Forgot your password?
typodupeerror
Privacy Encryption Security

Using Technology to Protect Anonymous Sources? 450

Posted by Cliff
from the empowering-the-4th-estate dept.
A not-so Anonymous Anonymous Coward asks: "The New York Times has a story describing how newspapers are looking for new ways to hide the identities of anonymous sources from prosecutors. This seems like a something the Slashdot crowd might know something about. How can a newspaper setup an IT system that completely hides every trace (including emails, phone calls notes, logs and so forth) of an anonymous source's identity?"
This discussion has been archived. No new comments can be posted.

Using Technology to Protect Anonymous Sources?

Comments Filter:
  • For Time, the purpose of giving portable hard drives to reporters would be to transfer to the reporter ownership - and responsibility - for notes. That would reduce the onus on the company, leaving the reporter to decide how far to go with a personal act of civil disobedience. Some other publications also see the wisdom in this approach.

    If portable HDs are used, it might not be a bad idea to encrypt them with something like TrueCrypt [truecrypt.org]. A reported could even include a Hidden volume and tell the government/who
    • Why try to solve a low-tech problem with high-tech stuff?

      Use a CODENAME. Then don't write the person's identity in anything, it's not that hard people. Keep any information about the person strictly oral, don't write it down, email it, or save it.
      • Then don't write the person's identity in anything, it's not that hard people. Keep any information about the person strictly oral, don't write it down, email it, or save it.

        Umm, because the idea is to keep their identity safe?

        If you use a code name and then DON'T secure your notes, it is still pretty trivial to determine who a person is, especially if you kept detailed notes.

        • "If you use a code name and then DON'T secure your notes, it is still pretty trivial to determine who a person is, especially if you kept detailed notes."

          And I quote myself: "Keep any information about the person strictly oral, don't write it down, email it, or save it."
          Now how can they get the person's identity from your detailed notes, if you don't have any damn notes?
  • The Best Thing (Score:3, Insightful)

    by danheskett (178529) <danheskett AT gmail DOT com> on Tuesday August 02, 2005 @04:36PM (#13225194)
    The best thing is to ditch anonymous sources.
    • Re:The Best Thing (Score:2, Insightful)

      by Anonymous Coward
      The best thing is to ditch anonymous sources.

      Ever heard of Watergate?

      • Just out of curiousity, can you name one fact revealed by anonymous sources that was not also revealed by the swrn testimony during the open hearings in Congress? The movie version of Watergate kind of ignores those nationally televised hearings in favor of a shadowy figure in a parking garage, but most of the information came out of the hearings...
        • Re:The Best Thing (Score:2, Insightful)

          by Anonymous Coward
          The public hearings were only possible once the issue was in the spot light, which would not have been possible without the anonymous source.

          If you read the history of Deep Throat, he didnt so much tell them things, as point them in directions. Without Deep-throat, there would have been no public hearings andit all would have gone away.
    • > The best thing is to ditch anonymous sources.

      And the next-best thing is to ditch the technology.

      "The more they over think the plumbing, the easier it is to stop up the drain."
      - Chief Engineer Montgomery Scott, Star Trek III

    • The problem is that most corporations and government agencies have policies that say only certain people are authorized to talk to the press, usually top-level executives and the public relations office. Anyone else is likely to be fired if they are identified as a source of information.
      • If they are reporting a crime that the organizaiton is committing then they should be protected by whistleblower laws right? If they're leaking information about a new product, internal business practices, etc. and violating company policy, policy allowed by the shareholders, then they should be fired for that type of activity.

        Furthermore, I'd wonder about someone whose "pure motives" caused them to leak info to the press about the evil organization they work for only to keep working for said evil organiza
        • Thats why you don't present information based on one anonymous source- you want to verify it with other sources. More to the point, an anonymous source doesn't necessarily mean the reporter doesn't know his identity, but that the source does not wish to be identified to the public, for a variety of reasons.
          • n anonymous source doesn't necessarily mean the reporter doesn't know his identity, but that the source does not wish to be identified to the public, for a variety of reasons.

            I understand that, but I don't trust the news media. They have political biases (left or right or other leaning), they lie to protect their jobs (that guy for the New York Times who made up 1 or 2 years of stories), they're primary objective is to write fantastic stories that sell advertisements. I want to know what the source of the
        • If they are reporting a crime that the organizaiton is committing then they should be protected by whistleblower laws right?

          If you believe that whistle-blower laws are effective, you may be interested in purchasing this fine structure [greatbuildings.com] as an investment for your future.

    • Why? They are probably just as accurate as other sources [wikipedia.org].
    • Yeah, because the country would be a lot better off if things like Watergate never came to light. The whole problem here is that irksome press that insists on *reporting* that our elected officials are crooks and liars. Make those inside sources identify themselves publicly, and stop the truth in its tracks!

      FWIW, I personally think that someone should go to jail for the Plame incident. However, using that once incident to justify ditching anonymous sources in general is absolutely crazy.

      Cheers
      -b
      • The same press Dan Rather was a member of?

        I agree with you, but it works both ways.
      • FWIW, I personally think that someone should go to jail for the Plame incident. However, using that once incident to justify ditching anonymous sources in general is absolutely crazy.

        See the link in my sig - it's a transcript, where Joe Wilson admits that Plame was not covert when the story broke. Therefore, no crime was committed, therefore, jailed reporter is just being an idiot by not coughing up the source.

        • jailed reporter is just being an idiot by not coughing up the source.

          She's covering up _something else_, we just don't know what yet.

        • See the link in my sig - it's a transcript, where Joe Wilson admits that Plame was not covert when the story broke. Therefore, no crime was committed, therefore, jailed reporter is just being an idiot by not coughing up the source.

          That is a total fabrication. Joe Wilson admits that Plame was not covert AFTER the story was broke.. AFTER, as in leaking her name guaranteed that she was no longer covert. Wilson is not a liberty to discuss her covert status before the article broke..

          You are being intellectualy
          • Here's the exact quote from Joe Wilson:

            WILSON: My wife was not a clandestine officer the day that Bob Novak blew her identity.

            Therefore, this is not a total fabrication, it's a failure on your part to accept the truth.

      • Anonymous sources are certainly useful for exposing corruption cases and other scandals, but they do have a credibility problem. Keeping a source anonymous is always possible: the reporter could talk to someone between payphones or by meeting at a park or some method where a name would never be revealed. Most reporters would probably not want to use a totally anonymous source without having some way of verifying the source's info independently. Any crank can call up a newspaper and claim they have some dirt
      • How about when people die?

        Newsweek Apologizes [washingtonpost.com]
        Inaccurate Report on Koran Led to Riots

        Spokesman Bryan Whitman called Newsweek's report "irresponsible" and "demonstrably false," saying the magazine "hid behind anonymous sources which by their own admission do not withstand scrutiny.

        If they want totally anonymous sources, then the publications should take complete responsibility for misinformation published. That includes being liable and sueable.
      • The whole problem here is that irksome press that insists on *reporting* that our elected officials are crooks and liars. Make those inside sources identify themselves publicly, and stop the truth in its tracks!
        The press uses anonymous sources non-stop for everything when there is no legitimate reason. For one, they are lazy. For two, they know they are being used and they don't care. They want access. It's all about access. If you have a bonafide case where a person is afraid for his/her safety, fin
    • Column Link [washingtontimes.com]

      On 19 June, 2005, Oregon's Mail Tribune reported that in a recent survey of 419 media outlets, nearly one-fourth of editors said they have banned the use of anonymous sources entirely -- a good start. Yet most members of the press still claim they cannot manage their self-appointed duty as the "watchdog of government" without using anonymous sources.

      One must ask, then, how the scientific community manages so well using only verifiable sources? No scientific journal editor would even consi

      • One must ask, then, how the scientific community manages so well using only verifiable sources? No scientific journal editor would even consider allowing a reference to an anonymous source.

        Give it a few more years and you just might ;-)

        "An anonymous source reports he has verifiable proof of evolution in a population of ants in the Amazon rainforest.......FBI is investigating".
        • Sorry to reply to myself, but I had a better example I thought was better (funnier).

          "An anonymous researcher reports he has used stem cells to cure cancer, diabeties, and parkensons.......President Bush has vowed to hunt the terrorist down and bring him to justice!".
          • "An anonymous researcher reports he has used stem cells to cure cancer, diabeties, and parkensons.......President Bush has vowed to hunt the terrorist down and bring him to justice!".

            Meanwhile you can order the cure in a single simple pill and get Fr33 V14gr4!!!! Order NOW!!!

            Good idea, let's trust anonymous sources w/ unverifiable claims.

      • As a scientist, I suggest that considering themselves the "watchdog of government" invalidates the media's credibility by any objective scientific standard. It injects a massive anti-government bias that overwhelms the media's well-known liberal bias. As the "watchdog of government," the media needs to find government impropriety -- or make it up if they can't -- to justify their existence. Such a bias would not be tolerated in science, in law or in any other honest field of human endeavor.

        [...]

        In World Wa
    • The best thing is to ditch anonymous sources.

      My personal belief is that USA works as a democracy because of the quality of their digging press. I believe my country, Sweden, would be a better place if our media were half as independent and competent.

      NY Times and Washington Post seems to find more scandals in the US president administration than the rest of the world's media find in the rest of the world's governments.

      (-: They seem to be as good at news as the English press is at digging into the

  • A few options. (Score:2, Insightful)

    Places like Stealth Surfer ( http://stealthsurfer.biz/anonymous_email.html [stealthsurfer.biz] ) offer off-shore anonymous and encrypted email addresses, free of cost. Usage of free and public computers, such as public librarys and even Wifi hotspots, can help cover tracks. But sometimes it all depends on how determined someone is to invade your network. The most secure computer is one not connected to the internet - that's why I recommend AOL Dialup! You'll never be exposed to the internet again!
    • It is not primarily an issue of preventing evesdropping. That is not hard. It is not a problem of controlling access.

      The bigger problem is not defeating a technological threat. It is a problem with defeating a court order. If anyone has access to the information (including the original reporter) then this information can be dubject to subpoena (IANAL). To my knowledge court orders don't tend to be defeated by some brand new technological system used. Even the reporter's recollection and testamony coul
  • by cayenne8 (626475) on Tuesday August 02, 2005 @04:37PM (#13225208) Homepage Journal
    Should be easy. Set up an email address as a 'nym' account...that bounces about 4-5 times around the world through various mix of nym servers and mixmaster ones...encrypted each leg of the way individually to each server..headers stripped each time.

    That would pretty much set things up virtually untraceable.

    If they really wanted to get paranoid about it...the end leg could go through a mail2news server, and post responses anonymously, PGP encrypted to USENET groups set up just for this.

  • Ironic... (Score:3, Funny)

    by l_bratch (865693) <l_bratch@yahoo.co.uk> on Tuesday August 02, 2005 @04:37PM (#13225210) Homepage
    ...how NY Times wants anonymous sources, but wants us to sign up to read the article about it.
  • The newspaper and the source could communicate via a blog or wiki hosted on TOR [eff.org]. It would be impossible to find where the actual server was, and if the source never provides his/her name and other information the newspaper could never find it, nor could prosicuters.

    The newspaper itself could even host the wiki/blog and provide the public with the Tor Rendevous address. The government could force the paper to open it's page but there would be no logs available and the paper itself would never know who the in

  • I remember there was a great big anonymous email system in Finland.

    address was anon4782344@remailer.something.fi

    For some reason I also remember reading that the Church of Scientology had something to do with the demise of this remailer.

    But - it was good for what it was - and it kept people anonymous.

    Do any anon remailers still exist?
    • anon.penet.fi. It was great, back in the day, if you had something to hide. Yup, the Scientologists had it closed down, because someone using it posted copyrighted religious documents to USENET. Of course, I'd never trust any "journalist" who felt the need to hide behind anonymous identities. I might as well trust the New York Times or CBS News!
    • You may be thinking of anon.penet.fi [wikipedia.org]. Was popular on usenet while it lasted.
    • The remailers are still alive and well [dizum.com]. The magic phrase is "nym", which is a way to create an email address that can be replied to.

      For example, you could create the nym "johnsmith@nym.example.com". Whenever you send a specially-structured email to nym.example.net (signed with johnsmith's private key), the remailer will send it back out with the From: address changed to johnsmith@nym.example.com. Then, whenever someone replies to that email address, the remailer can redirect their reply (encrypted by t

  • My two ideas (Score:3, Insightful)

    by El Cubano (631386) <roberto@conne[ ].com ['xer' in gap]> on Tuesday August 02, 2005 @04:39PM (#13225226) Homepage

    The first two things that come to mind:

    • Anonymous letter via snail mail
    • Email submitted via mixmaster

    Even then, it is not possible to be completely anonymous. It is always possible to match things like print head patterns, fingerprints, typewriter head impressions, and so on. Like anything else security-related, there are only varying degrees.

  • how newspapers are looking for new ways to hide the identities of anonymous sources from prosecutors.

    Coming from the NYT that requires the identities of online readers, that's ironic...
  • Web Surfing - Surf anonymously by using one of the many of free on-line proxy servers. Google for "Anonymous Surfing" or You can find a list here: http://www.freeproxy.ru/en/free_proxy/cgi-proxy.h t m [freeproxy.ru]

    Email - You could then grab a gmail or yahoo account (giving a ficticious name.)

    Instant Messaging and File Sharing - You can use WASTE (RSA secured). More info can be found at: http://waste.sourceforge.net/ [sourceforge.net] Hope that helps.

  • Once the discussion is archived, nobody can post anything useful to the poll, and then there won't be any trace of who is copying DVDs.

    Oh, sorry, I thought this was some freedom of speech thing.

    Nevermind.
  • Install slashcode and let everyone post as Anonymous Coward.
  • The _reporter_ knows who the anonymous source is and, in theory at least, has evaluated his credibility. Journalists aren't looking for a way for some completely anonymous and untraceable person to get his assertions into their publications.

    That's what blogs are for.

  • ...of course. Otherwise through torture, threat of prison (or worse, threat of killing future book deals) they might squeal.:-)
  • If you hide all of the various forms of keeping track of who your source is, how do you validate that your source is actually who they say they are and that you aren't getting conflicting information from various sources? Can a source that you're going to verify (if you know ANYTHING about journalistic integrity) ever be truly anonymous?

    This seems to be more of a problem that has a solution in the courts than one that can realisticly be enforced using technology because if you want to go this route, then yo
  • http://tor.eff.org [eff.org]
    http://www.i2p.net [i2p.net]
    Set up a server in tor or i2p, log nothing.
  • I'll bet most people in favor of preserving anonymous sources are also the first to shout "Information wants to be free" whenever some encryption gets cracked.
  • by MerlynEmrys67 (583469) on Tuesday August 02, 2005 @04:43PM (#13225284)
    Lets not forget there is one difference between these two sources...

    In the case of deep throat - he was reporting on a crime that someone else committed. At no point did deep throat cross a legal line in reporting what he did to the Washington Post

    In the case of the CIA leak - lets just say that who ever their source was COMMITTED a crime by leaking the name to the reporter. By committing a crime, he should be reported and punished to the full extent of the law.

    Back to your regularly scheduled First Ammendment ramblings

  • by 4of12 (97621)

    It's easy to provide anonymity to potential sources if reporters widely distribute their public keys.

    It's a little harder to provide a distribution mechanism which resists backtracing by determined, well-funded and ruthless power.

    It's harder still - and this is a long-standing problem for reporters - to verify material provided by anonymous sources. Even more so if revealing the information effectively endangers the source.

  • The only reason a source is of any value to a reporter is because they are not anonymous to the reporter. The reporter has to know the identity and bona fides of the source for the information to have any validity.

    You might create a technology solution so that the only place the identity of the source exists is in the reporters mind, but even then the reporter needs to 'sell' the story to the editorial committee.

    Instead, this problem must be solved judicially by making the freedom of the press tangible in a
  • Here's the short answer. You can't.

    This is a social problem, not a technological one.

    You need to fanatically develop a culture where secrecy surrounding a source's identity is sacrosanct. Reporters don't keep real names in notes. Nothing about real names of sources is written down. Communications involving sources is done verbally and face to face... etc...
  • It's easy. We set up pigeon feeders at newspapers, and in a little donated park areas around metropolis areas (good for the environment), set up bird seed machines that are on teh cheap as to attract lots of people, and train the birds to move from various park areas to newspapers. Then, all the informant has to do is pick a random park area and attach scroll to informant pigeon.. I mean carrier pigeon.. and bam. Too many people to keep track of for snoopy snoops. I suppose the only worry is getting a N
  • they still don't have reliable thought readers yet, and we all know torture doesn't get you more reliable results, so that solution will work.

    And never ever talk about it or write it down.

    Consider using a numbered source system. Find a book that has the picture of the source and refer to that picture as something like RG7952 for Salizar's Homoculus Directory (R=S,G=H), page 89 (79=89), column 5, row 2 - which is a picture of that person. And then whenever you refer to it in internal articles, always use t
  • can be easily called into question. If you're writing a 'big scoop', you want to be sure you're reporting correctly (well, maybe not for some papers). The accuracy of information coming from someone who is willing to be identified is generally higher than that of the guy who remains anonymous.

    Think of the /. feature of posting AC. In general, AC posts aren't worth as much as a post associated with a known user. I certainly give more interest to someone who bothered to register than I do to an AC posting.

    T

  • Panama is THE haven for hiding assets. If you embezzeled a shitload of cash from your corporation and need to disappear to a third world country, it's guys like these [panama-off...rvices.com] who can help you out. Isabella from shes.flightrisk.org used them to vanish somewhere having absconded over $100M from her family.

    These crazy Panamanian lawyers recommend Hushmail. Used by 4 out 5 international criminals who chew gum. Let's just put it this way... if you wanted to contact a journalist with a blow the roof off the government
  • by caudron (466327)
    ROT13 is the answer! [wikipedia.org] That'll ensure privacy and anonymity for certain!
  • Why should we help these corporate media to further protect their anonymous sources? They're abusing the trust we have in their publications, by quoting sources their writers know, but without investigating whether their quotes are accurate. In fact, they look to their sources for quotes to reinforce their foregone conclusions about a story, then keep their source anonymous to protect them from that scrutiny.

    Now, if these corporate media were looking for a way to require that any anonymous source be corrobo
    • Hear hear! Big newsatainment-media bent on selling advertisements and stirring up their target audience is a vile plague on this world. They should not be protected even when they adopt their self-righteous arrogance. The press is a good thing, and freedom of the press is a good thing, but anonymous sources presenting facts that are not verifiable or coroborated by verifiable sources are being abused in order to further political agendas and lie to the public.

      All media that cite anonymous sources should
  • *ack*

    I can't say that with straight face and without choking.

    Anyhow, if sources are so anonymous that they cannot be verified as to identity by the news people, and when has this ever stopped them, then how do we ever know it isn't some geek with a crude sense of humor who has managed to master nym and mixmaster remailers?

    If they are known by the reporters, then the court order comes into play and they can testify or go to jail. That simple. We're not talking lawyer-client or doctor-patient or married
  • See this article [time.com]. Cooper's source was revealed because Time editors chose to reveal that source, against Cooper's wishes, in accordance with a Supreme Court ruling. Cooper should not have trusted his editors, if he really wanted to protect his source. No amount of technological security will help if you are betrayed by your own people.
  • Some might say: Setup a submission form, give the source a tracking number (reference number for the submission), and then delete the logs every hour so there is no IP trace.

    But this is where the solution doesn't work: Reporters have to be able to verify their sources. To make sure it isn't a quack. If it is completely anonymous - what is to stop me from sending a note saying I am a top White-House aid and I got the inside scoop?

    IMHO if the data given involves national security (i.e. the name of an
  • How can a newspaper setup an IT system that completely hides every trace (including emails, phone calls notes, logs and so forth) of an anonymous source's identity?"

    (a) Make the whole frigging website accessible by HTTPS. That way, someone looks like they're reading the news, so far as a network sniffer is concerned.

    (b) Stop requiring people to register their full name, age, occupation, and list of health problems before reading your website. Somehow, I think the New York Times missed this lesson.

    (c) Stop
  • To this day, he has no idea how Mark "Deep Throat" Felt sent messages to him in his morning paper.

  • This Anon Coward guy seems pretty smart, so I think Journalists should just listen to him.
  • With full anonymity, a white house staffer's word means nothing more than the average schmoe on the street. For the information to have value, someone needs to know the identity of the source. Once that has happened, full anonymity isn't possible.
  • by rbanffy (584143)
    If the journalist knows who the source is, technology makes no difference - the journalist must surrender this information to authorities or risk the consequences (at least in the current state of affairs).

    If the journalist knows nothing about the source, how can it be trusted?
  • On the one hand the editors need to verify sources to prevent the kinds of made-up-story scandals of the last decade and on the other sources need to be protected.
  • How, once you have hidden every trace of an anonymous source's identity, and someone contacts you claiming to by the same anonymous source, how do prove (even to yourself) that they are or are not?

    The source could take care of this by telling you a code word that would appear in the next communication. The reporter could also tell the source what code word to use next (unless the source was using a one-way communication channel such as a letter or an e-mail with a forged header).

    Other than such a mechanism
    • How, once you have hidden every trace of an anonymous source's identity, and someone contacts you claiming to by the same anonymous source, how do prove (even to yourself) that they are or are not?

      One solution:

      Let the source supply a public key in the first message, and sign each subsequent message.

      pgp / gpg can be used for this purpose.

  • Aren't there whistleblower laws that protect individuals who leak information about crimes committed by organizations they work for?
  • Keeping anonymoty is something that academics have been working on for a while. The first thing the human subjects review board asks you is if you intend to keep your research subjects anonymous.
    so things like double coding of names where two or more people change the names so that there is no way to know how subject X is.
    Another is to just not know their names in the first place.
    Destroying the evidence is another common tactic which means destroying all the personally identifiable data as soon as the rese
  • Forget about phone calls and other written records. Just insist that all of your messages with the source go through Mixmaster [wikipedia.org].
  • I think the better question is how to make sure the source is legitimate while maintaining its anonyminity? (Is that a word?) I'm not sure I have an answer to that.
  • Technological anonymity does not address all the vulnerabilities of the system because the identity of the source is also stored in the mind of the journalist. In fact, I suspect that technological security is an iron padlock on a paper house -- the human factors/social engineering issues create some severe vulnerabilities in the system. If the government can threaten or actually imprison a journalist over sources, then encrypted HDs aren't going to be much of a defense. As long as the journalist can ID
  • how newspapers are looking for new ways to hide the identities of anonymous sources from prosecutors.

          Just make up the sources and stories as you go along? Oh, wait...
  • How about including a list of anonymous email forwarding servers (preferably in another country) on the contact page. If they wanted to get fancy, they could include a section or page on how to use anonymous email if the user doen't trust the list given.

    Then again, a typewritten letter stuffed in an envelope with no return address and correct postage is probably just as secure.

  • == anonymity.

    Make award payment for the story lead payable to CASH.
  • by Mirri (255359)
    I've heard an interview with Bob Woodward where specifically said that he told his editor who his source was and that he thinks that the editor should know who a reporter's source is. It is a check and balance that leads to an internal accountability. Something which avoids the problems we've seen in the press lately of reporters claiming anonymous source when its really a completely fictitious sources. Doesn't the complete anonymity being talked about here lead more easily toward that kind of abuse?
  • By the time they come asking where the sources came from, all the data will be gone.
  • by edunbar93 (141167) on Wednesday August 03, 2005 @02:47AM (#13228811)
    Pretty much any technology is trackable, and chances are you don't even know it. While I'm more-or-less referring to things like printers that print invisible serial numbers and exported Pentium chips that double as guided missile beacons, I'm also talking about encryption and anonymizer accounts. All it takes to crack those open is a court order, as the Church of Scientology has been so effective in demonstrating.

    But a pen and paper is untracable. Just like pay phones and small bills instead of cell phones and credit cards.

MATH AND ALCOHOL DON'T MIX! Please, don't drink and derive. Mathematicians Against Drunk Deriving

Working...