While the U.S. government tries to build a case against WikiLeaks, the secret-document publishing site run by Australian hacker-turned-celebrity Julian Assange and currently hosted in Sweden, an entire new generation of WikiLeaks-inspired services, enabling anonymous, secure submissions of leaked documents, is springing up around the world. Although the technology for these sites may be solid, potential leakers and those to whom they leak face growing threats from the law, and from outright spying.
One recently launched outlet is the Al Jazeera Transparency Unit, which encourages people to upload documents, photos, and videos “to shine light on notable and newsworthy government and corporate activities which might otherwise go unreported […] from human rights to poverty to official corruption.” New York Times executive editor Bill Keller has said his newspaper is planning “a kind of E-Z Pass lane for leakers,” although the Times has so far declined to give out specifics. And a former WikiLeaks employee, Daniel Domscheit-Berg, used last month’s World Economic Forum, in Davos, Switzerland, to announce the test launch of OpenLeaks, which is intended not to serve as a document repository itself but to provide enabling technology for media outlets, NGOs, and other organizations to create their own drop boxes for leakers.
Anonymous-submission technology is tricky to implement but easy to understand. First, the receiving site needs to be unable to trace the source computer from which leaked content is uploaded. WikiLeaks directs contributors to use the Tor service, which routes Internet connections through a chain of servers, each of which can identify only the previous computer in the chain. By bouncing a connection around the world a few times, Tor makes tracing the originating computer extremely difficult (watch a video that shows how Tor works.) WikiLeaks also allegedly keeps no logs of connections from outside computers that could perhaps help trace them.
Second, the receiving site needs to be protected from snoopers monitoring its incoming and outgoing traffic, which might help identify sources. WikiLeaks is currently hosted by the Swedish ISP Bahnhof, which encrypts all traffic through its network—essentially routing its customers through a virtual private network—so that not even Bahnhof employees can see what is being sent to and from WikiLeaks.
Such precautions go a long way toward protecting the source of a leaked document, but they don’t protect the receiver and publisher of leaked information from legal action. Jay Rosen, a journalism professor at New York University, thinks The New York Times and Al Jazeera will need to be more cautious than Assange about what they accept and publish. “Because it is not organized under the laws of any nation, [WikiLeaks] is less vulnerable—though I would not say invulnerable—to legal pressures from various state actors,” he says. “But a newspaper opening its own drop box using OpenLeaks is in a different position. This might factor into sources’ decisions, and it might affect how many news organizations take up OpenLeaks on its offer to provide the technology.”
Jonathan Zittrain, a professor of law at Harvard and cofounder of the Berkman Center for Internet and Society, says the situation is complicated and uncertain. “In the U.S., leakers face the Espionage Act,” he says. “Leak sites could potentially be accused of ‘aiding and abetting,’ though the political costs of pursuing such a prosecution could be high.”
In 2005, New York Times reporter Judith Miller spent 12 weeks in jail for refusing to identify one of her sources to a federal grand jury. Miller divulged her source as a condition of her release. Swedish law, which theoretically covers the current WikiLeaks site, bars authorities from demanding journalists’ sources. However, alleged WikiLeaks contributor Bradley Manning has been kept in solitary confinement in the U.S. for more than six months, in what some observers believe is an attempt to wear him down into implicating Assange in the leaking of diplomatic cables and a 2007 video of a helicopter attack in Iraq that killed a Reuters photographer.
Within the U.S. government, the Office of Management and Budget sent out a 14-page memo in January detailing ways that federal agencies should crack down on potential leakers, including the use of psychiatrists and sociologists to look for potentially disgruntled employees.
“You can’t automate the whistle-blowing process. It’s still a human conversation,” said Micah Sifry, co-founder of the Personal Democracy Forum, an annual conference that explores the impact of technology on politics and government, in New York, and author of a new book, WikiLeaks and the Age of Transparency. “If Bradley Manning did what he allegedly did, he spent a lot of time figuring out if he could trust this guy Assange,” Sifry said, citing portions of chat logs between Manning and hacker Adrian Lamo that have been published. In the end, Manning was not actually caught downloading or uploading files. Lamo turned him in.
Obviously, Internet security measures can’t prevent a leak site’s offices and staff from being infiltrated. Assange recently told 60 Minutes that prior to his arrest on unrelated charges in the U.K., he maintained a nomadic lifestyle because “when you’re involved in information that spy agencies are also interested in … if you’re in one location for too long … it is inevitable that location will be bugged.” In America, sneaking into homes and offices to install keystroke loggers on personal computers is a standard law-enforcement activity when approved by a court-issued warrant. For news agencies and other potential leak receivers, infiltration is a real risk.
Once information is leaked, the larger bottleneck is sorting, understanding, validating, preparing, and publishing the information received. WikiLeaks says it has obtained 251,287 American diplomatic cables classified as “secret”—but it has published only 1,942 of them to date. The New York Times and the British newspaper the Guardian claim to also have obtained the entire cable archive through another source, yet both have stopped reporting on the cables, saying they have found no further newsworthy stories.
Former British diplomat Carne Ross detailed his doubts about this conclusion after questioning both newspapers’ editors in a recent panel discussion at Columbia University. For instance, one of the cables apparently exposed covert American aerial surveillance of Lebanon, of which Bill Keller told Ross he was unaware. “Neither the newspapers nor WikiLeaks have the capacity fully to analyze the full stock of leaked cables,” Ross wrote afterward, “thanks to the sheer volume of cables, but also their extremely broad and manifold political significance.”