WikiLeaks’s guarantee of anonymity is such that even they don’t know who’s leaking to them, because, as Assange put it to Frontline in May, “the best way to keep a secret is to never have it.” But it’s now been over 400 days since Assange’s house arrest and the financial embargo on WikiLeaks’s donations, not exactly the most inviting circumstances for developing a whistleblower platform. “Large media organizations have a lot to lose,” says O’Brien, “and they don’t appear prepared to lose it.” WikiLeaks’s homepage says their hardships have forced them to devote all their energy to fundraising. This December, they published for the first time in eight months with the “Spy Files,” an inside look at the booming surveillance industry and its government customers (more on that here). Following that release, Assange said he would be revamping WikiLeaks’s submission system to deal with outdated security features on the site.
There are other types of tools that have tried, and sometimes failed, at providing privacy and security. In 2009, a site called Haystack emerged to much buzz. Named for its supposed ability to make sensitive web searches appear innocuous to outside observers, akin to a “needle in a haystack,” it was intended to be used by Iranian dissidents to work around the state’s Internet monitoring systems. The main developer, Austin Heap, refused to make code of the project public, his reason being that the Iranian government would then be able to circumvent the tool. But security expert Jacob Applebaum and a team of researchers reverse-engineered the program, gaining access to the code, and found considerable security gaps, with Applebaum tweeting that “Haystack is the worst piece of software I have ever had the displeasure of ripping apart. Charlatans exposed. Media inquiries welcome.” Eva Galperin, an activist for the EFF, says that Haystack put Iranian dissidents in “direct danger” by claiming Haystack was secure when it wasn’t. “When someone says they are going to build a tool to guarantee anonymity and privacy, they should be open and transparent about how they are guaranteeing that,” says Galperin. “This way, the open source community can try to break into it and find out what the problems are.”
Reporters Without Borders announced at this December’s Chaos Communications Congress, an annual hacker conference, that they are building a “Virtual Shelter” for censored stories and documents. Lucie Morillon, who gave the presentation, says they are working closely with security experts to build the portal, and will also be inviting them to try and “break it” before they launch, to be sure it’s secure. Morillon says the conduit, which does not have an official name as of yet, will not put up raw material; all published submissions will be accompanied by stories to conceptualize the information. But another part of this project, Morillon says, is to “make censorship completely useless” through something which has been referred to as the “Streisand effect.” In 2003, Barbara Streisand sued to suppress pictures of her coastline mansion from publication, but instead drew more attention to the photos. Morillon says if someone has been arrested for publishing an article, Reporters Without Borders will be encouraging people to leak it over their portal so the organization can publicize it widely.
But it’s not always necessary to build a tool like this from scratch. 100Reporters’s technology and web developer Jonathan Hutcheson looked to use existing options when building for Whistleblower Alley. Hutcheson decided on Privacy Box—open source secure-communications software that can be customized and installed on any site. The software is distributed by the German Privacy Foundation, a nonprofit privacy advocacy group. The site’s description says Privacy Box “provides non-tracked (and also anonymous) contact forms” and is “running primarily for journalists, bloggers and other publishers.” This was exactly what Hutcheson was looking for, “It’s a one trick pony that is operated by an organization devoted to privacy,” says Hutchseson. “And one of the things that was incredibly attractive is that we didn’t actually operate it ourselves.”