Will OpenLeaks learn from the mistakes and successes of WikiLeakS ?

| | Comments (11)

The Swedish daily newspaper Dagens Nyheter reports

"A new WikiLeaks" revolts against Assange

Uppdaterat 2010-12-09 22:17. Publicerat 2010-12-09 22:16

The pressure on WikiLeaks is increasing. DN.se reveals that several key figures behind the website that publishes anonymous submissions and leaks of sensitive governmental, corporate, organizational or religious documents have resigned in protest against the controversial leader Julian Assange only to launch a new service for the so-called whistleblowers. The goal: to leak sensitive information to the public.

The new project, "Openleaks," has been under way for some time and will be launched Monday. DN.se has spoken to individuals behind the new site and the message is clear.

"Our long term goal is to build a strong, transparent platform to support whistleblowers--both in terms of technology and politics--while at the same time encouraging others to start similar projects," says a colleague wishing to remain anonymous.

"As a short-term goal, this is about completing the technical infrastructure and ensuring that the organization continues to be democratically governed by all its members, rather than limited to one group or individual."

The news comes in turbulent times for WikiLeaks. Thousands of documents infuriating global leaders and policy-makers have been unveiled to the public via Cablegate. Meanwhile, Julian Assange has been arrested in Great Britain on suspected rape charges based in Sweden. News about WikiLeaks has been over-shadowed by Assange's personal problems.

Earlier this year, WikiLeaks experienced accessibility issues. According to information revealed to DN.se, the problem was not linked to outsiders trying to sabotage, but came from the inside as a signal to Julian Assange to step down. The colleagues were dissatisfied with the operation's association with Assange's personal problems and how he used the organization in his explanation of the criminal charges.

It is hard to pinpoint exactly which of the technical infrastructure failures in the last year have been due to internal sabotage and feuds within WikiLeakS.org .

It is the top-down management style which is under critique.

On the other hand, the DN.se source emphasizes the fact that the new website is supportive of WikiLeaks purpose and goal.

"The two organizations are similar in that aspect that both are focusing on providing means for whistleblowers to anonymously provide the public with information," one insider says.

Unlike WikiLeaks, Openleaks will not receive and publish information directly for the public eye. Instead, other organizations will access the Openleaks system and in turn, present their audience with the material. Documents will be processed and published by various collaborating organizations.

"We intend to split the work in a way where we handle only the anonymity and receiving end of the information," says another colleague.

This blog will be carefully scrutinising "the anonymity and receiving end of the information"

  • How will a whistleblower know if their "leak" is likely to get published or not ?
  • If not, then why would they use OpenLeaks at all ?

Remember that WikiLeakS.org is no longer an option, as they are still refusing to accept any whistleblower leak submissions.

According to the internal documents shared with DN.se, Openleaks intends to establish itself as a neutral intermediary "without a political agenda except from the dissemination of information to the media, the public, non-profit organizations, trade- and union organizations and other participating groups."

That is still a political agenda, albeit perhaps not such an overtly anti - US Government one as WikiLeakS.org mutated into pursuing.

"All editorial control and responsibility rests with the publishing organization. We will, as far as possible, take the role of the messenger between the whistleblower and the organization the whistleblower is trying to cooperate with," says one anonymous informant.

Another intended consequence is to avoid the pressure from world leaders that WikiLeaks has experienced.

"As a result of our intention not to publish any document directly and in our own name, we do not expect to experience the kind of political pressure which WikiLeaks is under at this time. In that aspect, it is quite interesting to see how little of politicians' anger seems directed at the newspapers using WikiLeaks sources."

Translation: Majsan Boström.

Ossi Carp

ossi.carp@dn.se

Forbes Magazine has an interview with Daniel Domscheit-Berg

Ex-WikiLeaker Explains His Spinoff Group, OpenLeaks

by Andy Greenberg

Dec. 9 2010 - 8:59 pm

[...]

The German Domscheit-Berg, along with several other former Wikileaks staffers, plans to launch a website they're calling OpenLeaks as early as next week, Domscheit-Berg told Forbes in an interview. Like WikiLeaks, the new site will allow leakers to anonymously submit information to a secure online dropbox. But unlike its parent site, it won't publish that information itself. Instead, it will allow the source to designate any media or non-governmental organizations he or she chooses and have that information passed on for fact-checking, redaction and publication. That difference, argues Domscheit-Berg, will allow OpenLeaks to accomplish much of the transparency achieved by WikiLeaks, without drawing the same political fury and legal pressure.

"To constrain the power of the site, we're splitting submission from the publication part. We won't publish any documents ourselves. The whole field is diversified," says Domscheit-Berg. "No single organization carries all of the responsibility or all of the workload."

Resource constraints, as Assange told me in an interview last month, have forced WikiLeaks to choose only its "highest impact" material for publication. But those constraints have also politicized WikiLeaks and forced it to make subjective decisions about its targets, Domscheit-Berg argues. "We want to be a neutral conduit," he says. "That's what's most politically sustainable as well."

OpenLeaks will integrate with the organizations it passes information to, functioning as a secure tip box on their sites. Those organizations can choose to store leaked information on their own servers or leave it in the hands of OpenLeaks, Domscheit-Berg says. "All this is cryptographically separated in a fashion that everyone has their own dedicated part of the system," he says.

Cryptography, whilst important, is not in itself sufficient to protect the anonymity of whistleblowers.

What protections will there be against Communications Traffic data analysis to protect the individual journalists who may have access, or may be strongly suspected of having access to such leaked material ?

If, for example, someone were to upload some alleged real, life threatening secrets, perhaps a list of names, job tiltles, home addresses, photos , fingerprints, DNA profiles etc. of intelligence or counter-terrorism agency officers or undercover police officers, then how will OpenLeaks protect the identities of individual journalists who had access to cryptographically protected "part of the system" ? Communications Traffic Data analysis (i.e. which computer logged into the system at which time and what size of files were transferred etc.), could identify individual journalists, who might then be put under intrusive surveillance or harassment or arrest, even if the encrypted content could not be read by third parties ?

The project will initially partner with five newspapers worldwide,

Exactly which newspapers ?

but soon expand to anyone who wants to participate. "Newspapers, NGOs, labor unions, anyone who wants to receive information from anonymous sources, we enable all these people to run something like this," says Domscheit-Berg.

And if the recipient organization chooses not to publish a leak? After a time designated by the source, the leaked material can be sent to other media outlets. "If a newspaper doesn't publish it, it will be shared," says Domscheit-Berg. "They can't just put it in a drawer."

This sounds a bit like the failed WikiLeakS.org proposal for charitable funding for "Local" versions of WikiLeakS.org. See the previous blog article:

WikiLeakS.org applies for $532,000 funding from the Knight Foundation - for "local news" whistleblower leaks ?

A few more obvious questions, which should be asked by the swarm of journalists, some of whom may succeed in getting interviews with the OpenLeaks people next week.:

  • How many, if any, of the OpenLeaks team will declare their involvement and support of the project publicly ? Who are they ?

  • Will OpenLeaks be less aloof and arrogant and Twitter dependent than WikiLeakS.org ? (Despite having a Wiki and a Website and for a time a "blog" and email as methods of publishing detailed Press releases, WikiLeakS.org favoured short Twitter messages which, for complicated issues, come across as curt and arrogant. These Tweets were mixed with various ad hominem attacks and gripes against opponents)
  • Which of the several already registered domain names using OpenLeakS / OpenLeak etc . will this new website actually use from Monday ?
  • Will there be multiple physical mirrors of the content as well as multiple domain name DNS aliases pointing to the main website ?

  • Will OpenLeaks use secondary and tertiary etc. DNS providers,in different legal jurisdictions, so as not be vulnerable to legal or illegal attacks on a single DNS provider , something which WikiLeakS.org was warned about, but chose to ignore until very recently ?

  • Will OpenLeaks eschew the stupid WikiLeakS.org policy of "security through obscurity" and embrace Kerckhoffs' Principle ? i.e. "a cryptosystem should be secure even if everything about the system, except the key, is public knowledge."
  • Will OpenLeaks publish a high level technical / security / anonymity infrastructure architecture overview ? (WikiLeakS.org never did this, relying on buzzwords and names of open source security / anonymity tools which they never properly explained the specific risks of their particular implementation of. They often actually never used (e.g. Freenet) , or stopped using some of these claimed technologies after a while, for no good reason (e.g. the use of PGP encryption / digital signatures.)
  • Will OpenLeaks actually use a proper SSL/TLS Digital Certificate for https:// encryption, especially of any contact or submission web forms ? (WikiLeakS.org started off ok with one, but failed to replace it when the MD5 digital signature weakness was made public, then failed to renew it, then re-introduced a Digital Certificate for a while, but have now abandoned this again)
  • Will OpenLeaks publish and use one, or more, Pretty Good Privacy (PGP) public encryption and digital signing keys ? (WikiLeakS.org initially, after some prompting, published a PGP Key, then allowed it to expire after a year and then claimed that they were developing some sort of alternative encrypted email system, which never appeared )
  • Will OpenLeaks publish a Tor Hidden Service to allow more anonymous file uploads ? (WikiLeakS.org did start off with a Tor Hidden Service option, but abandoned it a year ago, although there was a brief re-appearance of a different one in July)
  • Will OpenLeaks accept postal submissions and / or financial donations ? (WikiLeakS.org did publish a list of "safe" PO box addresses, including one in Kenya, which they managed to continue publicising for financial donations, even after there was physical a break in to the premises and even after they had inappropriately only used Twitter to warn off some, but not all, people, from using it any longer)

  • What feedback will there be to an anonymous whistleblower that their submission or communication has actually been successfully received ?

  • How will OpenLeaks raise any funds ?
  • What will they do to protect the anonymity of financial contributors ?
  • What level of financial transparency and auditing of the finances will there be ?
  • Which media organisations and government agencies will have pre-publication access to the submitted material ?
  • Why should OpenLeaks be any more trustworthy than WikiLeakS.org ?


11 Comments

You are no doubt aware that there are already many sites that offer facilities for whistleblowers to get information into the public domain. By and large they do NOT seek to become the news themselves.

Cryptome is the obvious daddy of them all. In accordance with John Young's oft-stated view they simply get on with doing their thing. A single operation like Wikileaks is a patently obvious and therefore simple target for establishment/spook co-option, manipulation, sabotage etc etc.

Thousands of competing Leak sites are much more of a problem. IOW we don't need another WikiLeaks, we need an anarchic mish-mash of thousands of of them, all sharing their 'Leaks'. It is to be hoped that 'OpenLeaks' simply aspires to be another such, rather than having grandiose designs on 'making a name for itself'

They're no big deal to set up and run either. WikiSpooks is my little effort with a few 'apoplectic authoritatives' (notably the English Language Catholic Bishops) under its belt since going live in May this year. It could use a few competent volunteers too.

I don’t really know much about this subject, I’m a 15 year old high school student, but this is one thing i would like to further more understand with (Righter or Wronger) I think that we should have a Government that we can Trust. As I read for (EX: the war logs there is a lot that they hold and try to exclude from the public) I cant trust in a government, that cant admit to being corrupt and unsure of there own policy's... which obviously they do admit to on a certain levels... maby i could stop ranting on about the government. e-mail me if you would like to say anything about this post... i hope someone Understands right were im comeing from :)

DAMAGE cyber WW3 result: 500k hurt diplomats worldwide. billion soldiers on the side line/out of business (and still insist it's not a war); final 200 nations restuctured. other side:few hackers political imprisoned/their parrents fined. After a short (for many long) war only 1 global transparent free society survives .....never thought WW3 as a joke. Yeah all wars are surprises.

How can a few wise leaders alone solve complex global issues pending ? People need to be involved/need same info on these complex issues to let our global society decide & survive.

We NEED transparency for our global society that we created an cannot control.To many crises.
We'd never gone to Iraq if we read the cables first?

its e-government(power) not e-commerce(money) that changes our world!
If democracy fails, the only solution is MORE democracy. The only way is UP.
This is Far worse for China, than the US. It's your Duty to spread your thoughts.

WL to much Change for Obama?
Know It's a hard path, but harder for our totalitarian enemies.

If democracy fails, the only solution is More democracy.
E-vote(power), not E-commerce(money) that changes our world, stupid! greets from citzen 434234243!

Corporations control all the pillars of democracy by successful lobbying. There is clearly room for lobbying Wikileaks, here is my 2 cents to the corps to consider to deal with Wikileaks http://goo.gl/6jxXU

@ N - they started out with promises of equal transparency for all, but they have dropped everything, including new submissions, except for Bradley Manning's US Government leaks.

Where are the 1.2 million Chinese government documents which they claimed to have when they launched ? They have never been published by Wikileaks.

The Diplomatic Cables you have cited above are US Government ones - they are not
leaks from the Governments of "Switzerland, Iceland, the United Kingdom, Kenya, Peru, Australia, Germany, et cetera."

Renesys blog has a useful analysis of the recent WikiLeakS. *** domain name DNS and IP block hosting changes.

http://www.renesys.com/blog/2010/12/wikileaks-moving-target.shtml

There is now much greater reslience to legal and illegal attempts to shut woen the main wikileaks content websites, but at the cost of an increased risk of fake or malware linked conent being sneaked in to the scheme.

There is still no longer any use of encryption on these websites, which they used to use.

There is still no sign of the much hyped OpenLeakS.org being online.

Will threir infrastructure be as resilient ?


Openleaks.org is now displaying this meassage:

Coming soon!

While we continue to work on our first public appearance, for a little longer,
please read the following techPresident article that gives a good overview of the project.
One addition to the article: We are not focused on the media, there are other institutions you trust
that would benefit from receiving leaks too. At the moment we do not use any social
network service for public statements.

The echPresident article confirms our previous comments about the similarities between the OpenLeakS.org plan and the unsuccessful application for funding to the Knight Foundation for a "local media" version of WikiLeakS.org, which Daniel Domscheit-Berg says he was heavilly involved in.

It is welcome that OpenleakS.org are not going to rely on Twitter and facebook etc. as their primary means of public relations and press releases.


@wikileak - Exactly, these cables are _from_ the United States, not (only) _about_ the United States. I really fail to see how cables like this one http://www.guardian.co.uk/business/2010/dec/08/wikileaks-cables-shell-nigeria-spying?DCMP=EMC-thewrap08 are 'overtly anti - US Government'.

Furthermore, Wikileaks is entirely source dependent. If there are more American leakers, then obviously there are more American leaks.

As for the Chinese government documents: I've never heard that story, so i don't know if it's true or not. However, I can imagine that it takes more time to screen 1.2 million Chinese documents than to screen 1/4 million American documents. Most of the people at Wikileaks speak English, while little speak Chinese. Furthermore, it's hard to find a Chinese New York Times-like newspaper to collaborate with.

@ N - you can still see the "1.2 million documents" claims in the archived references on the wikipedia article on Wikileaks.

They have claimed to have these documents since at least January 2007 i.e. they claimed to have had more documents from China, even including the hundreds of thousands of "Bradley Manning" sourced US military and government documents, for over three years, but they have not published any of them.

This concentration on US military and government leaks to the exclusion of almost everything else, became overtly anti US Government, despite the initial claims that Wikileaks' "primary interest is in exposing oppressive regimes in Asia, the former Soviet bloc, Sub-Saharan Africa and the Middle East, but we also expect to be of assistance to people of all regions who wish to reveal unethical behaviour in their governments and corporations."

Furthermore, it's hard to find a Chinese New York Times-like newspaper to collaborate with.

Nonsense.

Cooperating with, rather than competing with, mainstream media organisations is only a recent Wikileaks policy. Originally they used to "publish and be damned", for free, without giving exclusive access to mainstream media organisations.

Unsurprisingly, given the economic laws of supply and demand, coupled with institutional "not invented / discovered / analysed here first " attitudes, they had virtually zero success in getting "leaks" into the press spontaneously.

They had to pre-package and pitch news stories to the mainstream media, just like any other freelance journalists.

Clay Shirky has posted a rough transcript of Daniel Domscheit-Berg's talk at the 27C3 Chaos Computer Congress in Berlin about the plans for OpenLeaks.org.

http://www.shirky.com/weblog/transcript-of-openleaks-video/

Daniel appears to be promising some sort of beta prototype system might be up and running by this summer.

He does seem to be aware of most of the organisational bottlenecks and risks to the OpenLeakS.org project

However, until a lot more details of the proposed organisation, its fund raising and accountability mechanism, as well as the proposed technical infrastructure and legal safeguards (if any), then the project still remains "vapourware" at this stage.

The Twitter account https://twitter.org/openleaks is not under control of the OpenLeaks.org project.

There is still no sign that the original WikiLeakS.org system will ever be capable or trustworthy again of accepting and publishing new submissions by whistleblowers.

At the current rate of publication of the US Diplomatic Cables, it will take many years before all of them are published, and there are plenty of signs that the mainstream media's short attention span is already getting bored with them, as the most sensational ones have presumably now been cherry picked.


OpenLeaks.org have now launched their website with some details of their plans.

https://OpenLeakS.org

Leave a comment

About this blog

This blog here at WikiLeak.org (no "S") discusses the ethical and technical issues raised by the WikiLeakS.org project, which is trying to be a resource for whistleblower leaks, by providing "untraceable mass document leaking and analysis".

These are bold and controversial aims and claims, with both pros and cons, especially for something which crosses international boundaries and legal jurisdictions.

This blog is not part of the WikiLeakS.org project, and there really are no copies of leaked documents or files being mirrored here.

Email Contact

Please feel free to email us your views about this website or news about the issues it tries to comment on:

email: blog@WikiLeak[dot]org

Before you send an email to this address, remember that this blog is independent of the WikiLeakS.org project.

If you have confidential information that you want to share with us, please make use of our PGP public encryption key or an email account based overseas e.g. Hushmail

LeakDirectory.org

Now that the WikiLeakS.org project is defunct, so far as new whistleblower are concerned, what are the alternatives ?

The LeakDirectory.org wiki page lists links and anonymity analyses of some of the many post-wikileaks projects.

There are also links to better funded "official" whistlblowing crime or national security reporting tip off websites or mainstream media websites. These should, in theory, be even better at protecting the anonymity and security of their informants, than wikileaks, but that is not always so.

New whistleblower website operators or new potential whistleblowers should carefully evaluate the best techniques (or common mistakes) from around the world and make their personal risk assessments accordingly.

Hints and Tips for Whistleblowers and Political Dissidents

The WikiLeakS.org Submissions web page provides some methods for sending them leaked documents, with varying degrees of anonymity and security. Anybody planning to do this for real, should also read some of the other guides and advice to political activists and dissidents:

Please take the appropriate precautions if you are planning to blow the whistle on shadowy and powerful people in Government or commerce, and their dubious policies. The mainstream media and bloggers also need to take simple precautions to help preserve the anonymity of their sources e.g. see Spy Blog's Hints and Tips for Whistleblowers - or use this easier to remember link: http://ht4w.co.uk

BlogSafer - wiki with multilingual guides to anonymous blogging

Digital Security & Privacy for Human Rights Defenders manual, by Irish NGO Frontline Defenders.

Everyone’s Guide to By-Passing Internet Censorship for Citizens Worldwide (.pdf - 31 pages), by the Citizenlab at the University of Toronto.

Handbook for Bloggers and Cyber-Dissidents - March 2008 version - (2.2 Mb - 80 pages .pdf) by Reporters Without Borders

Reporters Guide to Covering the Beijing Olympics by Human Rights Watch.

A Practical Security Handbook for Activists and Campaigns (v 2.6) (.doc - 62 pages), by experienced UK direct action political activists

Anonymous Blogging with Wordpress & Tor - useful step by step guide with software configuration screenshots by Ethan Zuckerman at Global Voices Advocacy. (updated March 10th 2009 with the latest Tor / Vidalia bundle details)

WikiLeakS Links

The WikiLeakS.org Frequently Asked Questions (FAQ) page.

WikiLeakS Twitter feeds

The WikiLeakS.org website does not stay online all of the time, especially when there is a surge of traffic caused by mainstream media coverage of a particularly newsworthy leak.

Recently, they have been using their new Twitter feeds, to selectively publicise leaked documents to the media, and also to report on the status of routing or traffic congestion problems affecting the main website in Stockholm, Sweden.

N.B.the words "security" or "anonymity" and "Twitter" are mutually exclusive:

WikiLeakS.org Twitter feed via SSL encrypted session: https://twitter.com/wikileaks

WikiLeakS.org unencrypted Twitter feed http://twitter.com/wikileaks

Internet Censorship

OpenNet Initiative - researches and measures the extent of actual state level censorship of the internet. Features a blocked web URL checker and censorship map.

Temporary Autonomous Zone

Temporary Autonomous Zones (TAZ) by Hakim Bey (Peter Lambourn Wilson)

Cyberpunk author William Gibson

Campaign Button Links

Watching Them, Watching Us, UK Public CCTV Surveillance Regulation Campaign
UK Public CCTV Surveillance Regulation Campaign

NO2ID Campaign - cross party opposition to the NuLabour Compulsory Biometric ID Card
NO2ID Campaign - cross party opposition to the NuLabour Compulsory Biometric ID Card and National Identity Register centralised database.

Gary McKinnon is facing extradition to the USA under the controversial Extradition Act 2003, without any prima facie evidence or charges brought against him in a UK court. Try him here in the UK, under UK law.
Gary McKinnon is facing extradition to the USA under the controversial Extradition Act 2003, without any prima facie evidence or charges brought against him in a UK court. Try him here in the UK, under UK law.

FreeFarid_150.jpg
FreeFarid.com - Kafkaesque extradition of Farid Hilali under the European Arrest Warrant to Spain

Peaceful resistance to the curtailment of our rights to Free Assembly and Free Speech in the SOCPA Designated Area around Parliament Square and beyond

Parliament Protest blog - resistance to the Designated Area restricting peaceful demonstrations or lobbying in the vicinity of Parliament.

Petition to the European Commission and European Parliament against their vague Data Retention plans
Data Retention is No Solution Petition to the European Commission and European Parliament against their vague Data Retention plans.

Save Parliament: Legislative and Regulatory Reform Bill (and other issues)
Save Parliament - Legislative and Regulatory Reform Bill (and other issues)

Open_Rights_Group.png
Open Rights Group

The Big Opt Out Campaign - opt out of having your NHS Care Record medical records and personal details stored insecurely on a massive national centralised database.

Tor - the onion routing network
Tor - the onion routing network - "Tor aims to defend against traffic analysis, a form of network surveillance that threatens personal anonymity and privacy, confidential business activities and relationships, and state security. Communications are bounced around a distributed network of servers called onion routers, protecting you from websites that build profiles of your interests, local eavesdroppers that read your data or learn what sites you visit, and even the onion routers themselves."

Tor - the onion routing network
Anonymous Blogging with Wordpress and Tor - useful Guide published by Global Voices Advocacy with step by step software configuration screenshots (updated March 10th 2009).

irrepressible_banner_03.gif
Amnesty International's irrepressible.info campaign

anoniblog_150.png
BlogSafer - wiki with multilingual guides to anonymous blogging

ngoiab_150.png
NGO in a box - Security Edition privacy and security software tools

homeofficewatch_150.jpg
Home Office Watch blog, "a single repository of all the shambolic errors and mistakes made by the British Home Office compiled from Parliamentary Questions, news reports, and tip-offs by the Liberal Democrat Home Affairs team."

rsf_logo_150.gif
Reporters Without Borders - Reporters Sans Frontières - campaign for journalists 'and bloggers' freedom in repressive countries and war zones.

committee_to_protect_bloggers_150.gif
Committee to Protect Bloggers - "devoted to the protection of bloggers worldwide with a focus on highlighting the plight of bloggers threatened and imprisoned by their government."

wikileaks_logo_low.jpg
Wikileaks.org - the controversial "uncensorable, anonymous whistleblowing" website based currently in Sweden.

Syndicate this site (XML):

Recent Comments

  • wikileak: OpenLeaks.org have now launched their website with some details of read more
  • wikileak: Clay Shirky has posted a rough transcript of Daniel Domscheit-Berg's read more
  • wikileak: @ N - you can still see the "1.2 million read more
  • N: @wikileak - Exactly, these cables are _from_ the United States, read more
  • wikileak: Openleaks.org is now displaying this meassage: Coming soon! While we read more
  • wikileak: Renesys blog has a useful analysis of the recent WikiLeakS. read more
  • wikileak: @ N - they started out with promises of equal read more
  • Lalit: Corporations control all the pillars of democracy by successful lobbying. read more
  • citizen 3242343: DAMAGE cyber WW3 result: 500k hurt diplomats worldwide. billion soldiers read more
  • Dustin Hansley: I don’t really know much about this subject, I’m a read more

July 2011

Sun Mon Tue Wed Thu Fri Sat
          1 2
3 4 5 6 7 8 9
10 11 12 13 14 15 16
17 18 19 20 21 22 23
24 25 26 27 28 29 30
31