This report has been updated thanks to new revelations from the work of investigative journalist Yasha Levine and his research into the Tor project for his new book Surveillance Valley.
WikiLeaks, the transparency organization known for publishing leaked documents that threaten the powerful, finds itself under pressure like never before, as does its editor-in-chief, Julian Assange. Now, the fight to silence Wikileaks is not only being waged by powerful government figures but also by the media, including outlets and organizations that have styled themselves as working to protect whistleblowers.
As Part I of this investigative series revealed, Pierre Omidyar – eBay billionaire and PayPal’s long-time owner – holds considerable sway over several journalists and organizations, like the Freedom of the Press Foundation, that once championed WikiLeaks but now work for organizations or publications funded by Omidyar. Thanks to his deep ties to the U.S. government and his own long-standing efforts to undermine the organization, Omidyar is using his influence to bring renewed pressure to WikiLeaks as it continues to publish sensitive government information.
In Part II of this investigative series, the role of Palantir — the “secretive” PayPal offshoot turned government contractor — in the war against whistleblowers was examined. Particular attention was given to Palantir’s targeting of would-be government whistleblowers and other “subversives,” as well as its plan to deal with “the WikiLeaks threat” by turning former defenders of the organization against it. Central to this plan was a media campaign intended to discredit WikiLeaks, particularly Assange, and to capitalize on “fractures” among those who supported WikiLeaks in order to raise doubts over the group’s commitment to non-partisanship.
One such writer doing just that also happens to be connected to the Freedom of the Press Foundation and has a dubious track record of reporting on WikiLeaks and whistleblowers. His name is Kevin Poulsen.
MINNEAPOLIS – When the Freedom of the Press Foundation (FPF) was debating whether to end its processing of WikiLeaks donations (see Part I of this series), the news was made public in an exclusive article in the Daily Beast, written by Kevin Poulsen and Spencer Ackerman. The article is jarring for several reasons, primarily owing to the terms in which it speaks of both WikiLeaks and its editor-in-chief Julian Assange, as well as its one-sided slant and promotion of false claims.
The article asserts, for instance, that the Freedom of the Press Foundation’s decision to stop accepting U.S. donations on behalf of WikiLeaks was motivated by Assange’s “embrace of Trump,” claims echoed by FPF members like Micah Lee. However, Assange never embraced Trump and the article’s proof of his alleged partisanship is that WikiLeaks published information that was damaging to Trump’s opponent Hillary Clinton.
This, of course, ignores the fact that supporting neither Trump nor Clinton is possible, as publishing information damaging to one does not necessarily indicate support for the other. In fact, WikiLeaks publicly encouraged anyone with access to leak Trump’s tax returns and also stated on Twitter that “Trump’s breach of promise over the release of his tax returns is even more gratuitous than Clinton concealing her Goldman Sachs transcripts.”
That accusation forms the ideological basis for some of the more shocking statements that follow. In the article, Assange and WikiLeaks are accused of “echoing Nazi publications” and capitalizing on Trump supporters because it was “good for WikiLeaks’ bank account.” It also downplays Assange’s well-founded fear of U.S. extradition; revives unsubstantiated claims that Assange is guilty of rape; and, in regards to his asylum in Ecuador’s London embassy, asserts that Assange chose to play the victim and “portray himself as a political prisoner.” The article does not mention that the UN has found Assange to be a victim of arbitrary detention and that prominent journalists, such as John Pilger, have called him a political refugee.
Many of those quoted in the article have well-known personal vendettas against Assange — such as Guardian reporter James Ball, who was quoted in the article as calling Assange “someone who’s in it for himself” and “a sad man in a broom cupboard.” It also quotes billionaire Intercept backer Pierre Omidyar — whose distaste for WikiLeaks and connections to the U.S. government were exposed in Part I — and supports his claim that WikiLeaks should be not be considered a “media organization.”
The tone of the article, as well as its slanted reporting in regards to WikiLeaks, have become common in mainstream reporting. This is especially true at the Daily Beast, where this article was written, as its parent company, IAC, counts Chelsea Clinton among its directors and some of its senior editors were outed by the Podesta emails as journalists who actively colluded with the Clinton campaign.
Like other articles recently written on WikiLeaks and Assange — this one echoes a plan drafted by Palantir and other U.S. government contractors to confront the “WikiLeaks threat” (see Part II). The plan includes pushing “the reckless and radical nature of WikiLeaks” through a coordinated media campaign. It also includes spreading “disinformation” by creating “messages around actions to sabotage or discredit the opposing organization [WikiLeaks],” and “feeding the fuel” between factions of WikiLeaks supporters, by exploiting the fact that some see Assange as “going astray from the cause” and playing partisan politics.
Beyond the inherent bias of the Daily Beast, the authors of the article disclose their own conflicts of interest within the report, which mentions that Spencer Ackerman works at the Guardian and has collaborated in the past with James Ball as well as Intercept co-founder Glenn Greenwald and “Citizenfour” filmmaker Laura Poitras. Kevin Poulsen, it notes, once sat on the FPF’s technical advisory panel and helped to co-develop the SecureDrop project, which the FPF promotes and manages.
Poulsen’s conflicts of interest don’t stop there. What the article’s disclaimer fails to mention is that Poulsen also has a very strong personal dislike for Assange and WikiLeaks. As Assange wrote in an email to Trevor Timm regarding the FPF’s decision to end processing WikiLeaks donations, Poulsen was “a key actor in the imprisonment of Chelsea Manning,” and also “manipulated the alleged Manning-Assange chat logs in an attempt to frame WikiLeaks.”
Assange also noted that Poulsen has collaborated with Micah Lee, who initiated the FPF’s decision regarding WikiLeaks, has publicly slandered Assange on social media and is the author of a recent smear against him and WikiLeaks in The Intercept, where he works as a technologist and writer.
Yet what Assange noted in his correspondence with Timm is just a small part of Poulsen’s troubling past.
Poulsen’s role in the Chelsea Manning affair
A group photo of showing from left to right, Adrian Lamo, Kevin Mitnick, and Kevin Lee Poulsen circa 2001. (Photo: Matthew Griffiths/Creative Commons)
As Assange noted in his emailed response to Timm, Poulsen’s feud with the Wikileaks founder dates back to 2010, when Poulsen wrote a story for Wired using private chat logs between Chelsea Manning and the man who exposed her as a leaker and ultimately helped send her to prison, Adrian Lamo. The story named Manning as the source before her arrest had been made public and Poulsen’s ethics on drafting the piece were widely criticized — particularly by Julian Assange, as well as Glenn Greenwald, who was then writing for Salon.
As Greenwald noted at the time, Poulsen published only a fraction of the chat logs between Manning and Lamo, acknowledging that he withheld other parts of the logs. In an email exchange with Greenwald, Poulsen stated that the withheld logs were “either Manning discussing personal matters that aren’t clearly related to his [sic] arrest, or apparently sensitive government information that I’m not throwing up without vetting first.” Yet, when the full logs were released over a year later, the assertion proved dishonest at best.
Poulsen’s selective disclosure was significant as it allowed Lamo to create a misleading portrait of Chelsea Manning. Greenwald wrote at the time that prior to the log’s full release, and in the lead-up to Manning’s trial, Lamo “incoherently invoked a slew of trite, right-wing justifications, denouncing Manning as a ‘traitor’ and ‘spy,’ while darkly insinuating that Manning provided classified information to a so-called ‘foreign national,’ meaning WikiLeaks’ Assange.” In other words, Lamo used the highly edited chat logs published by Wired to essentially defame Chelsea Manning prior to her trial, painting her as a threat to national security while the full logs revealed that she was seeking to inform the public of government wrongdoing — the very definition of a whistleblower.
Equally significant was that the failure to release the full logs allowed Lamo to claim – falsely – that Assange had convinced Manning to leak the documents, essentially making him an accomplice. At the time, the U.S. Department of Justice was attempting to prosecute WikiLeaks based on the claim that Assange “encouraged or even helped” Manning extract classified information. However, the full chat logs, once they were finally made public, showed this was in no way what transpired between Manning and Assange.
In an article for Salon, Greenwald also noted that Poulsen had a long, storied past with Lamo. Lamo – who now allegedly works for the CIA – had long used Poulsen as “his personal media voice,” as Poulsen, like Lamo, was also a hacker who was convicted of serious hacking felonies prior to becoming a journalist. Poulsen wrote numerous articles about Lamo and cited him in others, a connection that went far beyond that of a simple relationship between journalist and source. By concealing portions of the chat logs for so long, Poulsen left Lamo as the only source of information regarding the full contents of the of the logs. Lamo then used this power to fuel his documented desire for media attention at Manning’s expense. Greenwald called it a “journalistic disgrace.”
WikiLeaks was even more critical in its assessment than Greenwald, going so far as to insinuate that Poulsen was a government informant — a claim Poulsen has fiercely denied. Yet, an examination of Poulsen’s past makes the suggestion not unreasonable. Prior to his arrest for hacking-related felonies in 1994, Poulsen worked with the U.S. government. According to a 1993 article in the Los Angeles Times, “So good was Poulsen at cracking clandestine government and military systems that the defense industry anointed him with a security clearance and brought him inside to test its own security.”
A 1990 police booking photo of Kevin Poulsen, who was charged with espionage for hacking into FBI and national security computer systems. (AP Photo)
Then, as Greenwald noted in Salon, Poulsen “was allowed by the U.S. Government [after his release from prison] to become a journalist covering the hacking world for Security Focus News,” where he worked prior to Wired. While at Security Focus, Poulsen worked with Mark Rasch, who had criminally investigated Poulsen as chief of the DOJ’s Computer Crimes Unit. Rasch, at the time of Manning’s arrest, was also a regular contributor to Wired, where Poulsen still works and was the very person who put Lamo in touch with the FBI in order to out Manning. This, along with the fact that one in four U.S. hackers are, or become government informers, makes WikiLeaks’ admittedly speculative claim of Poulsen’s collusion with the government in the Manning case nonetheless feasible.
Poulsen, of course, remembers things differently. In an article published in January 2017 at the Daily Beast, Poulsen maintained that he withheld portions of the chat logs because “Manning had told Lamo all about her struggles with gender dysphoria, and those personal disclosures were out of bounds. By her own account, her leaks were impelled by her moral compass and nothing else.” Poulsen failed to mention he had withheld portions of the chat logs which showed the Manning had, in fact, been motivated by morality and not to “aid the enemy”, as Lamo had claimed while the logs were in Poulsen’s possession, but not yet released to the public.
Poulsen’s recent article recounting the Manning case paints Assange as a villain, but the chat logs reveal the care Assange took to protect Manning as a source. He accuses Assange of “attacking me [Poulsen] directly” for the initial report on Manning and insinuates that it was wrong for Assange to initially deny that he knew Manning was the source of the Collateral Murder video as well as numerous diplomatic cables. Poulsen goes on to opine that “the WikiLeaks that Manning knew has all but vanished,” citing Assange’s alleged partisanship in the 2016 presidential election – a recurrent theme in much of Poulsen’s reporting on the subject.
SecureDrop survivor
A photo of SecureDrop co-creator James Dolan in his Marine Corp uniform via his Gofundme memorial page.
Given Poulsen’s dubious track record regarding reporting on whistleblowers and WikiLeaks, his work developing an application to protect whistleblowers, known as SecureDrop, may seem odd. Initially known as “DeadDrop,” SecureDrop is an open-source system that provides for secure communication between whistleblowers/leakers and journalists, allowing the former to increase the chances of preserving their anonymity through the use of the Tor network. SecureDrop was co-authored by three individuals: famed internet activist and Reddit co-founder Aaron Swartz, James Dolan, and Kevin Poulsen. It was given to the FPF to promote and maintain in 2013, several months after Aaron Swartz took his own life after having been hounded by the U.S. government.
With the death of James Dolan in December 2017, Poulsen became the only still-breathing developer of SecureDrop, causing the system to become the subject of conspiracy theories. The nature of Dolan’s death fueled these theories Like Swartz, Dolan was said to have committed suicide. An FPF press release announcing his death cited PTSD as a likely impetus for the tragedy. Even mainstream news outlets noted the “eerie” similarities between Dolan’s suicide and that of Swartz, as both were said to have committed suicide by hanging in Brooklyn, New York.
Dolan’s reason for being in Brooklyn is still unclear, as he was living in San Diego at the time, and was found dead in a hotel. Some circumstances surrounding his death are still unknown, such as who he was last seen with, whether he wrote a suicide note, and who he was visiting, though – having died soon after Christmas – it is feasible that he was in New York to visit family. The lack of information regarding the circumstances of Dolan’s passing has allowed conspiracy theories inferring foul play to thrive.
These events, coupled with Poulsen’s problematic reporting regarding WikiLeaks and its sources, have led some to speculate that SecureDrop may not be as secure as its name suggests.
Philip Winter, a researcher at Princeton University and a volunteer developer of the Tor network, asserts this isn’t the case. In an interview with MintPress News, Winter stated:
[It is] very unlikely that [Poulsen’s] involvement in the early days could affect the security of the program the way it is now. … It is free software and this means that the code is out there for everyone to inspect and verify and run themselves. A lot of people have done that and they have even paid professionals to look at the code. … That’s to make sure that there aren’t any backdoors or things like that.”
While Winter considers SecureDrop “among the best” of the existing whistleblower platforms, he cautioned that “one really has to consider that [using SecureDrop] by itself doesn’t mean you will be safe no matter what.” Winter pointed to the metadata that may be present in documents, such as those originating on government servers, that could unintentionally identify a source, as well as other document markers such as watermarks which can be difficult to remove. “SecureDrop does a really good job at what it can do for you,” Winter added, “but it’s really important for potential leakers to know what it cannot do for you and it should not be seen as a silver bullet.”
Tor’s Connections to the US Government
Tor co-developer, Roger Dingledine, delivers a keynote address at the 2017 Princeton-Fung Global Forum on March 21, 2017 in Berlin. (Photo: YouTube Screenshot)
Recently new doubts have been raised regarding – not necessarily the credibility of SecureDrop – but the Tor project upon which SecureDrop is based. Winter told MintPress News that Tor, like SecureDrop, has a “reputation problem” because it was initially funded by the U.S. Naval Research Laboratory, but that the project’s past was no reason for concern. However, while conducting researching for his recently released book Surveillance Valley, investigative journalist Yasha Levine found that the U.S. government’s involvement in the Tor project continues well into the present with truly unsettling consequences.
Levine recently detailed new, troubling information about the Tor project which he obtained after combing through thousands of pages of documents he received through FOIA (Freedom of Information Act) requests. The documents detail communications between Tor and the CIA spin-off the Broadcasting Board of Governors (BBG), which provides the project with much of its funding.
Levine had previously revealed that Tor was a U.S. military contractor with its own government contractor number, effectively making it an extension of the very apparatus that it claims to protect its users from. Indeed, Tor has long been promoted as the only means of protecting oneself from NSA intrusion online. Yet, Tor’s funding is the least of the problems it poses to the online security of its users.
For instance, the FOIA documents, which have recently been released to the public, reveal that Tor privately “tipped off” the federal government when finding security vulnerabilities well before the public was made aware of them – giving the government plenty of time to exploit the flaws to their benefit. One of those vulnerabilities “made Tor traffic stand out from all the rest and made it easy to fingerprint and single out people who were using Tor from the background data noise of the internet.” That vulnerability was known to the government in 2007 but was not made known to the public by 2011, over four years later.
Another troubling finding in the releases are documents detailing Tor co-founder Roger Dingledine’s work with USAID, the Department of Defense, the FBI, the Department of Justice, the National Security staff at the White House and other government agencies to come up with “pro-Tor talking points.” This type of communication between government agencies and the top echelon of Tor employees and promoters suggests a potentially sinister level of cooperation that undermines Tor’s ostensible commitment to keeping its users anonymous.
No biggie, just Tor anti-state radical Roger Dingledine working with the State Dept and BBG to come up with pro-Tor talking points. Did someone say something about the White House and USAID, too?
But I thought the government hates freedom? https://t.co/sLwKjWdG2w pic.twitter.com/5RCqjqHY4J
— Yasha Levine (@yashalevine) March 1, 2018
Let me repeat: Tor wrote up a report detailing a Tor vulnerability, handed it over to their CIA-spinoff backer and very consciously decided to not alert the public.
Not sure what else one can say here.
— Yasha Levine (@yashalevine) March 1, 2018
Such concerns are also heightened by the fact that Tor’s “exit nodes,” where traffic leaves the secure “onion” protocol and is decrypted, can be established by anyone, including government agencies – likely making Tor’s anonymity feature ineffective given Tor’s on-going cooperation with the government. Indeed, as Tor researcher turned hacker Dan Egerstad revealed in 2007, governments have been funding high bandwidth Tor exit nodes for just that purpose.
These new revelations about Tor have taken many by surprise, including WikiLeaks and Assange who had previously promoted the project. However, Assange recently tweeted a link to the FOIA request database compiled by Levine, suggesting that his promotion of the online tool is a thing of the past.
Tor – US Broadcasting Board of Governors (BBG) FOIA https://t.co/Yhub1PMGJq
— Julian Assange (@JulianAssange) February 28, 2018
The implications of Tor’s vulnerabilities and cooperation with the government have startling implications for whistleblowers and SecureDrop users. Much of the SecureDrops’ security is based on Tor. If Tor is cooperating with the government and if the government is, therefore, able to surveil Tor users, government agencies could easily identify a source attempting to remain anonymous when sending leaked documents via SecureDrop to a news outlet.
This is likely already happening. As FBI whistleblower Sibel Edmonds told MintPress News in an earlier interview, former NSA employees had relayed to her the federal government’s interest in seeking out potential whistleblower communications from the internet. Though Edmonds was not aware of the technical means in which that was accomplished, Levine’s research points to Tor as a likely culprit.
The greater game of siphoning sensitive public-interest information
SecureDrop’s reputation and open source code has allowed the FPF to widely promote the platform, leading to its adoption by a variety of media organizations, despite the security flaws hidden within Tor. Yet, while SecureDrop is being promoted as a way to help sources anonymously share their leaks with the public, many of the organizations that FPF heavily advertises as SecureDrop users have a history of failing to publish documents they received from whistleblowers or refusing to even receive documents from whistleblowers.
Chelsea Manning, for example, attempted to leak documents to both The Washington Post and The New York Times – both of which have since adopted SecureDrop, Manning was rejected by both. In the years since the Post has called for the arrest of Edward Snowden and has written smears against alleged whistleblower Reality Winner.
ProPublica, another SecureDrop user, recently received leaks which it declined to release in full, leading Assange to say ProPublica had “ruined” a potentially powerful data set through its “censorious” journalism.
A potentially powerful dataset of 250,000 private messages from US neo-nazi group Atomwaffen almost entirely ruined by ProPublica's censorious nanny-journalism. Release the full dataset so anthropologists and everyone else can get to work, ProPublica. https://t.co/WEtxE4s8e6
— Julian Assange (@JulianAssange) February 25, 2018
The Post, ProPublica and the Times also possess large portions of the Snowden cache, as does the Guardian – also a SecureDrop adopter. Yet, as Glenn Greenwald recently noted, all of these organizations stopped reporting on them years ago, keeping their portion of the archives conveniently concealed. Thus, any documents leaked to these outlets have no guarantee of being released to the public in any meaningful capacity, especially if those documents contain information that conflict with official narratives.
The failure of those organizations to report on the Snowden documents leave The Intercept as the only outlet in possession of the full Snowden cache that still actively reports on it. However, as noted in Part I, the Intercept’s reporting on and release of the Snowden docs have only led to a small fraction of these documents being made public, and the vast majority of the documents – five years on – have yet to be disclosed.
The Intercept, which heavily advertises its use of SecureDrop, has recently come under criticism for its role in the outing of alleged leaker Reality Winner, who is believed to have leaked documents from the NSA to the publication. Though Winner did not use SecureDrop and instead mailed hard copies, Intercept technologists such as Micah Lee, as well as the journalist who sent the documents to the government for verification, failed to remove a hidden watermark, ultimately leading the government to identify Winner as the source of the leaks.
While the Intercept does promote Reality Winner’s case as well as the injustice of her lengthy pre-trial detention, they have never disciplined or even named the journalist responsible for outing her. Recent Intercept reports, including one authored by FPF co-founder Trevor Timm, fail to acknowledge the publication’s role in Winner’s arrest and have deflected responsibility. While disciplining the journalist would have likely secured the trust of future whistleblowers, not taking responsibility makes it is easier to promote the Intercept a haven for whistleblowers — an appeal often promoted by its staff.
The fact that news organizations like WaPo and NYTimes rejected Mannings leak is one of the reasons we started The Intercept
— Micah Lee (@micahflee) February 14, 2018
By promoting SecureDrop and the organizations that adopt it while simultaneously tearing down WikiLeaks and its most visible member, a narrative is being put forth that WikiLeaks is bad for whistleblowers, and that leaking to mainstream and pseudo-independent media organizations that use SecureDrop is preferable. Indeed, when SecureDrop was first launched at the New Yorker under the name StrongBox, it was specifically touted as a WikiLeaks replacement. But the continuing cooperation between the Tor project and the U.S. government means that his WikiLeaks “replacement” could be endangering the safety of would-be whistleblowers. WikiLeaks, in contrast, has famously gone to great lengths to protect its sources and has been largely successful in doing so.
Pierre Omidyar, the Intercept’s billionaire backer whose connections to the U.S. government are noted in length in Part I of this series, recently asserted that WikiLeaks is not a media organization and therefore “stands to lose First Amendment protection for what they publish.” Omidyar’s statements echo those made by CIA chief Mike Pompeo, who similarly asserted that WikiLeaks is not a media organization and Assange has no First Amendment protections.
A more practical concern is this evidence may cause Wikileaks to lose First Amendment protection for what they publish. https://t.co/jtqdtJ2bTW
— Pierre Omidyar (@pierre) November 15, 2017
"Good Monday" Jeff Sessions said “Assange’s arrest is a priority,” while Mike Pompeo also claimed “Assange has no First Amendment rights” and that “the CIA is working to take down WikiLeaks. US government official said federal prosecutors are still pursuing a criminal charges
— The Resistance (@brandonlancast2) February 26, 2018
Why would a billionaire who claimed a great need for fearless, adversarial journalism when he helped create the Intercept, call so quickly for the removal of First Amendment protections from a media organization like WikiLeaks? The attacks in the media targeting WikiLeaks are meant to paint it as disreputable by turning its former allies and by painting it as partisan – the very plan laid out in the leaked document authored by Palantir years ago and discussed in Part II.
By attacking the credibility of WikiLeaks and promoting mainstream and pseudo-independent media organizations using SecureDrop as a replacement, Omidyar-funded organizations like The Intercept and the FPF are helping to funnel would-be whistleblowers into the arms of news outlets with dubious track records when it comes to their treatment of leaks and leakers. Worse still, SecureDrop itself is based on Tor, whose much-touted security has been effectively undermined the U.S. government which originally helped to create it. We must ask what the motives are for these apparent efforts to redirect whistleblowers and siphon their sensitive information, vital to the public interest, into potential traps and cul-de-sacs where they may never see the light of day.
Top Photo | Illustration by Jared Rodriguez for Truthout, Flickr Creative Commons.
Whitney Webb is a staff writer for MintPress News who has written for several news organizations in both English and Spanish; her stories have been featured on ZeroHedge, the Anti-Media, and 21st Century Wire among others. She currently lives in Southern Chile.
The post Displacing WikiLeaks and Intercepting Whistleblowers: SecureDrop’s Security Problem appeared first on MintPress News.