Search Mailing List Archives
[liberationtech] Safer submission of content to news organizations
DObrien at cpj.org
Tue Jan 17 09:47:33 PST 2012
On Tue, Jan 17, 2012 at 11:39:36AM -0500, Martyn Williams wrote:
> Hi to all on this list. I've been following discussions here for a while
> but this is the first time I'm posting.
> I'm a Knight Journalism Fellow at Stanford this year, which means I have
> a year off from reporting to follow projects that interest me and help
> innovate in journalism in some way.
> One of my two projects is focused on the security of consumers who
> supply content (text, photo or video) to news organizations.
> I see a lot of work being done on how citizens/activists/bloggers and
> others can secure information on their end but I haven't seen much done
> on the other end by the news organizations. Sometimes they offer little
> more than an email address or Facebook page for submissions.
> So my project asks: If news organizations are to solicit content from
> people on the ground (and there are no signs this will stop), what can
> they do to make it safer for those submitting the information?
> Should they set up a dedicated server, rely on a cloud service, use a
> certain type of encryption, base it on a particular technology, etc etc?
> The goal isn't anonymity like Wikileaks - that brings a heap of
> editorial problems with it - but making it harder for tracking to link
> person A with news organization B. It should also be practical to implement.
I spoke to CJR about this last week, including some of the failed
attempts so far. I think it's much of a culture clash between
traditional journalisms and comp.security environments.
Essentially, the problem you face is one of differing threat models. In
traditional journalism, the idea is that you and your source would know
each other's identities, but the journalist would be ethically bound
(and legally protected) from revealing the whistleblower's name.
Traditionally this hasn't required "anonymity".
Your problem is that any networked connection is vulnerable to making
that identification between the two users, journalist and whistleblower,
unless you maintain absolute anonymity over the network, but provide
some form of consistent attestation (ie, I don't know who you are, but
you're the same person as I talked to last time). Any actual identity
can be ascertained out of band. (I'm that guy you met that one time
wearing a rose. We both know Bill's shoe size. etc)
It's worth reading the original paper for OTR which covers some of these
particular requirements in depth.
> It will ideally be based on open-source technologies that are freely
> available and can be implemented by news organizations of any size.
> If successful, I hope to present this to news organizations, push for
> its adoption, and raise awareness of the need for media groups to think
> about the safety of those sending content.
> I welcome comments off list. If anyone has heard of or is working on
> similar technology or has an interest in collaborating I'd love to hear
> from you.
> Martyn Williams
> 2012 John S. Knight Journalism Fellow
> Stanford University
> Cell: 650-391-4868
> liberationtech mailing list
> liberationtech at lists.stanford.edu
> Should you need to change your subscription options, please go to:
> If you would like to receive a daily digest, click "yes" (once you click above) next to "would you like to receive list mail batched in a daily digest?"
> You will need the user name and password you receive from the list moderator in monthly reminders.
> Should you need immediate assistance, please contact the list moderator.
> Please don't forget to follow us on http://twitter.com/#!/Liberationtech
Internet Advocacy Coordinator
Committee to Protect Journalists
+1 408 480 3412
More information about the liberationtech