The respected New York-based newspaper has built a site for securely uploading documents to its own internal servers
Once upon a time, WikiLeaks was just a place where a would-be whistleblower could submit documents that he or she wanted the world to see. They provided a technologically secure channel and promised anonymity. The site was phenomenally successful in this early iteration and received thousands of important documents about governments around the world.
As WikiLeaks grew more popular -- and began its extended series of document dumps and collaborations around files presumably received from Bradley Manning -- journalists began to wonder aloud, "Why didn't we build this thing?" Indeed, in its purest form, WikiLeaks was simply another way of gathering leaks and tips, long a major part of any reporter's job. And several news outlets have been rumored to be building WikiLeaks-like portals. Al Jazeera's is even already up and running, having launched in January.
Now, about five months after WikiLeaks began releasing thousands of State Department documents, the Wall Street Journal has unveiled SafeHouse, a secure uploading system for sending "newsworthy contracts, correspondence, emails, financial records or databases" to the WSJ.
"It grew out of a conversation that a number of our editors had," said Kevin Delaney, managing editor of WSJ.com.* "Our sources had always given us documents. That could have been a printout in a park or something that they faxed us. Now, clearly there is a digital context for reporting and that means we need a modern infrastructure so that sources can send documents to us."
Built in just a few months with internal resources, SafeHouse launched today. The Journal's online team has worked closely with its page-one staffers, which Delaney said was "a signal of how potentially journalistically significant," they think the project is.
A key part of WikiLeaks' early popularity was that it seemed secure and anonymous. The Journal wants to create a similar level (and perception) of technical excellence.
"You can't offer absolute security or anonymity because it's a technical product, but we've designed it to minimize the risk of security issues," Delaney said.
SafeHouse runs on its own servers, separate from the servers that run the WSJ.com. File transfers occur through an encrypted connection and the documents themselves are encrypted, too. (Only a few Journal staffers will have the keys to unlock them.) Finally, the time that uploaded documents spend stored on computers with connections to the public Internet will be minimized by "a fairly complicated" internal document flow system, Delaney said.
"The Journal has also minimized the technical information it receives as part of any uploads that could potentially identify the user." the site says.
Any data that is stored about uploaders will also be discarded as quickly as possible, though Delaney is checking on the precise time period any data will be stored.
Now the only question is: will anybody use the site? We'll see.
Update 4:56pm: Jacob Appelbaum, security researcher and WikiLeaks volunteer, has been tweeting some harsh critiques of SafeHouse through the afternoon. "Pro-tip: if you're going to create a document leaking website - have a clue!" he wrote. It's worth looking through his feed for details on what he finds lacking including the use of Adobe Flash in the upload process and a poor selection of encryption techniques.
*Update: The initial version of this story listed Delaney's title incorrectly. We regret the error.
This article available online at: