[liberationtech] Safer submission of content to news organizations

Martyn Williams martyn at stanford.edu
Wed Jan 18 19:47:20 PST 2012 

Steve,

Thanks. Usability is likely to be a main issue. It should require as
little messing around as possible on the side of the submitter.

Some will likely be motivated to go to lengths to hide their identity
but I expect many people will not bother submitting any material if it
requires work - think about how often you can't be bothered to register
for a website just to comment on an article.

If people turn away and the number of submissions drops then it might be
a hard sell to news organizations to keep on using it.

Making the submission secure yet easy is likely to be key to gaining
adoption.

I'm talking with different news operations to get their opinions.

Martyn

On 01/18/2012 11:31 AM, Steve Weis wrote:
> Just to throw up a strawman design: GPG + Tor.
> 
> The news organization posts a public key. Use that key to GPG-encrypt a
> submission. Then while using Tor, send the encrypted submission by FTP,
> a throwaway email account, or web submission form.
> 
> This is a common practice. Most large web sites post a public key for
> submitting encrypted security vulnerability reports via email. They
> don't want the details of a live security vulnerability on their site
> floating around in plaintext email. By running Tor, you have some
> assurance that your IP address is not associated with the submission.
> 
> The main issue here is usability. Most people will not be able to get it
> to work on their own. You might make it easier with an app that
> streamlines the process, but is built on well-understood technologies
> like GPG and Tor.
> 
> On Tue, Jan 17, 2012 at 8:39 AM, Martyn Williams <martyn at stanford.edu
> <mailto:martyn at stanford.edu>> wrote:
> 
>     Hi to all on this list. I've been following discussions here for a while
>     but this is the first time I'm posting.
> 
>     I'm a Knight Journalism Fellow at Stanford this year, which means I have
>     a year off from reporting to follow projects that interest me and help
>     innovate in journalism in some way.
> 
>     One of my two projects is focused on the security of consumers who
>     supply content (text, photo or video) to news organizations.
> 
>     I see a lot of work being done on how citizens/activists/bloggers and
>     others can secure information on their end but I haven't seen much done
>     on the other end by the news organizations. Sometimes they offer little
>     more than an email address or Facebook page for submissions.
> 
>     So my project asks: If news organizations are to solicit content from
>     people on the ground (and there are no signs this will stop), what can
>     they do to make it safer for those submitting the information?
> 
>     Should they set up a dedicated server, rely on a cloud service, use a
>     certain type of encryption, base it on a particular technology, etc etc?
> 
>     The goal isn't anonymity like Wikileaks - that brings a heap of
>     editorial problems with it - but making it harder for tracking to link
>     person A with news organization B. It should also be practical to
>     implement.
> 
>     It will ideally be based on open-source technologies that are freely
>     available and can be implemented by news organizations of any size.
> 
>     If successful, I hope to present this to news organizations, push for
>     its adoption, and raise awareness of the need for media groups to think
>     about the safety of those sending content.
> 
>     I welcome comments off list. If anyone has heard of or is working on
>     similar technology or has an interest in collaborating I'd love to hear
>     from you.
> 
>     --
>     Martyn Williams
>     2012 John S. Knight Journalism Fellow
>     Stanford University
>     Cell: 650-391-4868 <tel:650-391-4868>
>     @martyn_williams
>     _______________________________________________
>     liberationtech mailing list
>     liberationtech at lists.stanford.edu
>     <mailto:liberationtech at lists.stanford.edu>
> 
>     Should you need to change your subscription options, please go to:
> 
>     https://mailman.stanford.edu/mailman/listinfo/liberationtech
> 
>     If you would like to receive a daily digest, click "yes" (once you
>     click above) next to "would you like to receive list mail batched in
>     a daily digest?"
> 
>     You will need the user name and password you receive from the list
>     moderator in monthly reminders.
> 
>     Should you need immediate assistance, please contact the list moderator.
> 
>     Please don't forget to follow us on http://twitter.com/#!/Liberationtech
> 
> 

-- 
Martyn Williams
2012 John S. Knight Journalism Fellow
Stanford University
Cell: 650-391-4868
@martyn_williams

More information about the liberationtech mailing list