EPFL researchers at the Security and Privacy Engineering (SPRING) Lab, School of Computer and Communication Sciences (IC), have developed a ‘Datashare Network’ that allows investigative journalists to exchange information securely and anonymously. A detailed paper on the subject will be presented by the scientists at the 29th Usenix Security Symposium (USENIX Security ’20), which will be held online from August 12 to 14. The event, which brings together specialists in the security and privacy of computer systems and networks, will undoubtedly draw worldwide attention to the EPFL research.
Important revelations with global implications require the active cooperation and sharing of data among investigative journalists across national borders. This is particularly true for cases involving fraud, deception, and tax evasion. A good example is the infamous Panama Papers case, which brought to light the existence of thousands of shell companies run by many noted politicians, businesspeople, and sports personalities to evade taxes. Such investigations imply the sharing of millions of sensitive documents among international journalists in a secure environment that precludes leaks of any kind. To address that challenge, the International Consortium of Investigative Journalists (ICIJ), comprising 200 members in 70 countries, sought the help of the SPRING Lab. The outcome is the Datashare Network, a fully anonymous, decentralized system for searching and exchanging information.
To ensure anonymity of shared information, the Datashare Network issues virtual secure tokens that journalists can attach to their messages and documents to prove to others that they are ICIJ members. All documents are typically stored on members’ servers or computers, and only essential information critical for further investigation is shared with other users. Using the search engine, users can look for relevant information and then contact, in complete anonymity on either side, the member(s) in possession of that information.
Since users work in different time zones, the network provisions asynchronous searches and responses. In their paper, the research group describes two new secure building blocks developed by them: an asynchronous search engine and a messaging system. The research also introduces the “multi-set private set intersection” (MS-PSI) protocol, which ensures the security of the search engine and mitigates the risk of leaks.
As observed by Carmela Troncoso, head of the SPRING Lab:
“This system, which addresses real-world needs, has enabled SPRING to tackle some interesting challenges…. The hurdles we encountered during the development process…have paved the way to a new area of research with significant potential for other fields.”