Every year at DefCon, the hacker conference, Nico Sell, a security expert and longtime attendee and organizer, has played matchmaker. On one side, sources looking to share sensitive information. On the other? People who should know it.
"One of the main things that happens at the conference is that security researchers are talking about vulnerabilities in corporate products. There is a responsibility to disclose it, because it is usually important stuff like the power grid," says Sell. "But there has been no easy way to do that." These are high-tech people, but they wait until everyone is physically gathered in once place — and rely on one trusted individual to make connections. It doesn't make sense.
So Sell created Wickr, an ephemeral encrypted messaging app that completely destroys the information after it has been sent. Wickr offers complete anonymity and encryption that meets NSA top-secret compliance. It doesn't collect information about you. You can send text, audio, photo, and video messages. The Wickr motto: "Leave no trace."
When most people think of ephemeral messaging, they think of Snapchat, which allows people to send basic self-destructing photos and messages. It's perfect for goofing around with friends, or, as the media has been eager to point out, sexting. But a slew of new ephemeral apps, like Wickr, TigerText, BurnNote, GiGi, and S2end extend the ephemeral messaging concept in a much more serious direction. They're positioned to make leaking sensitive information easier and safer for all parties involved.
"It is a way to pass on information in a behind-the-scenes way," says Jacob Robbins, founder of BurnNote, which uses a spotlight design feature (seen at the top of this post) to prevent screenshots. "Forward and 'reply all' features are one of the big concerns for people who want to report something at work but don't want to go to the length of being the public face of what's being said."
We are at an odd moment in history of whistle-blowing. On the one hand, the internet and email have, in aggregate, made certain types of whistle-blowing much easier and more accessible. "Technology helps effective whistle-blowing by helping people overcome fear, get solidarity from stakeholders and the public who are victimized, and hold wrongdoers accountable," says Tom Devine, the legal director at the Government Accountability Project, one of the largest whistle-blower protection organizations. Platforms like WikiLeaks and LocalLeaks, which released evidence and videos about the Steubenville rapes, provide whistle-blowers easy access to platforms that can quickly disseminate information.
But in part because of the increase in leaks, the Obama administration is cracking down with unprecedented zeal. Bradley Manning's controversial prosecution and the legal backlash against Julian Assange, both of whom embraced and to different extents were betrayed by technology, have had a chilling effect on potential whistle-blowers. "WikiLeaks led to a unprecedented repression against whistle-blowers. It has been used to severely discredit our movement," says Devine.
Savvy, net-native organizations such as Anonymous give the impression that tools prospective whistle-blowers use are more advanced than they really are. In fact, the options that have been available to most laymen are almost embarrassingly low-tech. When I asked Devine what safeguards he recommends to a would-be whistle-blower, he suggested using a public computer and a pseudonym. "If they are serious about anonymity, using their home or work isn't an option. The NSA is engaging in surveillance of all domestic emails. If they call an anonymous hotline, we tell people to use a public telephone and put handkerchief over their mouth when speaking," he says. "Encrypted communication is an increasingly common tactic that whistle-blowers are using after an initial disclosure, but we don't have the technological expertise to encourage it." He had never even heard of ephemeral messaging.
The beauty of apps like Wickr is they are incredibly easy to use. There seems to be a demand for it. Anonymity is built deeply into the structure of most of these apps, so it's impossible to tell how many people are using them for leaking information; Sell has many anecdotal examples from the cyber-security world, but that's a niche market. More notably, outside the U.S., the largest markets are in high-tension areas, such as Botswana, Greece, Singapore, and South Africa, indicating their use for political communications.
There are drawbacks to lowering the whistle-blowing barriers too much, warns Devine. The ability to come forward anonymously encourages disclosure, but it can also lessen its impact. "It is becoming so convenient and comparatively risk-free to whistle-blow anonymously, so a greater proportion are choosing that route," says Devine. Anonymous disclosures aren't "taken as seriously" as those connected to real identities. "When it comes to credibility, it might hurt people who rely exclusively on it," he adds.
Even Sell admits that these apps work best for initial contact — the kind of source/reporter relationship establishment that she's been doing for years. After that, she says, it's best to go totally low-tech. To meet in person and hand over the evidence.
Contact Justine Sharrock at firstname.lastname@example.org.
Got a confidential tip? Submit it here.