WSJ’s SafeHouse WikiLeaks knockoff isn’t safe, say researchers

WSJ-safehouse-wikileaks-leakMere hours after the Wall Street Journal unveiled its own version of WikiLeaks, a service called SafeHouse that allows whistleblowers to submit sensitive news to the newspaper’s reporters, researchers say that the “secure” service is anything but, reports Forbes.

SafeHouse invites readers to share information relevant to “fraud, abuse, pollution, insider trading, and other harms,” and says it offers them the ability to “securely share information with the Wall Street Journal.” Members of the security community say, however, that the privacy policy of SafeHouse leaves whistleblowers exposed.

The part of SafeHouse’s privacy policy that has researchers concerned reads:

“Except when we have a separately negotiated confidentiality agreement… we reserve the right to disclose any information about you to law enforcement authorities or to a requesting third party, without notice, in order to comply with any applicable laws and/or requests under legal process, to operate our systems properly, to protect the property or rights of Dow Jones or any affiliated companies, and to safeguard the interests of others.”

In other words, if you hand over your valuable, potentially life-threatening scoop to the Wall Street Journal, which they then publish, its parent company, Dow Jones (owned by Rupert Murdoch’s News Corp), reserves the right to rat you out to the police, government or any other “third party” that happens to find the information you passed on offensive.

A spokesperson for the Journal responded to criticism of the SafeHouse policy, telling Forbes that “[t]here is nothing more sacred than our sources; we are committed to protecting them to the fullest extent possible under the law. Because there is no way to predict the breadth of information that might be submitted through SafeHouse, the Terms of Use reserve certain rights in order to provide flexibility to react to extraordinary circumstances. But as always, our number one priority is protecting our sources.”

The protection of anonymous sources remains one of journalism’s most valued practices. And a high-quality, high-profile publication like the Wall Street Journal surely adhere to that prized principle.

Unfortunately, the problems with SafeHouse don’t stop at its Terms of Service. Holes in the site’s encryption services also make it possible for hackers to trick users into thinking they are submitting through a secure connection when they are actually revealing all their goods to any nefarious cyber watcher who chooses to take a peek.

This too WSJ dismisses as a minor problem, which the company has vowed to fix sometime over the weekend.

As Forbes notes, even WikiLeaks has holes in its system that allow the chance for the uninvited to learn the identities of those who submit volatile information for publication. But that still doesn’t mean anyone should use SafeHouse to expose anything until these dangerous kinks are worked out.

(Image via)