Protecting whistleblowers with secret data transfer techniques

By Dylan Bushell-Embling
Monday, 01 July, 2013

A German professor is developing a system to transfer user data over the internet without being observed, in a bid to provide protection for whistleblowers and activists.

Freie Universität Berlin professor of computer science Volker Roth is leading a project called AdLeaks. The team has made a first version of the source code available for download.

The system is currently being tested as part of the EU’s CONFINE next-generation community networks research project.

AdLeaks is designed to be embedded into a website and send empty, encrypted messages to a server whenever the site is viewed. Whistleblowers can use a modified browser to send confidential encrypted messages instead. Authorities monitoring the internet would find it hard to differentiate between the two types.

Roth said the need for a system to provide protection for whistleblowers has been demonstrated by the recent revelations from NSA subcontractor Edward Snowden about the PRISM surveillance program.

“You have to admire the civil courage of Edward Snowden, who sacrifices his future for his democratic convictions, when he reports abuse,” he said. Not all potential whistleblowers dare to go public with their revelations, and take on the associated stigma, loss of employment and potential for prosecution.

“[But] even whistleblowers who wish to remain anonymous take risks when they pass information through the internet, because the information collected by the NSA allows the organisation to trace connection data calls made once or internet connections far into the past,” Roth said.

The NSA has the ability to access data directly from the fibre backbones that underpin the global internet, he said. Encryption cannot protect connection data, and authorities may still be able to conduct traffic analysis to trace connections in the case of anonymising services such as Tor.

Roth is developing AdLeaks in cooperation with a team of his students and professor Sven Dietrich from the Stevens Institute of Technology in New Jersey.