
The Wall Street Journal Launches a WikiLeaks Competitor, SafeHouse - ssclafani
http://www.theatlantic.com/technology/archive/2011/05/the-wall-street-journal-launches-a-wikileaks-competitor-safehouse/238421/
======
kurtsiegfried
WSJ Terms about Confidentiality:

3\. Request Confidentiality: If you would like us to consider treating your
submission as confidential before providing any materials, please make this
request through this online submission form. Please note that until we
mutually decide to enter into a confidential relationship, any information you
send to us (including contact information) can be used for any purpose, as
outlined in point 1 above, and described more fully below in the Limitations
section). If we enter into a confidential relationship, Dow Jones will take
all available measures to protect your identity while remaining in compliance
with all applicable laws.

Wikileaks version:

2.3 Protection for you

Wikileaks does not record any source-identifying information and there are a
number of mechanisms in place to protect even the most sensitive submitted
documents from being sourced. We do not keep any logs. We can not comply with
requests for information on sources because we simply do not have the
information to begin with. Similarly we can not see your real identity in any
anonymised chat sessions with us. Our only knowledge of you as a source is if
you provide a coded name to us. A lot of careful thought by world experts in
security technologies has gone into the design of these systems to provide the
maximum protection to you. Wikileaks has never revealed a source.

~~~
lucasjung
If wikileaks knows so little about their sources, how do they establish the
legitimacy of the documents they receive? In other words, what's stopping me
from using previously leaked documents as a sort of "style guide" for forging
new documents and then "leaking" them to wikileaks?

EDIT: I should point out that, in practice, somebody from the originating
organization inevitably confirms the authenticity of the leaked documents
through contacts with more traditional journalists. But what would happen if a
set of documents were leaked and nobody was able to confirm them?

~~~
georgieporgie
There's a humorous example of verification given in Assange's TED
conversation, starting around the twelve minute mark:
[http://www.ted.com/talks/julian_assange_why_the_world_needs_...](http://www.ted.com/talks/julian_assange_why_the_world_needs_wikileaks.html)

~~~
lucasjung
This still leaves open the question: what happens if nobody can or will
verify? What if the company in the cited incident had instead played the line:
"We want to know who gave you those documents because they are fraudulent and
we want to pursue libel action against the party who released them," or even,
"if you don't turn over the source, we'll pursue libel action against
wikileaks."

Alternately, what if a set of documents really _are_ forged, but it's an
inside job? The same person or persons who "leak" the document to wikileaks
could then "verify" it to journalists "on condition of anonymity." The
journalists would know that their sources are from the appropriate
organization, but nobody would have all of the information necessary to
connect the dots that the leaker and the verifier are the same person or
group. I could definitely see this being used as part of a corporate power
struggle (make a rival look bad, get him fired; or do the same to your boss)
or a political struggle in government (use politically sympathetic career
bureaucrats to generate a scandal for an incumbent six weeks before election
day).

------
r00fus
Who's going to trust the WSJ if they have anything of serious consequence?
Rupert Murdoch has been pretty cozy to western governments and large
corporations, so why would I as a whistleblower/leaker choose WSJ's outfit
given the ideological and conflict of interest issues?

Say what you will about WikiLeaks, but it's pretty much got one purpose and no
obvious conflict of interest. In the case of SafeHouse... not so much.

~~~
eli
I don't quite get the vitriol.

People leak things to the WSJ all the time. You may not like their Editorial
page, but their business reporting is pretty solid and well-respected.

How could providing better protection for their sources be a bad thing?

~~~
rdtsc
> How could providing better protection for their sources be a bad thing?

Why would you assume they would actually provide better protection? Because
they said so?

But, then a valid question is "How do we know if Wikileaks provides good
enough protection?" and the answer is that we don't know exactly, but we trust
it more because of its past willingness to go against the grain and not play
along with the govt and corporate entities. Its members are routinely
harassed, its head is on some show trial waiting deportation, one of the
sources has been locked in isolation for months and months.

I personally wouldn't trust WSF to provide any protection for any important
information. I would just assume it would log all the identifying information
and when their liason from FBI calls they would be more than happy to provide
that info without a court order. That is just my personal attitude towards
WSJ.

~~~
lucasjung
"...one of the sources has been locked in isolation for months and months."

As a potential source, wouldn't this make one _less_ confident in wikileaks'
ability to protect their sources? I realize that in this particular case it's
abundantly clear that he was fingered by someone outside of wikileaks, but it
is not beyond the realm of the possible that a flaw in wikileaks' system could
leave sources vulnerable.

~~~
rdtsc
> As a potential source, wouldn't this make one less confident in wikileaks'
> ability to protect their sources?

No because in this particular case, Manning has bragged and got himself
caught. It wasn't Wikileaks. But I believe he is persecuted and held in
isolation in order to pressure him to implicate Wikileaks. Because of this,
one would trust Wikileaks as they clearly do not have a buddy-buddy
relationship with the US govt. I wouldn't be able to say the same thing about
WSJ.

------
corin_
Let's say the cables that WikiLeaks got hold of were sent to WSJ through this
method, would they be willing to publish them and face the rath of the US
Government?

(Alternatively, if they were to publish them, would the US Government be
forced to respond differently to how they did with WikiLeaks, so as to not be
seen as hindering free press? I'm sure in the public's eyes, going after
WikiLeaks is a much smaller thing than going after a paper as big as WSJ.)

~~~
moondistance
I assumed that they would until I read this: "If you upload or submit any
Content, you represent to Dow Jones that you have all the necessary legal
rights to upload or submit such Content and it will not violate any law or the
rights of any person." <https://www.wsjsafehouse.com/terms.html>

~~~
orblivion
"Dow Jones retains sole discretion in deciding what to do, if anything, with
the information received through SafeHouse. Dow Jones does not make any
representations that the information provided through SafeHouse will be used
or published in any form."

I don't imagine much fun information coming out of this.

~~~
raganwald
In all seriousness, what do you expect to find in their TOS? What if I send
them an email showing that one of my colleagues is sleeping with the boss. Are
they going to guarantee it will get published? In the end it will come down to
trust. If they act in a manner that wins the trust of whistleblowers, they'll
get whistleblowing. I can't see any of the legalese affecting this one way or
the other.

~~~
orblivion
The words "Dow Jones" is enough for me to dismiss this, at least as a real
competitor to Wikileaks. But sure, to be more serious, plenty of good
information outside of their sphere of interest could still get released.

------
pessimizer
For me, the entire point of Wikileaks is that it is a secure way to leak
anonymously designed by a crypto theorist and expert. The security involved
with this WSJ thing is opaque, and sounds loosey-goosey based on the Delany
paraphrase here. I think they would have been better off trying to get
Openleaks off the ground, because Domscheit-Berg seems like he has a model of
being a trustworthy technical middle man for traditional outlets.

My bet is that the WSJ is not comfortable with actually _not knowing_ the
sources of the leaks - the security sounds like its goal is to prevent
intrusion by external entities, rather than to anonymize.

------
jbooth
"Competing" with Wikileaks seems to miss the point. You can collaborate, or
you can oppose. The goal is to publish information, not to monopolize it.

(Although if this gets the libertarians/republicans off of their cultural-
identity perch and into the game, then I'm all for it.)

~~~
smosher
I was about to post this when I saw your reply. I'll add it here instead since
it's similar:

The term 'competitor' is all wrong. Ostensibly, the point of WikiLeaks is to
publish the truth. If WSJ wants to compete with that it sounds like they want
their own truth. Of course the SafeHouse site doesn't describe itself as a
competitor, but it doesn't compare itself to or even make mention of WikiLeaks
either -- I think that betrays competitive intentions.

For WikiLeaks and similar sources to function, what's needed is redundancy in
some kind of mutually-respectful oligarchy. Those two items will keep them
online and honest in aggregate (to some degree.)

Sadly even the EFF is using the term 'competitor' to describe similar
potential sites. See here: [https://www.eff.org/deeplinks/2011/02/will-rise-
wikileaks-co...](https://www.eff.org/deeplinks/2011/02/will-rise-wikileaks-
competitors-make)

------
blhack
You guys are missing the point. Nobody will use this because it's "generic",
and WSJ knows this.

What this _does_ is lend credibility to wikileaks.

~~~
arkitaip
So WSJ is doing this ... to support Wikileaks?!

------
asolove
Nothing makes me feel more secure than "a fairly complicated" system!

~~~
mattdeboard
If it's complicated, it must be foolproof!

------
msredmond
As a journalist I find it really disturbing that the WSJ has this clause.

The #2 rule in journalism (after tell the truth) is protect your sources -- if
you promise not to reveal your source, you don't reveal your source. It's not,
"well, I promise not to reveal you -- unless I get a subpoena, then you're
SOL." And yes, that means going to jail if you have to. Which is why as a
journalist you have to be very careful who you give it to.

I realize that by the nature of what they've posted they're not promising it,
so now there's two standards -- if you submit through the site, you have some
protection, but to a journalist on their staff, then, you have the (assumed)
full protection. But now there's that separate level of protection -- we'll
give you anonymity, depending on some sort of arbitrary process if submitted
through this site. And most people don't understand what a professional
reporter will (or should) do for their source -- if they hand papers over in
one or two cases, many people will assume that all journalists will just
cave,and that will hurt everyone.

I do understand why they don't want to give blanket full protection for things
unknown/unseen, but unless they're willing to do that, I really don't think a
journalistic entity should do this kind of site at all.

------
mayukh
Its a step in the right direction. Traditional responses to the market
failures, corruption, fraud and general seediness of those in power has been
more regulation. And that hasn't really worked too well has it..

What we need is transparency, while protecting privacy. Shining a bright light
into the dark corners of wrong-doing should serve as a better deterrent than
any ambiguous, unenforceable regulation.

Lets hope the safehouse gets some competition (nytimes are you listening?)

~~~
hugh3
Leaking stuff to newspapers is a time-honoured tradition. But with an
anonymous upload site it can be done much more easily.

The biggest problem I see is fake leaks. Make up some fake documents to
embarrass someone you don't like (or just for the sake of the lulz) and how
are they supposed to verify whether they're real or not before publishing 'em?

~~~
CapitalistCartr
By doing their job. Much of journalism is research.

~~~
hugh3
But that doesn't help. If I have in my hand what is supposedly a top-secret
document then how do I confirm whether it's real or not? (Let's assume that
the forgers haven't made any obvious mistakes.) I sure as hell can't go
knocking on the door and asking whether I can compare this document with the
original version.

A great example was the Rather-gate memos from the 2004 election, a supposedly
"leaked" memo which got published with great fanfare despite the fact that the
forgers _did_ make some obvious errors (ie producing a 1970s document in
Microsoft Word using default fonts, spacing and parameters). But if the
forgers _hadn't_ been complete dumbasses then how would we have ever known
whether they were real?

~~~
msredmond
Unfortunately, unless you can verify them, you don't publish them. That does
mean that some things that are genuine will not get published. But it avoids
what's worse -- publishing things that aren't true.

~~~
hugh3
Yes, that's the way it _should_ work. It's not the way that they do, though.

Heck, has a single Wikileaks document ever been proven to be genuine?

------
RainFlutter
This is huge. Maybe their implementation will take off and maybe it won't, but
either way this is a tacit admission by the WSJ that the WikiLeaks model will
be a serious part of what it means to commit journalism going forward.

All of the lawyerly caveats have to be taken in context of that you have a
major US media organization now following in the footsteps of a widely
disparaged and isolated vigilante organization. This is just standard CYA
protocol.

------
marcusbooster
This is probably way for them to aggregate potential exclusive story ideas.
I'd treat it like you were going to speak to a reporter anonymously, they may
have your back, they may not.

~~~
msredmond
It's so sad to me that people think of it this way -- not guaranteed. You
should _always_ be able to trust a reporter who promises you that. The
unethical ones really burn us all.

~~~
marcusbooster
I don't mean to disparage all the good journalists out there, they certainly
exist and I have massive respect for the ones that go to jail for their
sources. But WikiLeaks has already built a reputation and technical
infrastructure, important things that this new site doesn't have.

------
yahelc
I was impressed that this site didn't make any obvious privacy snafus: HTTPS,
no cookies, no externally hosted files, no JavaScript analytics running.

------
jmjerlecki
I agree this is a step in the right direction, but I don't imagine something
like Watergate breaking from SafeHouse.

~~~
hugh3
Why not? The last Watergate broke via the Washington Post.

Actually I think the question of who breaks the next Watergate may depend on
whose ox is being gored. If you're leaking information to bring down a
Republican president you'll leak to a left-leaning outlet (like wikileaks) and
if you're leaking information to bring down a Democrat president then you'll
leak to a right-leaning outlet like the WSJ.

Wikileaks and the WSJ is not perfect symmetry, but it is satisfying to know
that all ideological bases are more or less covered.

------
lazugod
The WSJ doesn't already have the capability to take in and report directly on
confidential leaks?

~~~
msredmond
You're exactly right that they do -- it's called reporters.

If you're going to submit to the WSJ, do it through a person -- not this
system.

