WSJ’s Safehouse Not All That Safe

Padlock on DoorLast Thursday, The Wall Street Journal launched its own version of WikiLeaks. The site is called SafeHouse, and purports to provide a place where readers can help the WSJ “uncover fraud, abuse and other wrongdoing.”

With the standalone site, WSJ is crowdsourcing content — text, audio, photos, etc. — which is then reviewed and vetted by a senior editor. The system behind SafeHouse is supposed to be secure in order to allow anonymity of sources. Two issues have arisen recently, however, that shatter that theory.

The first is in the whistleblower site’s own Terms of Use. SafeHouse‘s privacy policy reads:

Except when we have a separately negotiated confidentiality agreement… we reserve the right to disclose any information about you to law enforcement authorities or to a requesting third party, without notice, in order to comply with any applicable laws and/or requests under legal process, to operate our systems properly, to protect the property or rights of Dow Jones or any affiliated companies, and to safeguard the interests of others.

As Gawker staff writer Adrian Chen says, “And Rupert Murdoch, who controls the paper, sure has a lot of interests!” WSJ is owned by Dow Jones, which in turn is owned by Murdoch’s News Corp.

The problem is not just limited to SafeHouse‘s Terms of Use, though. The site also has apparent technical deficiencies, as enumerated by many in the security and privacy expert community. Chen points to a series of tweets from Jacob Applebaum, one of the chief developers of the anonymizing software Tor and WikiLeaks volunteer. Applebaum cites numerous holes he’s found in the site’s security, including problems with Secure Socket Layer (SSL) encryption.

Andy Greenberg, who writes Forbes‘ blog The Firewall, obtained a response from a WSJ spokesperson named Ashley Hutton. She explained that the site increased its encryption security over the weekend, and writes, “Our priority is to ensure that SafeHouse fulfills its mission as a secure location that provides sources with access to highly skilled, experienced journalists.” Unfortunately, she also writes:

Because there is no way to predict the breadth of information that might be submitted through SafeHouse, the Terms of Use reserve certain rights in order to provide flexibility to react to extraordinary circumstances.

Or, in other words, SafeHouse still really isn’t all that safe.

The New York Times was reportedly considering launching a similar site, but it remains to be seen if the company will pursue the project any further now that WSJ has staked its claim.

Source: “Don’t Leak to the Wall Street Journal’s New Wikileaks Knockoff,” Gawker, 05/05/11
Source: “Researchers Say WSJ’s WikiLeaks Copycat Is Full Of Holes,” The Firewall (Forbes), 05/05/11
Source: “New York Times Debating a Drop Box for Leakers,” Fishbowl NY, 01/25/11
Source: “WSJ launches site for readers to submit tips, documents and files,” Poynter, 05/05/11
Image by Liz Jones/lizjones112, used under its Creative Commons license.

About Rachelle Matherne

  

Leave a Comment

LEAVE A COMMENT