Security expert says media fail to protect whistleblowers

Journalists are risking exposure of whistleblowers’ identities to government snoops, a  security informatics expert warns.  In a New York Times op-ed, Chrisitan Soghoian writes that mainstream news organizations routinely fail to make use of available technology to secure their communications with whistleblowers.

“Until journalists take their security obligations seriously, it will be safer to leak something to WikiLeaks — or groups like it — than to the mainstream press,” writes Soghoian. (“When Secrets Aren’t Safe With Journalists,” New York Times, October 26, 2011)

For evidence of the problem, Soghoian  refers the reader to former New York Times executive editor Bill Keller, who discussed Wikileaks’ classified cables over an unencrypted phone line in June 2010. Keller knew that the National Security Agency (NSA) was eavesdropping on international communications. Nevertheless, he discussed the sensitive subject without security, which he dismissively calls a “cone of silence.”

What the NSA learned about that phone call, we may never know.  But, a French case illustrates the perils of unprotected communications.  That case involved communications between a Le Monde journalist and an official in the justice ministry who disclosed information about a scandal that implicated the labor minister. The French intelligence service, DCRI, broke French laws in ordering a telecom company to hand over the journalist’s detailed call records, which included his GPS locations.  Two days later, the DCRI requested records of the justice minister’s calls, after which the whistleblower, Gérard Davet, received a demotion and transfer to the African nation of French Guiana.

Soghoian has high praise for the precautions taken by Wikileaks, writing that “WikiLeaks has spectacular operational security: encrypted instant messages are used for all real-time communications, strong encryption technology is used to protect files as they are passed between individuals, and servers are hidden using the Tor Project, a popular privacy tool that enables anonymous communication.”  However, the long-term survival of Wikileaks is questionable in the face of government-private sector collaboration to deprive the organization of donations.

In today’s high-tech surveillance world, it is increasingly difficult for whistleblowers to disclose information securely.  The private sector, as well as governments, has access to sophisticated surveillance technologies, and even news organizations themselves have engaged in illegal snooping.  Digital imaging products, such as cameras, increasingly include GPS (Global Positioning System) technology that can pinpoint the user’s location.  Copy machines have hard drives that capture images of the documents copied on them.  Surveillance cameras keep a silent watch in businesses, government buildings and on public streets.

Thus, while anonymity is increasingly necessary in order to avoid reprisals, remaining anonymous is increasingly hard to achieve. The day is fast approaching when only  a handful of techno-geeks will dare to blow the whistle on waste, fraud and abuse, and the world will be poorer for it.

Credit: Photo, “Sign of Security” by FortMeade @ Flickr Creative Commons; “some rights reserved.”