The Swedish daily newspaper Dagens Nyheter reports
Uppdaterat 2010-12-09 22:17. Publicerat 2010-12-09 22:16
The pressure on WikiLeaks is increasing. DN.se reveals that several key figures behind the website that publishes anonymous submissions and leaks of sensitive governmental, corporate, organizational or religious documents have resigned in protest against the controversial leader Julian Assange only to launch a new service for the so-called whistleblowers. The goal: to leak sensitive information to the public.
The new project, "Openleaks," has been under way for some time and will be launched Monday. DN.se has spoken to individuals behind the new site and the message is clear.
"Our long term goal is to build a strong, transparent platform to support whistleblowers--both in terms of technology and politics--while at the same time encouraging others to start similar projects," says a colleague wishing to remain anonymous.
"As a short-term goal, this is about completing the technical infrastructure and ensuring that the organization continues to be democratically governed by all its members, rather than limited to one group or individual."
The news comes in turbulent times for WikiLeaks. Thousands of documents infuriating global leaders and policy-makers have been unveiled to the public via Cablegate. Meanwhile, Julian Assange has been arrested in Great Britain on suspected rape charges based in Sweden. News about WikiLeaks has been over-shadowed by Assange's personal problems.
Earlier this year, WikiLeaks experienced accessibility issues. According to information revealed to DN.se, the problem was not linked to outsiders trying to sabotage, but came from the inside as a signal to Julian Assange to step down. The colleagues were dissatisfied with the operation's association with Assange's personal problems and how he used the organization in his explanation of the criminal charges.
It is hard to pinpoint exactly which of the technical infrastructure failures in the last year have been due to internal sabotage and feuds within WikiLeakS.org .
It is the top-down management style which is under critique.
On the other hand, the DN.se source emphasizes the fact that the new website is supportive of WikiLeaks purpose and goal.
"The two organizations are similar in that aspect that both are focusing on providing means for whistleblowers to anonymously provide the public with information," one insider says.
Unlike WikiLeaks, Openleaks will not receive and publish information directly for the public eye. Instead, other organizations will access the Openleaks system and in turn, present their audience with the material. Documents will be processed and published by various collaborating organizations.
"We intend to split the work in a way where we handle only the anonymity and receiving end of the information," says another colleague.
This blog will be carefully scrutinising "the anonymity and receiving end of the information"
- How will a whistleblower know if their "leak" is likely to get published or not ?
- If not, then why would they use OpenLeaks at all ?
Remember that WikiLeakS.org is no longer an option, as they are still refusing to accept any whistleblower leak submissions.
According to the internal documents shared with DN.se, Openleaks intends to establish itself as a neutral intermediary "without a political agenda except from the dissemination of information to the media, the public, non-profit organizations, trade- and union organizations and other participating groups."
That is still a political agenda, albeit perhaps not such an overtly anti - US Government one as WikiLeakS.org mutated into pursuing.
"All editorial control and responsibility rests with the publishing organization. We will, as far as possible, take the role of the messenger between the whistleblower and the organization the whistleblower is trying to cooperate with," says one anonymous informant.
Another intended consequence is to avoid the pressure from world leaders that WikiLeaks has experienced.
"As a result of our intention not to publish any document directly and in our own name, we do not expect to experience the kind of political pressure which WikiLeaks is under at this time. In that aspect, it is quite interesting to see how little of politicians' anger seems directed at the newspapers using WikiLeaks sources."
Translation: Majsan Boström.
Forbes Magazine has an interview with Daniel Domscheit-Berg
by Andy Greenberg
Dec. 9 2010 - 8:59 pm
The German Domscheit-Berg, along with several other former Wikileaks staffers, plans to launch a website they're calling OpenLeaks as early as next week, Domscheit-Berg told Forbes in an interview. Like WikiLeaks, the new site will allow leakers to anonymously submit information to a secure online dropbox. But unlike its parent site, it won't publish that information itself. Instead, it will allow the source to designate any media or non-governmental organizations he or she chooses and have that information passed on for fact-checking, redaction and publication. That difference, argues Domscheit-Berg, will allow OpenLeaks to accomplish much of the transparency achieved by WikiLeaks, without drawing the same political fury and legal pressure.
"To constrain the power of the site, we're splitting submission from the publication part. We won't publish any documents ourselves. The whole field is diversified," says Domscheit-Berg. "No single organization carries all of the responsibility or all of the workload."
Resource constraints, as Assange told me in an interview last month, have forced WikiLeaks to choose only its "highest impact" material for publication. But those constraints have also politicized WikiLeaks and forced it to make subjective decisions about its targets, Domscheit-Berg argues. "We want to be a neutral conduit," he says. "That's what's most politically sustainable as well."
OpenLeaks will integrate with the organizations it passes information to, functioning as a secure tip box on their sites. Those organizations can choose to store leaked information on their own servers or leave it in the hands of OpenLeaks, Domscheit-Berg says. "All this is cryptographically separated in a fashion that everyone has their own dedicated part of the system," he says.
Cryptography, whilst important, is not in itself sufficient to protect the anonymity of whistleblowers.
What protections will there be against Communications Traffic data analysis to protect the individual journalists who may have access, or may be strongly suspected of having access to such leaked material ?
If, for example, someone were to upload some alleged real, life threatening secrets, perhaps a list of names, job tiltles, home addresses, photos , fingerprints, DNA profiles etc. of intelligence or counter-terrorism agency officers or undercover police officers, then how will OpenLeaks protect the identities of individual journalists who had access to cryptographically protected "part of the system" ? Communications Traffic Data analysis (i.e. which computer logged into the system at which time and what size of files were transferred etc.), could identify individual journalists, who might then be put under intrusive surveillance or harassment or arrest, even if the encrypted content could not be read by third parties ?
The project will initially partner with five newspapers worldwide,
Exactly which newspapers ?
but soon expand to anyone who wants to participate. "Newspapers, NGOs, labor unions, anyone who wants to receive information from anonymous sources, we enable all these people to run something like this," says Domscheit-Berg.
And if the recipient organization chooses not to publish a leak? After a time designated by the source, the leaked material can be sent to other media outlets. "If a newspaper doesn't publish it, it will be shared," says Domscheit-Berg. "They can't just put it in a drawer."
This sounds a bit like the failed WikiLeakS.org proposal for charitable funding for "Local" versions of WikiLeakS.org. See the previous blog article:
WikiLeakS.org applies for $532,000 funding from the Knight Foundation - for "local news" whistleblower leaks ?
A few more obvious questions, which should be asked by the swarm of journalists, some of whom may succeed in getting interviews with the OpenLeaks people next week.:
- How many, if any, of the OpenLeaks team will declare their involvement and support of the project publicly ? Who are they ?
- Will OpenLeaks be less aloof and arrogant and Twitter dependent than WikiLeakS.org ? (Despite having a Wiki and a Website and for a time a "blog" and email as methods of publishing detailed Press releases, WikiLeakS.org favoured short Twitter messages which, for complicated issues, come across as curt and arrogant. These Tweets were mixed with various ad hominem attacks and gripes against opponents)
- Which of the several already registered domain names using OpenLeakS / OpenLeak etc . will this new website actually use from Monday ?
- Will there be multiple physical mirrors of the content as well as multiple domain name DNS aliases pointing to the main website ?
- Will OpenLeaks use secondary and tertiary etc. DNS providers,in different legal jurisdictions, so as not be vulnerable to legal or illegal attacks on a single DNS provider , something which WikiLeakS.org was warned about, but chose to ignore until very recently ?
- Will OpenLeaks eschew the stupid WikiLeakS.org policy of "security through obscurity" and embrace Kerckhoffs' Principle ? i.e. "a cryptosystem should be secure even if everything about the system, except the key, is public knowledge."
- Will OpenLeaks publish a high level technical / security / anonymity infrastructure architecture overview ? (WikiLeakS.org never did this, relying on buzzwords and names of open source security / anonymity tools which they never properly explained the specific risks of their particular implementation of. They often actually never used (e.g. Freenet) , or stopped using some of these claimed technologies after a while, for no good reason (e.g. the use of PGP encryption / digital signatures.)
- Will OpenLeaks actually use a proper SSL/TLS Digital Certificate for https:// encryption, especially of any contact or submission web forms ? (WikiLeakS.org started off ok with one, but failed to replace it when the MD5 digital signature weakness was made public, then failed to renew it, then re-introduced a Digital Certificate for a while, but have now abandoned this again)
- Will OpenLeaks publish and use one, or more, Pretty Good Privacy (PGP) public encryption and digital signing keys ? (WikiLeakS.org initially, after some prompting, published a PGP Key, then allowed it to expire after a year and then claimed that they were developing some sort of alternative encrypted email system, which never appeared )
- Will OpenLeaks publish a Tor Hidden Service to allow more anonymous file uploads ? (WikiLeakS.org did start off with a Tor Hidden Service option, but abandoned it a year ago, although there was a brief re-appearance of a different one in July)
- Will OpenLeaks accept postal submissions and / or financial donations ? (WikiLeakS.org did publish a list of "safe" PO box addresses, including one in Kenya, which they managed to continue publicising for financial donations, even after there was physical a break in to the premises and even after they had inappropriately only used Twitter to warn off some, but not all, people, from using it any longer)
- What feedback will there be to an anonymous whistleblower that their submission or communication has actually been successfully received ?
- How will OpenLeaks raise any funds ?
- What will they do to protect the anonymity of financial contributors ?
- What level of financial transparency and auditing of the finances will there be ?
- Which media organisations and government agencies will have pre-publication access to the submitted material ?
- Why should OpenLeaks be any more trustworthy than WikiLeakS.org ?