How to leak a secret and not get caught

[R.A. Hettinga]

<http://www.eurekalert.org/pub_releases/2007-01/ns-htl011107.php>


Public release date: 11-Jan-2007


New Scientist

How to leak a secret and not get caught

LEAKING a sensitive government document can mean risking a jail sentence -
but not for much longer if an online service called WikiLeaks goes ahead.
WikiLeaks is designed to allow anyone to post documents on the web without
fear of being traced.

The creators of the site are thought to include political activists and
open-source software engineers, though they are keeping their identities
secret. Their goal is to ensure that whistle-blowers and journalists are
not thrown into jail for emailing sensitive documents. That was the fate of
Chinese journalist Shi Tao, who was sentenced to a 10-year term in 2005
after publicising an email from Chinese officials about the anniversary of
the Tiananmen Square massacre.

According to the group's website www.wikileaks.org, its primary targets
include China, Russia, and oppressive regimes in Eurasia, the Middle East
and sub-Saharan Africa. It is not limited to these countries, however, and
people anywhere will be able to use the site to reveal unethical behaviour
by governments and corporations.

Normally an email or a document posted to a website can be traced back to
its source because each data packet carries the IP address of the last
server that it passed through. To prevent this, WikiLeaks will exploit an
anonymising protocol known as The Onion Router (Tor), which routes data
through a network of servers that use cryptography to hide the path that
the packets took. Bruce Schneier, a cryptographer based in Silicon Valley,
California, explains it like this. "Imagine a large room jammed full of
people in which many of them are passing around envelopes. How would you
know where any of them started?"

Julien Pain, a campaigner with Reporters Without Borders in Paris, France,
sees Tor as a valuable step towards guaranteeing anonymity. "Enabling
cyber-dissidents to leak information is a crucial issue we now face in many
countries," he says. There are however, fears that whistle-blowers might
still be at risk. "I would not trust my life or even my liberty to Tor,"
says Ben Laurie, a London-based computer security expert. In the past,
determined cryptographers have breached Tor's security, and though each
breach has led to improvements to Tor there is always a risk others will be
discovered.

The WikiLeaks team do not plan to control what is disclosed on the site,
raising fears that the anonymity it offers could be misused. "The
initiative could drown in fabricated documents, pornographic records or
become hijacked to serve vendettas," warns Steven Aftergood of the
Federation of American Scientists in Washington DC.

The safeguard against this, according to the WikiLeaks team, is that false
postings will be sniffed out by users, who will be free to comment on what
is posted. This is what happens with Wikipedia, which although unconnected
to WikiLeaks is based on the same open-source software. "WikiLeaks will
provide a forum for the entire global community to examine any document
relentlessly for credibility," the site claims. WikiLeaks is raising funds
and testing its software. It hopes tolaunch in February.

###

Author: New Scientist reporter, Paul Marks


-- 
-----------------
R. A. Hettinga <mailto: rah at ibuc.com>
The Internet Bearer Underwriting Corporation <http://www.ibuc.com/>
44 Farquhar Street, Boston, MA 02131 USA
"... however it may deserve respect for its usefulness and antiquity,
[predicting the end of the world] has not been found agreeable to
experience." -- Edward Gibbon, 'Decline and Fall of the Roman Empire'