WikiLeaks has caught a lot of grief from the media in the past year for its relative lack of concern for safeguarding the identities of individuals put at risk by its document dumps, so the organization is entitled to at least a small measure of Schadenfreude over the flak the Wall Street Journal has been getting today over the rollout of its own online drop box for leaked documents. The Journal site, SafeHouse, is the first of several WikiLeaks-inspired ventures that media organizations are launching (the New York Times and the Guardian, among others, have their own in the works) with the none-too-subtle aim of reaping the benefits of WikiLeaks without having to deal with its mercurial management.
In practice, this isn't necessarily any less protection than a newspaper source would have under other circumstances in the United States -- most states don't have shield laws for journalists, and leakers basically have to take it on faith that the reporters they talk to are willing to go to jail if necessary to protect their anonymity (and reporters have a good track record of doing exactly that). All the same, it's a little chilling to see it in writing.
The second problem is on the technical end of things. As the Atlantic's Alexis Madrigal reports, the Journal did build a number of safeguards into its submitting system:
SafeHouse runs on its own servers, separate from the servers that run the WSJ.com. File transfers occur through an encrypted connection and the documents themselves are encrypted, too. (Only a few Journal staffers will have the keys to unlock them.) Finally, the time that uploaded documents spend stored on computers with connections to the public Internet will be minimized by "a fairly complicated" internal document flow system.
But SafeHouse has taken a lot of heat from Internet security types on Twitter today for design flaws that make it less secure for anonymous users than the Journal suggests. Many of them have been pointed out by Internet anonymity guru Jacob Appelbaum -- who, it should be noted, has worked closely with WikiLeaks for years -- and are well-summarized here by Forbes's Andy Greenberg. Among other things, Appelbaum argues that users switching between unencrypted and encrypted versions of SafeHouse are vulnerable to programs that trick users into continuing to use the unencrypted version, rendering their data potentially accessible to third parties. None of the problems that have been pointed out are un-fixable kinks, but they're a reminder that the buyer has to beware in the age of radical transparency.
Update: The Journal has posted a response to criticism of SafeHouse:
We take these issues very seriously. Development for eliminating the flash dependency, which is required for Tor compatibility, is complete, and we expect to implement the update within 48 hours. In addition, our system has been updated to limit the types of less secure connections it will accept. As is standard procedure, we will continue to assess new specifications and analyze any potential situation that may impact the privacy of our users.
Our priority is to ensure that SafeHouse fulfills its mission as a secure location that provides sources with access to highly skilled, experienced journalists.