Wall Street Journal, Al-Jazeera endanger whistleblowers with misleading Wikileaks copycats

Large media outlets including the Wall Street Journal and Al-Jazeera have created copycat anonymous disclosure programs modeled after the website Wikileaks, hoping to harness the website’s recent success in inspiring those with access to privileged information to anonymously blow the whistle on corporate and government misconduct.  Shortly after their inception, however, these copycat programs have come under criticism by whistleblower advocates for lacking any substantive degree of technical or legal anonymity protections for their users, despite appearances, leaving them vulnerable to retaliation. 

Al-Jazeera recently launched the Al-Jazeera Transparency Unit (AJTU), which is meant “to allow Al-Jazeera’s supporters to shine light on notable and noteworthy government and corporate activities which might otherwise go unreported.”  The website declares that “files will be uploaded and stored on our secure servers,” and that the files “are encrypted while they are transmitted to us, and they remain encrypted on our servers.”  However, AJTU’s Terms of Service reserves Al-Jazeera’s right to “share personally identifiable information in response to a law enforcement agency’s request, or where we believe it is necessary.”  Furthermore, by uploading to AJTU, users represent that they “have the full legal right, power and authority” over the materials, and that their contents do not “infringe upon or violate the right of privacy or right of publicity of, or constitute a libel or slander against, or violate any common law or any other right of, any person or entity.”  Technical surveys of ATJU’s website have revealed, in fact, that the website automatically places a trackable cookie on the user’s web browser. What is more, in its Terms of Use AJTU declares that it has “no obligation to maintain the confidentiality of any information, in whatever form, contained in any submission.” 

In May the Wall Street Journal  launched their SafeHouse program, which similarly describes itself as a “secure uploading system” with “separate servers,” and two layers of encryption, so that users can “securely share documents with the Wall Street Journal,” and purports to discard of the users information “as quickly as possible.” Reviews of both the legal and technical dimensions of the program have found SafeHouse to fall far short of these promises.  Third parties have already successfully extracted user information in order to demonstrate SafeHouse’s faulty security.  Procedurally, SafeHouse users must explicitly request that their identity be kept confidential, and that can only be guaranteed by submitting a confidentiality request, which is not itself confidential.  On the legal side, SafeHouse’s terms of service reserve the right “to disclose any information about you to law enforcement authorities,” and even to any “requesting third party,” not only to comply with the law, but also “to protect the property or rights of Dow Jones or any affiliated companies,” and to “safeguard the interests of others.”  The Terms of Service further specify that, in uploading to SafeHouse, the user agrees that their actions “will not violate any law, or the rights of any person.”