impacts of leak sites - masayuki hatta (surugadai university)
TRANSCRIPT
Impact of LeaksitesMasayuki [email protected]
@TICTeC Taipei 2017/09/12
Leaksites
What’s “Leaksites”?
● Web-based whistleblowing-support initiatives
● Use of anonymization technologies
What’s whistleblowing?
● Accusation from the insiders● Traitor? Health checkup?● Legal protection in many countries, but
usually not enough– Some “retaliation” might be possible, e.g.
implicit demotion
● No protection at all in some countries– Whistleblowers’ life sometimes at stake
Anonymization Tech
● An application of Internet Censorship Circumvention Tech
● You can access sites without leaving “footprints” e.g. IP Address
What’s whistleblowing?
● Watergate Scandal: “Deep Throat”● Pentagon Papers: Daniel Ellsberg● Bradley (Chelsea) Manning● Edward Snowden● Panama Papers: “John Doe”
What’s “Leaksites”?
● Web-based whistleblowing-support initiatives
– Receiving leaked data mainly via Internet
● Use of anonymization technologies
– Not by all of them
– An application of Deep Web tech● Tor, I2P, GnuPG
– Conceal whistleblowers’ identity technologically, sometimes even from leaksites
● Even if the server is confiscated, leakers should be safe
● An application of Info Tech to Journalism
– Or, an extreme of Civic Tech
Brief History of Leaksites
● Before Wikileaks● 2010: the year of Wikileaks● After Wikileaks
Brief History of Leaksites
● Before Wikileaks– Cryptome (est. 1996)
● No anonymizing tech, though
● 2010: the year of Wikileaks– 4 big scoops in a year
– Had an (truly) anonymous submission system based on Tor
● Not “I know you, but I won’t tell”
Brief History of Leaksites
● 2011: Wikileaks was (almost) gone– Conflicts with the U.S. Govt, Lots of infight, No
transparency, No open source, etc.
– Submission system was also gone● 4 scoops were actually not obtained from this submission system● It finally returned in 2015
● After Wikileaks– Some tried to fill the vacuum created by Wikileaks
● Develop open source alternatives● Including mainstream media outlets
– Leaksites were born
Software behind Leaksites
● SecureDrop● GlobaLeaks● There were some others
– e.g. Honest Appalachia
SecureDrop
● Originally developed by the late Aaron Schwartz
● Now Freedom of the Press Foundation take care of it
● Used by emerging media outlets including ProPublica, The Intercept, BuzzFeed
● Used by many mainstream media outlets including The New York Times, The Guardian, The Washington Post
GlobaLeaks
● Developed by Hermes Center, an Italy-based initiative
● Used by many NGOs, including Amnesty International
● Dutch PubLeaks
My survey
● N=102– Including now-defunct ones
● Many can’t be reached at all● Internet Archive is your friend
● Around 46% use anonymization technologies
Establishment Years
Establishment Years
● 2010: Wikileaks● 2014: Edward Snowden
The Duration
The Duration
● Most leaksites die within a year● But the overall survival rate is not that bad
Who’s running leaksites?
Who’s running leaksites?
● Many are some kind of self-described “organization”, possibly an individual
● Not entirely reliable entities, but in this case it’s not a big problem
● “Consortium”: one leaksites used by several media
https://whistleblowing.jp
● My own effort of running a leaksite in Japan
● Based on GlobaLeaks● Connecting whistleblowers and journos in
an safer way● Almost all Japanese mainstream media
outlets are interested, one is now giving a trial
How It Works
Whistleblower
Tor Network
GlobaLeaks
“Tip” (provides a way of anonymous communication between whistleblower and journo)
Journalists
Encrypted by GPG
(Lots of) Challenges
● Tech is easy, others are tough...● Non-tech challenges
– Is Tor legal?● Abuses and busts
– Might lose public support
● New Special Secrecy Law
– Not whistleblowing-friendly culture● Not anonymous-friendly culture
– Training● Requires huge amount of new tech tricks for average people● Getting training itself might be suspicious● Badly needs good introductory materials of anon tech for journos, especially
in Japanese
Impact of Leaksites
● Impact measurement is VERY difficult– “Many [journalists] were not willing to disclose the
specific stories that originated with tips or documents from SecureDrop, nor the frequency of these stories. ” (Berret 2016)
– And Leaksites are basically “dumb pipe”
● “The Last Resort”– The fact that leaksites do exist really matters
– A signal that media outlets take seriously the protection of its sources