January 2007 Archives

What effect, if any, will the promises made by Google, Microsoft, Vodafone and Yahoo! etc., regarding world wide human rights, privacy and censorship laws and policies, have on the WIkliLeaks.org project ?

Press Release from Business for Social Responsibility:

01/18/2007: Press Release from Business for Social Responsibility

Companies, Human Rights Groups, Investors, Academics and Technology Leaders to Address International Free Expression and Privacy Challenges

(CSRwire) January 18, 2007--A diverse group of companies, academics, investors, technology leaders and human rights organizations announced today its intention to seek solutions to the free expression and privacy challenges faced by technology and communications companies doing business internationally.

The process “ which aims to produce a set of principles guiding company behavior when faced with laws, regulations and policies that interfere with the achievement of human rights“ marks a new phase in efforts that these groups began in 2006.

Last year, Google, Microsoft, Vodafone and Yahoo!, with the facilitation of Business for Social Responsibility (BSR) and advice from the Berkman Center for Internet & Society at Harvard Law School, initiated a series of dialogues to gain a fuller understanding of free expression and privacy as they relate to the use of technology worldwide.

The www.WikiLeaks.org website has a link to subscribe to a Volunteers email list -
wikileaks@lists.riseup.net

This is run on the Seattle based RiseUp activist website, which runs several hundred such mailing lists.

RiseUp do seem to offer some useful security features for their lists, e.g. SSL encryption options, but they do present a very tempting surveillance or infiltration target.

The number of subscribers to the list seems to go up each day, but we have not yet had any email from it since apparently successfully subscribing.

Our couple of attempts to send an introductory email have been Rejected by the system.

RiseUp seem to have experienced some equipment failures over the weekend, according to their. status page.

Is the wikileaks list a casualty of this, or are we being censored ?

Surely WikiLeaks.org cannot simply be collecting data on people and waiting until the official launch day to ask them for help or money ?

David Akin, a Canadian political journalist has this advice for the http://WikiLeaks.org project:

Well, good luck. Professionally speaking, I rely on the quiet word, the unnamed source, the leaked document, and the anonymous e-mail as an essential source of good news items. So I'll be visiting Wikileaks when it gets up and running which, according to the site creators, will be in as little as three our four weeks.

It will be astonishing if such a system magically appears in February or March, fully tested and debugged, and is ready for lots of non-technical or only moderately technical people to download, install and run.

Much more than software is required in order for a project like this to succeed and even very technically able and well resourced organisations, running a centralised system cannot be trusted to implement secure and anonymous systems correctly

But -- as someone who is often offered confidential information -- let me pass on this advice: Those who have confidential information want to know who they're giving it to. They want to know the character of the reporter who will tell the world about this confidential information. And they want to know for a few reasons -- mostly because they need to trust that person. Wikileaks says it has some great cryptography, etc. which it says will protect its sources. And they say they've got 2 million leaked documents ready to go. Ok. Great. That's cool. But the cryptographers behind the site -- so far as I can tell -- are anonymous. That's not right. Heck, these folks could be the secret police from [fill-in-evil-country's-name-here] for all you and I know!

It should be remembered that not every user of the proposed system is going to be a vulnerable solitary whistleblower, who has never leaked any information before, and who is under direct physical threat.
There could also be many experienced intermediaries and contacts several steps removed from the prime sources who want to make use of it.

Those who are courageous enough to leak information need to leak to partners who are courageous enough to put their own name on the line and who have the fortitude to defend the anonymity of those who asked for that cloak.

What those not entirely anonymous cryptographers are probably aiming for is their Open Source system to try to obey Kerckhoffs' principle:

"a cryptosystem should be secure even if everything about the system, except the key, is public knowledge"

However, the attacks on the WikiLeaks.org system are also going to be legal ones, through court orders and executive police powers etc., so the principle of Plausible Deniability also comes into play.

However, the good technical design of software programs and communications protocols is not sufficient on its own to achieve the goal of anonymous, untraceable, uncensorable publication of leaked documents by whistleblowers and dissidents.

Just look at the mess which the United Kingdom's Security Service MI5 has got itself into with its newly launched, relatively simple Terror Threat Level Status Change notification and website news update e-mail list subscription service. See Spy Blog's initial and follow up articles.

MI5 have access to all the required technical knowledge and even existing systems already set up, which could have been used to make the system secure against third party snoopers, but they did not make proper use of this.

The British public is meant to trust these people to protect them from terrorists and spies etc. and in return they demand and get a cloak of anonymity and secrecy, to protect national security.

There is a case for some WikiLeaks.org public spokespeople, but why should all of of the WikiLeaks.org cryptographers and volunteers be exposed to public scrutiny ?

That is a higher standard of transparency and openness than we expect from elected politicians, civil servants and police and intelligence agency personnel, or even journalists, even in relatively free democratic societies, let alone in repressive ones.

In practice, is at actually possible to apply Kerckhoffs' principle and the principle of Plausible Deniability, not to computer software and communications protocols, but to the non-technical, human aspects of the project, without creating something that is apparntly indistinguishable from a subversive conspiracy, and which will no doubt be painted as such by the vested interests who have something to lose if WikiLeaks.org succeeds ?

Is it time to re-read Hakim Bey's Temporary Autonomous Zones, which was popular amongst an earlier generation of internet pioneers and activists, and cyberpunks ?

All of the technical problems with the MI5 system could easily have been solved, if it had been properly tested, before its public launch, and that is what is worrying about the promise to launch WikiLeaks.org software in February or March.

What exactly is it meant to do, and who has tested it ?

Where is there a detailed systems architecture document for public peer review ?

What are the trade off choices which have been made between security and accessibility and scalability ?

There are still a whole lot of unanswered questions about this ambitious proposed WikiLeaks.org scheme.

For some reason, John Young has "leaked" a second tranche of emails from the supposedly internal developer email list for the WikiLeaks.org project on his Cryptome.org website.

This time, he has not obscured most of the names and email addresses etc., which he did for the first lot.

This is inconsistent, and seems a bit spiteful. It is something to bear in mind if you ever correspond with him regarding his Cryptome website.

John Young's name no longer seems to appear on the Domain Name registration details for wikileaks.org, wikileaks.cn and wikileaks.info. Who is John Shipton ?

Domain ID:D130035267-LROR
Domain Name:WIKILEAKS.ORG
Created On:04-Oct-2006 05:54:19 UTC
Last Updated On:09-Jan-2007 18:51:22 UTC
Expiration Date:04-Oct-2007 05:54:19 UTC
Sponsoring Registrar:Dynadot, LLC (R1266-LROR)
Status:OK
Registrant ID:CP-13000
Registrant Name:John Shipton c/o Dynadot Privacy
Registrant Street1:PO Box 1072
Registrant Street2:
Registrant Street3:
Registrant City:Belmont
Registrant State/Province:CA
Registrant Postal Code:94002
Registrant Country:US
Registrant Phone:+1.6505851961
Registrant Phone Ext.:
Registrant FAX:
Registrant FAX Ext.:
Registrant Email:privacy@dynadot.com

Whoever is charge of the DNS now, might do well to create an entry for the shorter

http://wikileaks.org

link, which some of the news reports about the project are using, as the URL instead of

http://www.wikileaks.org

The shorter URL works in some but web browser software i.e. the ones which take a guess and prepend the "http://www. " prefix as required.

Initial thoughts on WikiLeaks.org

|

Like other people, I am both intrigued and worried about the WikiLeaks.org project.

Perhaps some people will choose to discuss the ethical and technical issues on this blog , in public.

As the leaking of the internal development list, by John Young at Cryptome, shows, all the PGP and Tor, and Freenet etc. technology which the project seems to be planning to use, is not, in itself, sufficient to guarantee to protect anonymous sources.

One has to ask why the WikiLeaks.org team chose to register the domain names wikileaks.org, .cn and .info, but not the shorter wikileak domain names.

It would also help if their DNS resolved "http://wikileaks.org" to point to the same web page as "http://www.wikileaks.org" - the shorter URL does not seem to go anywhere at all, at present.

Is this no longer under the control of the wikileaks,org team now that John Young, the Registrant, seems to have withdrawn his participation in the scheme.

Will he re-route any web or email traffic to these domain names elsewhere, or to /dev/null ?

SInce what they are trying to establish is a global trusted brandname, this could have done with some more thought and advice.

Once their software is available and is actually seen to work as intended, I may decide to participate in the project, in a small way, and will then point WikiLeak.org to the WikiLeaks.org project home page or to one of the planned network of distributed node servers.

However, currently, there are still many unanswered questions about this project, some of which will be discussed in future blog posts.


About this blog

This blog here at WikiLeak.org (no "S") discusses the ethical and technical issues raised by the WikiLeakS.org project, which is trying to be a resource for whistleblower leaks, by providing "untraceable mass document leaking and analysis".

These are bold and controversial aims and claims, with both pros and cons, especially for something which crosses international boundaries and legal jurisdictions.

This blog is not part of the WikiLeakS.org project, and there really are no copies of leaked documents or files being mirrored here.

Email Contact

Please feel free to email us your views about this website or news about the issues it tries to comment on:

email: blog@WikiLeak[dot]org

Before you send an email to this address, remember that this blog is independent of the WikiLeakS.org project.

If you have confidential information that you want to share with us, please make use of our PGP public encryption key or an email account based overseas e.g. Hushmail

LeakDirectory.org

Now that the WikiLeakS.org project is defunct, so far as new whistleblower are concerned, what are the alternatives ?

The LeakDirectory.org wiki page lists links and anonymity analyses of some of the many post-wikileaks projects.

There are also links to better funded "official" whistlblowing crime or national security reporting tip off websites or mainstream media websites. These should, in theory, be even better at protecting the anonymity and security of their informants, than wikileaks, but that is not always so.

New whistleblower website operators or new potential whistleblowers should carefully evaluate the best techniques (or common mistakes) from around the world and make their personal risk assessments accordingly.

Hints and Tips for Whistleblowers and Political Dissidents

The WikiLeakS.org Submissions web page provides some methods for sending them leaked documents, with varying degrees of anonymity and security. Anybody planning to do this for real, should also read some of the other guides and advice to political activists and dissidents:

Please take the appropriate precautions if you are planning to blow the whistle on shadowy and powerful people in Government or commerce, and their dubious policies. The mainstream media and bloggers also need to take simple precautions to help preserve the anonymity of their sources e.g. see Spy Blog's Hints and Tips for Whistleblowers - or use this easier to remember link: http://ht4w.co.uk

BlogSafer - wiki with multilingual guides to anonymous blogging

Digital Security & Privacy for Human Rights Defenders manual, by Irish NGO Frontline Defenders.

Everyone’s Guide to By-Passing Internet Censorship for Citizens Worldwide (.pdf - 31 pages), by the Citizenlab at the University of Toronto.

Handbook for Bloggers and Cyber-Dissidents - March 2008 version - (2.2 Mb - 80 pages .pdf) by Reporters Without Borders

Reporters Guide to Covering the Beijing Olympics by Human Rights Watch.

A Practical Security Handbook for Activists and Campaigns (v 2.6) (.doc - 62 pages), by experienced UK direct action political activists

Anonymous Blogging with Wordpress & Tor - useful step by step guide with software configuration screenshots by Ethan Zuckerman at Global Voices Advocacy. (updated March 10th 2009 with the latest Tor / Vidalia bundle details)

WikiLeakS Links

The WikiLeakS.org Frequently Asked Questions (FAQ) page.

WikiLeakS Twitter feeds

The WikiLeakS.org website does not stay online all of the time, especially when there is a surge of traffic caused by mainstream media coverage of a particularly newsworthy leak.

Recently, they have been using their new Twitter feeds, to selectively publicise leaked documents to the media, and also to report on the status of routing or traffic congestion problems affecting the main website in Stockholm, Sweden.

N.B.the words "security" or "anonymity" and "Twitter" are mutually exclusive:

WikiLeakS.org Twitter feed via SSL encrypted session: https://twitter.com/wikileaks

WikiLeakS.org unencrypted Twitter feed http://twitter.com/wikileaks

Internet Censorship

OpenNet Initiative - researches and measures the extent of actual state level censorship of the internet. Features a blocked web URL checker and censorship map.

Temporary Autonomous Zone

Temporary Autonomous Zones (TAZ) by Hakim Bey (Peter Lambourn Wilson)

Cyberpunk author William Gibson

Campaign Button Links

Watching Them, Watching Us, UK Public CCTV Surveillance Regulation Campaign
UK Public CCTV Surveillance Regulation Campaign

NO2ID Campaign - cross party opposition to the NuLabour Compulsory Biometric ID Card
NO2ID Campaign - cross party opposition to the NuLabour Compulsory Biometric ID Card and National Identity Register centralised database.

Gary McKinnon is facing extradition to the USA under the controversial Extradition Act 2003, without any prima facie evidence or charges brought against him in a UK court. Try him here in the UK, under UK law.
Gary McKinnon is facing extradition to the USA under the controversial Extradition Act 2003, without any prima facie evidence or charges brought against him in a UK court. Try him here in the UK, under UK law.

FreeFarid_150.jpg
FreeFarid.com - Kafkaesque extradition of Farid Hilali under the European Arrest Warrant to Spain

Peaceful resistance to the curtailment of our rights to Free Assembly and Free Speech in the SOCPA Designated Area around Parliament Square and beyond

Parliament Protest blog - resistance to the Designated Area restricting peaceful demonstrations or lobbying in the vicinity of Parliament.

Petition to the European Commission and European Parliament against their vague Data Retention plans
Data Retention is No Solution Petition to the European Commission and European Parliament against their vague Data Retention plans.

Save Parliament: Legislative and Regulatory Reform Bill (and other issues)
Save Parliament - Legislative and Regulatory Reform Bill (and other issues)

Open_Rights_Group.png
Open Rights Group

The Big Opt Out Campaign - opt out of having your NHS Care Record medical records and personal details stored insecurely on a massive national centralised database.

Tor - the onion routing network
Tor - the onion routing network - "Tor aims to defend against traffic analysis, a form of network surveillance that threatens personal anonymity and privacy, confidential business activities and relationships, and state security. Communications are bounced around a distributed network of servers called onion routers, protecting you from websites that build profiles of your interests, local eavesdroppers that read your data or learn what sites you visit, and even the onion routers themselves."

Tor - the onion routing network
Anonymous Blogging with Wordpress and Tor - useful Guide published by Global Voices Advocacy with step by step software configuration screenshots (updated March 10th 2009).

irrepressible_banner_03.gif
Amnesty International's irrepressible.info campaign

anoniblog_150.png
BlogSafer - wiki with multilingual guides to anonymous blogging

ngoiab_150.png
NGO in a box - Security Edition privacy and security software tools

homeofficewatch_150.jpg
Home Office Watch blog, "a single repository of all the shambolic errors and mistakes made by the British Home Office compiled from Parliamentary Questions, news reports, and tip-offs by the Liberal Democrat Home Affairs team."

rsf_logo_150.gif
Reporters Without Borders - Reporters Sans Frontières - campaign for journalists 'and bloggers' freedom in repressive countries and war zones.

committee_to_protect_bloggers_150.gif
Committee to Protect Bloggers - "devoted to the protection of bloggers worldwide with a focus on highlighting the plight of bloggers threatened and imprisoned by their government."

wikileaks_logo_low.jpg
Wikileaks.org - the controversial "uncensorable, anonymous whistleblowing" website based currently in Sweden.

Syndicate this site (XML):

Recent Comments

  • James Hyams: I'm writing a thesis on Public Trust in WikiLeaks, the read more
  • rich kaplan: Hello Wikeleaks vrew. In Turkey , the islamist goverment just read more
  • wikileak: Cryptome have a few more extracts from this book http://cryptome.org/0003/ddb-book/ddb-book.htm read more
  • wikileak: OpenLeaks.org have now launched their website with some details of read more
  • wikileak: Bahnhof Internet seem to be hosting two Wikileaks servers in read more
  • teresa: I THANK THEY JUST TO SHUT HIM UP. THEY THINK read more
  • wikileak: Clay Shirky has posted a rough transcript of Daniel Domscheit-Berg's read more
  • wikileak: @ N - you can still see the "1.2 million read more
  • N: @wikileak - Exactly, these cables are _from_ the United States, read more
  • wikileak: Openleaks.org is now displaying this meassage: Coming soon! While we read more

December 2014

Sun Mon Tue Wed Thu Fri Sat
  1 2 3 4 5 6
7 8 9 10 11 12 13
14 15 16 17 18 19 20
21 22 23 24 25 26 27
28 29 30 31