May 26, 2014

Media Direct: towards better security for whistleblowers

How can whistleblowers and journalists protect themselves from casual snooping by security agencies? A new secure whistleblowing site offers some answers to the challenge of providing better security for media sources.

Bernard Keane — Politics editor

Bernard Keane

Politics editor

One of the most significant but under discussed problems in contemporary journalism, especially in Australia, is the threat to whistleblowers. Put simply, few Australian journalists can guarantee sources who wish to remain anonymous that their confidence will be protected, if governments are sufficiently determined to track them down. Nor can sympathetic politicians. As Crikey reported last year, the Australian Federal Police has already admitted it has used communications metadata of both journalists and MPs and senators in order to track down whistleblowers and anonymous sources. It doesn’t matter if a journalist is prepared to go to jail rather than reveal a source, or if they're backed by their editor and company, if their phone data can be obtained by the AFP (without needing judicial authorisation) it can lead directly to a source. And that's before you get to the threat posed by National Security Agency-style mass surveillance. Even Glenn Greenwald had to be coached remotely by Edward Snowden to install data encryption software PGP in order to exchange encrypted emails. Whistleblowers are a critical resource for a watchdog press, which is why mass surveillance mechanisms like data retention pose such a fundamental threat not just to privacy, but to the quality of our civil society. Improving basic IT hygiene and making encryption a default practice within the media should be a priority for the media. Encrypting communications and using anonymity tools significantly complicates the task of intelligence and law enforcement agencies in trying to hunt down whistleblowers. But this is an industry that has higher priorities currently, like trying to stay in business. Following the closure of WikiLeaks’ anonymous whistleblower system, outlets like the Wall Street Journal and Al Jazeera tried to establish their own anonymous dropboxes. The News Corporation version was plagued both by security flaws and the basic legal problem that News Corp admitted it would hand over whatever information it had, if forced to. Last year, The New Yorker launched Strongbox, based on code developed by the late Aaron Swartz. And a fortnight ago, Media Direct was launched in Australia, based on the GlobaLeaks platform, developed primarily in Italy (there's already a working system in the Netherlands). In essence, Media Direct seeks to enable encrypted interactions between anonymous whistleblowers, who access it via the Tor relay network, and specified journalists, with the submission server itself not logging anything, thus meaning it has no information to provide should it be targeted by the government of its host country (which remains secret, even from the administrators to the Media Direct site here in Australia). The site automatically deletes material that isn’t used within two weeks, and the keys whistleblowers use to access the server also have a limited lifespan. It’s close to plug-and-play for whistleblowers, as long as they can install Tor. Luke McMahon, the Australian co-ordinator of the project, said the site differed from Strongbox in its goals:
"While we use a significantly modified version of similar open source software, unlike Strongbox we are not backed by a corporate entity. Strongbox is financed by the New Yorker -- we are not a publisher out to monopolise information for a profit, they are."
McMahon said they considered adopting a publishing model but decided not to:
"Journalists are backed institutionally in a way that we are not. They also have various protections such as shield laws in most jurisdictions. By providing a passive communication service journalists can either direct a source to use it, or it's just there … The legal onus, as is always the case in situations where unsolicited information is handed to a journalist, especially in cases where the info has been obtained unlawfully, is placed on the whistleblower. They must abide by our terms and conditions. That means they should not break the law."
"Most corporate entities won't go that road of The New Yorker," McMahon said. "Legal and other institutional barriers prevent them from taking those steps. That's why we don't make agreements with corporate entities, we make agreements with journalists.” The list of signed up journalists includes top Fairfax investigative journalist Richard Baker and gun business journalist Adele Ferguson, The Australian’s higher education reporter Andrew Trounson and myself and Crikey editor Marni Cordell. In the post-Snowden era, no system can guarantee online anonymity for whistleblowers. But currently, journalists are at the other end of scale, struggling to offer even basic protection from casual, warrantless snooping by the endless list of agencies that can obtain metadata on them in Australia. Part of the benefit of a system like Media Direct should be to concentrate media minds on viable ways of better protecting sources.

Free Trial

You've hit members-only content.

Sign up for a FREE 21-day trial to keep reading and get the best of Crikey straight to your inbox

By starting a free trial, you agree to accept Crikey’s terms and conditions


Leave a comment

3 thoughts on “Media Direct: towards better security for whistleblowers

  1. fractious

    Thanks Bernard.

    I am a complete ignoramus about such things as Tor and encryption and so on, nonetheless…

    What’s to stop the snooping agencies (AFP, ASIS etc) leaning on a sympathetic government to get legislation in place that makes installing encryption services like Tor an illegal act? I have a vague memory of a few articles here at Crikey that talked about the Abbott govt’s intentions on internet censorship – is it but a short step from banning access to certain types of socially undesirable sites to shutting off access to Tor and its like?

    I entirely take your point when you say “Whistleblowers are a critical resource for a watchdog press”. I just wish a much greater proportion of the Australian press deserved being called “watch-dogs” – apart from Crikey, The Monthly, The Garuniad (to an extent) and (before it went under) New Matilda, much of Failfax and almost all of News Corpse’s outputs amounted to little more than advertorials or lightly re-hashed agency subs.

    Regardless of my amateur doubts, I hope this Media Direct thing works, because we would all be in a much worse place were it not for the likes of Snowden, Assange (raving egotist as he is) and Wikileaks and the numberless, nameless other whistleblowers, and the software that gives them a (relatively) safe channel.

  2. Liamj

    Sounds good, glad to read the ‘no system can guarantee online anonymity’ admission, and agree that (to paraphrase) half a mask is better than none at all, so long as whistleblowers understand the limits. My crypto-muggle understanding is that the more people running Tor, the harder it is for snoops to snoop, correct?

  3. Brendan Jones

    It’s good to see whistleblowers have a secure path to contact the media, but contacting the media is only the beginning. Just because you contact a journalist doesn’t mean they will run the story. In fact, the odds are very much against it.

    The experiences of the vast majority of whistleblowers is that the media just aren’t interested. I’m one of the lucky ones (Crikey broke my story last year), but the MSM had known was happening for many years (before even I knew about it), but kept quiet, allowing myself and others to come to harm. Criminal lawyer Chris Murphy: “In Court exposed police corruption in 100s of cases. Media reported none of them. Journos knew if they did they lost source of newstips”

    Australia only has a dozen investigative journalists capable of reporting corruption, but they only do a couple of stories at a time, and many stories are never told. (Beat reporters won’t touch corruption. In a few cases where I’ve seen them try to, their editors have told them to drop it.)

    ABC’s Chris Masters: “For every story that goes to air, there are dozens that never make the cut – perhaps because they cannot be fully checked, the source is unreliable, or because they are replaced by something more urgent. Yet these untold stories are often the most intriguing of all.”

    Wendy Bacon: “The biggest difficulty for the whistleblower is finding a journalist who has the time to do the work. Even with people who can mentally package a large amount of information, you need to have lots of time at a stretch to do complicated stories. This requires a huge amount of focus and there are simply not mainstream employers prepared to do that now, except on the rare occasion. It was always difficult but it was better.”

    Investigative journalists have to do the same job that lawyers do, but they don’t get paid $230-$500 p/h for it, and have to do it weeks (or days) what lawyers get to do over many years. It’s very risky reporting unflattering news about powerful figures:

    With no Federal ICAC and the AFP politicised, only journalists can hold the government accountable, but cannot while constantly under threat of defamation. Joe Hockey is suing Fairfax for defamation. So is Nick Di Girolamo, also suing three investigative journalists. Craig Thomson sued Fairfax. So did Eddie Obeid, winning $1M and telling Kate McClymont: “You put one word out of place and I will take you on again. You are a lowlife. I will go for you, for the jugular.”

    The ABC’s Chris Masters who won a 13 year long defamation case warned: “Journalists and broadcasters are just not going to do stories when defamation proceedings become as arduous and lengthy as this one was. … You watch your morale and assets erode all the while surrounded by lawyers who are having the time of their lives. Horrible.” It takes years and costs millions to defend a defamation suit. Geoffrey Robertson QC points out cases where newspapers have printed the truth and still lost.

    American journalists have strong constitutional protection, the US courts ruling that democracy cannot function without the free-flow of information on matters of public interest and on the conduct of public officials. Aussie journalists don’t have that protection, and over 200 years our media has been beaten into servility. +

    Journalist Stephen Mayne has compiled a long list of defamation actions:

    Then there’s the matter of Section 70 and State ‘secrecy’ laws. A public servant who leaks information to a journalist can be jailed for two years. +

    This is completely different in the US where “The general legal theory is that the public’s interest in how public dollars are spent and public safety decisions are made is very strong, and public employees are in a very good position to address those public interests.”

    Whistleblower laws will not protect you

    State and federally, these laws are a sham. They prevent a whistleblower from going to the media:

    You might think, ahhh, but if I leak anonymously they can’t catch me. Thing is, they don’t have to:

    Allan Kessing did blow the whistle on Customs corruption, but he did so internally. The AFP never had evidence that Allan Kessing was the one who leaked that information to The Australian. He went to his local member and Shadow Transport Minister Anthony Albanese… who said he would not take any action (WTF?) Kessing: “I agreed to take it to my local MP, Anthony Albanese, but for whatever reason, nothing came of that.” The report was leaked to The Australian. That information was never revealed at Kessing’s trial, and it turned out the AFP had withheld evidence of Kessing’s innocence. When Rudd learned of these new allegations, he refused to investigate them. Kessing wasn’t even allowed a public interest defence at his trial. Despite the new evidence, Kessing is financially exhausted and can’t afford an appeal, and despite all this Labor Justice Minister Jason Clare still refused him a pardon. (All these stories are linked here: )

    Journalist Phil Dorling @AusFlatFish has had similar experiences.

    And then there’s the case of whistleblower Mick Skrijel, where the cops allegedly fabricated evidence to silence him:

    The irony here is Kessing drew attention to himself by blowing the whistle internally. So you see, whether or not you leak information is irrelevant. If the AFP *think* you leaked it, you’re going down.

    Don’t be suckered into thinking the courts will protect you. Brian Martin: “Many people think of the law as a great protector, as a place where justice is dispensed. If only it were true! Actually, the legal system serves best those who have the most power and money. … Formal channels [including the courts] don’t work when challenging a more powerful person or organisation.” + Evan Whitton’s

    The statistics are taking a story to the press only fixes the problem 10% of the time, and even if the guilty are bought to justice, the whistleblowers are inevitably harmed. Brian Martin’s ‘Suppression Stories’ is fascinating if very depressing reading:

Share this article with a friend

Just fill out the fields below and we'll send your friend a link to this article along with a message from you.

Your details

Your friend's details