Protecting confidential sources online

Posted by Martin Stabe on 27 February 2006 at 11:57
Tags: Newspapers, Online, Sources, United States

The Washington Post may have accidentally burned a confidential source by publishing on its web site a photograph that included hidden data about where it was taken, according to eWEEK.

The source was was “0×80″, a young hacker who agreed to explain his computer crimes to a Post reporter Brian Krebs on the condition that neither his name nor his hometown would be revealed. After the Post published the story on its web site, users of the technology bulletin board Slashdot discovered that an accompanying photograph contained metadata apparently created for archiving purposes by the photographer:

SLUG: mag/hacker
DATE: 12/19/2005
PHOTOGRAPHER: Sarah L. Voisin/TWP
id#: LOCATION: Roland, OK
CAPTION:
PICTURED: Canon Canon EOS 20D
Adobe Photoshop CS2 Macintosh 2006:02:16 15:44:49 Sarah L. Voisin

So much for not revealing the hacker’s home town.

Roland, Oklahoma, is a village with a population under 2,000. Using details from the Post story and Google Local and Google Maps, other members of the Slashdot discussion even pinpointed the approximate location of the hacker’s home.

The Post has removed the photograph from its web site and and Krebs understandably declined to comment to eWEEK:

Krebs declined to discuss the issue. “I would like to talk with you about this. However, due to confidentiality agreements I have made with my source, I’m not at liberty to do so,” he said in an e-mail exchange with eWEEK.

Many types of computer files contain “metadata” — information such as filetypes, creation- and modification dates, creators, and sometimes, detailed revision histories. Usually invisible to the ordinary user, metadata can easily be uncovered by those with some basic computer forensics skills. An enormous amount can be learned from metadata by anyone with sufficient knowledge: Most infamously, metadata in the Microsoft Word version of the dossier released by Number 10 in 2003 revealed that Alistair Campbell’s team had revised a PhD student’s work on Iraqi WMD.

Journalists will have to get smart about online information security if we want anonymous sources to continue to trust us to protect them.

(Via Mark Schaver.)

Subscribe to this blog

Monthly Archive

Tags

18 Doughty Street ABC ABCe ACAP Agence France Presse Al Jazeera Andrew Keen AOL Archant Argus Ashley Cole Associated Newspapers Associated Northcliffe Digital Associated Press Awards BBC Bebo blogging Blogs British Press Awards Channel 4 Circulation Citizen journalism citizenjournalism CNET CNN Computer-Assisted Reporting Conrad Black Contempt of Court copyright Craigslist Croydon Advertiser data Dennis Publishing design Digg DNA2008 Drupal E-paper Eastern Daily Press Economist Edinburgh 2007 Edinburgh International Television Festival Facebook Five Flickr foi foia Freedom of Expression Freedom of Information geotagging Germany Google Google Maps Google News Guardian Unlimited hyperlocal Ifra Injunctions IPTV Issues ITN ITV Johnston Press Lancashire Evening Post Libel localisation London Lite Los Angeles Times Magazines Manchester Evening News mapping Mashups Media Law metrics Mobile Phones Moveable Type MSN Muhammad cartoons MySpace Networked Journalism New Media New Statesman New York Times NMK NUJ OhmyNews OK! Online Online Publishers Association onlinejournalism Outside.in personalisation Photography Podcasting Press Association Press Complaints Commission Press Gazette Privacy Project Badger Radio Reading Chronicle Reddit regional Reuters Richard Sambrook Roo RSS Scotsman Second Life Shropshire Star Sky Sky News Sky.com skynews Society of Editors Society of Editors Spectator Student Media Sun Online telegraph Telegraph Media Group Telegraph.co.uk Television The Herald The Sun The Sun Online thelondonpaper Times Media Times Online Training Tribune Company Trinity Mirror twitter UK AOP User-Generated Content video Vodcasting War reporting Washington Post We Media Wikipedia Wikis Wired Wordpress World Digital Publishing Conference Yahoo YouTube