How feasible are secure drop-boxes for "IT naive whistleblowers" ?

Assembled cogniscenti: I am not a huge fan of the Melbourne Herald-Sun and I believe the somewhat similar English Sun, is one of the Murdoch's papers which seemed to have little regard for privacy. So I found the following link which a friend sent; somewhat curious. But it did prompt the question suppose an ombudsman wanted to set up a secure drop box for "IT-naive whistleblowers", is it feasible ? and how could the whistleblower be certain of that anonymity ? http://www.thesun.co.uk/sol/homepage/news/6429126/The-Sun-Whistleblower-Char... regards Rohan McLeod

On 28/04/2015 1:43 PM, Rohan McLeod wrote:
Assembled cogniscenti: I am not a huge fan of the Melbourne Herald-Sun and I believe the somewhat similar English Sun, is one of the Murdoch's papers which seemed to have little regard for privacy. So I found the following link which a friend sent; somewhat curious. But it did prompt the question suppose an ombudsman wanted to set up a secure drop box for "IT-naive whistleblowers", is it feasible ? and how could the whistleblower be certain of that anonymity ?
http://www.thesun.co.uk/sol/homepage/news/6429126/The-Sun-Whistleblower-Char...
???? https://projects.newyorker.com/strongbox/ ???? A.

On Wed, 29 Apr 2015 04:39:01 AM Andrew McGlashan wrote:
On 28/04/2015 1:43 PM, Rohan McLeod wrote:
Assembled cogniscenti: I am not a huge fan of the Melbourne Herald-Sun and I believe the somewhat similar English Sun, is one of the Murdoch's papers which seemed to have little regard for privacy. So I found the following link which a friend sent; somewhat curious. But it did prompt the question suppose an ombudsman wanted to set up a secure drop box for "IT-naive whistleblowers", is it feasible ? and how could the whistleblower be certain of that anonymity ?
http://www.thesun.co.uk/sol/homepage/news/6429126/The-Sun-Whistleblower-C harter.html
Rather amusing to see a Murdoch paper railing against phone hacking. They had an 'important scoop about cabinet minister Andrew Mitchell calling cops “f***ing plebs”'. Seriously? We have lies about multiple wars, and lots of other serious issues and a profane MP is an "important scoop"? That said it's good that the publish information about using Tor, the people who read The Sun aren't going to be attending LUG meetings etc so it's their best chance to learn about such things.
I agree that the New Yorker is probably a better option in most cases. But if you have evidence of a dodgy MP doing something stupid that a tabloid can harass them about then The Sun is a good option. -- My Main Blog http://etbe.coker.com.au/ My Documents Blog http://doc.coker.com.au/

Russell Coker wrote:
On Wed, 29 Apr 2015 04:39:01 AM Andrew McGlashan wrote:
On 28/04/2015 1:43 PM, Rohan McLeod wrote:
......snip But it did prompt the question suppose an ombudsman wanted to set up a secure drop box for "IT-naive whistleblowers", is it feasible ? and how could the whistleblower be certain of that anonymity ?
http://www.thesun.co.uk/sol/homepage/news/6429126/The-Sun-Whistleblower-C harter.html Rather amusing to see a Murdoch paper railing against phone hacking. They had an 'important scoop about cabinet minister Andrew Mitchell calling cops “f***ing plebs”'. Seriously? We have lies about multiple wars, and lots of other serious issues and a profane MP is an "important scoop"?
That said it's good that the publish information about using Tor, the people who read The Sun aren't going to be attending LUG meetings etc so it's their best chance to learn about such things.
https://projects.newyorker.com/strongbox/ I agree that the New Yorker is probably a better option in most cases. But if you have evidence of a dodgy MP doing something stupid that a tabloid can harass them about then The Sun is a good option.
Reading these links the technology seems pretty much the same ie. using a secure anonymous brouser ( Tor) to; access an otherwise invisible website.The problem / possibility which I was hoping to highlight by referencing "ombudsmen" was the much wider appllication.of such technology beyond merely protecting newspaper sources; eg. Police internal affairs; oversight of intelligence organizations, public scrutiny of large commercial organizations, etc. 1/ The first problem is does this technology actually guarantee the anonymity of the whistleblower ?; 2/ How can an 'IT naive' whistleblower be certain of this ? because one can see in the case of Edward Snowden and the tragic case of Chelsea Elizabeth Manning; (born Bradley Edward Manning) these people are actually putting their lives on the line. 3/ If it does; is it accessible to IT naive sources because apart from the question of ease of use one doesn't, want to provide even this information about a whistleblower. 4/ A second problem, should the technology actually allow the possibility of secure anonymous dropboxes/ suggestion boxes; is their use by 'black-hats'; to use the example of Police Internal Affairs corrupt officers or criminals could use the system to safely spread disinformation. This suggests the information from such drop-boxes could never be used , in a court of law although it could reference information that can. eg a police department was supposed to have destroyed certain files and hadn't regards Rohan McLeod

On Fri, 1 May 2015, Rohan McLeod <rhn@jeack.com.au> wrote:
Reading these links the technology seems pretty much the same ie. using a secure anonymous brouser ( Tor) to; access an otherwise invisible website.The problem / possibility which I was hoping to highlight by referencing "ombudsmen" was the much wider appllication.of such technology beyond merely protecting newspaper sources; eg. Police internal affairs; oversight of intelligence organizations, public scrutiny of large commercial organizations, etc.
1/ The first problem is does this technology actually guarantee the anonymity of the whistleblower ?;
http://linuxers.org/article/browser-fingerprinting-technique-identify-users- without-using-cookies That depends on the implementation. If someone uses a regular web browser with tor instead of torbrowser then their combination of OS, fonts, browser version, screen resolution, etc probably narrows it down a bit. If the authorities already have a list of a few hundred people who could have blown the whistle that is likely to identify the person. The above URL has some background information.
2/ How can an 'IT naive' whistleblower be certain of this ? because one can see in the case of Edward Snowden and the tragic case of Chelsea Elizabeth Manning; (born Bradley Edward Manning) these people are actually putting their lives on the line.
They can't. But it's better than nothing. Also in regard to browser fingerprinting that restricts it to just the news source, so it's a matter of whether you trust the integrity of the news organisations to not to store data for fingerprinting (don't trust Murdock) and whether you trust their ability to keep the authorities out of their servers.
4/ A second problem, should the technology actually allow the possibility of secure anonymous dropboxes/ suggestion boxes; is their use by 'black-hats'; to use the example of Police Internal Affairs corrupt officers or criminals could use the system to safely spread disinformation. This suggests the information from such drop-boxes could never be used , in a court of law although it could reference information that can. eg a police department was supposed to have destroyed certain files and hadn't
I think that if the police wanted to keep data instead of destroying it then they would just do so. They could rent or build entire data centers for storing such data and no-one would stop them. -- My Main Blog http://etbe.coker.com.au/ My Documents Blog http://doc.coker.com.au/

Russell Coker <russell@coker.com.au> wrote:
On Fri, 1 May 2015, Rohan McLeod <rhn@jeack.com.au> wrote:
Reading these links the technology seems pretty much the same ie. using a secure anonymous brouser ( Tor) to; access an otherwise invisible website.The problem / possibility which I was hoping to highlight by referencing "ombudsmen" was the much wider appllication.of such technology beyond merely protecting newspaper sources; eg. Police internal affairs; oversight of intelligence organizations, public scrutiny of large commercial organizations, etc.
Some of these applications may be well served by the proposal described in this article: https://lwn.net/Articles/640295/
That depends on the implementation. If someone uses a regular web browser with tor instead of torbrowser then their combination of OS, fonts, browser version, screen resolution, etc probably narrows it down a bit.
And as you mention, this narrows it down altogether too much in many cases. Undoubtedly, human rights organizations encounter these issues frequently. They need reliable information, often from states with poor human rights records where political freedom is strongly curtailed. I don't think it's possible for anyone who isn't proficient in installing software and running it reliably to have anonymity. Consider this a privilege for those in the know, just as e-mail encryption with public-key infrastructure is.

On 1/05/2015 10:10 AM, Russell Coker wrote:
On Fri, 1 May 2015, Rohan McLeod <rhn@jeack.com.au> wrote:
Reading these links the technology seems pretty much the same ie. using a secure anonymous brouser ( Tor) to; access an otherwise invisible website.The problem / possibility which I was hoping to highlight by referencing "ombudsmen" was the much wider appllication.of such technology beyond merely protecting newspaper sources; eg. Police internal affairs; oversight of intelligence organizations, public scrutiny of large commercial organizations, etc.
1/ The first problem is does this technology actually guarantee the anonymity of the whistleblower ?;
Privacy of electronic communication being something that can't be guaranteed is why Pamela Jones shut down Groklaw. She couldn't conscientiously expect her sources to take that sort of risk. (Not that I'm saying that snail mail is free from risk either, but a letter can be dropped in a post box anywhere, so the chance of being exposed is minimal, or at least can be minimised by taking the fairly simple precautions of using generic stationary, print the content using standard fonts on a common model of printer, and random choice of post box to send the letter on its way.) Morrie.

Morrie Wyatt <morrie@morrie.id.au> wrote:
(Not that I'm saying that snail mail is free from risk either, but a letter can be dropped in a post box anywhere, so the chance of being exposed is minimal, or at least can be minimised by taking the fairly simple precautions of using generic stationary, print the content using standard fonts on a common model of printer, and random choice of post box to send the letter on its way.)
Some printers, unfortunately, embed subtle identifying information in their output. Use a printer that is frequented by members of the public in large numbers, for example in a public library or perhaps a printing/photographics outlet that people regularly visit to print material.

On Sat, 2 May 2015, Jason White <jason@jasonjgw.net> wrote:
Morrie Wyatt <morrie@morrie.id.au> wrote:
(Not that I'm saying that snail mail is free from risk either, but a letter can be dropped in a post box anywhere, so the chance of being exposed is minimal, or at least can be minimised by taking the fairly simple precautions of using generic stationary, print the content using standard fonts on a common model of printer, and random choice of post box to send the letter on its way.)
Some printers, unfortunately, embed subtle identifying information in their output.
https://www.eff.org/pages/list-printers-which-do-or-do-not-display-tracking- dots http://en.wikipedia.org/wiki/Printer_steganography The above has more information on this.
Use a printer that is frequented by members of the public in large numbers, for example in a public library or perhaps a printing/photographics outlet that people regularly visit to print material.
Or just obtain a printer without it being associated to you or to any other secret documents. For example if you were to find a working printer on someone's lawn when the council is collecting hard rubbish and only used it for blowing the whistle on one organisation you would be safe as long as there is no geographic association. Taking a printer from your neighbor would be a bad idea. Taking one from a different suburb that's no closer to you than to any of the other people who have access to the data in question should be OK. You could buy a printer with cash at a swap meet. Buying from a store would be a bad idea as you don't know how long their surveillance records are kept. -- My Main Blog http://etbe.coker.com.au/ My Documents Blog http://doc.coker.com.au/

Russell Coker wrote:
On Sat, 2 May 2015, Jason White <jason@jasonjgw.net> wrote:
Morrie Wyatt <morrie@morrie.id.au> wrote:
(Not that I'm saying that snail mail is free from risk either, but a letter can be dropped in a post box anywhere, so the chance of being exposed is minimal, or at least can be minimised by taking the fairly simple precautions of using generic stationary, print the content using standard fonts on a common model of printer, and random choice of post box to send the letter on its way.) Some printers, unfortunately, embed subtle identifying information in their output. https://www.eff.org/pages/list-printers-which-do-or-do-not-display-tracking- dots http://en.wikipedia.org/wiki/Printer_steganography
Russell, both these seem to refer exclusively to laser-printers; a quick google didn't seem to find similar issues with ink-jets; absence of evidence, is evidence of absence ? :-) regards Rohan McLeod

On Mon, 4 May 2015 03:09:46 PM Rohan McLeod wrote:
https://www.eff.org/pages/list-printers-which-do-or-do-not-display-tracki ng- dots http://en.wikipedia.org/wiki/Printer_steganography
Russell, both these seem to refer exclusively to laser-printers; a quick google didn't seem to find similar issues with ink-jets; absence of evidence, is evidence of absence ? :-)
Ink jets might be a safer option as something which is of unknown security is probably a better option than something that is proven to be insecure. But if there were consequences that matter I wouldn't trust them. One benefit of those secure drop-box services is that it eliminates the issues of tracing printers, paper, etc. -- My Main Blog http://etbe.coker.com.au/ My Documents Blog http://doc.coker.com.au/

On 30/04/15 22:05, Rohan McLeod wrote:
Russell Coker wrote:
On Wed, 29 Apr 2015 04:39:01 AM Andrew McGlashan wrote:
On 28/04/2015 1:43 PM, Rohan McLeod wrote:
......snip But it did prompt the question suppose an ombudsman wanted to set up a secure drop box for "IT-naive whistleblowers", is it feasible ? and how could the whistleblower be certain of that anonymity ?
http://www.thesun.co.uk/sol/homepage/news/6429126/The-Sun-Whistleblower-C
harter.html Rather amusing to see a Murdoch paper railing against phone hacking. They had an 'important scoop about cabinet minister Andrew Mitchell calling cops “f***ing plebs”'. Seriously? We have lies about multiple wars, and lots of other serious issues and a profane MP is an "important scoop"?
That said it's good that the publish information about using Tor, the people who read The Sun aren't going to be attending LUG meetings etc so it's their best chance to learn about such things.
https://projects.newyorker.com/strongbox/ I agree that the New Yorker is probably a better option in most cases. But if you have evidence of a dodgy MP doing something stupid that a tabloid can harass them about then The Sun is a good option.
Reading these links the technology seems pretty much the same ie. using a secure anonymous brouser ( Tor) to; access an otherwise invisible website.The problem / possibility which I was hoping to highlight by referencing "ombudsmen" was the much wider appllication.of such technology beyond merely protecting newspaper sources; eg. Police internal affairs; oversight of intelligence organizations, public scrutiny of large commercial organizations, etc.
1/ The first problem is does this technology actually guarantee the anonymity of the whistleblower ?; tor/tails is currently the best option for a "naive" user to become anonymous it has its problems but its the best we currently have. (low-latency anonymity is a hard problem or actually anonymity in general is a hard problem when facing a state actor )
2/ How can an 'IT naive' whistleblower be certain of this ? they would need to do a little research. the only good thing the .au govs data retention policy has achieved is it has made a lot of regular "naive" users at least aware of the current options. because one can see in the case of Edward Snowden and the tragic case of Chelsea Elizabeth Manning; (born Bradley Edward Manning) these people are actually putting their lives on the line Ed outed himself by choice for his reasons. chelsea outed herself by telling a a person she really shouldnt have told what she did. in her case i really think she would have remained anonymous had she had kept quiet.
3/ If it does; is it accessible to IT naive sources because apart from the question of ease of use one doesn't, want to provide even this information about a whistleblower. ideally you wouldnt want one 2 one this information over open channels, but have a how to access on a public site someplace so you are not flagging them. Currently using your use case of police corruption if they called or emailed the PIC they are potentially already outed due to data retention. hence it would be optimal to have a how to give anonymous tips in a very public place.
4/ A second problem, should the technology actually allow the possibility of secure anonymous dropboxes/ suggestion boxes; is their use by 'black-hats'; to use the example of Police Internal Affairs corrupt officers or criminals could use the system to safely spread disinformation. This suggests the information from such drop-boxes could never be used , in a court of law although it could reference information that can. eg a police department was supposed to have destroyed certain files and hadn't
dropboxes would normally be more like an "anonymous tip from a payphone" that would lead to verifiable data that could be used in court. not the be all and end all of a case.
regards Rohan McLeod
_______________________________________________ luv-talk mailing list luv-talk@luv.asn.au http://lists.luv.asn.au/listinfo/luv-talk

nic <nic@404ed.org> wrote:
dropboxes would normally be more like an "anonymous tip from a payphone" that would lead to verifiable data that could be used in court. not the be all and end all of a case.
Yes, and this is important to remember. Obviously, the organization which runs the dropbox needs to verify the information carefully and take appropriate action. It's also worth bearing in mind that some countries have laws in place designed to protect the interests of whistleblowers. This isn't my area of expertise, and I suspect that some of the protections are more effective than others. I don't know what the laws cover, e.g., whether it's only public-sector issues or also the private sector Obviously, if it's a criminal matter reported to the police, then issues of witness protection arise, which can likewise be complex.
participants (6)
-
Andrew McGlashan
-
Jason White
-
Morrie Wyatt
-
nic
-
Rohan McLeod
-
Russell Coker