Today, practically everything that employees do is tracked, evaluated, and recorded. That makes leaking information anonymously to the media a lot more challenging than you might think. Edward Snowden, Chelsea Manning, and employees of some of today’s leading tech companies have lost their jobs because they chose to share private company information or government secrets with reporters.
Most people who choose to leak have a lot to lose. Even in situations where sharing information is in the best interest of the public, there could be serious repercussions for their actions.
Along with losing their jobs, they might even wind up going to jail. This is why an anonymous blog like The Doe is a good way to share such information. This site believes that unfiltered and honest stories are the best way for readers to confront their own biases and prejudices.
With so much at stake, it is important to think through that decision carefully before going through with it. Never leak information in haste or on a whim. Instead, take your time and make sure you are willing to accept the consequences of your actions. Discussing your options with a lawyer is a good idea, as well. If you take all of these steps and are still certain that you want to leak, follow the tips below.
Employers usually act quickly after a leak to find out who was responsible. No business owner wants their private information to find its way into the public eye or into a newspaper. Chances are, they will be very angry.
Usually, the first course of action is to conduct an internal audit, closely inspecting anyone at the company who had access to the information. Depending on the seriousness of the leak, the police may even be involved. Every action you have taken at work will be carefully examined. This includes the files you have accessed, emails you have sent, information you have searched for, documents you have printed, calls you have made, and more. Your keystrokes may even have been logged.
When they examine this information, what will they discover?
Before you leak, you need to make sure that everything is in perfect order. For instance, if you opened this article on your work computer or laptop, it is a major issue. When investigators see that you not only had access to the information but were also reading about leaking anonymously, it will raise some serious questions.
According to The Intercept, you should also avoid reaching out to the media from your workplace. Reality Leigh Winner, a young woman who recently leaked a classified report from the NSA, reportedly contacted The Intercept from work. That is a major mistake that can cause you to get discovered.
To avoid putting yourself in a similar situation, conduct any research about leaking on personal devices. Learn how to use Tor when browsing the web. Become familiar with PGP encryption. If you have to send an email, set up a disposable account at 10MinuteMail or a similar service.
Depending on the severity of the possible repercussions, you may want to buy a cheap laptop using cash. Only use it in areas where there is free public Wi-Fi available. After you are finished, reformat the drive and dispose of the laptop.
Obtaining The Document, Data, Or Information
Now that you have learned a little bit more about how to cover your tracks when leaking anonymously to the media, it is time to figure out how to actually obtain the document or data without getting caught. Not only that but you also need to figure out how to get it out of your office or workplace.
This is one of the most challenging parts of the task. Access to sensitive information is usually carefully controlled. In many cases, it is also tracked, meaning that if you open the file, evidence could be left behind.
Think about how the data is normally accessed. For instance, do employees throughout the company access it hundreds of times each day? In a case like that, opening the document may not raise any red flags as long as it is something that you would normally do anyway. For older documents or files that are less frequently accessed, you might be the only one who has opened it for a long time. This makes it easy for investigators to figure out that it was you that shared the data.
Thinking through these issues in advance is important so that you can keep from getting caught.
Printing out the information you are leaking is problematic, as well. Most print jobs are tracked by the printer and are logged on the network. Laser printers often imprint documents with special codes that make it easy for investigators to determine where they came from. These are all major issues that could cause you to get caught.
Putting the data on a flash drive also poses serious problems. Companies often block the USB ports on their computers so that they can’t be accessed. Even if you have a working USB port, the system will usually log any data that is copied. The only situation where this might work is if the document or data is accessed and copied by a lot of people regularly. In that case, you will still be a suspect, but you won’t be the only suspect as long as the system doesn’t include metadata in the file that links it to you.
Typically, actions like these are too risky to attempt.
Taking a screenshot of the data might work. From there, though, how do you transfer the screenshot from your computer? You can’t email it to yourself since email can easily be tracked. Some systems also record screen captures. In that case, it will be easy for investigators to link you to the leaked information when it comes out in the press.
A tactic that may work is to snap a photo of the document itself or of your computer screen using a throwaway cell phone. From there, you can transfer it to an inexpensive laptop that you purchased specifically for leaking the information. Cover the WebCam on the laptop and only use it in areas where you know nobody will be watching.
Cameras often track metadata about photos. This includes the time and date of the photo, the location where it was taken, and the name of the device that was used. To avoid this problem, turn off EXIF data on your camera.
Just remember, if someone sees you snapping photos of your computer screen, it may be difficult to explain.
Before leaking the photos, carefully examine them for any details that could be used to identify you. Is your workstation visible in the pictures? Can you see the time on the screen of the computer? Check the toolbar of the program that the file is open in, as well as the taskbar at the bottom of your screen. These items should be cropped out of the photo to remove any identifying information.
After transferring the files from your throwaway camera to your throwaway laptop, you can take the next step and send it anonymously to a media outlet.
Sending The Data
In terms of how to get the data to the media, there are a lot of different options. Every option has serious risks. While researching these methods, only use public Wi-Fi. Avoid using your personal network or conducting the research at work. Coffee shops, libraries, and other places where you don’t spend a lot of time are good choices.
Using SecureDrop may be an option. This system was designed to make it easy for whistleblowers to anonymously submit information to reporters. As long as the media company that you are trying to contact uses the system, it is an effective way to transfer data.
Getting physical objects like a printed sheet of paper to a media outlet is a little bit more difficult. Sending it through the mail is one option. When filling out the envelope, put an actual return address on the envelope. Just make sure not to use your own address.
Why does the return address matter? In 2013, the New York Times published a report about the Mail Isolation Control and Tracking Program. With this program, the USPS photographs every piece of mail that goes through the system. The data that is captured can be requested by law enforcement officials. According to the San Diego Tribune, envelopes that have fake return addresses or that have a name that is not associated with that address both draw unwanted attention.
Remailer services could be a good option if the information is not time-sensitive. With these companies, you mail the document to them. They then charge you a fee to mail it to its intended recipient using a new envelope.
As long as you follow any of these steps, you should be able to successfully leaked to the media.
Dealing With The Aftermath
If the information that you leaked benefits the public, you can feel good about your decision. At the same time, however, you need to take quick action to avoid getting discovered. That means throwing away your laptop, camera, burner phone, or flash drive if you decided to use one.
A reporter from the media outlet that you leaked to will usually reach out to your company to try to verify the information or to request a comment for their story. In some cases, they may even show the document or data to the person they contact. In the case of Reality Winner, that is what The Intercept supposedly did. Are there any details in the document that could link it to you?
Keep in mind, as well, that the tips on this list are not guaranteed to work. Reading a single article about leaking is not nearly good enough if you are risking your career or facing the possibility of going to jail. Just look at people who have leaked in the past. These types of leaks rarely turn out well for the individuals who are discovered. That is why it is so important to make sure that you go to great lengths to keep from being identified.