<http://www.eurekalert.org/pub_releases/2007-01/ns-htl011107.php> Public release date: 11-Jan-2007 New Scientist How to leak a secret and not get caught LEAKING a sensitive government document can mean risking a jail sentence - but not for much longer if an online service called WikiLeaks goes ahead. WikiLeaks is designed to allow anyone to post documents on the web without fear of being traced. The creators of the site are thought to include political activists and open-source software engineers, though they are keeping their identities secret. Their goal is to ensure that whistle-blowers and journalists are not thrown into jail for emailing sensitive documents. That was the fate of Chinese journalist Shi Tao, who was sentenced to a 10-year term in 2005 after publicising an email from Chinese officials about the anniversary of the Tiananmen Square massacre. According to the group's website www.wikileaks.org, its primary targets include China, Russia, and oppressive regimes in Eurasia, the Middle East and sub-Saharan Africa. It is not limited to these countries, however, and people anywhere will be able to use the site to reveal unethical behaviour by governments and corporations. Normally an email or a document posted to a website can be traced back to its source because each data packet carries the IP address of the last server that it passed through. To prevent this, WikiLeaks will exploit an anonymising protocol known as The Onion Router (Tor), which routes data through a network of servers that use cryptography to hide the path that the packets took. Bruce Schneier, a cryptographer based in Silicon Valley, California, explains it like this. "Imagine a large room jammed full of people in which many of them are passing around envelopes. How would you know where any of them started?" Julien Pain, a campaigner with Reporters Without Borders in Paris, France, sees Tor as a valuable step towards guaranteeing anonymity. "Enabling cyber-dissidents to leak information is a crucial issue we now face in many countries," he says. There are however, fears that whistle-blowers might still be at risk. "I would not trust my life or even my liberty to Tor," says Ben Laurie, a London-based computer security expert. In the past, determined cryptographers have breached Tor's security, and though each breach has led to improvements to Tor there is always a risk others will be discovered. The WikiLeaks team do not plan to control what is disclosed on the site, raising fears that the anonymity it offers could be misused. "The initiative could drown in fabricated documents, pornographic records or become hijacked to serve vendettas," warns Steven Aftergood of the Federation of American Scientists in Washington DC. The safeguard against this, according to the WikiLeaks team, is that false postings will be sniffed out by users, who will be free to comment on what is posted. This is what happens with Wikipedia, which although unconnected to WikiLeaks is based on the same open-source software. "WikiLeaks will provide a forum for the entire global community to examine any document relentlessly for credibility," the site claims. WikiLeaks is raising funds and testing its software. It hopes tolaunch in February. ### Author: New Scientist reporter, Paul Marks -- ----------------- R. A. Hettinga <mailto: rah@ibuc.com> The Internet Bearer Underwriting Corporation <http://www.ibuc.com/> 44 Farquhar Street, Boston, MA 02131 USA "... however it may deserve respect for its usefulness and antiquity, [predicting the end of the world] has not been found agreeable to experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'