Brussels Leaks – Doing more harm than good?

Here it is…[drumroll]… Brussels Leaks – the website we’ve all been waiting for. Finally a place where all the dodgy EU dealings will be  exposed. The wikileaks for Brussels! (I wonder whether anyone had noticed the BrusselsLeaks launch without the whole wikileaks saga…)

Ok, there might be constant leaking in EU institutions anyway – but who knows, maybe there is a potential for more scoops. And it is also no secret that even the most “top secret” EU facilities are not really secure. I am generally a big fan of wikileaks and similar projects. I think Brussels is the perfect place for such an endeavour as the city is full with potential stories based on leaks – not only EU institutions – also consultancies, embassies, lobbies and advocacy groups! The point is that there is not enough transparency in general,  the media doesn’t care about it  – so ultimately every effort to change this should be welcomed! And a website that encourages leaks is something desperately needed! (The problem how to motivate EU officials and other people in Brussels to actually use the website remains a challenge!)

In a true wikileaks spirit everything is still mysterious. For the time being, the website is only a wordpress.com site with a few Q&As – which I don’t think is a problem. Let’s give them some more time to develop. Not surprisingly the identities of the people involved have not been revealed. The first interview can be found here – curtsey of the European Journalism Centre. There is a twitter account where questions are answered. Looks good so far. However, if I had a document I wanted to leak I might go for the original or to the (soon to be launched)  openleaks.org. Brussels is quite a small city; especially the EU community is well connected so I am no sure whether I would leak a document to a group of “unknown”  Brussels based experts (presumably made up of journalists, consultants, NGO people). I think it is just too risky that  somebody of that group knows somebody that knows somebody … I am sure you get the point! And another question needs to be asked:  Wouldn’t it be much more efficient if the people behind BrusselsLeaks would cooperate with something like openleaks.org?

Ok, they claim they are not connected to political group or a specific lobby. But can we trust them? The answer:

We are trustworthy, reliable professionals with excellent Brussels contacts.

Most of us have been in Brussels for a long while working in various capacities for media outlets. Nobody here is affiliated with an industry or other lobby group.

Somehow I have the feeling that Brusselsleaks is mirror of how the EU and how Brussels in particular works. I think this sums it up:

We merely want to disseminate information to responsible people – be it in media, NGOs, trade unions and other groups. Therefore we will mainly look at act as an intermediary, passing information to responsible parties.

We or others won’t publish it straight away (or perhaps at all), but you can be sure we will do the right thing.

And how are they going to evaluate leaks?

First, we need to be sure that the information we receive is true. This means research, and that takes time. Especially as this isn’t a full time job. If we are confident it is true, then we start to activate our network to find ways of getting the information out there, and out there in the right way to ensure it is for the public good.

Ok, so you “activate” your network.  And you want to do the  “right thing”?  You will contact “responsible people”? Thank you!

So basically you don’t trust the public and the ordinary citizen! (a similar point made by the FT Brusselsblog) How do I know who is in your network? You might not publish anything – the only time we might hear something of BrusselsLeaks is  if I happen to be in your network (unlikely after this blog post -  or if you contact a journalist because you (and not the source) think the story might be useful for a media outlet. Most of the time things will just be emailed around Brussels from one “responsible person” to another?  But isn’t that exactly how it works at the moment? With one exception: You make sure that you are the first person to see the document…

This is not what modern leaking is about!  Leaking is about political impact, and political impact is generally achieved with the media. Ideas about crowdjournalism or indeed the whole wiki approach is missing from Brusselsleaks. Why should I leak a document to a website that only distributes among an anonymous network in Brussels? I can do that myself – and probably every EU official or consultant could do the same. Leaking is about making things public not keeping them secret and passing them around! You just create another secret network of people. This is not the kind of transparency we need.

[I am critisiszing BrusselsLeaks  for one reason: I want them to be successful and trustworthy. But as long as the points above are not adequately addressed I don't think that the platform will work. BrusslsLeaks need to learn from the mistakes wikileaks did and not take a "wait and see approach". I know it is incredibly difficult to launch a project like that and get everything  right from the start - but BrusselsLeaks looks like an alpha version, not even like a beta!]

And now it is getting a bit geeky. From a technical/IT perspective Brusselsleaks as a platform is not finished  -  so I hope there will be some improvements. However,  encouraging people to leak sensitive documents to an unfinished platform is irresponsible. Let me explain:

Is hushmail suitable for anonymous leaks?

Short answer: NO! Don’t get me wrong. Hushmail is a great service for encrypted emailing! However, hushmail as a stand-alone tool is not suitable for the complete process of leaking. Only in combination with other tools it should be used. Brusselsleaks recommends to use tor – but only if  you are “worried about your browsing security”, sounds like an option but in fact it is a necessity. If you don’t use Tor, freenet or some other darknet, your IP is always visible to the server. It doesn’t matter if your emails are encrypted  or not, the sender can still be identified.

What is going to happen if you leak a document using an email encryption system?

1. You send the email or login to an email service provider (if you use SSL it is secure)
2. The email service provider will see your IP in the logfiles weather you use a webmail client or an email app (not secure)
3. You transfer your encrypted email
4. Result:  Nobody can read your emails but everyone knows that you sent it.

So remember: The IP in the log-files combined with a valid court order and you can be tracked down quite easily. One phone call to your internet service provider (ISP) will reveal, at least from where you have logged in. So, using encrypted emails is a very good idea, but you actually don’t need a special email provider, tools like GPG might also do the trick. In that context it is also interesting to read emails from Brian Smith, the CTO of hushmail (following an incident a couple of years ago- read details here and here). The email conversation can be found in this pdf file:

There are situations where Hushmail is an appropriate tool and situations where is not.

It is useful for avoiding general Carnivore-type government surveillance, and protecting your data from hackers, but definitely not suitable for protecting your data if you are engaging in illegal activity that could result in a Canadian court order.

That’s also backed up by the fact that all Hushmail users agree to our terms of service, which state that Hushmail is not to be used for illegal activity. However, when using Hushmail, users can be assured that no access to data, including server logs, etc., will be granted without a specific court order.

So, if Brusselsleaks really wants to get into the leaking business it needs to use some sort of darknet. The crucial part in leaking is not the encryption but the secure and anonymous transmission of the information.

The other important questions remain:

1. What will happen with the leaked information once it reached BrusselsLeaks? (and yes we know about “activating the network of responsible people”…)
2. Is BrusselsLeaks  going to make documents available to the public – or will leaked documents end up in various email inboxes of “responsible” people in Brussels (or indeed /dev/null for material that does not suit the editors?)
3. What terms of service will be used?
4. Is there a BrusselsLeaks business model or is it just a hobby? Will there be exclusive rights to certain media outlets?
5. Why not take advantage of the legal framework in Belgium  (instead of the US based wordpress.com)?
6. Are you sure that you are not violating the wordpress.com terms of services?

Update 15/12: Brusselsleaks relpied to this post on twitter.

Here it is…[drumroll]… Brussels Leaks – the website we’ve all been waiting for. Finally a place where all the dodgy EU dealings will be  exposed. The wikileaks for Brussels! (I...