Date post: | 07-May-2015 |
Category: |
Technology |
Upload: | globaleaks |
View: | 124 times |
Download: | 2 times |
GlobaLeaks: anonymous whistleblowing framework
Claudio Agosti [email protected]
ThinkTwice PP-INT 23/02/2014
Who we are ?• Hermes Center, for transparency and
digital human rightshttp://logioshermes.org
• Advocate in digital human rights• Developers (tor2web software)
GlobaLeaksWhat we don't
• After WikiLeaks cablegate:
• No more a central entity would face a danger so extreme
• General-purpose whistleblowing may be unable to understand details and environment
Who want whistleblowing ?
Who want whistleblowing ?
Whistleblowing + Technology = Citizens Power
Digital Whistleblowing
How connect them ?• Whistleblowers are someone with
“something to tell”.– a WB may not know that someone is
interested
• Journalist can trasform the right information in an action, in a change.– a WB may not know the right journalist.
“if you know something, you can do something about it”
Is internet safe for whistleblowers ?
• Online/LAN data control is a business itself• Offices control is commonly present• Whistleblowers
protection law• Freedom of speech
threatened in somecountries
• Reprisal/revenge
Our project• Free software
– We do not run services• Every topic may have an appropriate
whistleblowing site– We call them contexts
• Roles separation– Whistleblower– Node Administrator– Receivers (Journalists, experts, public
official)
Paradigm change
When “online” psychological barrier reduce
Digital Whistleblowing works only with strong privacy
But online reporting actions could leave online
Especially due to massive government surveillance
Not every node has NSA as primary concern...
• But you can't go back from not being anonymous
• GlobaLeaks is a framework, can adapt shape in different environments
• Note: 10 languages supported, and growing with Transifex!
EmailWeb BrowsingPhone callsLocation trackingMetadataData retention
Connection Protection• Guarantee whistleblower anonymity
(of whistleblower connection, almost)– No one can materially have information about the
whistleblower (admin, server, others)• Protection from censorship attempt• Do not disclose service
physical location
Security• Anonymity or Confidentiality (Tor, Tor2web, configurable)• Encryption
● Files encrypted with PGP● Realtime AES encryption from XHR to the disk
● 3 professional security review (iSec, cure53, leastauthority)● Data Retention
● Submissions are deleted every 2 weeks (configurable), keep server clean
● Whistleblower Awareness● PrivacyBadge, Forced disclaimers, Awareness messages
Running a GlobaLeaks node...
The troubles of the “node administrator”
● Social Activism by soliciting whistleblower isn’t just “running a whistleblowing platform & a twitter account”
● Different social goals, methods, threat model for various actors
● Different way to “transform information into action”● Activists often lacks all the skills required to startup
a whistleblowing initiative in an “effective” way
The rensponsibility of the “node administrator”
● Once a while / at the setup● Infrastructure, Security, Software and
procedures, Legal
● Always● Editorial, ADS/promotion, Fundraising,
Organization
The rensponsability of the “receivers”
• Trust only data– They are much more checkable than
gossip
• They need to be knowledgable about the subject, but not eventually related– They may be selected by the available
receivers, so have to declare their
https://irpi.eu/irpileaks/
http://atlatszo.hu/magyarleaks/ http://www.perun.rs/
Investigative Journalist Digital Dropbox• Investigative Journalist Groups acting on Topics of Public Interests• Journalistic investigation and fact-checking done in-house• Publishing of scoops and articles
Select Category
Send Tip
Fact Checking
Investigative Journalism
MediaMedia PublishingPublishing
Coordinate release across multiple media
Coordinate release across multiple media
Initiative supported by:http://pistaljka.rs/
Pistaljka: Anti Corruption Activism
Send Tip Issue FOIA SerbianGov
SerbianGov
AuthoritiesAuthorities
MediaMedia
Structured workflow of operation for Serbian wholesale anticorruption initiative
Recent Achievements:• 30/12/2013: Release of Iceland Banking Collapse raw data• 31/12/2013: Ministry of Finance found to be key stakeholder in saved banks
LJOST: Government Transparency Activism
Send Tip Validation Raw Data PublishingRaw Data Publishing
Crowdsourcing
Factchecking
May lead to Publishi
ng
May lead to Publishi
ng
http://www.ljost.is Iceland Government Transparency Activism
42 media partners• National Media• Printed Journal• Online Media• TV• Local Media
https://publeaks.nl
PubLeaks Foundation• Consortium by all media partners• Manage the IT infrastructure• Can’t access to Leaks• Provide technical support• Provide “Secure” Laptop
Achieved amazing result in few months• Abuse of power by politicians• Abuse of public funds• Already got attempt of Takedown
https://secure.publeaks.nl
Multi Stakeholders Digital Whistleblowing
Key Points:• Stimulate cooperation• Stimulate competition• Whistleblower choose reputation based
Select Media
Send Tip
Fact Checking
Fact Checking
Max 3 in parallel
out of 42
Max 3 in parallel
out of 42
IF only 1 media
IF multiple mediareceive the leaks
ExclusivityExclusivity
• Embargo Period• Cooperation Rules
• Embargo Period• Cooperation Rules
Publishingon mediaPlatform (web,
printed, tv)
Publishingon mediaPlatform (web,
printed, tv)
MUST write that source come from publeaks
MUST write that source come from publeaks
MafiaLeaks: Activism against Organized Crime
Mafia Whistleblowers
MAFIA LEAKSMAFIA LEAKS
AuthoritiesAuthorities
AntiaMafia ONGAntiaMafia ONG
Antimafia JournosAntimafia Journos
Victim of Mafia
“I know something”
http://www.mafialeaks.org
What’s your social activism schema and ideas?
Questions ?• Technical Documentation
http://github.com/globaleaks/GlobaLeaks/wiki• Project Plan (outdated! But...)
http://globaleaks.org/ProjectPlan.pdf
• Contacts
http://logioshermes.org
WE – Whistleblowe Everywhere @globaleaks