David Akin, a Canadian political journalist has this advice for the http://WikiLeaks.org project:
Well, good luck. Professionally speaking, I rely on the quiet word, the unnamed source, the leaked document, and the anonymous e-mail as an essential source of good news items. So I'll be visiting Wikileaks when it gets up and running which, according to the site creators, will be in as little as three our four weeks.
It will be astonishing if such a system magically appears in February or March, fully tested and debugged, and is ready for lots of non-technical or only moderately technical people to download, install and run.
Much more than software is required in order for a project like this to succeed and even very technically able and well resourced organisations, running a centralised system cannot be trusted to implement secure and anonymous systems correctly
But -- as someone who is often offered confidential information -- let me pass on this advice: Those who have confidential information want to know who they're giving it to. They want to know the character of the reporter who will tell the world about this confidential information. And they want to know for a few reasons -- mostly because they need to trust that person. Wikileaks says it has some great cryptography, etc. which it says will protect its sources. And they say they've got 2 million leaked documents ready to go. Ok. Great. That's cool. But the cryptographers behind the site -- so far as I can tell -- are anonymous. That's not right. Heck, these folks could be the secret police from [fill-in-evil-country's-name-here] for all you and I know!
It should be remembered that not every user of the proposed system is going to be a vulnerable solitary whistleblower, who has never leaked any information before, and who is under direct physical threat.
There could also be many experienced intermediaries and contacts several steps removed from the prime sources who want to make use of it.
Those who are courageous enough to leak information need to leak to partners who are courageous enough to put their own name on the line and who have the fortitude to defend the anonymity of those who asked for that cloak.
What those not entirely anonymous cryptographers are probably aiming for is their Open Source system to try to obey Kerckhoffs' principle:
"a cryptosystem should be secure even if everything about the system, except the key, is public knowledge"
However, the attacks on the WikiLeaks.org system are also going to be legal ones, through court orders and executive police powers etc., so the principle of Plausible Deniability also comes into play.
However, the good technical design of software programs and communications protocols is not sufficient on its own to achieve the goal of anonymous, untraceable, uncensorable publication of leaked documents by whistleblowers and dissidents.
Just look at the mess which the United Kingdom's Security Service MI5 has got itself into with its newly launched, relatively simple Terror Threat Level Status Change notification and website news update e-mail list subscription service. See Spy Blog's initial and follow up articles.
MI5 have access to all the required technical knowledge and even existing systems already set up, which could have been used to make the system secure against third party snoopers, but they did not make proper use of this.
The British public is meant to trust these people to protect them from terrorists and spies etc. and in return they demand and get a cloak of anonymity and secrecy, to protect national security.
There is a case for some WikiLeaks.org public spokespeople, but why should all of of the WikiLeaks.org cryptographers and volunteers be exposed to public scrutiny ?
That is a higher standard of transparency and openness than we expect from elected politicians, civil servants and police and intelligence agency personnel, or even journalists, even in relatively free democratic societies, let alone in repressive ones.
In practice, is at actually possible to apply Kerckhoffs' principle and the principle of Plausible Deniability, not to computer software and communications protocols, but to the non-technical, human aspects of the project, without creating something that is apparntly indistinguishable from a subversive conspiracy, and which will no doubt be painted as such by the vested interests who have something to lose if WikiLeaks.org succeeds ?
Is it time to re-read Hakim Bey's Temporary Autonomous Zones, which was popular amongst an earlier generation of internet pioneers and activists, and cyberpunks ?
All of the technical problems with the MI5 system could easily have been solved, if it had been properly tested, before its public launch, and that is what is worrying about the promise to launch WikiLeaks.org software in February or March.
What exactly is it meant to do, and who has tested it ?
Where is there a detailed systems architecture document for public peer review ?
What are the trade off choices which have been made between security and accessibility and scalability ?
There are still a whole lot of unanswered questions about this ambitious proposed WikiLeaks.org scheme.
Recent Comments