It may get a lot safer to leak sensitive documents about unethical behavior by governments or organizations if a new online service goes ahead. WikiLeaks, which hopes to launch in February, is designed to allow anyone to post documents on the Web site without the fear of being traced and thrown into jail. The Web site will exploit an anonymizing protocol which routes data through servers that use cryptography to safeguard the user’s identity.
The creators of the site are thought to include political activists and open-source software engineers, though they are keeping their identities secret. Their goal is to ensure that whistle-blowers and journalists are not thrown into jail for emailing sensitive documents. That was the fate of Chinese journalist Shi Tao, who was sentenced to a 10-year term in 2005 after publicising an email from Chinese officials about the anniversary of the Tiananmen Square massacre.
According to the group’s website www.wikileaks.org, its primary targets include China, Russia, and oppressive regimes in Eurasia, the Middle East and sub-Saharan Africa. It is not limited to these countries, however, and people anywherewill be able to use the site to reveal unethical behaviour by governments and corporations.
Normally an email or a document posted to a website can be traced back to its source because each data packet carries the IP address of the last server that it passed through. To prevent this, WikiLeaks will exploit an anonymising protocol known as The Onion Router (Tor), which routes data through a network of servers that use cryptography to hide the path that the packets took. Bruce Schneier, a cryptographer based in Silicon Valley, California, explains it like this. “Imagine a large room jammed full of people in which many of them are passing around envelopes. How would you know where any of them started?”
Julien Pain, a campaigner with Reporters Without Borders in Paris, France, sees Tor as a valuable step towards guaranteeing anonymity. “Enabling cyber-dissidents to leak information is a crucial issue we now face in many countries,” he says. There are however, fears that whistle-blowers might still be at risk. “I would not trust my life or even my liberty to Tor,” says Ben Laurie, a London-based computer security expert. In the past, determined cryptographers have breached Tor’s security, and though each breach has led to improvements to Tor there is always a risk others will be discovered.