Using Technology to Protect Anonymous Sources?

A not-so Anonymous Anonymous Coward asks: "The New York Times has a story describing how newspapers are looking for new ways to hide the identities of anonymous sources from prosecutors. This seems like a something the Slashdot crowd might know something about. How can a newspaper setup an IT system that completely hides every trace (including emails, phone calls notes, logs and so forth) of an anonymous source's identity?"

The Best Thing

[danheskett]

The best thing is to ditch anonymous sources.

Re:The Best Thing

The best thing is to ditch anonymous sources.

Ever heard of Watergate?

Re:The Best Thing

The public hearings were only possible once the issue was in the spot light, which would not have been possible without the anonymous source.

If you read the history of Deep Throat, he didnt so much tell them things, as point them in directions. Without Deep-throat, there would have been no public hearings andit all would have gone away.

A few options.

[Knight+Thrasher]

Places like Stealth Surfer ( http://stealthsurfer.biz/anonymous_email.html ) offer off-shore anonymous and encrypted email addresses, free of cost. Usage of free and public computers, such as public librarys and even Wifi hotspots, can help cover tracks. But sometimes it all depends on how determined someone is to invade your network. The most secure computer is one not connected to the internet - that's why I recommend AOL Dialup! You'll never be exposed to the internet again!

Easy...set up nym accounts..

[cayenne8]

Should be easy. Set up an email address as a 'nym' account...that bounces about 4-5 times around the world through various mix of nym servers and mixmaster ones...encrypted each leg of the way individually to each server..headers stripped each time.

That would pretty much set things up virtually untraceable.

If they really wanted to get paranoid about it...the end leg could go through a mail2news server, and post responses anonymously, PGP encrypted to USENET groups set up just for this.

Ironic...

[l_bratch]

...how NY Times wants anonymous sources, but wants us to sign up to read the article about it.

My two ideas

[El+Cubano]

The first two things that come to mind:

• Anonymous letter via snail mail
• Email submitted via mixmaster

Even then, it is not possible to be completely anonymous. It is always possible to match things like print head patterns, fingerprints, typewriter head impressions, and so on. Like anything else security-related, there are only varying degrees.

Big difference between CIA leak and DeepThroat

[MerlynEmrys67]

Lets not forget there is one difference between these two sources...

In the case of deep throat - he was reporting on a crime that someone else committed. At no point did deep throat cross a legal line in reporting what he did to the Washington Post

In the case of the CIA leak - lets just say that who ever their source was COMMITTED a crime by leaking the name to the reporter. By committing a crime, he should be reported and punished to the full extent of the law.

Back to your regularly scheduled First Ammendment ramblings

It goes to the heart of news *cough* ethics...

[suitepotato]

*ack*

I can't say that with straight face and without choking.

Anyhow, if sources are so anonymous that they cannot be verified as to identity by the news people, and when has this ever stopped them, then how do we ever know it isn't some geek with a crude sense of humor who has managed to master nym and mixmaster remailers?

If they are known by the reporters, then the court order comes into play and they can testify or go to jail. That simple. We're not talking lawyer-client or doctor-patient or married couples here, we are talking about quite plainly, people whose entire job it is to print the most sensational things in their area that they can to sell newspapers and increase paying readership. Not saving people from the noose, not saving people's lives, not keeping a marriage together.

I place reporter-source privilege on the same level as that of gossip-mongers in my own neighborhood and as much importance on it. Reporters say their profession is about truth and facts. Well truth is ephemeral and in the mind of the person at hand and facts things that people may very well ignore in choosing their truth for themselves. If they want to be so high and mighty, let them put out verifiable bonafide facts and cut down the use of anonymous sources.

If news people see it as needing some way to circumvent court orders using encryption, then how trustworthy can it be? Sounds more like shielding their backsides and giving themselves greater latitude in abusing "anonymous sources" which they do too frequently these days as it is. Let them start acting ethical and aboveboard in the fourth estate to begin with and not looking for ways to cover their behinds.

Re:anonymous remailers?

[learn+fast]

You may be thinking of anon.penet.fi. Was popular on usenet while it lasted.

Personally I don't see how this is possible

[einhverfr]

It is not primarily an issue of preventing evesdropping. That is not hard. It is not a problem of controlling access.

The bigger problem is not defeating a technological threat. It is a problem with defeating a court order. If anyone has access to the information (including the original reporter) then this information can be dubject to subpoena (IANAL). To my knowledge court orders don't tend to be defeated by some brand new technological system used. Even the reporter's recollection and testamony could be subpoenad. And if you hide things from the editorial staff, what sort of quality control do you get?

Use the right tool for the job. To defeat a technological threat, use a technological countermeasure. To defeat a legal threat, hire the best attourney. Better yet, don't enter into confidentiality agreements with those who are pursuing their own nefarious goals such as Carl Rove. Protecting whistleblowers is one thing. Protecting those in power as they seek revenge against those who dispute facts with them however is not nearly the same thing. A better way of handling this in order to have a good defensive position is to make sure that every reporter who may enter into such an agreement is given legal and editorial advice beforehand.

Just my lay opinion.

Total anonymity not good

[Mirri]

I've heard an interview with Bob Woodward where specifically said that he told his editor who his source was and that he thinks that the editor should know who a reporter's source is. It is a check and balance that leads to an internal accountability. Something which avoids the problems we've seen in the press lately of reporters claiming anonymous source when its really a completely fictitious sources. Doesn't the complete anonymity being talked about here lead more easily toward that kind of abuse?

Use Maxtor HDs

[keyrat+rafa]

By the time they come asking where the sources came from, all the data will be gone.

Re:Regarding Portable HDs

[Phillup]

How 'bout a country that had 13 of it's citizens drive planes into two of our office buildings?

That one seems to be beyond our reach...

buy everyone an iPod

[EccentricAnomaly]

"Yeah, I just carry it because I am supposed to, but I really haven't used it." ...or just buy everyone an iPod :) Then no funny excuses as to why you carry it around... and it's plausible to have one lost or stolen.

Don't weaken the strength of your democracy!

[BerntB]

The best thing is to ditch anonymous sources.

My personal belief is that USA works as a democracy because of the quality of their digging press. I believe my country, Sweden, would be a better place if our media were half as independent and competent.

NY Times and Washington Post seems to find more scandals in the US president administration than the rest of the world's media find in the rest of the world's governments.

(-: They seem to be as good at news as the English press is at digging into the private lives of football (sorry, socker) stars. :-)

Locally, most newspapers can't survive without big handouts from the state (a large part of that problem is the heavy taxation of work time. Give with one hand, take back with the other -- with the axe always ready to fall if they become too problematic...)

One of the (probably few) places where Sweden seems superior, is that it is illegal for public departments or employees to inquire for sources.

So NY Times et al could just start a local Swedish magazine, tell all people with sensitive information to call here -- and buy stories from the Swedish magazine, which would be their only source of income. :-)

(I guess the local magazine would have to publish something, too, to keep the rights as a paper magazine. They could always charge $100 a magazine to stop having to print many newspapers. :-)

Re:Regarding Portable HDs

[Anonymous+Cowpat]

Sealand,
of course, the US would have little difficulty invading it if they so desired, but to do so they'd be operating in British waters.

FreeNet

[cryptelligence]

The safest and most anonymous protocol I've seen is Freenet. If anyone was lucky enough to see the Freenet presentation at DEFCON, they illustrated how a message could theoretically be sent over a trusted social network, location-independent and subsequently anonymous. The theory proposed that instead of a massive random anonymous freenet node network, Freenet would begin to integrate normal human-like social networks, allowing users to "validate" the identity of other users without compromising anonymity (Somewhat like a PGP-key signing party). Each user would pick a random number, and based on their social network of trusted friends, their number would be switched with other users, giving the illusion of proximity. Not only was the proposed theory location-independent, they also illustrated how a man-in-the-middle attack couldn't happen without being completely obvious (In the presentation, it was illustrated that a message to a false "John Kerry" would take a large and noticable amount of hops (if the message got there at all) because "John Kerry" doesn't have a normal social network that would be apparent with a prominent political figure). Of course, I do see how this method could possibly be vulnerable (As we all know how easy social engineering can be): A) A "trusted" person who is being used as a hop point could intercept the message and compromise security. (A risk you take when trusting friends, and friends-of-friends) B) The message sender or receiver could be compromised, and a person could theoretically follow the chain of hops to the other party involved.

Re:Regarding Portable HDs

[Petrushka]

How 'bout a country that had 13 of it's citizens drive planes into two of our office buildings?

That one seems to be beyond our reach...

I take it you mean Saudi Arabia? You know, the one that has US military bases plastered all over it?

Simple, don't use it.

[edunbar93]

Pretty much any technology is trackable, and chances are you don't even know it. While I'm more-or-less referring to things like printers that print invisible serial numbers and exported Pentium chips that double as guided missile beacons, I'm also talking about encryption and anonymizer accounts. All it takes to crack those open is a court order, as the Church of Scientology has been so effective in demonstrating.

But a pen and paper is untracable. Just like pay phones and small bills instead of cell phones and credit cards.

Martus

[christefano]

I'm surprised that nobody has mentioned Benetech's Martus, a free, open source and multi-platform for encrypting and anonymously distributing information about human rights violations.

Why can't the news media use something like this?

Frankly, I'm even more surprised that nothing turned up when I searched /. to see if anyone had mentioned Martus in the past.