Panama Papers a win for encryption backers

Panama Papers a win for encryption backers

Privacy advocates are touting the so-called Panama Papers as a key example of how encryption can protect courageous whistleblowers and other vulnerable individuals.

According to reporters and editors involved in the project, dozens of researchers and writers relied on anonymous chatting platforms and encrypted email to protect the whistleblower and keep under wraps leaked documents from Mossack Fonseca, a prominent Panamanian law firm that allegedly helped wealthy people stash fortunes from domestic tax laws.

ADVERTISEMENT

To this day, the leaker is not known, even by the journalists themselves.

“For many of these people who are coming forward, it’s a matter of life and death and they’re putting a lot on the line and putting themselves at risk essentially for the greater good,” said Neema Singh Guliani, a legislative counsel with the American Civil Liberties Union (ACLU).

Several of the principals overseeing the mountain of documents — easily the largest cache ever leaked at 2.6 terabytes, which includes 4.8 million emails, 3 million database files and 2.1 million PDFs — told Wired that encryption was vital from start to finish.

The source started communicating with a reporter in 2014, and would only talk via encrypted channels, warning his or her “life is in danger.”

Bastian Obermayer, the reporter at German publication Suddeutsche Zeitung who facilitated the initial leak of the files, told Wired he used encrypted chatting apps — for instance, Signal and Threema — as well as PGP-encrypted email, to communicate with the source.

Obermayer declined, however, to detail the specific methods he employed.

Eventually, Suddeutsche Zeitung contacted the International Consortium of Investigative Journalists (ICIJ) to help manage the mammoth trove of information it was acquiring, bit-by-bit.

It’s unclear how each delivery of documents was made, but security experts say the volume is so overwhelming that it’s likely the leaker had to transfer the data physically on encrypted hard drives.

“Realistically, if you get this out of the company without being detected, you do that physically,” said David Palmer, who worked on cybersecurity for both GCHQ, Britain’s surveillance agency, and MI5, the country's domestic counterintelligence office, and is now at security firm Darktrace.

In a letter to clients over the weekend, Mossack Fonseca claimed it had been subject to an “unauthorized breach of our email server,” but didn’t elaborate.

Regardless, many believe these leaks encompassed nearly every file from Mossack Fonseca’s entire existence, which spans roughly 40 years.

To handle the expansive dump, ICIJ told Wired it build a two-factor-authentication-protected search engine that allowed the team to easily scan the leaked documents.

The URL for this secure search engine was shared via encrypted email with news outlets, such as the BBC, which compiled the hundreds of stories that appeared simultaneously Sunday night.

The revelations from the leaks have already caused swift and wide-ranging fallout.

Iceland Prime Minister Sigmundur David Gunnlaugsson resigned on Tuesday amid questions about his overseas holdings. British Prime Minister David Cameron is on the defensive after the Panama Papers portrayed several British-governed territories as tax havens for the wealthy, including members of Cameron’s own family.

Privacy advocates on Capitol Hill caution that legislation making its way through Capitol Hill would undermine the encrypted channels that were vital to getting the Panama Papers out.

Following last year’s terror attacks in Paris, Sens. Richard BurrRichard Mauze BurrHillicon Valley: Senate bill would force companies to disclose value of user data | Waters to hold hearing on Facebook cryptocurrency | GOP divided on election security bills | US tracking Russian, Iranian social media campaigns GOP senators divided over approach to election security GOP frets about Trump's poll numbers MORE (R-N.C.) and Dianne FeinsteinDianne Emiel FeinsteinDemocratic senator introduces bill to ban gun silencers Negotiators face major obstacles to meeting July border deadline Young activists press for change in 2020 election MORE (D-Calif.) — leaders of the Intelligence Committee – started work on a bill to give lawmakers guaranteed access to encrypted data.

The two are responding to law enforcement concerns that secure communication platforms are helping criminals and terrorists hide from authorities.

The Burr-Feistein measure would force companies to comply with court orders seeking access to encrypted data. A draft of the pair’s efforts is expected as soon as this week.

“I have a basic fundamental belief this is very important and that no American company should be above the law,” Feinstein told The Hill last month.

Guaranteeing government access to secure channels would imperil the communication platforms used by the whistleblower and journalists who handled the Panama Papaers, say critics.

“The most security comes about when you have strong encryption,” said Sen. Ron WydenRonald (Ron) Lee WydenOvernight Health Care — Sponsored by Campaign for Tobacco-Free Kids — Trump issues order to bring transparency to health care prices | Fight over billions in ObamaCare payments heads to Supreme Court Senate set to bypass Iran fight amid growing tensions Overnight Defense: House passes T spending package with defense funds | Senate set to vote on blocking Saudi arms sales | UN nominee defends climate change record MORE (D-Ore.), vice chair of the Whistleblower Protection Caucus and a vocal encryption advocate.