When news website 100Reporters launched this past October, it had everything you’d expect from a promising journalistic startup: top journalists, funding, partnerships with established news organizations. But 100Reporters also came equipped with Whistleblower Alley, its own WikiLeaks-style leaking portal.
Started by Diana Jean Schemo and Philip Shenon, both former New York Times journalists, 100Reporters covers corruption in the US and abroad. It’s a beat that often relies on risk-taking sources who’ve been promised anonymity from journalists. But as digital communications become easier to monitor, confidentiality becomes harder to ensure. “They don’t tolerate a free press in Afghanistan, Somalia, or Burma, but we want to let these people get information out and tell their story,” says Schemo. “We built Whistleblower Alley as a place to have secure, encrypted communications without any sort of compromise in the transmission itself.”
100Reporters isn’t the first news organization to offer a secure communications portal for sources. In the past year, many variations of this concept have emerged, and just like the inspiration for it all, WikiLeaks, the short history of these ventures hasn’t been so smooth.
In January 2011, mere weeks after the arrest of Julian Assange, Al Jazeera’s Transparency Unit (AJTU) was unveiled, the first big-media attempt at a whistleblower platform. Shortly afterwards, then-New York Times editor Bill Keller spoke of a similar Times initiative, calling it an “EZ Pass Lane for Leakers,” but it’s nowhere to be seen as of yet. (Andy Greenberg was told in October that it was “still in the early stages.”) The Wall Street Journal’s SafeHouse followed in May, but a month after its debut, the Electronic Frontier Foundation, a digital rights advocacy group, published a piece titled “WSJ and Al-Jazeera Lure Whistleblowers with False Promises of Anonymity.” The piece included a subhead which read, “They Reserve the Right to Sell You Out” breaking down both the WSJ’s and Al Jazeera’s terms of service; each included a caveat that they could reveal the source of a submission if asked by law enforcement or other third parties.
Al Jazeera later amended some of the problems for which they were criticized, encouraging people to be proactive about protecting their own anonymity, and being more specific about the circumstances under which they would disclose information. The Wall Street Journal told Forbes’s Andy Greenberg their terms of service was set up that way “to provide flexibility to react to extraordinary circumstances.” The Wall Street Journal declined a CJR request to speak about Safehouse; The New York Times and Al Jazeera never responded when asked for an interview.
The strongest way for sites like these to protect their sources is to build the site in a way that even the creator can’t trace what is received, a standard many leaks sites adhere to. Danny O’Brien, a technology journalist and the Internet advocacy coordinator for the Committee to Protect Journalists, says this blanket anonymity is less workable at a news organization, where anonymous sources can prove difficult to use. “There’s a difference between meeting up with Deep Throat and knowing who he is,” says O’Brien, “and simply meeting with someone who insists they are called deep throat and won’t tell you anything else about them.” Most of the legal safeguards journalists have are based on them knowing the source’s identity but being protected from having to reveal that. Trust in the subsequent story is drawn from the assumption that the anonymous source has been vetted, and there’s reason to believe what they’re saying.
O’Brien refers to this discrepancy as a “culture clash” between news organizations and the hacker subculture. Leak platforms that come from the latter are often constructed in a way that’s “far less easy to use in order to insure against even very uncommon attacks,” says O’Brien, while news organizations have taken a “good-enough approach.”
WikiLeaks’s guarantee of anonymity is such that even they don’t know who’s leaking to them, because, as Assange put it to Frontline in May, “the best way to keep a secret is to never have it.” But it’s now been over 400 days since Assange’s house arrest and the financial embargo on WikiLeaks’s donations, not exactly the most inviting circumstances for developing a whistleblower platform. “Large media organizations have a lot to lose,” says O’Brien, “and they don’t appear prepared to lose it.” WikiLeaks’s homepage says their hardships have forced them to devote all their energy to fundraising. This December, they published for the first time in eight months with the “Spy Files,” an inside look at the booming surveillance industry and its government customers (more on that here). Following that release, Assange said he would be revamping WikiLeaks’s submission system to deal with outdated security features on the site.
There are other types of tools that have tried, and sometimes failed, at providing privacy and security. In 2009, a site called Haystack emerged to much buzz. Named for its supposed ability to make sensitive web searches appear innocuous to outside observers, akin to a “needle in a haystack,” it was intended to be used by Iranian dissidents to work around the state’s Internet monitoring systems. The main developer, Austin Heap, refused to make code of the project public, his reason being that the Iranian government would then be able to circumvent the tool. But security expert Jacob Applebaum and a team of researchers reverse-engineered the program, gaining access to the code, and found considerable security gaps, with Applebaum tweeting that “Haystack is the worst piece of software I have ever had the displeasure of ripping apart. Charlatans exposed. Media inquiries welcome.” Eva Galperin, an activist for the EFF, says that Haystack put Iranian dissidents in “direct danger” by claiming Haystack was secure when it wasn’t. “When someone says they are going to build a tool to guarantee anonymity and privacy, they should be open and transparent about how they are guaranteeing that,” says Galperin. “This way, the open source community can try to break into it and find out what the problems are.”
Reporters Without Borders announced at this December’s Chaos Communications Congress, an annual hacker conference, that they are building a “Virtual Shelter” for censored stories and documents. Lucie Morillon, who gave the presentation, says they are working closely with security experts to build the portal, and will also be inviting them to try and “break it” before they launch, to be sure it’s secure. Morillon says the conduit, which does not have an official name as of yet, will not put up raw material; all published submissions will be accompanied by stories to conceptualize the information. But another part of this project, Morillon says, is to “make censorship completely useless” through something which has been referred to as the “Streisand effect.” In 2003, Barbara Streisand sued to suppress pictures of her coastline mansion from publication, but instead drew more attention to the photos. Morillon says if someone has been arrested for publishing an article, Reporters Without Borders will be encouraging people to leak it over their portal so the organization can publicize it widely.
But it’s not always necessary to build a tool like this from scratch. 100Reporters’s technology and web developer Jonathan Hutcheson looked to use existing options when building for Whistleblower Alley. Hutcheson decided on Privacy Box—open source secure-communications software that can be customized and installed on any site. The software is distributed by the German Privacy Foundation, a nonprofit privacy advocacy group. The site’s description says Privacy Box “provides non-tracked (and also anonymous) contact forms” and is “running primarily for journalists, bloggers and other publishers.” This was exactly what Hutcheson was looking for, “It’s a one trick pony that is operated by an organization devoted to privacy,” says Hutchseson. “And one of the things that was incredibly attractive is that we didn’t actually operate it ourselves.”
Developed in 2007, Privacy Box was inspired by an incident involving Telekom, a large German telecommunications company, which spied on journalists that were investigating the company. Jan Suhr, a member of the German Privacy Foundation, says the ensuing scandal left him and other members brainstorming about how to give journalists “a simple and secure way to do their jobs.” Privacy Box offers a private and anonymous way for people to communicate, so it’s not inherently a leak platform, but it is being used that way by 100Reporters. Privacy Box has been implemented on both a German whistleblower network and a Russian leaks website. The program is also being used by other organizations: NGOs, political parties, an anti-fascist group, an anti-nuclear energy group. Suhr says he got word that a university was using it for anonymous lecture feedback.
Here’s how it works: First, the message is encrypted, and sent to the receiver. It can only be opened and made legible with a key, which the receiver is provided with. Privacy Box does not record who is doing the messaging, so it leaves no trail, but Suhr says the most secure way to use this technology is with Tor, which makes it nearly impossible to trace which computer an action is coming from by dispersing the transfer of the information across many networks. Suhr says they don’t know how often their Tor advice is heeded, since they don’t analyze their users. Most leak platforms encourage using their systems in conjunction with Tor, including WikiLeaks, since it helps to hide not only what’s being communicated, but from where.
Honest Appalachia, the newest leak platform to make headlines, has made the use of Tor a requirement. “It’s not optional,” says Garrett Robinson, who built the site. “If you try to use [Honest Appalachia] without Tor, it will just redirect you to a page with directions on how to use it.”
Launched on January 10th, the site is focused on West Virginia, Virginia, Pennsylvania, Ohio, Kentucky, Tennessee and North Carolina. Both Robinson and cofounder Jim Tobias live in the region and feel this rural area could especially benefit from more transparency. Robinson says the biggest challenge with this work is authenticating the documents, which is why they have modeled their site around handing submissions over to journalists rather than publishing themselves. “Journalists have a lot more experience dealing with this, so we want their help to analyze and authenticate these documents.” He says once they receive files, they will decrypt them and then go through the process of “cleaning” the file of any other identifying metadata before handing it off to journalists.
The code is open source. “A truly secure site will withstand attack,” says Robinson, and the tool can be easily replicated by running a script that installs about 80 percent of the software, leaving only the cryptography to be done manually. The hope is for others to use it to “support accountability and transparency in their communities,” but Robinson is quick to point out that Honest Appalachia doesn’t guarantee anything. “When you hear guarantees and promises in the security field, you should get concerned,” says Robinson. “You should always be reevaluating. Security is a process, not a product.”
Alysia Santo is a former assistant editor at CJR.