[liberationtech] Safer submission of content to news organizations

Wed Jan 18 08:23:52 PST 2012

I've always thought it might be interesting to try to use the asymmetry
in the communication models to facilitate this kind of private exchange.

Specifically, the journalist owns a broadcasting system that talks to 
everyone at once, and the secret source does not, so the journalist
has a (rare, and valuable) mechanism for conveying a credential or
information another party that completely masks the identify of the
other party.

Implementation is left as an exercise for the reader, as the space
remaining in this e-mail is sadly too small to contain the details :)

On Jan 18, 2012, at 3:15 AM, Fabio Pietrosanti (naif) wrote:

> On 1/18/12 1:18 AM, Jacob Appelbaum wrote:
>> The submission system itself should probably be free software and
>> hopefully not invented in house without third party review.
> 
> Given that the minimal security requirement are met, it's also important
> to consider if you are going to have a bi-directional information
> exchange between whistleblower and the group of analyst receiving
> submission.
> 
> Most WB submission system are stateless, it means that are one-way-only
> file-dropping system.
> 
> While this maybe ok for some context, it may represent a strong
> limitating factor as it doesn't allow interaction between Whistleblower
> and receivers of submitted data.
> Example:
> - The WB submit document X, the receiver consider this information
> valuable, but not enougth to be considered trusted.
> - The receiver need to ask to the WB if he have also the document Y
> (related to X) as it would represent a proof of the fact.
> If there's no way to have a bi-directional, data-submission-centric,
> communication channel among the parties you'll loose the opportunity to
> get other data.
> 
> On that GlobaLeaks WB model it's currently implemented (even if 0.2
> release will go under a major rewrite):
>  - exchange messages between receivers of submission and whistleblower
>  - whistleblower can add new files, comments
>  - whistleblower is given the ability to see statistics of who (of the
> receiver group) downloaded the information
> 
> Other important elements to be considered while discussing about it is:
> Which is the workflow of received data analysis?
> - does the fact-checking methodology is defined and formalized?
> - which fact-checking methodology are you using?
> - are you using a tool to facilitate group-based fact-checking
> methodologies?
> - Does the fact-checking tool cooperate with submission system?
> 
> Additional elements to be considered is Whistleblower awareness are:
> - Are you proposing multiple submission anonymity level (for example
> fully anonymous via or partially anonymous via tor2web) ?
> - Do you make whistleblower aware of his anonymity condition?
> - do you formally state which are you submission handling policies and
> data retention policies?
> 
> -naif
> _______________________________________________
> liberationtech mailing list
> liberationtech at lists.stanford.edu
> 
> Should you need to change your subscription options, please go to:
> 
> https://mailman.stanford.edu/mailman/listinfo/liberationtech
> 
> If you would like to receive a daily digest, click "yes" (once you click above) next to "would you like to receive list mail batched in a daily digest?"
> 
> You will need the user name and password you receive from the list moderator in monthly reminders.
> 
> Should you need immediate assistance, please contact the list moderator.
> 
> Please don't forget to follow us on http://twitter.com/#!/Liberationtech