A news outlet’s obligations to its sources

I’m concerned about this TrumpiLeaks page on Michael Moore’s website. I’m concerned about it because I spend a lot of time thinking about information security and helping people practice it. I’m concerned about it because we all know examples of news outlets who do actually obsess about source protection and yet still, on occasion, have gotten it wrong.

My own little side project on the topic is slow moving, mostly due to a lack of money + time. But I’d rather have it slow moving instead of thoughtless risk enabling. I don’t mind risk-takers. A number of people I work with fit that description, but they know these risks and have at least given passing thought into how to reduce them. This TrumpiLeaks pages is all egging-on and little mitigation. It’s kind of similar to the New York Times own confidential news tip page, the only major difference being is they’ve got a SecureDrop option. The options they list may be secure, depending on the person’s situation, but choosing the right end-to-end encryption tool is just the beginning. The Intercept has a page that goes into this, but most people will not be equipped with the skills or experience to make the right decisions. It’s also very likely that by coming across the information they want to share with a journalist, the source has already made a few wrong choices about the trail they may be leaving.

Michael Moore and the New York Times are missing two things on their pages:

  1. Practical Guidance on how not to end up like Chelsea Manning or Reality Winner. (such as ‘don’t use work computers or printers’ or ‘don’t send authentic files, send the copied or retyped content,’ and etc.)
  2. A clear set of expectations on what a journalist or news organisation will do once they receive the information: How will they share it? With whom? What verification methods are used and what risk could they pose? What prior notice will they give the source? What will be redacted and how? To what extent in practice and in legal challenges will the news organisation protect the sources identity?

This matters. Leaks are likely the only way authentic information about President Trump’s many crimes will get evidenced, and he’s working on stopping them. We have an incredibly dangerous situation emerging around Qatar, likely spurred on by a state actor not yet identified. In the UK, we now have a government forming with a far-right extremist party — the DUP — which hasn’t released information on how it received nearly £500,000 in donations for Brexit campaigning. If better methods aren’t put in place and maintained to enable whistle blowers, anonymous sources or deep background information, the leaks are going to dry up. Whistles won’t be blown.

Interesting posts on the topic

Cooking up a Poison.Kitchen

Long ago, in the early ’00s, I made a website. It was called poisonkitchen.com, and I’ll get into why it was called that a few lines later. It was one of the first websites I ever created, while still working in newspapers as a reporter and editor. The purpose of this thing was to create a space for fellow print reporters to dish information about work and life at their news organisations, in an age when newspapers were declining in revenue and quality far before the internet was perceived a serious threat.

I never kept a local copy of it, because that seemed kind of pointless. Here’s a Time Machine capture of it in it’s earlier days as a a static html page site. Later on, I remade the site adding a blog made with pMachine (The internet archive doesn’t display that unique code too well), and some php forum script. The forum was the main point; It was picking up where a previous site, called News Mait, had left off when it closed. The site had its regulars, but over time, as many single-purpose niche sites run by one person in their spare time go, it’s useful its useful lifespan was limited. Other sites better at handling the topic of toxic newsroom working environments moved in. I let it the site go. Closed it, and transferred the domain to someone who said he was going to “do something” with it. He never did.

testycopyeditors.org was just one site that did a similar thing, but more entertainingly.

The domain is still owned, but pointing to nothing. It’s booked and locked for some reason, but hasn’t actually ever been used in more than 12 years(!). I’m not entirely sure what the owner is hoping to achieve, though a movie option could be one possibility. Anyway, that’s not a huge deal or the point of this post. I digress… often. Recent events reminded me about the domain name, though. I was in Berlin the other week and the news was all about U.S. President Trump’s latest attacks against the press. An independent press is under attack by the executive branch of the U.S. government. More so than in any other time in recent history.

So, what’s with the slightly creepy sounding domain, then? My choice of the domain all those years ago was based on the pejorative that Hitler had dubbed the Münchener Post (Munich Post), an adversarial newspaper that critiqued each of Adolf’s speeches and investigated his every political move up until and including the day before the SS were sent to close the paper and arrest it’s staff. The editor’s last instruction to his staff upon publishing the final addition, allegedly, had simple been, “run.”

The Nazi regime had dubbed the Munich Post ‘fake news’, and tried various means to block the paper’s journalists from covering politics. Ultimately, once power had been concentrated, it was banned, published anyway, and arrest warrants were issued against many members of the staff.

This may not sound like an entirely uplifting story arc, but I found the narrative inspiring. I had come by this piece of great journalistic history while reading a chapter about it in Explaining Hitler by Ron Rosenbaum, long before I’d thought of starting a website called ‘Poison Kitchen.’ But once I read it, I decided it would make a great sounding website of some sort.

The point of naming the site poisonkitchen.com was that people went into journalism for aspirational reasons that seldom ended up matching the reality. Newspapers didn’t push hard enough in the lead up to the election in 2000, and this was what had led (at that time) to President George Bush winning a demonstratively flawed vote. He didn’t have much use for an investigative press, either.

The situation today seems to once more tick all the right boxes, only more so: We now have a deranged, conspiracy obsessed, authoritarian president in the U.S. who targets segments of the population with hateful rhetoric, attacks the press, tries to enact draconian laws against immigrants, employs vast propaganda to pursue his goals, and doesn’t seem to like an independent judiciary, either. He also took office with a minority vote and seems to not like being reminded of that. He may have tiny hands, an orange complexion and cartoony hair, but  to be honest, these aspects are the least of our worries.

A forum isn’t going to cut it. But I spent last week getting some interesting notions at the Internet Freedom Festival on what just might. The media landscape has changed, the web as changed, and I’m in a different place, too. As a technologist who now works with journalists on issues of secure hosting, web applications and digital safety, I think I have use for a Poison Kitchen domain again. I can’t have that .com, but that’s okay, because domains have changed, too. So, there’s poison.kitchen.

Don’t rush over there now, there’s not much to see. Here in my mini-launch manifesto, I’m just going to lay out some concepts that the domain’s eventually arriving website will  be exploring.


There are two parts to this. The first deals with the safety and confidence of the potential whistle blower, or anonymous source of the information. The second has to do with how well that information is used in coverage.

  1. Not everyone wants to be famous/notorious. Not everyone who would share newsworthy but highly sensitive information wants to be an Edward Snowden and allow this one act be what defines them. Chelsea Manning didn’t want to. From Jeremy Hammond to Mordechai Vanunu, we’ve seen examples through history where people paid a high price to make the world more aware. Mathematically speaking, if those people exist, then there are likely many others who have access to information they would release to a journalist, but would rather not give up their family, friends, income and entire way of life in the process. That should be possible.
  2. Sensitive information in talented hands has more impact. Snowden’s NSA files leak were more useful because they went through talented investigative journalists, first. The Panama Papers leaks became more impactful because of how the story was handled by ICIJ. How much better and more accurate would the coverage of the CIA ‘hacking tools’ leak be, had it been released first to knowledgeable technology journalists? Helping sources self select the right journalistic contacts should be posible.


These are some ideas based around the two items mentioned above.

  1. Build source confidence in methods and tools and the journalists they reach out to.
    Encryption tools and technology overall have taken a bashing over the last few years. It’s time to bash back. Yes, there are suitable, and safe ways to transmit a piece of information with reasonable expectation of both privacy and anonymity. No, it’s not single-app, one-click, or “It Just Works“™ easy. Outside of that, a source needs reasonable confidence that the journalist will treat what they share carefully, which many journalists may want to do, but may not know what it involves.
  2. Combine all the known resources, guides, templates and risk assessment tools to enable sources to contact specific journalists of their choice more securely.
    As the story that’s now in both myth and legend goes: Edward Snowden needed to work at it for more than a year to get Glenn Greewald to spend an hour setting up encryption keys for an email address. There are now guides, tools and how-to things all over the web on setting this up, but it’s really just one way of reaching out to a journalist, or being a journalist who wants to hear from a source, and it may not be your way, or the correct way for your situation. This is aimed at sources to be able to confidently reach journalists and transmit information.
  3. Implement secure contact pathways of communication for independent/freelance journalists and their sources.
    The New York Times, Guardian and other large news organisations have the facility to manage in house highly secure systems, such as Secure Drop. Investigative, freelance or independent journalists may not have these resources, but they do often have specific areas of deep knowledge, and can sometimes be better placed to receive confidential information on a topic that is their primary focus. Over the longer haul, The site’s goal would to take advantage of existing secure contact methods to create a gateway between sources desiring higher levels of off-record care and attention, with qualified journalists of their choice who agree to an ethical framework for dealing with confidential source material.


So there’s the concept note. Interested parties are welcome to drop a line. Watch this space.

There’s a Github Repo to track.

When offshore banking goes public

For a short distance while walking toward Covent Garden in London yesterday, I found myself behind the marching protesters calling for Prime Minister David Cameron’s ouster over recent news of his one-time Panamanian nest egg. It was a jovial bunch, and the people they passed generally seemed either supportive or at least entertained, but when I reached my turn-off, I turned off.

The things that have interested me throughout last week’s Panama Papers imbroglio seem to have little in common with what’s bothered most folks about it. This is not an unusual phenomenon, per se. Let’s get to that later on, though.

The details are new, but the news is not. Sort of like the NSA leaks (of still not that long ago) this should be shocking to no one. Or remember how there was demonstrative evidence that the case to invade Iraq was largely based on fiction, and then a subsequent inquiry showed that it was fiction, and then we had all these elected officials who voted to authorize it suddenly claiming they were somehow conned? This scandal runs along a similar theme.

Yes, offices are being raided. Some millionaires are temporarily embarrassed. No, I don’t expect anyone to learn from it or much to change. Neither should you.

It’s not like anyone wasn’t aware that rich people were hording cash in places out of the relevant tax man’s jurisdiction, it’s just that there wasn’t (previous to now) spicy details about exactly who was getting away with it. Most people know they’re getting the short end of the stick on taxes, but they don’t like having the fact rubbed in their faces.  When it is, though, they appreciate having some names involved that they can take it out on.

Both those things happened with The International Consortium of Investigative Journalists’ (ICIJ) The Panama Papers investigation. It’s all about the offshore legal structures and financial dealings of the rich and powerful who were unlucky enough to have done business with Mossack Fonseca, the “fourth largest” provider of offshore legal and trust fund services… one without a reasonably corresponding data security regime it would appear. I’m assuming that the other three bigger ones are presently in a quiet frenzy over their own procedures.

As a result, we have Iceland’s prime minister and the UK’s own Mr. Cameron taking the heat. And you know, that’s fine. The scandal puts the Icelandic version of my party in pole position in Reykjavik. Here in the UK, Labour should be pleased it has a leader as far from Tony Blair’s political/economic spectrum as could be possible right about now. This is a scandal about as tailor made for Jeremy Corbyn as the Savile Row suit he’ll never own. It will be fascinating to see how the rest of Labour fucks this one up for him.

Now, here’s what’s boring, what’s outrageous, and what’s kind of interesting.

Big yawns…

What is of fairly little interest to me is that Cameron’s dad once set up a trust fund in a tax haven. It’s ridiculous that Dave tried to skirt the issue as long as he did, and hypocritical, as he’s criticized others for the same practice. I’d rather he resign over a lot of other things before this one, but some people will take what they can get, I guess. I’m also not that interested in the names of celebrities setting up trusts or companies to handle there cash. Not new.

And I’m bored with the mainstream reaction to it all. It’s similar to the last scandal around companies like Google, Facebook and other firms working every loophole around paying corporate taxes in UK they could. There was much brow-beating and pooh-poohs and complaints that they should pay more. Google tossed in a little extra and got criticized for not paying still more, as if this was some kind of barter system instead of tax law discussion. What went missing then, and now, is substantial talk of changing laws and (more importantly) reporting methods to something approaching reasonable. Government can’t guilt people paying more, that’s a patented Catholic church trick.

Like in that corporate tax situation, people seem mostly outraged by the actions of others who haven’t actually broken the law. From a legal perspective, what they did was find out how much they really had to pay, and paid no more. In this perspective, it’s actually the rest of us who are paying too much because we don’t have the understanding, resources or capacity to pay the right amount. We’re not rich enough to pay our (lower) fair share. I didn’t say it was the moral or ethical way to look at it, just the legal one.

We all want to pay less. If you have a pension, investments, or any of the other mundane financial things that millions of people have, you’re likely involved in some small tax avoidance. The banks or investment companies you’re going through are undoubtedly using your money for even greater schemes, and a sliver of that gets passed on to you. You may wish they’d stop doing that, but you also wouldn’t reject that sliver getting a little bigger. The issue is about scale and human behavior. We all will pay less for things given the chance, particularly taxes. No one completes a tax return and tops it up with extra cash and a note reading, “get yourself a little something nice.”

There’s a mutual fear of the foreign running through to fairly opposite groups of people these days:

  1. You have real xenophobic people, the kind who want to get out of the EU as of yesterday, close down the borders, require everyone to love the queen, maintain a healthy diet of pie and mash and turn Britain back to what they think it was like in 1952, or earlier. They don’t mind the finances moving around too much, but want people (foreign ones) buttoned down.
  2. Then there’s the group who are generally for open borders and the movement of people, but when you start talking about money, it should be locked down and state regulated. Moving money is suspicious stuff.

The problem is that everything is now international, and neither of those world views work. Resources move. People move. Nationalist border restrictions on transactions and people — stemming from the long-wilting concept of Westphalian sovereignty — no longer function. Both groups need to accept that and move on. It would be more useful to acknowledge the complexity of international finances, and the taxation of them, and set about creating more transparent and reliable ways for wealth to be assessed and taxed on the fly. That’s the technical answer. No one wants that, though; it would essentially end cheating. We all like wiggle room.

Instead of looking at it from a moral issue, I see this is a fairly technical one. There shouldn’t be such a thing as being able to pay more or less tax, but just a correct tax for your income level. That’s achievable through algorithms, not badgering. But people should be careful what they wish for: it’s quite easy to imagine dystopian realities emerging from single, all-powerful international tax oversight. In many ways, for most of us without the resources to be financially nimble, it’s happening already in the form of your debit/credit card and current account.

Oh, the outrage…

There’s been a strange, inverted outrage. Unlike Wikileaks, the ICIJ isn’t just releasing a giant data dump. It’s being drip fed. This seems far more fair. Should everyone who happened to have contacted the company about something be put in public? Really?

Initially, the outrage from the easily outraged was that it looked like the focus was on Putin and others currently on the wrong side of the West, as if it were some conspiracy. Now that we see quite a number of Western names in the Panama Papers articles, the loudest condemnation seems to be over the people who haven’t actually done the worst. Within these Mossack Fonseca files are details on how arms move, wars thrive and real abuse persists. Yet there’s less anger about the use of these services by war criminals than about some of the more mild individuals taking advantage of them for their spoiled kids’ inheritance.

Rich western leaders and, less interestingly, celebrities, are using the same firms that terrorists and despots they’ve either issued sanctions against or claim to loathe. They’re all entries in the same spreadsheets. That’s far more interesting than whatever date it was Cameron sold his shares and paid the taxes on them. Some people are using these mechanisms to save a lot of dosh, sure. Others are using them to kill scores of people and move barrel bombs. It’s fairly depressing which of these two groups seems to dominate people’s attention.

The interesting bits…

What’s fascinating about the whole Panama Papers debacle is that it shows how we still have a large analog population trying to do things in a digital realm and many are getting it horribly wrong. The response by Ramón Fonseca, one of the founders of the firm, wasn’t one of  outrage at the security lapse, but a sort of bizarre statement on how little privacy there is left in the world, as if he’d just discovered this now. He’s from a group of people who think status is some sort of firewall against the hoi polloi. A hacking is, in its truest form, is a painful lesson in what you haven’t been paying attention to.

More frequently, we’re seeing enterprises promise undeliverable privacy or anonymity without realising what environment they’re working in. The Ashley Madison adultery website was an example of that. The Hacking Team leak was another fairly ironic example by offering governments the chance to spy on others through a proxy that wouldn’t come back to bite them, except that it did in strings of unencrypted email conversations.

It’s not limited to the private sector. The head of the CIA had to resign for, basically, not realizing how to keep his own laptop computer files secure at his mistresses’ house. Current presidential candidate Hillary Clinton celebrates her lack of basic data security understanding, employing it as an excuse for illegally using the wrong email address for state business. U.S. senators Feinstein and Burr are running yet another bill in Congress aimed at creating vast insecurities in how data is transmitted in their anti-encryption bill. This is written evidence that they don’t have a working knowledge of the thing they’re trying to regulate.

Anyone with the time, interest, intellect and energy can hack and analyze data. One poorly configured server, open port, lost mobile, or irate employee can blow your company’s confidentiality agreements. Data’s default setting is to leak. The same week that the Mossack Fonseca news hit the press, CESG, the “information security” front for GCHQ, released its advice for “those responsible for making decisions about technology and information risks on behalf of the business.” It’s good stuff. Ramón should see to it that his company has a copy.

leak-image_urlIn my own line of work we have this this data security framework relevant to certain kinds of NGOs and nonprofit sector organizations. But I think my favorite one, also released last week, is Google’s zero-trust “BeyondCorp” strategy, where data security is constantly assessed on case-by-case, based on each employee’s behavior with it and the condition of the devices they use. Offices are not seen as inherently more secure than coffee shop wifi, allegedly. Organisational data security is big business because most companies are in the same situation as that Panamanian law firm, regardless of what their business is. This includes yours.

It’s strange that an offshore asset hiding company shouldn’t think about these things, or not think about them more, I guess. Its own business model is based on an accurate reading of human behavior: People will pay less for things if there’s a way to do it that they can access. What’s most interesting is that The Panama Papers leak illustrates how little concern there is over law, international regulation and policymaking on the subject of asset reporting. Hacking, sharing and leaking data all work on a similar concept. People will naturally do something if the opportunity is present and there exists the right mix of motivations. The only reason they don’t understand this is because they don’t apply what they already know to the fundamental reality of digital: Capacity still makes the rules.

We don’t need perfect

Sean Wilentz  recently vomited several inches worth of rambling, ad hominem attacks on Glenn Greenwald and Edward Snowden for the New Republic. He even visited a bit of  that well-trodden ground of Julian Assange’s biography for good measure. It reads like a personal conquest to incorporate as many rhetorical fallacies as humanly possible. He kicks off with a tantalizing prospect: “Would You Feel Differently About Snowden, Greenwald, and Assange If You Knew What They Really Thought?” Wow. If only there was some kind of organisation, perhaps a government agency, aimed at collecting this kind of information about as many people as possible. In the meantime, I’ll answer the question: No. We don’t need perfect, on-message people with no evidence of ever having lived anything but the exactly right kind of life we’d be comfortable with. Such people don’t exist. Or if they do, they’re incredibly boring.