3. Request Confidentiality: If you would like us to consider treating your submission as confidential before providing any materials, please make this request through this online submission form. Please note that until we mutually decide to enter into a confidential relationship, any information you send to us (including contact information) can be used for any purpose, as outlined in point 1 above, and described more fully below in the Limitations section). If we enter into a confidential relationship, Dow Jones will take all available measures to protect your identity while remaining in compliance with all applicable laws.
Wikileaks version:
2.3 Protection for you
Wikileaks does not record any source-identifying information and there are a number of mechanisms in place to protect even the most sensitive submitted documents from being sourced. We do not keep any logs. We can not comply with requests for information on sources because we simply do not have the information to begin with. Similarly we can not see your real identity in any anonymised chat sessions with us. Our only knowledge of you as a source is if you provide a coded name to us. A lot of careful thought by world experts in security technologies has gone into the design of these systems to provide the maximum protection to you. Wikileaks has never revealed a source.
If wikileaks knows so little about their sources, how do they establish the legitimacy of the documents they receive? In other words, what's stopping me from using previously leaked documents as a sort of "style guide" for forging new documents and then "leaking" them to wikileaks?
EDIT: I should point out that, in practice, somebody from the originating organization inevitably confirms the authenticity of the leaked documents through contacts with more traditional journalists. But what would happen if a set of documents were leaked and nobody was able to confirm them?
This still leaves open the question: what happens if nobody can or will verify? What if the company in the cited incident had instead played the line: "We want to know who gave you those documents because they are fraudulent and we want to pursue libel action against the party who released them," or even, "if you don't turn over the source, we'll pursue libel action against wikileaks."
Alternately, what if a set of documents really are forged, but it's an inside job? The same person or persons who "leak" the document to wikileaks could then "verify" it to journalists "on condition of anonymity." The journalists would know that their sources are from the appropriate organization, but nobody would have all of the information necessary to connect the dots that the leaker and the verifier are the same person or group. I could definitely see this being used as part of a corporate power struggle (make a rival look bad, get him fired; or do the same to your boss) or a political struggle in government (use politically sympathetic career bureaucrats to generate a scandal for an incumbent six weeks before election day).
I could see how others might disagree, but I think the WSJ's terms are reasonable. The WSJ also has an admirable policy of not respecting embargoes slapped on press releases unless there's an agreement in advance.
If what you're leaking is so secret that you can't even discuss it with them in advance, then you shouldn't trust them period. It's on you as the leaker to make sure they have no way to determine your identity in the first place.
Only one of the two has proven themselves to be trustworthy at all, and only one of them doesn't use weasel words in their terms. If your criteria is whether the leaker is unsure of being able to discuss their material, the WSJ is even more useless.
Basically, it appears you're arguing for the case that the WSJ is a great place to send your leaks if you already know there won't be repercussions (via your own precautions or their flaccid protections), which is pretty much what they have now. What's the difference between this and a link to "tips@wsj.com"?
No, not at all. I'm arguing that the new system is good for people who already want to leak things to the WSJ. If you don't trust the WSJ to protect your identity then you obviously should not leak to them, period.
It's different from emailing tips@wsj.com because there's an explicit promise to minimize identifiable information and to limit access to messages. It's also tough to send large files by email.
Is there a gray area between this project and normal source protection by reporters? I'd say on the face of it that the WSJ Fakeyleaks is less protective than contacting a reporter directly, since the investigative reporter's reputation hinges on not burning their sources.
So, if you already want to leak things to the WSJ, that mechanism already existed. If anything this is probably just Rupert being butthurt over his loss of control over the mass-media news landscape and "me too!"'ing on WL. Nice try, old man.
I just posted a comment about that elsewhere on this thread -- that's what disturbs me so much about this. It's creating a separate level of protection that people won't understand (journalism ethics proscribe that you don't give up your source, ever). The WSJ needs to stay out of this unless its going to protect these submitters to the same level as any other source (and you don't give people up because you're being sued).
Who's going to trust the WSJ if they have anything of serious consequence? Rupert Murdoch has been pretty cozy to western governments and large corporations, so why would I as a whistleblower/leaker choose WSJ's outfit given the ideological and conflict of interest issues?
Say what you will about WikiLeaks, but it's pretty much got one purpose and no obvious conflict of interest. In the case of SafeHouse... not so much.
I agree with you, but unfortunately lots of people trust the WSJ. Many people consider it an unbiased source of business information and would think its a good place to leak information. Many people cannot think beyond the brand.
> How could providing better protection for their sources be a bad thing?
Why would you assume they would actually provide better protection? Because they said so?
But, then a valid question is "How do we know if Wikileaks provides good enough protection?" and the answer is that we don't know exactly, but we trust it more because of its past willingness to go against the grain and not play along with the govt and corporate entities. Its members are routinely harassed, its head is on some show trial waiting deportation, one of the sources has been locked in isolation for months and months.
I personally wouldn't trust WSF to provide any protection for any important information. I would just assume it would log all the identifying information and when their liason from FBI calls they would be more than happy to provide that info without a court order. That is just my personal attitude towards WSJ.
Well, yeah, of course because they said so. I guess an independent security audit would be nice too, though I'm not sure how much that would actually count for.
If you don't trust the WSJ then you are not going to leak them documents with or without this service, right? I mean, it's a tautology: if you don't trust them... then you don't trust them. But trying to make things safer for people who do want to leak to them is good.
"...one of the sources has been locked in isolation for months and months."
As a potential source, wouldn't this make one less confident in wikileaks' ability to protect their sources? I realize that in this particular case it's abundantly clear that he was fingered by someone outside of wikileaks, but it is not beyond the realm of the possible that a flaw in wikileaks' system could leave sources vulnerable.
> As a potential source, wouldn't this make one less confident in wikileaks' ability to protect their sources?
No because in this particular case, Manning has bragged and got himself caught. It wasn't Wikileaks. But I believe he is persecuted and held in isolation in order to pressure him to implicate Wikileaks. Because of this, one would trust Wikileaks as they clearly do not have a buddy-buddy relationship with the US govt. I wouldn't be able to say the same thing about WSJ.
It's not better protection, it's worse. The fact that they have that clause proves it -- journalists don't tell their sources they'll give them up in the face of a lawsuit, but this clause is saying the paper will to people who leak in this method = less protection.
The concern isn't that he'll release the information you intend to be released — it's that he'll release information about you. If you leak proof that the government is spraying chemtrails to reduce the excess population, you still might not want people knowing you're the one who leaked it. So the question becomes, would you trust Murdoch to keep your identity secret?
You can say that Murdoch has been cozy with western governments and corporations, but he's also been pretty successful with his media properties.
If News Corp thinks that there's profit to be made in a Wikileaks style operation, more power to them. I have no doubt Murdoch can flip whenever he feels the winds are in his favor for making future profits- he did in Britain when Labour started became dominant.
I think that's the point — if opportunistic financial success is his only goal, there's no good reason to believe he won't sell you out. It's the same reason we don't offer incentive bonuses to gravediggers.
As for his media companies, again, they're great if you're just measuring money, but they're not all necessarily well-respected by their peers. Fox News is tremendously successful from a financial standpoint, but it doesn't have a great reputation as an actual news source among people who don't agree with Murdoch's politics.
Wouldn't distrust and lack of credibility be a check for this moral hazard?
Surely someone at News Corp understands the value of keeping sources confidential and the the value of a scoop? People might not agree with their prevailing ideology, but there's no evidence that News Corp double crosses sources.
Distrust and widely perceived lack of credibility does not appear to have swayed Fox News very much — only when advertisers started pulling out did Fox can Glenn Beck. And they haven't really been in any situation where revealing their sources would have been advantageous as far as I can recall, so that's neither here nor there.
>"If News Corp thinks that there's profit to be made in a Wikileaks style operation"
I believe that this totally misses the point of whistle-blowing / disclosure. The mere fact that they're doing it for-profit is, at least to me, a pretty good indication that it won't be unbiased or uncensored.
Journalistic virtue is a rare thing. Everyone has an agenda, either ideological or commercial. The only thing we can do is take what we can get and consider the source.
You don't need to trust 'em. Worst case scenario is that you leak to 'em and they ignore it so you go take your leak somewhere else.
Competition is always good. Whether or not wikileaks has obvious "conflict of interest" they have a certain ideological outlook, and having a competitor with a different ideological outlook might help in cases where wikileaks chooses to sweep something under the rug.
You have to trust their promise that their anonymous submission process is actually reasonably anonymous. Many whistleblowers probably couldn't tell between an anonymous process and a seemingly anonymous process that isn't.
Right. But in this case trusting WSJ to keep your anonymous submission secure as well as trusting their ability to run a leaks site would be a mistake:
So how to they catch all those "online pirates"? I am sure they don't provide their address, name, and social security number when they download a song for example. However that has not stopped thousands upon thousands of cases to be filed (now whether you think identifying people by IP is right or wrong is besides that point, it is happening and it is part of the system). So "no" you should not leak anything to these people unless you know every well how to hide (chances are you might not, even your browser's identifying info like fonts, OS version etc. can be used to narrow down the search and there are other things as well).
If you're going to be that paranoid, you should consider carefully the credibility of whoever you're leaking things to. Do they have a track record of keeping secrets? How hard are they for The Man to pressure? And so on. Wikileaks does very well by those criteria. The WSJ has less of a track record, and inspires less confidence with their privacy policy and somewhat dubious web site security.
The best thing that could happen is that the WSJ hears criticisms like this, takes them to heart, and turns into a serious competitor to Wikileaks. As it is, though, they've got a lot of catching up to do.
Let's say the cables that WikiLeaks got hold of were sent to WSJ through this method, would they be willing to publish them and face the rath of the US Government?
(Alternatively, if they were to publish them, would the US Government be forced to respond differently to how they did with WikiLeaks, so as to not be seen as hindering free press? I'm sure in the public's eyes, going after WikiLeaks is a much smaller thing than going after a paper as big as WSJ.)
> would they be willing to publish them and face the rath of the US Government?
Of course not. Wikileaks isn't solving a technical problem. They need to exist because traditional news agencies aren't willing to take the hit associated with releasing unflattering information. We saw what happened to financial businesses that dared to provide perfectly legal services to Wikileaks. Journalists who imitate Wikileaks can expect to be harassed, fired, or even prosecuted.
I find it ironic that so many traditional media figures bemoaned the loss of their "gatekeeper" role when the birther controversy was still monopolizing headlines. They have no trouble acting as a gatekeeper when journalism threatens the rich and powerful.
The Times and the Journal have both admitted to sitting stories, altering stories and burying facts at the behest of the United States Government. And I can only imagine that 'inflammatory' data about corporations who have a relationship with the Journal would be treated in a similar way.
In short: if publishing doesn't align with their best interests, they can be relied upon to not publish.
(Alternatively, if they were to publish them, would the US Government be forced to respond differently to how they did with WikiLeaks, so as to not be seen as hindering free press? I'm sure in the public's eyes, going after WikiLeaks is a much smaller thing than going after a paper as big as WSJ.)
Well the US Government has yet to manage much in the way of actually going after wikileaks. The Wall St Journal has the advantage of falling under its jurisdiction.
But the answer is: no, I get the impression that the WSJ will be more circumspect about precisely what it publishes. On the other hand if the WSJ does publish your leaked documents they automatically get a lot of credibility. And if you leak documents to the WSJ and they refuse to publish you can always leak 'em to someone else.
On the other hand, it's not like Wikileaks is publishing things indiscriminately nowadays -- they're still sitting on a huge stash of diplomatic cables and releasing a few every time they feel like it. As I've said before, if I were the wikimedia foundation I'd be complaining pretty hard about the fact that Wikileaks isn't actually a Wiki any more.
Depends on whom they were embarrassing. If WSJ (owned by Murdoch) published something embarrassing to the Obama administration then the machinery of the left will spin it as "Oh, that wicked Fox News up to their usual tricks again".
It's amazing that you've come in and criticised "the left" for spinning something pointlessly, when in fact you're just spinning it right back at them, while nobody else had made this discussion in the slightest bit party-political.
I assumed that they would until I read this:
"If you upload or submit any Content, you represent to Dow Jones that you have all the necessary legal rights to upload or submit such Content and it will not violate any law or the rights of any person."
https://www.wsjsafehouse.com/terms.html
"Dow Jones retains sole discretion in deciding what to do, if anything, with the information received through SafeHouse. Dow Jones does not make any representations that the information provided through SafeHouse will be used or published in any form."
I don't imagine much fun information coming out of this.
In all seriousness, what do you expect to find in their TOS? What if I send them an email showing that one of my colleagues is sleeping with the boss. Are they going to guarantee it will get published? In the end it will come down to trust. If they act in a manner that wins the trust of whistleblowers, they'll get whistleblowing. I can't see any of the legalese affecting this one way or the other.
The words "Dow Jones" is enough for me to dismiss this, at least as a real competitor to Wikileaks. But sure, to be more serious, plenty of good information outside of their sphere of interest could still get released.
It allows them to sue the anonymous uploader for breach of contract or perjury or whatever if they want (which they don't), but it turns it the rights into the uploader's issue, not Dow Jones'.
For me, the entire point of Wikileaks is that it is a secure way to leak anonymously designed by a crypto theorist and expert. The security involved with this WSJ thing is opaque, and sounds loosey-goosey based on the Delany paraphrase here. I think they would have been better off trying to get Openleaks off the ground, because Domscheit-Berg seems like he has a model of being a trustworthy technical middle man for traditional outlets.
My bet is that the WSJ is not comfortable with actually not knowing the sources of the leaks - the security sounds like its goal is to prevent intrusion by external entities, rather than to anonymize.
I was about to post this when I saw your reply. I'll add it here instead since it's similar:
The term 'competitor' is all wrong. Ostensibly, the point of WikiLeaks is to publish the truth. If WSJ wants to compete with that it sounds like they want their own truth. Of course the SafeHouse site doesn't describe itself as a competitor, but it doesn't compare itself to or even make mention of WikiLeaks either -- I think that betrays competitive intentions.
For WikiLeaks and similar sources to function, what's needed is redundancy in some kind of mutually-respectful oligarchy. Those two items will keep them online and honest in aggregate (to some degree.)
As a journalist I find it really disturbing that the WSJ has this clause.
The #2 rule in journalism (after tell the truth) is protect your sources -- if you promise not to reveal your source, you don't reveal your source. It's not, "well, I promise not to reveal you -- unless I get a subpoena, then you're SOL." And yes, that means going to jail if you have to. Which is why as a journalist you have to be very careful who you give it to.
I realize that by the nature of what they've posted they're not promising it, so now there's two standards -- if you submit through the site, you have some protection, but to a journalist on their staff, then, you have the (assumed) full protection. But now there's that separate level of protection -- we'll give you anonymity, depending on some sort of arbitrary process if submitted through this site. And most people don't understand what a professional reporter will (or should) do for their source -- if they hand papers over in one or two cases, many people will assume that all journalists will just cave,and that will hurt everyone.
I do understand why they don't want to give blanket full protection for things unknown/unseen, but unless they're willing to do that, I really don't think a journalistic entity should do this kind of site at all.
Its a step in the right direction. Traditional responses to the market failures, corruption, fraud and general seediness of those in power has been more regulation. And that hasn't really worked too well has it..
What we need is transparency, while protecting privacy. Shining a bright light into the dark corners of wrong-doing should serve as a better deterrent than any ambiguous, unenforceable regulation.
Lets hope the safehouse gets some competition (nytimes are you listening?)
Leaking stuff to newspapers is a time-honoured tradition. But with an anonymous upload site it can be done much more easily.
The biggest problem I see is fake leaks. Make up some fake documents to embarrass someone you don't like (or just for the sake of the lulz) and how are they supposed to verify whether they're real or not before publishing 'em?
But that doesn't help. If I have in my hand what is supposedly a top-secret document then how do I confirm whether it's real or not? (Let's assume that the forgers haven't made any obvious mistakes.) I sure as hell can't go knocking on the door and asking whether I can compare this document with the original version.
A great example was the Rather-gate memos from the 2004 election, a supposedly "leaked" memo which got published with great fanfare despite the fact that the forgers did make some obvious errors (ie producing a 1970s document in Microsoft Word using default fonts, spacing and parameters). But if the forgers hadn't been complete dumbasses then how would we have ever known whether they were real?
Unfortunately, unless you can verify them, you don't publish them. That does mean that some things that are genuine will not get published. But it avoids what's worse -- publishing things that aren't true.
This is huge. Maybe their implementation will take off and maybe it won't, but either way this is a tacit admission by the WSJ that the WikiLeaks model will be a serious part of what it means to commit journalism going forward.
All of the lawyerly caveats have to be taken in context of that you have a major US media organization now following in the footsteps of a widely disparaged and isolated vigilante organization. This is just standard CYA protocol.
This is probably way for them to aggregate potential exclusive story ideas. I'd treat it like you were going to speak to a reporter anonymously, they may have your back, they may not.
It's so sad to me that people think of it this way -- not guaranteed. You should always be able to trust a reporter who promises you that. The unethical ones really burn us all.
I don't mean to disparage all the good journalists out there, they certainly exist and I have massive respect for the ones that go to jail for their sources. But WikiLeaks has already built a reputation and technical infrastructure, important things that this new site doesn't have.
Why not? The last Watergate broke via the Washington Post.
Actually I think the question of who breaks the next Watergate may depend on whose ox is being gored. If you're leaking information to bring down a Republican president you'll leak to a left-leaning outlet (like wikileaks) and if you're leaking information to bring down a Democrat president then you'll leak to a right-leaning outlet like the WSJ.
Wikileaks and the WSJ is not perfect symmetry, but it is satisfying to know that all ideological bases are more or less covered.
3. Request Confidentiality: If you would like us to consider treating your submission as confidential before providing any materials, please make this request through this online submission form. Please note that until we mutually decide to enter into a confidential relationship, any information you send to us (including contact information) can be used for any purpose, as outlined in point 1 above, and described more fully below in the Limitations section). If we enter into a confidential relationship, Dow Jones will take all available measures to protect your identity while remaining in compliance with all applicable laws.
Wikileaks version:
2.3 Protection for you
Wikileaks does not record any source-identifying information and there are a number of mechanisms in place to protect even the most sensitive submitted documents from being sourced. We do not keep any logs. We can not comply with requests for information on sources because we simply do not have the information to begin with. Similarly we can not see your real identity in any anonymised chat sessions with us. Our only knowledge of you as a source is if you provide a coded name to us. A lot of careful thought by world experts in security technologies has gone into the design of these systems to provide the maximum protection to you. Wikileaks has never revealed a source.