SPONSORED:

Panama Papers a win for encryption backers

Panama Papers a win for encryption backers

Privacy advocates are touting the so-called Panama Papers as a key example of how encryption can protect courageous whistleblowers and other vulnerable individuals.

According to reporters and editors involved in the project, dozens of researchers and writers relied on anonymous chatting platforms and encrypted email to protect the whistleblower and keep under wraps leaked documents from Mossack Fonseca, a prominent Panamanian law firm that allegedly helped wealthy people stash fortunes from domestic tax laws.

ADVERTISEMENT

To this day, the leaker is not known, even by the journalists themselves.

“For many of these people who are coming forward, it’s a matter of life and death and they’re putting a lot on the line and putting themselves at risk essentially for the greater good,” said Neema Singh Guliani, a legislative counsel with the American Civil Liberties Union (ACLU).

Several of the principals overseeing the mountain of documents — easily the largest cache ever leaked at 2.6 terabytes, which includes 4.8 million emails, 3 million database files and 2.1 million PDFs — told Wired that encryption was vital from start to finish.

The source started communicating with a reporter in 2014, and would only talk via encrypted channels, warning his or her “life is in danger.”

Bastian Obermayer, the reporter at German publication Suddeutsche Zeitung who facilitated the initial leak of the files, told Wired he used encrypted chatting apps — for instance, Signal and Threema — as well as PGP-encrypted email, to communicate with the source.

Obermayer declined, however, to detail the specific methods he employed.

Eventually, Suddeutsche Zeitung contacted the International Consortium of Investigative Journalists (ICIJ) to help manage the mammoth trove of information it was acquiring, bit-by-bit.

It’s unclear how each delivery of documents was made, but security experts say the volume is so overwhelming that it’s likely the leaker had to transfer the data physically on encrypted hard drives.

“Realistically, if you get this out of the company without being detected, you do that physically,” said David Palmer, who worked on cybersecurity for both GCHQ, Britain’s surveillance agency, and MI5, the country's domestic counterintelligence office, and is now at security firm Darktrace.

In a letter to clients over the weekend, Mossack Fonseca claimed it had been subject to an “unauthorized breach of our email server,” but didn’t elaborate.

Regardless, many believe these leaks encompassed nearly every file from Mossack Fonseca’s entire existence, which spans roughly 40 years.

To handle the expansive dump, ICIJ told Wired it build a two-factor-authentication-protected search engine that allowed the team to easily scan the leaked documents.

The URL for this secure search engine was shared via encrypted email with news outlets, such as the BBC, which compiled the hundreds of stories that appeared simultaneously Sunday night.

The revelations from the leaks have already caused swift and wide-ranging fallout.

Iceland Prime Minister Sigmundur David Gunnlaugsson resigned on Tuesday amid questions about his overseas holdings. British Prime Minister David Cameron is on the defensive after the Panama Papers portrayed several British-governed territories as tax havens for the wealthy, including members of Cameron’s own family.

Privacy advocates on Capitol Hill caution that legislation making its way through Capitol Hill would undermine the encrypted channels that were vital to getting the Panama Papers out.

Following last year’s terror attacks in Paris, Sens. Richard BurrRichard Mauze BurrAs Trump downplayed the virus publicly, memo based on private briefings sparked stock sell-offs: NYT Hillicon Valley: Subpoenas for Facebook, Google and Twitter on the cards | Wray rebuffs mail-in voting conspiracies | Reps. raise mass surveillance concerns Bipartisan representatives demand answers on expired surveillance programs MORE (R-N.C.) and Dianne FeinsteinDianne Emiel FeinsteinMurkowski predicts Barrett won't overturn Roe v. Wade Democrats to boycott committee vote on Amy Coney Barrett's Supreme Court nomination The Senate should evoke RBG in its confirmation of Amy Coney Barrett MORE (D-Calif.) — leaders of the Intelligence Committee – started work on a bill to give lawmakers guaranteed access to encrypted data.

The two are responding to law enforcement concerns that secure communication platforms are helping criminals and terrorists hide from authorities.

The Burr-Feistein measure would force companies to comply with court orders seeking access to encrypted data. A draft of the pair’s efforts is expected as soon as this week.

“I have a basic fundamental belief this is very important and that no American company should be above the law,” Feinstein told The Hill last month.

Guaranteeing government access to secure channels would imperil the communication platforms used by the whistleblower and journalists who handled the Panama Papaers, say critics.

“The most security comes about when you have strong encryption,” said Sen. Ron WydenRonald (Ron) Lee WydenPlaintiff and defendant from Obergefell v. Hodges unite to oppose Barrett's confirmation Senate Democrats call for ramped up Capitol coronavirus testing House Democrats slam FCC chairman over 'blatant attempt to help' Trump MORE (D-Ore.), vice chair of the Whistleblower Protection Caucus and a vocal encryption advocate.