Wednesday, August 03, 2005

Shouting Secrets from the Rooftops

This NYT article talks about how news organizations are just now starting to think about the fact that they aren't keeping sources secret whenever they are at the computer. I'm appalled at the total lack of concern the journalism community has for the technology they are essentially abusing. They are completely ignoring the vast array of tools at their disposal that would help them enourmously in protecting their sources they make supposed pledges of confidentiality to. The way many journalists use the computer (i.e. Matthew Cooper) they might as well just sit on top of their building with a big sign that can be read from miles around that reveals their anonymous sources.

The fact that they are journalists is no excuse for misusing technology. The major news organizations have the resources to hire plenty of qualified cryptography experts to secure their operations and educate their employees. It is ignorant and lazy to say that a journalist shouldn't need to know how to use a computer when that very computer has the potential to put a core value of the profession in danger.

The Valerie Plame case is a big deal for a number of reasons, and one of them is of course the all too significant debate over the protection of anonymous sources. I'm going to withhold judgment in the abstract arena over whether or not a journalist should have total blanket privelege to protect a source, but what I want to discuss is the reality of how journalists protect sources.

Matthew Cooper and Judith Miller are not the only two journalists who need to worry about anonymous sources. Take, for example, Walter Pincus of WaPo and his current legal battle or the decision by Doug Clifton of the Cleveland Plain Dealer to witthold stories. The majority of the journalism community argues that the profession will languish without adequate protection for their anonymous sources, but what are journalists doing to protect their sources? Sure, Judith Miller is staying quiet for now, but Time Magazine released Matthew Cooper's emails containing information about his source (Karl Rove) without his permission.

Stop. Think about that for just a second.

Matthew Cooper was sending plain text emails around attached to his name that contained information about the source he was trying to protect. Anyone on the Time computer network such as a lowly intern could have intercepted the email enroute (I'll be generous and even assume they aren't routing it outside for internal emails.) But, in general terms, Cooper had already put his source in danger before Time let it out to the world. He let the sensitive information he was trying to protect over a very possibly comprimised channel with no way of future repudiation. How many other reporters, blissfully ignorant of the technology they are using, are also comprimising the supposed secrecy pledged to their sources in a similar fashion?

My guess would be a great deal. Most people don't understand that anything you do unencrypted can be intercepted by a third party, and moreover very, very few people ever bother with something like Perfect Forward Secrecy. However, there are a few people who do care: Cryptographers.

Cryptographers Nikita Borisov and Ian Goldberg have developed a protocol called "Off The Record Messaging" which is succinctly described by the following characteristics:

No one else can read your instant messages.
You are assured the correspondent is who you think it is.
The messages you send do not have digital signatures that are checkable by a third party. Anyone can forge messages after a conversation to make them look like they came from you. However, during a conversation, your correspondent is assured the messages he sees are authentic and unmodified.
Perfect forward secrecy
If you lose control of your private keys, no previous conversation is compromised.
Of course, there are countless options out there for securing communications, but this one is especially interesting because of the ability to deny that the conversation took place afterwards even though it can be trusted while it's going on. Furthermore, the authors have conveniently provided a forgery tool to go along with their plugins so that anyone can very easily (and thus extremely plausibly) forge any past conversation -- making any stored or logged conversation untrustworthy.

Such a system, to my knowledge, has never really been put to the test in a court of law, but, nevertheless, it's still a very important (and not to mention FREE and EASY) step a reporter could take to secure his communications with AND about his confidential sources.

Personally, I feel that the issue of utilizing encryption to protect a source isn't open to much debate if one views it from the lens of protecting the agreement between source and reporter. If a reporter makes a pledge of anonymity to the source (disregard any misgivings you may have about this), then the reporter has a moral duty to use as many tools as possible to restrict the trail back to the source if the reporter's materials are comprimised. Basic techniques like code names may be useful, but when it comes down to the essential exchange of information that constitutes the entire value of anonymous sources, reporters should at least use a system like OTRM, or else they are breaking their agreement from the get-go.

P.S. For the more technically minded readers, I would also personally say that reporters should keep all notes critical to anonymous sources either in their head or hidden in both a cryptographically and steganographically strong filesystem. There are so many choices (here are a few) that it seems unconscionable to not use at least one. Given that the major news organizations are considering giving reporters portable hard drives to deflect responsibility for securing this information onto individual reporters, not using such a system leaves every single one of a reporter's sources one broken window away from the public eye.


Post a Comment

<< Home