There’s an interesting tension in democratic nations. For democracy to work there needs to be transparency. A lack of transparency leads to corruption via information asymmetry. Humans, being humans, tend to exploit this to bad ends. Sometimes they have noble intentions and sometimes they have evil intentions, but the results are the same – an abuse of power. Examples include testing drugs and diseases on African-Americans, testing drugs on military and CIA employees without their knowledge, or the lies about the US winning in Vietnam. However, nations have always needed to maintain a level of secrecy to preserve information asymmetry over other nations. It’s why Caesar of the Roman Empire invented his eponymous cypher. It’s why all countries have an equivalent of the NSA to protect their secrets and obtain the secrets of other nations. So we want our countries to keep secrets, but not the wrong kinds of secrets.
Layered on top of this is the weird political issue that is the leak. Some leaks are done by whistleblowers and some leaks are purposely done to allow governments to put out positions without being on the record. So sometimes the administration is furious at leaks and other times doesn’t care. And it’s a weird game to make sure no one figures out which are the fake leaks because that undoes the entire purpose of the fake leaking. For the real leaks there’s an arms race with governments over remaining anonymous. Each is constantly trying to develop better technologies in a game of cat and mouse. About a month ago the New Yorker launched Strongbox, a website/system to keep the New Yorker from being able to identify the leaker. This means they can’t be forced by the government to identify the leaker.
When working on this post I did some searching to see what people said once the initial hype surrounding the announcement was over. I came across a Mashable article that suggested the system might be a bit too cumbersome and not quite as secure as it seems. A lot of this revolves around the fact that there are lots of things that can give you away that are more important than whether your leak is encrypted. For example, are you the only person who could obtained that documentation? Did you access TOR from home? And so on. It turns out, it’s a lot harder to remain anonymous than it used to be. Even about 15 years ago when I was in high school, someone who was making bomb threats for a week was caught by surveillance cameras surrounding the pay phones he’d used. We have WAY MORE cameras around today than we did then.
It will be interesting to see what happens if and when there is a leak that’s actually reported through Safebox. Is there a hole in the Safebox system? Some Mashable contributors seem to think so. Or will be the hole be with the user’s pattern of use? (Using a personal cell phone or computer)