When Whistle Blowers Unite
Leaking corporate or government information in public interest in the age of Satyam has new challenges. You couldn't just upload it to a blog, social networking website or even a document management system like Google documents. Google, Yahoo and most other Web service providers nearly always comply with the national law and cooperate with enforcement agencies. In India there have been several arrests in connection with alleged illegal email messages and content on social networking websites. It did not take court order – just a request from the local police station. Furthermore, you would have to undertake additional risky activity online to draw media attention to your documents. Also those who stand to lose from the leak can send a couple of copyright take down notices which will lead to deletion. So your only real option is Wikileaks.org, where they boast: Every source protected. No documents censored. All legal attacks defeated.
Launched in December 2006, Wikileaks.org stands alone on the Internet as the last refuge for the truth. Even though the promoters are European and US academic organisations, journalists and NGOs – a near neutral point of view is realised by sparing no one across the political and ideological spectrum. It is the archive of the whistle-blowers of the world and it is ugly: login information and private emails of a holocaust denier, secret documents from the Church of Scientology, Internet block-lists from Thailand and standard operating procedures for US guards at Guantanamo Bay, et cetera. One could safely assume that these guys have very few friends. Unlike Wikipedia.org whose technology it employs, Wikileaks does not have an open and participatory editorial policy. It accepts documents through a trusted journalist–source system.
Leaking controversial documents can result in loss of job, limb and life, so extreme caution is always advised. Remember that India still does not have laws protecting whistle blowers, in spite of a bill being introduced in 2006. What follows is only a very rough guide to digital whistle blowing, so please get expert advice before you try these at home:
- Download and install military grade encryption software like Pretty Good Privacy. Generate a pair of keys – a public and a private one. Use your private key in combination to a journalist's public key to send him or her, a 'for your eyes only message' email. Only the journalist will be able to decrypt the message using your public key and his private key. Note however, that an Indian court under the 2008 amendment of the IT Act can ask you to disclose your key-pair.
- Step outside. Working from home is a bad idea since DOT mandates that all ISPs retain logs for all users and for all services utilized for an indeterminate time-period. Office is still worse as your network administrator might be also logging your activities.
- Find an anonymous public access point. Cyber-cafes, especially in New Delhi, Maharashtra, Karnataka and Tamil Nadu are asking users to provide identity cards and record contact details and in some cases web-cam photographs as well. Using your laptop in a coffee shop may work but DOT is considering cracking down on open wifi networks.
- Use an anonymizing service so that the chain of digital evidence leading up to Wikileaks is obliterated. TOR is the anonymizing solution of choice. Several TOR servers that provide private tunnels across the Internet work in unison, to form a cloud of anonymity.
If you were leaking large amounts of data, uploading it may be too risky. Burn the data on DVDs and mail them to Wikileaks. However, do ensure that all digital files have been purged of personal information. For word files this can be done by converting to PDF. Also you may not want to leave any finger-prints on the package. India will soon have a database of finger prints thanks to the National Unique Identity (NUID) project. We know this thanks to the leaked NUID project document on Wikileaks.org, days before the consultation.