from the that's-not-good dept
With all the focus on Wikileaks recently, and the question of whether it is or is not "press" (not that it actually matters
), one point that I've heard more than a few people raise is: why didn't any of the big news organizations create Wikileaks? It seems like a no-brainer, but they didn't. Of course, with the attacks on Wikileaks itself (and it is an organization with flaws, clearly), we've seen a number of alternative platforms for leaking information spring up, and now The Wall Street Journal has entered the game with a platform it's calling SafeHouse
Now, it's great
that the Wall Street Journal has decided to get into the game, and one would hope that other newspapers will set up similar secure and protected dropboxes for information. But... there are some serious problems with the WSJ's implementation. First of all, the terms of service basically say that you shouldn't expect them to protect your anonymity at all
"Except when we have a separately negotiated confidentiality agreement… we reserve the right to disclose any information about you to law enforcement authorities or to a requesting third party, without notice, in order to comply with any applicable laws and/or requests under legal process, to operate our systems properly, to protect the property or rights of Dow Jones or any affiliated companies, and to safeguard the interests of others."
In other words, if you leak to the WSJ and the government wants to know who you are, the WSJ is going to tell the government. Apparently, the WSJ doesn't think too highly of the concept of journalistic shields for sources.
Separately, researchers, including Jacob Appelbaum are pointing to numerous security flaws
in Safehouse's implementation that could also reveal someone's identity, despite promises of anonymity.
Hopefully, the WSJ is willing to admit that it hadn't necessarily thought through all the implications, and will fix these problems quickly.