Perhaps, aspiring whistleblowers could prove their commitment to ethical action by informing some appropriate portion of the government about the content of a leak before it is made public. Given enough lead time, the government should be able to act in order to protect anyone who could be in imminent danger, before a leak goes public. The Supreme Court may be the optimal organization to send leaks to since they are tasked with representing the legitimate interests of the government in the broadest possible way. Plus, their jobs aren't endangered when they take a stand on controversial issues.

 

To insure the safety of the leaker, who may be attacked by those wishing to stop the leak after the pre-leak, the data could be distributed using something like a modified version of Tor (1). The leaked data would automatically be published on the announced day. There could be mechanisms in place to stop a leak after the pre-leak, but this could encourage torture even if veto power is distributed to several parties in some way. I would suggest leaking on auto, since it would deter any attempt to coerce humans into stopping the leak once the distribution process has begun.



To be clear, I'm not endorsing or encouraging government leaks. I'm simply asking if pre-leaking to an appropriate government organization could play an important role in determining how ethical a whistleblower's actions are.

I was researching the possibility of generating a publicly available list of "digital fingerprints" (e.g. SHA, MD5) for all substantial government documents when I discovered "linked timestamping" (1). Hash values for files can be linked together in a way that allows the content and creation time of a file to be validated given three things: the document, a timestamp token for the document, and a code that can be published freely in the media. There is an open source version of the technology (2) and Guardtime offers an easy to use REST API for experimenting with (3).

One of the great things about this system is that it doesn't require secret keys to remain perpetually secret in order to validate the content and creation time of documents. Someone who has a timestamp token and associated document can find a piece of public media where the public code has been published (4) and validate the document in a completely independent way.

Government agencies could send hash values for every significant document they generate or acquire. These hash values could then be sent to a server where they would be added to the current set of linked hashes. A timestamp token for that document could then be generated and returned.

 

After a document has been timestamped, some metadata about the document could be published on the open internet. This could include things like approximate data size, level of classification, the department classifying it, automatic declassification schedules, history of freedom of information requests, timestamp and (pending NSA approval) the timestamp token.

 

Versions of a document that are derived from another document, such as redactions, could be attached to the original with new metadata. Differential database snapshots could also be timestamped. Independent parties could then access this data and back it up periodically to make sure there is a record outside the control of the government. In addition to documents metadata, a special code that represents all of the linked timestamps generated up to that point could be periodically published on the web and in print media. If timestamp tokens are not immediately released, they could be released as documents are declassified. The availability of the publicly published codes, along with other declassified documents, should ensure that the timestamp tokens can not been forged.

This information being available would allow citizens to track and respond to how the government is generating data and how classification and declassification are being managed. This scheme could reduce the need for whistleblowers and the occurrence of leaks, since unusual patterns of classification (e.g. several TBs of new classified data suddenly appearing over a few days at the NSA) could be quickly noticed by citizens and representatives could be lobbied and elected to check into the suspicious activity. When data is declassified, the public could be confident that what their representatives investigated and reported on in the past corresponds to the documents that were eventually released. 



Releasing documents that do not have a proper timestamp could be grounds for suing the government. Requiring timestamps could also play a role in encouraging governments to adopt standard practices for digitizing all substantial documents it generates or acquires. Elected officials and government employees could include QR-codes on printed documents to make it easy to access digital representations.

 

Digital versions could easily be checked to see who created a document, when they created it, and if it matched the paper copy. The creation time and integrity of documents should remain verifiable even if the secret keys used for digital signatures are compromised.

Publishing the public codes from government timestamp linking systems in major newspapers could become a tradition in liberal democracies. They could serve a frequent reminder that even though our democratic systems may sometimes require temporary secrecy, their legitimacy rests on the ability of the citizens to hold them accountable for what they do on their behalf.



References:

(1) http://goo.gl/TdiP

(2) http://goo.gl/lfrT3l

(3) http://goo.gl/14S4IK

(4) http://goo.gl/NVjQ8J

(5) http://goo.gl/74g788