Everything online journalists need to protect their legal rights. This free resource culls from all Reporters Committee resources and includes exclusive content on digital media law issues.
From the Summer 2011 issue of The News Media & The Law, page 12.
The success WikiLeaks has had in acquiring leaked documents has resulted in traditional media entities launching their own document drop box websites.
The Wall Street Journal and Qatar-based television network Al Jazeera launched online drop boxes earlier this year, and former New York Times Executive Editor Bill Keller told Yahoo in January that the paper may launch a similar service.
“Keep your identity anonymous or confidential, if needed,” boasts the website for the Journal’s drop box, SafeHouse, which was launched in May.
SafeHouse provides users with three options for submitting content: a standard option, an anonymous option and an option to request confidentiality.
The Journal will only agree to protect a user’s confidentiality if the paper and the user reach a confidentiality agreement prior to the uploading of any documents.
Even still, SafeHouse’s terms say a confidentiality agreement is not absolute.
“If we enter into a confidential relationship, Dow Jones will take all available measures to protect your identity while remaining in compliance with all applicable laws,” the terms say.
The terms also note that “[w]e are unable to ensure the complete confidentiality or anonymity of anything you send to us.”
The Al Jazeera Transparency Unit
Four months prior to the launch of SafeHouse, the Al Jazeera satellite television network, which is owned by state-controlled Qatar Media Corp., launched its online drop box: Al Jazeera Transparency Unit.
The project has already resulted in the release of nearly 1,700 confidential documents related to the Israeli-Palestinian peace process, dubbed the Palestine Papers.
Providing contact information to the Transparency Unit is optional, but, unlike SafeHouse, the Transparency Unit does not provide an option to enter into a confidentiality agreement.
However, the site promises to protect user’s identities.
“We recognize that — despite the best technology — our readers and viewers are taking a risk by submitting materials, particularly those living in countries where such disclosures are not protected by law,” the Transparency Unit’s “How to Submit” page says. “Our journalists will ensure that the identities of our sources are protected, and that submissions are scrubbed of sensitive information — like the ‘metadata’ that contains authoring information — before those submissions are released to the public.”
Al Jazeera recently deactivated the Transparency Unit to address security concerns and to make it more user-friendly. The company has not said when it plans to make the drop box available again.
The risks in using online drop boxes
“I think whistleblowing is inherently risky and you take a risk when you decide to turn something over that could potentially impact other people,” said Hanni Fakhoury, a staff attorney at the Electronic Frontier Foundation.
“And, while I applaud The Wall Street Journal and Al Jazeera for trying to make it easier for people to do that, I think people who do decide to whistleblow need to be very, very aware and very clear that neither The Wall Street Journal nor Al Jazeera completely guarantee their anonymity.”
He used the recent News of the World scandal in the U.K. as an example.
Like The Wall Street Journal, News of the World was, before being shut down in July, part of the News Corporation media conglomerate.
“Maybe someone wanted to leak this cell phone hacking scandal in England to The Wall Street Journal; The Wall Street Journal is reserving the right to turn that information over to other people,” Fakhoury said. “If the person who found out about that reported it to SafeHouse, would The Wall Street Journal have turned that over to News Corp.? . . . The terms of service seem to indicate: maybe. And that’s part of the problem, it’s hard for a person to know what is likely to get turned over and what is not likely.”
“Not so much examples, like here are the six things you can do that will get your name turned over — I’m not saying they need to provide a definition with that level of specificity . . . but they could do a lot better than what they’ve done in defining what is and is not likely to get your information turned over,” Fakhoury said.
How good is “pretty good”?
SafeHouse and Al Jazeera Transparency Unit say their sites encrypt uploaded documents and offer a PGP encryption key for users to download for additional protection. PGP is an acronym for “pretty good privacy.”
PGP encryption is “generally very good,” Fakhoury said, but added that, while it’s useful in protecting the information when it’s on one’s own computer, it doesn’t help with protecting communication between the leaker and SafeHouse or the Transparency Unit.
Also, in order for a reporter at the Journal or Al Jazeera to remove the encryption, he would need an encryption key from the leaker, meaning the leaker would likely need to provide some identity or contact information to the reporter.
As of August, Qualys SSL Labs gave SafeHouse’s encryption an “A” rating, while Al Jazeera Transparency Unit received a “C” rating in July, prior to being taken down. Qualys SSL Labs is a website set up by information technology security company Qualys that enables users to perform security assessments of websites.