How to protect the next Snowden

by Fabio Chiusi

photo by Rita Alessia Dispoto

What we often read about online anonymity is a sensationalistic simplification of how it is a mantle that surrounds and protects criminals of all kinds, making them untraceable by the authorities and therefore unpunished. On the contrary, especially on the post-Snowden web, anonymity is hard, and requires technical and legal expertise. It can have and has a more noble purpose. In particular, it is one of the cornerstones upon which a full and effective exercise of freedom of expression and information is based. The Pulitzer prize assigned to the  Guardian U.S. and the Washington Post for their exceptional work, with material provided by whistleblower Edward Snowden, confirms that.

The International Journalism Festival in Perugia has proven it, in its fourth and penultimate day (coinciding with the World Press Freedom Day), with a series of meetings aimed at describing important applications for the journalistic profession and beyond.

The purely legal aspect of the protection of the anonymous source – digital or not, but today more and more digital – was addressed by the President of the Association of telematics, lawyer Giovanni Battista Gallus, and the lawyer and computer law expert Francesco Paolo Micozzi in a meeting held at the Sala Perugino of the Hotel Brufani. The two lawyers pointed out how the inextricable link between the protection of journalistic sources – and therefore of their online and offline anonymity – and free expression is clearly marked in the European Convention of Human Rights, approved by the Council of Europe and by international jurisprudence.

In Italy, as usual, “information has changed, and the law hasn’t”, says Gallus, showing in each case which protections are available to professional journalists, publicists and amateur bloggers. Citing Bill Keller, “the ability to offer protection to a source is essential”. In our country the right is not recognized in the same way for professionals and publicists.

The grey areas on the legal challenges, proposed by new technologies, are not lacking. For example, “Can a trojan be part of the concept of interception?”, asks Micozzi. “It depends” is the answer, with the risk that the data interception is less protected, offering information comparable or superior to wiretappings. The obvious difference in treatment between professional and blogger seems to be surpassed by an informational ecosystem in which the boundaries between the two figures are increasingly blurred.

How to make a good use of whistleblowing journalism? Giovanni Pellerano, charter member of the Hermes Centre for Human Rights and Transparency (Centro Hermes per i diritti umani e la trasparenza), reiterated that the possible answer is GlobaLeaks. At the Festival it has been talked about since 2011, but now the platform, which aims at giving everyone the chance to open one’s own initiative for whistleblowing in a safe and effective way – through the use of PGP to protect the confidentiality of the submitted content, and of Tor to protect the identity of sources – has begun to bear fruit and a first analysis of its users.

The initiatives for which GlobaLeaks is used are various, and Pellerano presented the latest developments. In a few months, PubLeaks increased from 7 original partners to the current 42. It has already produced a special foundation, an agreement between the different political parties to regulate use, a periodic training for journalists for new and old members. The results? They are very concrete. The resignations of an interim director of a humanitarian organization in the field of disabilities, which in July had paid himself compensation of 95 thousand euros, and of a Dutch parliamentarian for the news that “he had not paid the social contributions for his employees in the years preceding his political activities”, says Pellerano. In Italy, GlobaLeaks is used by investigative journalists of IrpiLeaks and antimafia journalists of MafiaLeaks.

More generally, a particularly interesting element is evident. One dispatch out of every two documents was judged by adopters to be “in the public interest”. It is another sign that the tool is actually useful. Although some problems remain: in terms of usability, yet to be improved; of  “laziness of the protagonists involved” (80%, although they can, do not yet use PGP encryption); of inability to bring whistleblowers to get back on the platform, in order to exploit their articulate potential in terms of targeted dialogue with journalists they deem appropriate. This does not yet happen regularly.

In the next workshop titled “The protection of anonymous sources, from whistleblowing to anti-corruption. Anonymous Whistleblowing: how to receive information from anonymous sources via web”, the Hermes Centre team (Arturo Filastò, Claudio Agosti, Fabio Pietrosanti and the aforementioned Pellerano) outlined six points which anyone who wants to begin a whistleblowing initiative should consider before starting.

It is, in essence, to “know yourself” ie. to be able to explain why someone should seek one’s own initiative, providing details of the purpose, of the team that will be working, of the channels of promotion. It is necessary to know the law because, for example, not all countries have the same tolerance towards those who incite whistleblowing. “In Japan simply inviting a whistleblower to send material on national security carries a penalty of up to ten years in prison” says Pietrosanti. It is important to know the software, starting with the fact that it is not an alternative version of WikiLeaks, because it provides, for example, a clear separation of responsibilities (the journalist who accesses it can only read the material, the managers of the platform use it just to set up the system).

It is also important to have a clear editorial policy (“It also serves to reduce the swarm of criticism that the launch of an initiative of whistleblowing brings”, says Pietrosanti, with a  perception that varies with countries and cultures); knowing your target (so as to promote the initiative in ways and places to suit a tool that allows a high degree of specificity, in this way attracting the right people to the right information in view of specific topics that interest us). It is essential to know your enemy or anyone who intends to expose the source. This means journalists must learn how to put security in their computer, the real weak link in the chain. If “security is a process and not a product”, says Pellerano, any mistake can be fatal.