a basic understanding of the maths already has access to arbitrarily powerful encryption.
In fact, that’s not what “the efforts” are focussed on at all. It’s not powerful encryption they want to stop -- it’s convenient encryption. It’s not terrorists’ communications they want to be able to decrypt -- they know that ship sailed in the 70s. What they’re scared witless of is the possibility that “there’s an app for that” -- that you and me and everyone else might be able to keep all our comms properly secure without having to learn about infosec, or even know the word. They can’t have that.
The cache of documents are reportedly being stored on an Amazon cloud server and about 400 journalists have the keys to the encrypted searchable database and this raises issues similar to the ones revealed in the Apple-FBI standoff about what Amazon, a global company, can and will do if pressured by any government to provide access to the files.
Uh, that battle’s lost already.
Amazon’s system logs will show who accessed what in the encrypted archive, and when. And one of the features of cloud services is data backup -- there will be backup files a’plenty, which can have their encryption attacked offline.
The most poignant and shameful aspect of the Panama papers is not that wealthy people hide their money to avoid taxes and accountability, everyone knew that, and it happens in a whole lot of different placed besides Panama; it is that the vast majority of the actions documented are legal. They may violate people’s sense of fairness, and the spirit of the law, but most of it is legal. This is not because the laws were sloppily written. These loopholes are not bugs; they are features willfully included to make the system work better for people with significant wealth.
I still think one of the best ways to get people to think of encryption backdoors as harmful is to compare it to things they know. Like ask when the last time they checked the Police Only Door in their house or apartment to make sure it opened easily and nothing was in the way. Because any police officer or intelligence agent might need to root through your stuff to make sure there’s no child porn or voter fraud or terrorist bombs laying about (you have nothing to hide, right). And it’s even worse than that really because while you’re likely to notice and ask what the hell they’re doing in your living room if they walk in on you, it could be made arbitrarily difficult to tell that they’re cyber-stalking you. It could go on for years without a trace that an average person might notice. And of course no one would ever do anything shady with this power that isn’t going to be tracked well and would encourage little authoritarian tyrants to lord it over the masses.
It is at various times disheartening and infuriating that we have real issues with tax evasion that does a huge amount of damage to the system of governance yet the people who supposedly answer to us about the policies allowing these things would rather ignore this issue and focus on made-up boogeymen or tilt at wildly exaggerated windmills. Or worse, actively harmful things like limiting easy access to encryption. I guess arbitrary, made-up problems allow for easier use of arbitrary, made-up solutions or declarations of progress.