Skip to main content
Move the World.
Smari_qanda
Smári McCarthy, chief technologist of OCCRP

If you’ve read a big story about international corruption in the last few years, it was likely the work of journalists from multiple countries using complex data sets to trace money flowing through offshore accounts registered to fake corporations. A decade ago, only law enforcement agencies could tie those strands together, if they were lucky.

Today, journalists can do it, and one huge reason why is due to the work of the Organized Crime and Corruption Reporting Project. Founded in 2006, the OCCRP’s creation coincides with the birth of high-tech, transnational investigative journalism.

We profiled the OCCRP — “The People’s NSA” — in this week’s episode of Coded . In the following Q&A, we talk to Smári McCarthy, the group’s former head of security, about risks journalists face when they take on organized crime and corrupt governments. 

Freethink: Let’s start with a quick overview of what OCCRP is and what it does.

Smári: The Organized Crime and Corruption Reporting Project is a hybrid NGO-journalism organization set up about 8 years ago that focuses on big organized crime cases and corruption cases, typically those that cross borders and involve multiple countries with a lot of complex assets going around.

When it was founded, there was a tacit understanding that the governments of the world had failed to adapt to the internationalization of everything. Whereas all sorts of cartels and gangs and mobs have become internationalized, just as corporations and international trade have become internationalized, the police forces of the world haven't kept up and neither have journalism organizations. So OCCRP was founded with the goal of creating a much stronger cross-border reporting scheme that could delve into very complex cross-border issues.

Freethink: Your role is to protect the work journalists do online. What does that involve?

Smári: Security isn't something you do once. It isn't surgery, it's more like hygiene. It's something you have to do continuously.

Security isn't something you do once. It isn't surgery, it's more like hygiene. It's something you have to do continuously.

As Chief Technologist, my job is to take all of the different technological problems that come up in our organization and find solutions. This means creating databases, building software that manages these databases, and managing the security of our people.

I work with our journalists on how to use specific encryption tools like Signal for instant messaging and chat tools. I also do regular check-ups to make sure everybody is encrypting their hard drives, and discuss field security issues that may have recently come up for them.

Freethink: We’re having this conversation in Moldova, where the kind of corruption the OCCRP investigates recently exploded into view. Can you tell us about that case?

Smári: About a year ago, roughly 1.5 billion dollars disappeared out of three of the largest banks here in Moldova — about 15 percent of the country’s GDP.

Moldova is a country that has had a very bad track record in the 26 years since it broke away from the Soviet Union. Some years have been very good, others have been very bad. But one of the overriding things has always been the strong need for a people who understand journalistic practices, who go and dig deep into the murky depths of the Moldovan underworld and just expose the entire thing.

So our partner here, RISE Moldova, is a young organization that's been doing just that over the last two years. They’ve embarrassed the government, exposed criminal syndicates, and done a lot of work that has altered the political narrative in this country. But there's a lot more work to be done.

Over the last twelve months, meanwhile, we’ve had five different governments take power in the country. That’s a much faster turnover rate than is reasonable, even for a country that has had a lot of turmoil.

The theft completely set the Moldovan Lei — which is the country’s currency — on a very bumpy path. It's caused financial insecurity in what was already the poorest country in Europe.

Freethink: Can you tell us a bit about how RISE Moldova got started and how they’ve been able to do this kind of journalism?

Smári: RISE Moldova is a collection of pretty young, very eager, very talented journalists who have come together with this new goal of really building out a proper investigative capability. It’s the sister organization of the RISE Project in Romania, which was founded by Paul Radu, who is one of the founders of OCCRP.

smari_qnada1
McCarthy works with RISE Moldova to expose government corruption

Freethink: I’m guessing they have a lot of enemies.

Smári: Yes, which is why over the course of the last three to four months, we've seen more or less continual denial of service attacks against the servers where RISE Moldova's website is hosted.

From that, we know somebody is hell-bent on preventing their website from staying on the internet. Whoever's doing this is very enthusiastic about taking them down, but isn't very good at it.

But even a weak attack creates a security challenge. Because if they’re trying to keep RISE Moldova off the internet, they might also be trying to figure out what RISE Moldova is doing.

Whoever's behind this might be employing surveillance techniques, trying to tap phones, trying to hijack cell towers, break into computers, or deploy malware.

The attacks you can see are normally the ones you can deal with. The real fear is always that there are attacks going on you can't see.

But we don't really know all the details of what is being tried, because the attacks you can see are normally the ones you can deal with. The real fear is always that there are attacks going on you can't see and you don't know about, which means there is no realistic way of dealing with them. So the only thing we can really do is employ a very robust approach to security.

On the one hand, that means keeping the servers running and making sure that they are very well protected. But it also means making sure all of the computers and phones and other devices being used by our journalists are well-protected and regularly scanned and preferably wiped, because a lot of people put a lot of faith into anti-virus software. And anti-virus software will capture certain types of malware.

But there's still that entire category of really bad stuff that we can’t anticipate, which is what we call zero day exploits, which are security holes that not even the people who made the software know about. They come up publicly very infrequently, but in our line of work, they're used more often because we’re high-value targets. So that means that the only way we can be sure we've gotten rid of a problem is by wiping the operating system, clearing everything, and starting from scratch on a regular basis.

smari_qanda3
McCarthy and his team have to constantly monitor attacks against journalists they work with

Freethink: Do you ever feel that what you’re doing is keeping you safe or secure? Or are you always worried about gaps?

Smári: Realistically, you just have to work with what you know, try to understand the actual scope of the threat, and work through the problems. The tendency to allow emotions to run away with you will lead you down a path of paranoia and cynicism, which is never a good way to go. So my approach is to try to bury those feelings of anxiety and just work with the problem as it stands.

Freethink: Can you give us your definition of privacy?

Smári: Privacy is the right to selectively expose yourself to society. That's Eric Hughes' definition. It is a very good one because it doesn't focus on the secrecy, it focuses on right of individuals to choose with whom they share information.

When it comes to the government, the question should be, Why should this be private? As opposed to, Why shouldn't it be private?

That's a very important right for individuals. But when it comes to the government, the question should be, "Why should this be private?" As opposed to, "Why shouldn't it be private?" The default for governments should always be open. Historically, they have defaulted to being closed. Most governments don’t give you access to any data. But they should, because government exists to serve the people. It’s why people pay taxes. 

Freethink: Can you talk about how what the OCCRP does in comparison to a governmental organization like the NSA?

Smári: Spy agencies like the NSA spend billions and billions of dollars every year trying to gather what one U.S. Government official called "a robust social graph of the world." That means they're trying to figure out who knows who, why they know each other, how much they know each other, what they do together, what they talk to each other about, and so on and so forth.

Basically, they're trying to create a haystack because they think you need a haystack in order to find a needle. That’s a self-righteous statement for those who are enthusiastic about building haystacks, and it doesn't acknowledge the reality that finding needles is a lot of easier if you don't have to dig through mountains of hay.

The problem with doing it that way is that it violates the fundamental idea of privacy by eliminating the ability of people to selectively expose themselves. Under that model, social progress will be stifled, one way or another. Even if police don't start coming to houses knocking down doors and arresting people on the basis of what they think, people will still fear that that might happen, and stop having those conversations, even with close trusted friends or family. And we can't allow that to happen.

The investigative journalism approach is much better because it tries to achieve the same goal of discovering criminality without spying on everybody.

The investigative journalism approach is much better because it tries to achieve the same goal of discovering criminality without spying on everybody . We don't need the haystack. We need public records. We need information from governments about what governments are up to. We need information from corporate registries about which corporations exist. By compiling all of this public information together, we can find the leads to criminality. And you can do this without violating privacy or any kind of thought policing or chilling of free speech.

In practice, it appears this is a much more effective approach with much better return on investment. And because the end-product of journalism is publicly accessible content, the journalists who are involved in this process are ultimately completely accountable to the public, something that we unfortunately we can’t say for law enforcement.

At the time of the interview, Smári McCarthy worked as OCCRP's chief of technology. He now serves in the Icelandic parliament.


Related video:

Up Next

Dispatches
Hacking the Brain's Comms Network – without Surgery
Hacking the Brain's Comms Network – without Surgery
Dispatches
Hacking the Brain's Comms Network – without Surgery
When nerve cells in the brain communicate, they create tiny electric fields that can be sensed – and sometimes...
By Salvatore Domenic Morgera

When nerve cells in the brain communicate, they create tiny electric fields that can be sensed – and sometimes altered – from outside the skull.

Dispatches
"Q" Probably Won't Make You Rich, but It's an Experiment Worth Watching
"Q" Probably Won't Make You Rich, but It's an Experiment Worth Watching
Dispatches
"Q" Probably Won't Make You Rich, but It's an Experiment Worth Watching
It's not the next Bitcoin (or a path to riches), but it's an intriguing idea.
By Brendan Markey-Towler

It's not the next Bitcoin (or a path to riches), but it's an intriguing idea.

The Real Mother of Dragons
Real dragons
Watch Now
The Real Mother of Dragons
Meet the scientists using dragon blood to fight superbugs
Watch Now

If you thought dragons existed only in the domain of historical fantasy fiction like Game of Thrones or Lord of the Rings, think again. Dragons are real and their blood just may be our biggest hope when it comes to tomorrow's antibiotics. Dragons Are Real The largest of any earthly lizard, Komodo dragons walk the earth to this day. They’re not only real, but they’re also much like their larger, fictional counterparts, fit...

Coded
Nico Sell on Recruiting Hackers for Good
Nico Sell on Recruiting Hackers for Good
Watch Now
Coded
Nico Sell on Recruiting Hackers for Good
Nico Sell, founder and chairman of the Wickr Foundation, on teaching kids how to hack and encouraging them to use their new-found talents for good.
Watch Now

People often have a bad perception of hackers, conjuring up images of either 20-somethings in their parents’ basement or sophisticated criminals responsible for massive data breaches. Nico Sell, founder and chairman of the Wickr Foundation, wants to change that. She thinks not only are hackers some of the smartest, most creative people around, but also that hacking will prove to be the most powerful tool for our...

Coded
WATCH: Trailer for Our New Show, Coded
WATCH: Trailer for Our New Show, Coded
Coded
WATCH: Trailer for Our New Show, Coded
Meet the programmers on the frontlines of the war over security and privacy.
By Mike Riggs

Meet the programmers on the frontlines of the war over security and privacy.

This Week In Ideas: An Artificial Pancreas, Google's New Translation Tech, and a...
This Week In Ideas: An Artificial Pancreas, Google's New Translation Tech, and a Massive Mars Rocket
This Week In Ideas: An Artificial Pancreas, Google's New Translation Tech, and a...
An incredible medical breakthrough, Google ups the ante, and the SpaceX Mars rocket. These are our favorite stories...
By Mike Riggs

An incredible medical breakthrough, Google ups the ante, and the SpaceX Mars rocket. These are our favorite stories of the week.

Self-Driving Cars are Finally Here. Sort Of.
Self-Driving Cars are Finally Here. Sort Of.
Self-Driving Cars are Finally Here. Sort Of.
Uber rolled out self-driving cars in Pittsburgh, but they're not totally autonomous. Yet. Under Pennsylvania law,...
By Mike Riggs

Uber rolled out self-driving cars in Pittsburgh, but they're not totally autonomous. Yet. Under Pennsylvania law, every car still needs an operator.

Conor Russomanno on Exploring Our Limits
Conor Russomanno on Exploring Our Limits
Watch Now
Conor Russomanno on Exploring Our Limits
Could linking our brains to computers allow the mind to control the world outside of our bodies?
Watch Now

Conor Russomanno’s interest in his own brain started with a bump on his head. A concussion he sustained during a game of rugby altered his perception of the world for months afterward. And that change got him thinking about the relationship between his physical brain and the way he thinks. To help him better understand himself--and to help other people understand themselves--he partnered with Joel Murphy to start...