The Wall Street Journal last Thursday announced with great fanfare a WikiLeaks clone of its own, an ostensibly secure online drop box for anonymously leaked documents called SafeHouse. The unveiling offered confirmation that US mainstream media outlets – although they have often publicly scorned WikiLeaks – must surely be wishing they had thought of the idea on their own.
As it turns out, though, imitating the whistle-blowing site may prove even harder than working with it. The Journal’s announcement had barely made the rounds of Twitter before online security experts were poking holes in its pledges of security and anonymity.
The site is “rife with amateur security flaws,” tweeted journalist Barton Gellman.
“Here’s a blatant lie by WSJ: ‘You can be anonymous by not providing your name and contact information on this page,'” appraised web developer (and former WikiLeaks volunteer) Jacob Appelbaum.
Popular culture blog Gawker offered this curt advice in a headline: “Don’t Leak to the Wall Street Journal’s New Wikileaks Knockoff.”
Gawker was among many critics to point not only to the technical flaws in SafeHouse’s construction, but also the fishy legal language in its fine print. There is, for instance, this bit:
“Except when we have a separately negotiated confidentiality agreement… we reserve the right to disclose any information about you to law enforcement authorities or to a requesting third party, without notice, in order to comply with any applicable laws and/or requests under legal process, to operate our systems properly, to protect the property or rights of Dow Jones or any affiliated companies, and to safeguard the interests of others.”
The Wall Street Journal, owned by Rupert Murdoch, immediately responded with non-legally-binding promises that it values its sources above all else, and with pledges to clean up the encryption problems immediately. None of that, though, could give much confidence to would-be leakers who’ve seen how the US government now handles whistle-blowers who’ve lost control of their anonymity.
“SafeHouse’s only real similarity to Wikileaks,” summed up Gawker, “is that both benefit megalomaniacal Australians.”
