While the U.S. government tries to build a case against WikiLeaks, the secret-document publishing site run by Australian hacker-turned-celebrity Julian Assange and currently hosted in Sweden, an entire new generation of WikiLeaks-inspired services, enabling anonymous, secure submissions of leaked documents, is springing up around the world. Although the technology for these sites may be solid, potential leakers and those to whom they leak face growing threats from the law, and from outright spying.
One recently launched outlet is the Al Jazeera Transparency Unit, which encourages people to upload documents, photos, and videos “to shine light on notable and newsworthy government and corporate activities which might otherwise go unreported […] from human rights to poverty to official corruption.” New York Times executive editor Bill Keller has said his newspaper is planning “a kind of E-Z Pass lane for leakers,” although the Times has so far declined to give out specifics. And a former WikiLeaks employee, Daniel Domscheit-Berg, used last month’s World Economic Forum, in Davos, Switzerland, to announce the test launch of OpenLeaks, which is intended not to serve as a document repository itself but to provide enabling technology for media outlets, NGOs, and other organizations to create their own drop boxes for leakers.
Anonymous-submission technology is tricky to implement but easy to understand. First, the receiving site needs to be unable to trace the source computer from which leaked content is uploaded. WikiLeaks directs contributors to use the Tor service, which routes Internet connections through a chain of servers, each of which can identify only the previous computer in the chain. By bouncing a connection around the world a few times, Tor makes tracing the originating computer extremely difficult (watch a video that shows how Tor works.) WikiLeaks also allegedly keeps no logs of connections from outside computers that could perhaps help trace them.
Second, the receiving site needs to be protected from snoopers monitoring its incoming and outgoing traffic, which might help identify sources. WikiLeaks is currently hosted by the Swedish ISP Bahnhof, which encrypts all traffic through its network—essentially routing its customers through a virtual private network—so that not even Bahnhof employees can see what is being sent to and from WikiLeaks.
Such precautions go a long way toward protecting the source of a leaked document, but they don’t protect the receiver and publisher of leaked information from legal action. Jay Rosen, a journalism professor at New York University, thinks The New York Times and Al Jazeera will need to be more cautious than Assange about what they accept and publish. “Because it is not organized under the laws of any nation, [WikiLeaks] is less vulnerable—though I would not say invulnerable—to legal pressures from various state actors,” he says. “But a newspaper opening its own drop box using OpenLeaks is in a different position. This might factor into sources’ decisions, and it might affect how many news organizations take up OpenLeaks on its offer to provide the technology.”
Jonathan Zittrain, a professor of law at Harvard and cofounder of the Berkman Center for Internet and Society, says the situation is complicated and uncertain. “In the U.S., leakers face the Espionage Act,” he says. “Leak sites could potentially be accused of ‘aiding and abetting,’ though the political costs of pursuing such a prosecution could be high.”