Identifying future digital leakers, whistle-blowers
how Wikileaks got any of the information,” he says. Wikileaks gets technical help from Tor staffers, but “they don’t tell us anything, other than ‘Did we set up the hidden service correctly?’ which we’d answer for anyone,” Lewman adds. “People assume that Wikileaks is a Tor project, but I can tell you definitely there is no official relationship.”
Lewman notes that many law-enforcement agencies, such as the U.S. Drug Enforcement Agency, also use Tor to protect their operations.
James Goldman, a cyber forensics expert at Purdue University, told Talbot that one way the government could finger a leaker is through digital watermarking of the documents themselves. It is not clear whether the U.S. government uses digital watermarking, “but it’s certainly possible.”
Such watermarks would consist of hidden digital data — or even slight alterations in the pattern of words — added to documents in ways that are hard to detect, but are readily decodable with the right software.
“If I’m in the government and charged with plugging holes or catching leaks over the long term, my attention is going to turn to watermarking,” says Jonathan Zittrain, founder of the Berkman Center for Internet and Society at Harvard University, and an Internet law professor there. “It wouldn’t take much effort within the government to personalize a document to identify its recipient,” so that this person could be identified if they later leaked that document.
Zuckerman told Talbot that it is also probably safe to say that the basic cryptography that is widely used on the Internet — automatically deployed on banking Web sites and others via Web addresses that start with “https” — is also fairly secure. “It’s impossible to say whether [the National Security Agency] has broken them, but most people who aren’t unhealthily paranoid tend to believe that if [encryption] were badly broken … we’d see theft of credit-card information on a massive scale.”
“While the outcome of Holder’s investigation is hard to predict, it’s a safe bet that the saga will result in an overhaul of how the government protects information,” Talbot writes. In addition to using watermarking, government agencies could adapt existing digital-rights-management technologies.
Such technologies can perform various tasks that might be relevant: generally, they can identify when the same computer is downloading voluminous amounts of material, restrict downloading to authorized users, and stop users from copying or passing restricted files to other computers. For example, a song purchased and downloaded onto one iPod in a protected format cannot easily and legally be transferred to other iPods.
“If you think about the technology of digital-rights management: How is it that the recording industry is able to hang on to the stuff in a way that the military can’t?” says John Pike, director of Global Security.org, the national security think tank. “It’s hard to understand.”