Wiping away whistle-blowers' online fingerprints
By Dana Rosenblatt, CNN
June 11, 2011 -- Updated 1617 GMT (0017 HKT) | Filed under: Web
More organizations are starting WikiLeaks-type websites -- but not all will protect whistle-blowers' identities.
CNN takes you into the private world of WikiLeaks founder, Julian Assange. Watch "WikiWars: The Mission of Julian Assange," on CNN on Sunday, June 12, at 8 p.m./11 p.m. ET.
(CNN) -- In the post-WikiLeaks era, news organizations and other groups are launching spinoff websites in hopes a catching the next big scoop.
New York Times executive editor Bill Keller recently announced his vision of creating an online "EZ Pass lane for leakers," according to a Yahoo news blog.
The Wall Street Journal launched its own secret-spilling online data drop called SafeHouse in May, following Al Jazeera's January 2011 launch of the Al Jazeera Transparency Unit.
Dozens of other geo-specific Wiki sites have also emerged -- Balkanleaks, Indoleaks and Brusselsleaks to name a few.
But critics and network security experts are warning would-be leakers to read the fine print before setting out to expose the next Watergate scandal.
Your anonymity is not guaranteed, they say.
WSJ's SafeHouse explicitly states this in its terms of use:
"We reserve the right to disclose any information about you to law enforcement authorities or to a requesting third party, without notice, in order to comply with any applicable laws and/or requests under legal process... to protect the property or rights of Dow Jones or any affiliated companies, and to safeguard the interests of others."
The Electronic Frontier Foundation, a digital liberties watchdog group, says legal disclaimers are problematic when it comes to whistle-blowing.
"Whiste-blowing by definition threatens 'the interests of others,'" said EFF attorney Hanni Fakhoury. "Every time someone uploads a scoop to SafeHouse, they jeopardize someone's interest in order to inform the public of what's actually going on."
The Wall Street Journal has addressed criticisms of SafeHouse, saying in a recent media report that it is committed to protecting its sources.
"There is nothing more sacred than our sources; we are committed to protecting them to the fullest extent possible under the law," a WSJ spokeswoman wrote in a statement posted in a recent Forbes blog. "The Terms of Use reserve certain rights in order to provide flexibility to react to extraordinary circumstances. But as always, our number one priority is protecting our sources."
The Wall Street Journal did not respond to CNN's request for an independent statement.
Former WikiLeaks insider and IT security expert Daniel Domscheit-Berg says these guidelines do not inspire confidence.
"The Wall Street Journal and Al Jazeera are both solutions I would never recommend to use," said Domscheit-Berg, who frequently advises media groups and non-governmental organizations about network security and anonymity.
"They are insecure to begin with and people haven't thought about this properly before they started to run such a site."
How WikiLeaks has changed today's media
Domscheit-Berg recently launched his own whistle-blowing website, OpenLeaks, created to serve as a secure conduit between sources with leaks and a hand-picked list of media organizations and non-profit groups.
Still in development, OpenLeaks promises to ensure the leakee that it will not be able to trace the origin or identity of the leaker.
For sources who want to protect their anonymity, Internet security experts and activists recommend Tor -- a free software program that attempts to protect privacy by bouncing a users' data around a distributed network of relays run by volunteers all over the world.
The Wall Street Journal's disclaimer also steers SafeHouse users who want an extra layer of anonymity to download the software.
First developed in 1999 by MIT students for U.S. Naval Research Laboratory, Tor was created to separate online communication from its destination.
The software works by enabling communication to bounce off "relays" -- known as "onion routing" -- and relies an international network of volunteers to keep users anonymous.
"Tor was developed to protect privacy ... it bounces communication through three out of about 3,000 relays which are all over the world and run from volunteers," said Tor Development Director Karen Reilly.
The Tor Project operates as a non-profit that receives 75% of its funding from the U.S. government. Tor users include journalists, activists, the U.S. military and law enforcement agencies.
The software allows Tor users to mask their IP address, and in many cases, allow access to websites blocked by certain governments.
EFF recently launched the "Tor Challenge," calling on volunteers worldwide to operate Tor relays which can be set up on individual computers by downloading Tor software.
Activists warn that there are some risks to running an exit relay if authorities detect suspicious activity coming from the IP address of your exit relay.
In some cases, volunteers hosting exit relays have been paid a visit by the CIA or FBI.
Tor relay volunteers shouldn't be concerned, as most law enforcement agencies are aware of Tor and its purposes, Reilly says.
"If you run an exit node (relay) and some jerk uses your connection to do something that attracts attention, we have a tool called Exonerator that shows you are an exit node and shows that you are not the person responsible for that activity," Reilly said.
Law enforcement officials also use Tor to protect their identity when working on sensitive cases, she said.
Even with encryption technology and anonymizing software, those holding valuable information and are seeking an online refuge may be better served sending their leaks the old-fashioned way -- via snail mail.
Credit: CNN (www.cnn.com)
No comments:
Post a Comment