In Leak Prosecutions, US Government Treats Use Of Privacy Tools As Criminal Activity

The following article was made possible by paid subscribers of The Dissenter. Become a subscriber and support independent journalism in defense of press freedom.

In Espionage Act prosecutions involving leaks, attorneys at the United States (DOJ) consistently treat the use of privacy tools as evidence of criminality. This tendency should alarm journalists and news media organizations that rely on such tools for newsgathering.

A jury convicted former CIA programmer Joshua Schulte of disclosing CIA cyber warfare materials to WikiLeaks in July 2022. Schulte is scheduled to be sentenced in the U.S. Southern District Court of New York on February 1. 

The U.S. government’s sentencing memo [PDF] asserted that “between April 18 and May 5, 2016, Schulte took a number of steps to transmit the stolen CIA files to WikiLeaks: Schulte updated his versions of Tails (an operating system that boots from an external media device and is designed to leave no forensic trace of the user’s activities) and the Tor browser (an encrypted, anonymizing network that makes it difficult to intercept or trace internet communications that can access the ‘dark web’) on his home computer—both tools recommended by WikiLeaks to potential leakers.”

Also, in Schulte's case, part of the government’s argument for applying an “abuse of a position of trust or use of a specialized skill” sentencing enhancement included “the use of anonymizing tools like Tor and Tails.” 

The fact that WikiLeaks has recommended the use of “both tools” by “potential leakers” was clearly mentioned to remind the court that the government believes WikiLeaks aided and abetted Schulte.

When the DOJ charged WikiLeaks founder Julian Assange with violating the Espionage Act, the indictment similarly singled out Assange and WikiLeaks for setting up a “special folder on a cloud drop box” for U.S. Army whistleblower Chelsea Manning to submit documents. However, in 2024, maintaining secure submission systems and using privacy tools are standard newsgathering practices for journalists and news media organizations.

Al Jazeera, the Australian Broadcasting Corporation (ABC), the Globe and Mail, the International Consortium of Investigative Journalists (ICIJ), ProPublica, and the Washington Post have pages that advise potential sources to use Tor and Tails. WikiLeaks’ recommendation is no different. 

Moreover, the Freedom of the Press Foundation (FPF) has recommended that “potential leakers” use “both tools” when sharing sensitive information with a news media organization. Would a federal prosecutor suggest that FPF, a nonprofit committed to defending public interest journalism, is encouraging criminal activity?

Another Espionage Act prosecution in which the DOJ characterized privacy tools in this manner was the prosecution against drone whistleblower Daniel Hale, who was sentenced to 45 months in prison for releasing the “Drone Papers” to journalist Jeremy Scahill, co-founder of The Intercept.  

A DOJ press release posted on May 9, 2019, called attention to a "thumb drive” that Hale allegedly had containing “Tor software and the Tails operating system, which were recommended by the reporter’s online news outlet in an article published on its website regarding how to anonymously ‘leak’ documents.”

In this case, The Intercept was WikiLeaks, and the news media organization was singled out as an aider and abettor of Hale’s actions because The Intercept openly advised potential sources on how to securely submit information.

The government understands that when they prosecute leaks they are chilling potential news sources. Within the last decade, that has expanded to denouncing tools that reporters use to expose corruption and abuses of power. And that is one of many reasons why the prosecution of WikiLeaks founder Julian Assange is so troubling.

As FPF executive director Trevor Timm outlined [PDF] during Assange’s extradition trial in London in 2020, “WikiLeaks pioneered a secure submission system for journalistic sources prior to 2010. They developed a platform for secure communication between sources and media organizations that was unique at that time and allowed journalists to receive communications from their sources in a way that attempted to ensure that the sources’ safety and security were protected.”

Similar to WikiLeaks’ submission system, FPF developed an “open source platform” called SecureDrop in 2013 following outcry from news media after it was revealed that the DOJ had “accessed journalists’ communications records while they were speaking with their sources.” The system is now used by more than 70 media organizations around the world, according to Timm. 

“Pulitzer Prize reporter David Fahrenthold puts a link to SecureDrop in emails he sends to people he contacts in an attempt to learn more about the subjects he is covering,” Timm added. “It is common for organizations to go further and target particular groups of individuals who might have access to sought-after information, which is of interest to their publication."

During President Donald Trump’s administration, Gizmodo ran Facebook advertisements that directed “government agency employees” to TellOnTrump.com. The Wall Street Journal reported that the site contained details on how to “securely send tips and documents.”

Timm pointed out that WikiLeaks is “not unique in asking for leaked documents of public importance. The idea that every single story since the dawn of time has come from documents being dropped on the doorsteps of journalists, without those journalists asking for information, or returning to the source for more information, borders on fantasy.”

Except if the press does not object when the U.S. Justice Department outrageously casts privacy tools as mere tools for committing crimes, then there may come a day when journalists and news media organizations are effectively stigmatized for using such tools. Should that happen, reporters may find themselves fantasizing about documents appearing on their doorstep.