ChaosPad V1.1
Full screen

Server Notice:

hide

31c3-talk-6291 Latest text of pad 31c3-talk-6291 Saved Jan 13, 2021

 
Hallo Du!
Bevor du loslegst den Talk zu transkribieren, sieh dir bitte noch einmal unseren Style Guide an: https://wiki.c3subtitles.de/de:styleguide. Solltest du Fragen haben, dann kannst du uns gerne direkt fragen oder unter https://webirc.hackint.org/#irc://hackint.org/#subtitles oder https://rocket.events.ccc.de/channel/subtitles erreichen.
Bitte vergiss nicht deinen Fortschritt im Fortschrittsbalken auf der Seite des Talks einzutragen.
Vielen Dank für dein Engagement!
Hey you!
Prior to transcribing, please look at your style guide: https://wiki.c3subtitles.de/en:styleguide. If you have some questions you can either ask us personally or write us at https://webirc.hackint.org/#irc://hackint.org/#subtitles or https://rocket.events.ccc.de/channel/subtitles .
Please don't forget to mark your progress in the progress bar at the talk's website.
Thank you very much for your commitment!
======================================================================
 
 
So great to have you all here for the last talk today, the talk is doing right by sources done right. I guess every one of you read and heard a thing or two in the past years about whistleblowers. And so you all also know that in order for whistleblowers to achieve their goals, namely to bring the stories out, they rely on journalists. And as these journalists responsibility to make sure that these sources get protection, which is a very complex matter. But we're hugely honored to have here tonight Sarah Harrison and Grace North, who are experts in this field and are going to explain to us how to do that, how to not fuck up and how to protect these sources. So please do me a favor and give a big round of applause for Sarah Harrison, Ungraceful and John. Got it on there again, sir. Yes, sir, my name is Sarah Harrison, I'm a journalist at WikiLeaks, but I'm also currently the acting director of an organization called the Courage Foundation. And this was launched last year as an international organization to protect truth tellers. Courage acts as a first line defense in the highest risk cases where others can't or won't act due to the risks and dangers and difficulties in association with helping those who've risked so much for our right to know. We currently run the Edward Snowden and Jeremy Hammon's defense funds and their support websites along with other projects that we started and are beginning more next year. We'll be speaking about the protections for truth tellers by the media and public, the issues where and how improvement can happen. And I'm here today with Grace, who heads the Jeremy Hammon's Defense Committee and who'll be giving a more in-depth example of some of the protection issues that Jeremy had to deal with. So there's currently a lot of discussion generally at the moment around online Dropbox's and how this handover points in the process can be solved online. However, if we actually look at the past, this is in fact just one area and has often bee
n that of the last issue. So if we think of the big cases in the last year, it wasn't the handover of the documents that actually caused the legal problems for the following source. Alleged sources Chelsea Manning was identified after a conversation she had had with the US government informant that posted posts the alleged action. Another alleged source, Jeremy Hammond, was caught after an infiltrator was working with the US government turned him in. Edward Snowden decided to go public himself and then was left in Hong Kong by The Guardian. The journalist, the journalist that Jesselyn Radack had contacted didn't redact her name from the documents leading to the pursuit of her by US courts. John Kiriakou had agreements broken by journalists, which then assisted the US governments in persecuting him. All these examples have led to truth tellers being involved in long, debilitating legal cases, large prison sentences and indictments. Yet not one was the document handover point itself that caused the main issue. And yet the other parts of the full source protection process are not being much discussed. Total source protection is a complex topic can often depend very much on the situation where the sources in terms of jurisdiction job, their technical capabilities, the journalists technical capabilities, the type classification, format, size material they wish to disclose who the adversary is and also the political environment for sources in general. There are five areas specifically that I just want to go through briefly for each one that you should be thinking about if you're dealing with source protection issues at all. So there's the initial contact period, the hand over point publishing, the documents and articles, continuing contact and then aftercare. So for initial contact, a lot of people think that sources just sort of anonymously want to hand over documents and they'll just drop something somewhere. But actually and if anyone saw Laura and Julius talk yesterda
y, it was very clear that often sources are cultivated by journalists. Now, this happens a lot for official government, US sources. Now, these can often be given give quotes to journalists anonymously, I think, with the general hope that if they've done it anonymously and it's somehow secret, this will get some more impetus for what's basically a government talking points. In these cases, there are no repercussions for the media, journalists or source because it's just the official government sliding that points out in other ways, of course, when exactly the same thing happens for the public's right to know with an unauthorized government source, the repercussions are dire. So this initial contact with sources or potential sources, when that starts, there are a number of operational security issues to take into account. I know others have had a lot of more detailed talks about this, so I'll just brush over them quickly. So your phones, whether you're being followed emails and other online data trails, there are various methods to mitigate these depending on the circumstances and threat model. So that includes, obviously, encryption burner phone set up, not just to talk to not tie them to your identity, but you can also specifically obfuscate the identity that they're tied to pretty assigning a moving meeting, places that you set up in person, and then a big one cover if you can create a lot of other cover, whether it's traffic online or cover meetings. So, for example, next C.C.C. would be a great place to arrange to meet your sources when dealing with source protection. It's very important that you split up the investigative resources of the opponents. So the more different types of cover, the more trails that you're setting that they have to follow, whether these by the financial data or otherwise, the larger the anonymity put anonymity pool that you're creating, the better. Often when speaking to sources, journalists want to get a lot of information from them. Th
is slide outlines the AP's standards for what it means for on the record, off the record, background and deep background. And as you can see, they have various supposed ethical obligations of what they what they print and what they don't. There are many cases where journalists don't actually describe these properly to sources. The impetus is always on the source for them to try and understand what's what, whether what they're saying will be printed and used. And as you can actually see here, the AP's this is taken straight from the AP's website. Their official policy is to try as vigorously as possible to try and force the source to put on the record information that they wanted to keep off the record in the first place. I think that when you're dealing with sources who are taking huge risks and have potentially dire consequences, bullying them into doing something that way, you don't necessarily understand their situation. And the risks they're facing is and isn't actually the the ethical way to go. The burden in these cases really should be on the journalists to be ethical and to explain to the source precisely what they're doing. Similarly, a journalist and media organizations should be very upfront about what protections and assistance will or won't be given. Will the journalist fight subpoenas and risk jail themselves to protect the source? Will the media organization pay or legal legal bills? There have been cases where media organizations tell the source that they will and then and then they renege on this promise and they think this is actually worse than if the source were to understand that these these did not exist in the first place. And it's not just the contact between the journalist and the source that can cause issues. There's an example of John Kiriakou and Matthew Cole, who's a former ABC News producer. Cole wrote to Kiriakou, who is now in jail for exposing CIA torture programs. When Cole was writing a book about a CIA rendition in Italy, he wrote
 to Kiriakou asking if Kiriakou knew the name of the CIA officer involved. There was a bit of an email exchange and eventually Kiriakou said that, yes, he had remembered it, then sent the name of the officer that he'd been given to a defense investigator at Guantanamo Bay. This name ended up in a classified court filing, caught the attention of the FBI and became the final piece of evidence that leaked the links to Kiriakou. So, as you can see, there are many examples of just while you're having just contact with your with your source of the sorts of mistakes that can be made to the hand over points of documents is the area that has gotten the most attention in the last year. A number of news organizations are setting up online drop boxes. And whilst there's grace, of course, they only work if the operational security on both sides of the source and the journalists have performed precisely as a general rule in Dropbox, as the source should have to think about as little as possible, there should be as little burden on the source as possible. The impetus really should be on the journalist. And having worked with quite a few journalists, I'm aware of how much training and understanding they need to be able to do this properly. The other issue I find with the current state where so much importance is placed on the Dropbox itself, is that in many of these cases, this just won't work a lot. Rely on Tor, which is unavailable in some parts of the world or people's work places. Document sets might be too big, too large to hand over a few notes in Laura's film, I'm sure many of you saw last night they were using async and then in-person handover's. So whilst of course the handover is an important part in the journalistic process, it should be noted that all other parts of the process have just as much security, technical and operational issues that can arise. And nor does it actually work in all conditions of the point. It's trying to solve the problem. So then we move on to 
publishing the next part of the sourcing processes, of course, publishing. Now, the obvious point here is do not publish identifying information about the source and certainly not their name. However, apparently not all journalists can even stick to that. Michael Isikoff of Newsweek reporter published emails he received from a source, Jesselyn Radack, regarding a case of a captured suspected Taliban member in Afghanistan and whether he had a right to an attorney or not. Jesselyn at the time works in the ethics department of the Ethics Department of the DOJ, and she was contacted and confirmed that, yes, he did have a right to an attorney under duress, though. Back in Afghanistan, John Walker Lindh, the detainee, waived his right, although his parents back in the US had already secured secured him a lawyer. As the case progressed, Radack was aware that Lynn's legal rights have been violated and started to take action initially internally when this resulted in retribution at work and files going missing about the case, she went to a reporter with her emails. The result was that he didn't take the name out of her emails. They were printed, ended up in court cases. She lost her job. Almost got disbarred and a tough legal case began for her and other important points and source protection at the publishing stage is the language that the journalists use when writing articles. One of WikiLeaks main policies is never, ever talk about sourcing. Never, ever confirm or deny a person or people might be your source. The issue here is it's a slippery slope. Even if the source wants to become public and you can associate certain documents with them. What if someone else from that organization comes forward afterwards with similar documents, but they want to remain anonymous? Now you have to publish articles that that would potentially be for the person from the person you were previously naming. But now you're not naming that person as a source. So if you don't want to attribute t
hem, you're now waving a big red flag to the government or whoever the documents came from saying, hey, we've got someone else that you should start a large manhunt for any organization. Source protection policies in this way should be severed, severed totally from the publication process. So if you do wish to write about an alleged source, you should distance it from other stories. Don't start writing about speculations, attributions, tweeting about who or who might not be sources. Essentially, when it comes to sourcing and publishing, just shut the fuck up any and all language. Any and all language you use when publishing that is in any way related to sources is extremely important, mainly for your source, always used alleged use, disclosed versus leak we often use, for example, WikiLeaks obtained. You take the impetus away from the source. These have onward implications for any potential court cases for you and your sources. And when the government is out to get someone, they will go through every tweet, every article and every word to see if they can use it in any way to bolster their case. If you're in any doubt at all, check with a lawyer and not necessarily a media lawyer. They're there to protect the media against libel, et cetera. They're not specifically trying to protect whistleblowers. There are whistle lawyers around the world who be happy to talk about those issues. But if you still have any doubts at all, shut the fuck up. The only time you should talk about a source is if you're lying. And lastly, within the publishing elements, there are the documents themselves clearing anything at all that could identify or lead to the identification of a source. This is very varied process that depends on the situation. It's impossible to go through them all here. So just to be brief, peek metadata, of course, is reasonably well known and of course, in these circles as well under understood issue. But there can also be watermarking within the text itself. So when
 you're publishing the documents, the big thing that you should do in the process is to look at actually the organization itself and the workflow within them who definitely has access to exactly what copy of the documents, who they distributed to, who officially gets it. But what are the sysadmins, receptionists, what other people are they allowed to distribute to? And this will give you an understanding of exactly the type of exactly the copy of the document, how many people have access to that, and therefore what your anonymity pool is. So, for example, contracts that large companies, whilst they're being sent around like a merger contract, for example, for example, and worked on, they'll often contain tiny word of formatting changes. A comma is added. Double spaces put somewhere so that a potential source could be identified. So if you're dealing with documents like these, the media should be going through a process to standardize and remove any possible inconsistencies that potentially lead to a certain source adding plourde plausible deniability. So other examples as well in in prepping documents, publication for source protection. A couple of examples from WikiLeaks. We had a disclosure that came to us from a secret society at MIT and we were publishing the ritual magic manual of it. And we discovered that the sources had taken photos of the manual of each page. This is how they'd got it. And each manual had a number on the front page, which was the chapter of the society that it was. It was an identifying number for that chapter. So the source had edited this out using Photoshop, and they'd done that very well. And that was all great. But what we noticed is it was it was double sided prints. And when you turned over to the onto the other side, if you didn't and a very good image enhancement, you could still see a shadow of the next from the next page of the number coming through. So that was really checking very, very closely each page of the documents. There
 was another example where the legal filing number used on the documents was on the documents. This was something that was was allegedly from a lawyer who got the docs through discovery, but they actually came through our legit source was another legit source that was a middleman. And this actually often happens that the sources will reach out or you'll get documents that come via someone else. So if your source says, oh, yes, yes, that's fine, it may be fine for them, but is it fine for the original source? So you have to be independent when you're assessing this as well. And moving on to my next category, continuing contacts and relations. This is a pretty standard thing in the world of journalism that they will want to maintain contact with a source. Maybe they want to ask questions about the documents or they want to try and get more documents here. It's actually even more crucial that there's tight operational security because just because the journalist's story is out doesn't mean the potential legal issues for the source are over. In fact, I would say they've increased. It's one of the more sensitive times because, of course, the government or organization is now alerted that there's a leak. They're going to be on the hunt. Moreover, journalists can be subpoenaed as they are the eyewitness to the crime. So for everyone involved at this time, security is crucial. And speaking of subpoenas, just a little tidbit for C.C.C.. WikiLeaks will be doing more on this next year. But I got a really nice Christmas present from Google. Of course, no one at WikiLeaks is using Google services for anything except sensitive. But I had a long time ago done something in the past and as part of the US case against Julian, the US grand jury that's going there, Kristen, who is our spokesperson, myself and other people relating to Julian and WikiLeaks receives literally the day before Christmas. Oh, that was murder. I'm forgetting my slide sorry, received this lovely document here, 
so this is a now unsealed search warrant that was sent by the Google Department. It's related to the espionage case against Julian in the United States. The seventy nine three G is the legal is the legal code for that. So as we can see, this this case against Julian is still still continuing and they they continue to spread the net. So aside from subpoenas that they can try and get you with, this doesn't just apply for for the media who the source went to. The security that you need to have at this point, ethical journalism practices should be protecting all whistleblowers. So Scott Shane from the from The New York Times was writing an article on John Kiriakou. He had not been his source, but he was writing writing on him. And when he when Kiriakou agreed to the interview, part of the conditions he put was that Shane would run the quotes by Kiriakou, his legal team, just in case the phrase in Kiriakou was used was potentially legally damaging for him. Shane actually ended up reneging on this promise and some of the wording was then used in Kiriakou sentencing case against him assisting the prosecution in getting him an overbearing sentence. Journalists should definitely be aware that at this point it's hugely stressful and a lonely time for whistleblowers. Many have had their lives, families and jobs all destroyed. They're under a lot of pressure. Some will reach out to others for comfort. This can have disastrous consequences. A well known case of this is, of course, Chelsea Manning, who reached out and placed trust in someone she thought was a priest and therefore had obligations of confidentiality. Of course, Lamo had lied and instead turned Manning into the authorities and went to his mates. Poulsen at Wired, who wrote an article cherrypicking the alleged chat logs in a way that was very damaging for Manning. Now, of course, I can appreciate that in some instances, this for the source themselves, it's it's risky if the media have a lot of contact. But there are 
organizations there's actually a gentleman in the audience here, Gavin McFadzean, who runs an organization that Carriageworks with in the UK called Whisler, that deals with this precise issue is part of aftercare for for whistleblowers. So journalists, for example, could refer them to them. And anyone dealing with source protection or whistleblowing should be aware of these organizations around the world. And then finally in the aftercare stage, there's something that annoys me hugely. And this is the excuse by journalists that they can't assess their alleged source for fears of this phase of this story is becoming biased. I've seen too many cases of what I refer to as asset stripping, and then the journalists just leave. My stance is if you're a good journalist, your stories will speak for themselves or someone else that the organization could write. It doesn't mean that you can't write positive articles about them, as so many media alleged for so long regarding Manning, it doesn't mean you can't assist them when they're stuck in a foreign land and leave them there, as the Guardian did with Snowden. It doesn't mean you can't write to the judge for leniency, as most Western media did in the case of Jeremy Hammond, alleged Stratfor whistleblower. And here is Grace to tell us more about Hammond's case. I, uh. OK, so for those of you that might not know who Jeremy Hammond is, he was a member of Anonymous who hacked Stratfor, stands for Strategic Forecasting Inc, which is a private firm that does it's a private intelligence firm. Anybody with the money can hire them to investigate whoever they want. And Stratfor did a lot. Shapiro was hired by the US government, by corporations such as Coca-Cola, Dow Chemical, to spy on activists that they basically didn't agree with, didn't like what they were saying. And this all came out when Jeremy hacked their email systems and allegedly released them, allegedly release them to WikiLeaks. So end. Yes, so that and one of the major o
ne of the major ways that he was caught was by an FBI informant named Sârbu, real name Hector Monsegur, who is going to figure in a little bit later. But that was one of the main ways that he was caught. Another hacker was turned state witness against him, which is another issue that it's OK to say have. All right, well, first of all, one of the first things that I really wanted to talk about was what is a whistleblower? What is what is what is a truth teller? What are our ideas around that? Obviously, we we think of somebody who may be within a system, who has information, who then comes forward with it. But I honestly think that we really need to expand our definition of what a whistleblower is, what a truth teller is. For example, I very strongly believe that the PayPal 14 who were 14 individuals that were arrested as part of a direct attack against PayPal for blockading the funding of WikiLeaks, I very strongly believe that they should also be considered and given the same protection and honor as other truth tellers, as other whistleblowers, because they saw an injustice that was occurring, the PayPal refusal to process donations from WikiLeaks. And they did something about it. They called attention to it, which is what I think one of the main main acts of what a whistleblower does. They call it they call attention to something. So I think that honestly, we need to expand that definition to include people that have been arrested, maybe not for doing the traditional quote as we think of truthtelling activities, but it's really crucial because what happens in these cases is when somebody comes forward with something, they are punished with these these draconian laws, with these outrageous sentences, which then causes future truth tellers to maybe not want to come forward. So protecting your truth tellers and protecting your whistleblowers is an incredibly important thing, as we were learning, because really these truth tellers that are coming forward are being pr
osecuted so harshly and. If that flow of information is going to continue, they need to know that they are going to be protected, that the media and that people around them will not leave them high and dry in Hong Kong or whatever the case may be. I think it's just I think it's interesting as well that in most countries there's no public interest defense. They can't say whether they're inside or outside of an organization. While I was doing this for the public good, I've caused greater, greater good by my supposedly illegal action than if I hadn't done anything. And I think that this is something that should be pushed for change as well on that point. Yes, I absolutely agree with that. So another point that I wanted to make is that after sort of after care, that's sort of my specialty. Jeremy asked me to take over his defense fund in June of June or July of 2013. And after care is so important, these people have sacrificed everything to, you know, bring us this this in this information. And it's important that we show our respect both as people, as journalists, to write these articles who then build their career off off of it. I believe that respect needs to be shown to the source after. And that's a very important part of Africa, especially for those that are identified and arrested. Because, you know, John, John Kiriakou should not have to fundraise on the Internet to save his house because he's not there. You know, that should be that should be something that is taken care of by both, you know, the media that help that were his contact people and by the people that have benefited from the information that he shared. A strong ideal that Jeremy holds and that I hold as well is is mutual aid and saw and solidarity. And part of that means you don't leave your source behind. You don't leave somebody who has sacrificed everything. You don't leave them behind. It was interesting when we worked on for the with the Hammond case WikiLeaks put together when it came to the s
entencing time, we tried to put together as large a signatory letter of all the media organizations. And we'd worked with a lot on the Stratfor files and we tried to get as many of them to sign just to ask for leniency in the sentencing case. And what was very interesting was a complete break between how the global south and how the West reacted to this. So the West either completely ignored the email. In general, there were two very good journalists who I will just name Stephania Moezzi from Italy. And John gets here in Germany that actually were willing to put their name to it. And other than that, we were in either entirely ignored or they refused. When it came to the global south, we had media organizations going, well, we'll sign and I'll get so-and-so in Argentina to sign. So people that it never like works on even the Hammond documents when we when we were first making making partnerships. So this was quite an interesting phenomenon that I think that the West has become so bad at. And you can see that in that example where you're looking at the difference between how the Western media are reacting to the global south, that it doesn't have to to be like that. And I agree completely agree. Do you want to talk just a bit about Jeremy at the moment? I'm sure Jeremy Jeremy is currently serving a 10 year federal prison sentence for his role in the Stratfor and another hacks that were all politically motivated. He's doing pretty well. Last time we talked was Christmas Eve. He says hello to everybody. And he right now he's it's prison is just a daily grind that you have to live every single day. And it's especially hard for people who may be antiauthoritarian like Jeremy is. Maybe you've noticed who spent their whole life trying to dismantle that system to then become completely controlled by it. So. Aftercare by the general public really helps things like writing letters, donating so that he has money in his commissary, sending books, things like that superimportant
. And can you just explain so they understand a bit about how he keeps going in and out of shoe? And, yes, that's been an ongoing issue. Documents, it honestly started, oddly enough, when documents were dropped by Anonymous that were the unredacted Lussac warrants, and I got frantic calls from lawyers at nine 30 at night saying the government is very upset with Jeremy for this and. Well, well, why? Why are they upset with Jeremy? He's in jail. He didn't release them. Well, they think that they you know, they think that he gave it to them. So there are very real consequences for a mishandled, you know, a very, very real consequences for mishandled in information, especially when that person has already been identified and may be in jail. The government has punished Jeremy with overly harsh punishments for minor infractions. He keeps he's gone in and out of SHU, which is solitary confinement center, these segregated housing unit. He's gone in and out of there more times than I can count. And every time they put him in the he loses what's called his good time. He earns good time off of his sentence for every month that there are no infractions. Well, if the staff decides to bump up his infraction level based on what he did, his good time is gone. Like I just checked a couple weeks ago and found out that his release date had been pushed back a month because of a situation that happened where he was overly punished for something that should be his absolute right to do. And his release date got pushed back a month, which means he's not going to be out. He's going to have to spend another month in prison on top of the already unjust 10 years he will have spent. So mishandled documents and mishandled information and how you publish your sources really does matter, and it really does impact your source very strongly, especially like I said, if they've already been identified and they have already have that attention put on them. And I think it's interesting in the case of yo
u just described, even though he's in prison already, it's still having an impact on how people in the outside world are dealing with information that he is seen to be linked to by the government. So, yeah, yeah, I can tell everybody what happened. He wrote a letter of leniency for Barry Brown, the journalist who was charged originally with publishing or I'm sorry, linking to the information that had been published from Stratfor. Brett Brown is was due to be sentenced in the beginning of December for this. And Jeremy wrote a letter of leniency, as many had done for Jeremy. He wrote a letter of leniency for Barrett Brown, and he sent it to me to give to Barrett Brown's federal judge. And he was written up for circumventing male monitoring procedures and he had his email privileges. I still cannot email him. He got his email privileges taken away for. A month, a month or a month and a half, so I mean, normally things that would not cause people to look twice, he gets slammed for every single time. And that's part of the government retaliating against him for continuing to speak out. So it's these sorts of cases that we we set up a courage for courage is working with grace and running Jeremy Hammond's defense fund. It was borne out of when we worked to get Edward Snowden asylum. We realized that actually in these sorts of high risk cases, there are very few organizations. In fact, well, in that case, there were no other organizations that can or would assist him that could act swiftly and securely. So Courage was founded by three trustees, Gavin, who I mentioned before, who's from the Center for Investigative Journalism in London and Whistler. He's here Barbara Bakowski, who's from legal director at Article 19 in London, and then Julian Assange, who's the editor in chief of WikiLeaks. And we worked to get Snowden asylum. And he then instigated setting up courage, even in the midst of all of his own legal issues with the US grand jury, as we've just seen, still continui
ng against him. So we began with Snowden's defense fund and protections for Snowden. We've grown we now have Hammond as a beneficiary. We run these specific defense funds along with their support websites, including the revelations that have been disclosed, we are proud to say actually have the largest collection of Snowden documents because no one else was putting them all in one place. We also this year launched a new fund for sources under investigation. This is actually we call it the Known Unknowns Fund, which is our little in-joke to Rumsfeld's quotes. And this is specifically for sources at the point when they are being investigated there, an alleged source, they haven't necessarily been they haven't been charged. They're not necessarily identified publicly. So to get public money to pay for legal advice is pretty much impossible for them to raise public donations. But yet they need legal advice. They have people knocking on their doors and raiding them. So we were actually this funds. There's already one person that is actually needing it support at the moment, and I'm sure there will be more. So that's one of the other projects that we set up this this year. And one of the big things that we've done with work from the beginning is to systematized these sorts of processes and these support to set up the website, to set up the defense fund. And for Snowden, it was sort of almost a test case for us, for how we did it, what the legal loopholes, et cetera. Were we then, of course, set it up again for Hammond and we now within a day can set up a legal defense fund and a support website for anyone else that comes forward. This is important to be able to to move fast because the story is pretty much set within the first week of the public perception. So this fast moving defense is really quite crucial. And we have some plans for this coming year. We're going to be offering advice for media and journalists about how to operate securely, what to think about. We've al
so started a network of specialized lawyers for legal advice and logistical assistance to help sources around the world, whether this is legal advice or escaping from Hong Kong to get asylum. So, yes, so we continue our work into next year with these that these are more projects. So all of your help is is very much appreciated. And that's in these ways and more. We're aiming to internationally give complete protections for truth tellers in the hardest cases and show them that someone will take risks for them when others can't or won't. And the purpose is to maximize the amounts of truth and about the society we live in and the public record. And to do so whilst fostering civil courage, we want to set a new standard and the protections of truth tellers by the journalists and the public alike. And I hope that the public generally can start to hold those that don't give sources the fullest protections to account, and that here in the technical community, we can start to think of more ways to assist in this complete protection, not just the drop over points so that we will help all of us in our right to know by helping those that so bravely come forward and fight for us. So thank you. And then we're taking questions if anyone has questions. Yeah, thank you so much, Sarah and Grace. Thanks for the inspiring talk. So luckily, we have plenty of time for questions and answers. Our inspiring speaker said that they will take questions. We have six microphones here. One, two, three, four, six. Please just line up there and make yourself know that if you have a question, I think the guy on microphone three was first, please state your question while I try. So not as much a question, but I like to point out something can get a little closer to the mic. So you are in Hamburg, Germany, and the problem is not to protect. The security affairs are journalists because we had a case where the journalist was covert police lady. So these problems occur at another point here. I'm really s
orry, but I didn't quite understand what you I think because you started far away from the book, there's a difference issue in Germany because. Yeah, yeah, we have you know, media is protected by law. But we had a case in Hamburg where covid police person was the media and now. OK, OK, so she was undercover, pretending to be media, not pretending to be media undercover in media. OK, to try and find sources by them coming to her because they thought she was media. Is that the point? Now, the problem is I want to protect the source so the source has to rely on media journalist working properly, protecting you against those guys you are disclosing. So have. Those guys you work for are efficiently disclosing the secrets are the same guys who are telling the secrets to. So what? Well, yeah, that sounds like a terrible situation. Were they working for a media organization? Yeah. So I think that the public should have called for that media organization to be shut down. Nope, not media organization. It was an undercover cop in media. So so police put something into media. All right, well, that since I got the feeling that there is no question developing out of the statement. Thank you so much for the statement. And let's just hope that our speakers today are journalists, as they claimed and not as I hope this is not what you are insinuating. All right. So next question, microphone one, please, and get us the mic. Yeah, thank you very much. I think it's a very important point that you were making. I'm very glad to hear it from also from the development of the foundation last year. I think it's important to look like you were mentioning the wording, the language and the verbal OPSEC of journalism in that context. I do have a question for for Grace, what you were mentioning about PayPal. I do assume that you have something like a working definition or something for for whistleblowers if you compare it like a situation in Germany. Again, the wording is super negative. You do us
e like the word whistleblower, but you also use dimensioned information. So it's like extremely negative. So if you say we are protecting specific cases and if you said, like, what's the benefit in declaring, like PayPal guys as as whistle blowers? So you say like, that's a protection as such. I'm just interested in like, what's your working definition from from the foundation point of view and what's what's the actual practical how do you protect people? By just saying that's a whistleblower by definition, you know what I mean? Well, I think that the definition of a whistleblower or a truth teller can be someone who sees someone who is doing wrong or sees and or an organization is doing wrong and through their actions, through their politically minded actions, do something does something to bring attention to that, whether it's dropped documents, whether it's dosser website, which I very strongly feel should be covered under the First Amendment as a form of free speech, whether it's a website, whether it's dropping emails, they're doing something. They're they're doing an action that brings attention to this great political injustice. And I believe that should be our definition of what a whistleblower is, what a truth teller is, because that's what they're doing. They are incurring significant personal risk and they are telling the truth, which is what is needed right now. I stress we need a complete revolution in how we think about our government and how we relate to our government. And revolutions are never easy and they're never clean and they're never messy. Laws will get broken and laws will have to get broken in order to call on justice to those laws. So I believe that we need to appreciate the true colors that we have because they have sacrificed their everything to bring us their truth and and our truth and the truth is what's going to enable us to fight back against those that have taken our freedom against those that invade our privacy. They're the ones t
hat are going to change the world. They're the ones that are going to change the world. And they deserve respect as such. Thank you so much. Next question from the Internet. Hi. So I have a question from Twitter to Grace. Is it possible to ask for presidential grace for Jeremy Hammond? And if it's possible, how can the public contribute to that like a petition, petition or campaign? I believe it would be possible to ask for a presidential pardon for him right now. I don't know of any specific campaign that anybody's planning right now, but that is definitely a possibility. And what the public if that campaign came to fruition, it would probably be in a petition form the government, the people. The most important thing is obviously sharing that, signing it in not just sort of tweeting it out, but sort of going to certain people saying, hey, have you signed this to make sure that, yes, you can get specific? Yes, I will sign this. Yes, I. I will sign this. And trust me, if that happens, I will raise holy hell to get my friend pardoned and home. So there you'll know if it happens. All right, thank you. Next question for microphone for you. So from what I sent you, you have these facts going to help people to have money, to help them have legal support and stuff. But what we've seen from WikiLeaks is that sometimes there is money which is not accessible. How do you make sure that the money is accessible and the time needed end and it keeps being accessible when it's needed? Are you talking about, like, our banking blockade, like how the donations are stopped? OK, so this is one of the things that which is that because this was a big concern with the setting up the Snowden defense fund about this, and we actually had an almost pretests case for that with Julian's defense fund. And we actually have found kind of quite a robust way in which to do this, which has not yet been and has not yet been shut down. And Julian's at that continued through the blockade. And so that sti
ll stands. So that was sort of the base of the system that we then started. We then had to make it a faster process, but that was the base of the type of system and the type of structure that we used to set up Snowden's. And we will for the other whistleblowers, because this was exactly what was on the main front of our mind and anybody else at the time that wants to help Snowden. But because of our experience in this, we were we were able to actually set up the sort of logistical bank account when where nobody else could. OK, but this apparently seems to be that has to remain a secret or we can be able to talk more about it. So it's partly the sort of the people it's a mixture of sort of the people that are involved and the fact that they can't be backed down, which I mean, when it came to the the banking blockade, there were a number of organizations that were helping us in this. There was one that was absolutely wonderful in it, while Holland Stiftung, who are here as well, that actually stood by us, although they had their charity. No what do you call it, status taken away here in Germany. But yes. But then there were other people that didn't stand up against this. And so our donation routes were blockaded and a lot of sense says. So one thing is sort of is the people that are involved. And the second is that the legal structure around it. And so one of the structures that we've used is a trust in the U.K., of all places. But the trust has some quite it's a long thing to go into here. But I can explain about it later if you want. But a trust has some some things that make it reasonably robust for for these sorts of situations. All right. Thanks. Next question from my friend. Oh, hi. Thanks for the talk. Of course. But you mentioned something about source protection that kind of piqued my interest around going through the actual source material in the documents to ensure that there's nothing personally identifiable. You mentioned something about double spacing an
d commas. How do you protect against maybe if we're talking about high stakes here, documents that are purposely manipulated with a comma, splices or special punctuation that the adversary would be able to attribute 100 percent back to a source, at what point do you say maybe we can't even post screenshots of the source material? Where do you draw that line or how do you even assume that might come into play? So one of the things that you do in these cases, you essentially basically what you're aiming for is at a high enough level of plausible deniability and creating a large enough anonymity pool. So you're basically fudging what they can specifically relate back in the sense of these things. So you would go through and you do things like you standardize this in certain ways. So this actually means going and and. Taking away paragraph breaks or these sorts of things, because, as I say, the main thing is to ensure that it can't be specifically led back to that one potential source. If you go through and do things like standardizing through the whole documents, et cetera, then you take the you're adding starting to add more and more plausible deniability to it and taking away any specific things that could have been put into to pinpoint a certain source. So as a thought example or a thought experiment, if Snowden decided to remain anonymous, should they have posted the screenshots of the PowerPoint presentations or should have been standardized a twelve point times new Roman completely stripped of its original format? Well, this is where I was saying it depends on like the workflow, etc. within an organization. So if you have if the if the documents if there's like a large repository, which a lot of people, a number of people are coming accessing the documents through, you have a large enough anonymity pool from your baseline. So therefore, you know, it's this sort of thing, that particular example tends to happen a lot more with a smaller number of people that the d
ocument is being spread to within the work, within the people it's meant to go to. That's generally if it's within the same organization, they don't do it so much. It's generally tends to happen. So, for example, in the Trans-Pacific Partnership, things that documents that we published where you're looking from, it's although it's within a reasonably small agreement, it's going across country and then within those countries, different advisers, et cetera, are looking at this. And they want to know maybe which country or which particular person it's come from. So when the Snowden documents, it's kind of it's quite a different case because of the nature of who had access to those documents. So it's really it's kind of a case by case example. They were just very specific. I'm not saying you now have to worry about every comma and every document. This was a very sort of specific type of case. Just to give an example of the things one should be thinking about when you're working with this documents, who has access to it? How does the organization operate? It's not just a fact of removing the headers from the email or the metadata from the documents. All right. Thank you. Thank you for everybody entering the room right now. I would like to point out that we're in the middle of a very interesting Q&A, so please remain super silent. Thank you. Next question for microphone one. Thank you very much for this very important talk and thank you for your support of Jeremy Hammond. And I was wondering, um, for me, it seems that he's a very classical political prisoner. And I was wondering if the traditional or classical organization for human rights, like Human Rights Watch or Amnesty International, are also engaged in supporting him or their role. Can you elaborate a little bit on this and why not? And so on. Thank you. I believe that sometimes for those organizations, they have to sort of sometimes draw a political line, what they're allowed, what they're, quote, allowed to suppo
rt with what they're willing to support, which I think is sad because your ethics should you know, people people deserve support and that should reach across ethical. I'm not saying it should reach across ethical lines, but there are certain things that we can all agree on that, you know, that support is necessary and needed and it should not, you know, reflect badly on a news or organization, say if they sign a letter saying this person deserves leniency. But often in at least in America, it often does look bad for them. I don't know if I'm right, but I'm kind of assuming it has something to do with the fact that they are Western political prisoners, is it can it be that there is a difference if they would be from some, I don't know, banana republic or axis of evil, then they could get more support. But I think because they are from, well, the US, I don't know. I mean, human rights organizations have done some amazing work within the United States within the past several years about issues such as solitary confinement. But as far as supporting specific prisoners, I would agree with what you're saying when it comes to specific prisons. Yeah, they they don't issues without faces are generally far easier to to to support when it comes to specific people. I think the the alliances that organizations think that they're having, if it's the US government that has cracked down on someone in there, a U.S. government based organization, and often these organizations get their funding from the US government. So the last thing they want to do is say, hey, we want to support that guy that, you know, last week you were trying to kill. So I think that completely has a lot to do with it. Yeah, OK, thank you very much. Thank you. We got another question from the Internet. Yes, one more from the IOC, Chad, how about developing low budget methods for anonymous collection of secrets, like if dropping tools for everyone together with tutorials, how to deploy them and a S.O.P for the wh
ole process? Or is there already something like this? Can you can you can you repeat it? How about developing low budget methods for anonymous collection of secrets like eavesdropping tools for everyone together with tutorials, how to deploy them and a S.O.P for the whole process? Or is there already something like this gathering? I think sort of. I mean, it depends how I don't know of anything. As I understand it, this is for for collecting. Yes. The collection rather than people specifically going and putting them. I don't know of anything that exists specifically like that. I think that it would probably sounds like would be quite a good obfuscating tool. So if someone wants to make a good one of those, that sounds quite good. But I don't know of anything, anything like that. I think any there's always with these sorts of solutions, I think that there's a balance between investing enough time, et cetera, to make a particular solution good enough and then also having enough other solutions so that you can create enough cover possibilities and traffic to try and obfuscate exactly exactly what is being used. So there's always a balance when looking at this, but I don't know anything of exactly what was. Thank you, newcomers. Please be silent. Question for Mike. Hi. Thank you for everything you said. You have said that everybody's help is welcomed, but I found that sometimes in helping in a more concrete way can be complicated. I mean, the nation are useful, of course, but sometimes there is also the fear, the feeling of the duty to do something more. So I'd like to ask if there are other ways for young people who are not journalists, who are not lawyers, who are not anything else to help. Yeah, I mean, we're looking for things like translators, et cetera, as well for the site we actually have on. If you go to the website, you can you can state that you want to volunteer there. So I can't remember the the exact email now, but it's on the website. So you could always 
sign up for that if you want to to help. OK, thank you. Thank you. Question from Mike, too. OK, thanks, guys, for your work, of course. And for coming here to speak about. It's just a question for Sara. You gave a lot of examples, you know, really bad examples of journalists making mistakes. And it almost seems that you're suggesting I go speak to them because it can be dangerous. I was wondering, did you ever consider blacklisting certain news organizations and how does every day so you let you live with them as thinking we might start one of those on courage. We could have like the good pile and the bad file and then sources can go in. Which one shall I get thinking we might do that? It could it could be useful for you to give me good. I mean, it might get you in the hands of media, I guess, but you literally get to remark about Google. I'm talking about blacklisting, you know, tools and stuff. You different. I mean, yeah, it's like it's a search warrant. Says I'll go back if you. So it's basically so essentially the US governments have started saying or they actually sent them a while ago, we just got told about them, the ones that we know of so far, their search warrants for any Google services that we have, any that we've been using ever use. And me, Kristen, who is our spokesperson, has one as well. There's some others that have come to other people that are connected to Julian. We got them all literally the day before Christmas. So I sort of haven't had that much time to to do anything with it. But we it's I mean, it's definitely to do with that seven nine three G number that you can see. These are all like the legal codes that the warrant says is made under. Yeah, but I didn't get how, you know, the US government trying to get data about WikiLeaks, you know, incriminates Google. I mean, did they respond to this warrant or I mean, it sent to Google. So this was the US government's sent a request to Google for any information that they had from me. For example
, this one's mine. So it wasn't necessarily a it was more a points about the fact that journalists can be subpoenaed rather than specifically Google, although there are many bad points about Google. But I didn't go into any of them here necessarily. So you don't know if Google had, you know, replies with information they had to comply with the information they've got. They've complied. And in fact, they only had to tell us years later. So this actually has all like this was given only just burn out. But it was they were giving information. They had a deadline to start giving information, not since 2012. So Google have complied. All right. Thanks very last question for microphone six. I have a question about your broader definition of whistle blowing risk, because I get the feeling that it might be damaging to the term. And this is because currently the connotation of whistleblowing is using your right to free speech, which is usually regarded rather highly among the rights that citizens have. And if you expand this definition to any form of activism to raise or that is used to raise. I don't know knowledge about the topic or something. How would you differentiate or where to draw the line between whistleblowing according to your definition and vigilante justice? I'm going to make a very bold statement. OK, I am 100 percent for vigilante justice, just f why I just f why we have a little kind of I'm that's the punk in me maybe going a little DIY there, but I am one hundred four people, one hundred percent for people seeing injustice, doing whatever they feel they are able to do to bring that forward. Like, like I said before, revolutions are never easy and they're never clean and they're never neat. And the people that are breaking the law are the ones that unfortunately are going to enact the most change. And I believe that we should support that because laws are not what's right is not always justice and what's just is not always right. Thank you. I guess that's a g
reat closing statement. Thank you so much. Please give it out again for Sarah Harrison. And Great Knowles was great. OK, thank you so much. Awesome talk.