Does Hanlon's Razor apply here? "Never attribute to malice that which is adequately explained by stupidity." I would have let this one play out longer, perhaps even indefinitely so long as any legal liability could be avoided.
I didn’t make my meaning clear. I would have not called attention to the fact that there was an internal source within Elsevier and would have given it more time to see what other info he volunteered. The “source” obviously sucks at remaining anonymous and not getting caught. If Elsevier is in fact suppressing 3I Atlas paper publication and redirecting attention away from this activity, it strains credulity that they are this bad at it. I lean a tiny bit toward thinking the source was acting on his own.
Yeah I agree I feel like they were genuinely trying to point out the internal structure for the benefit of us without directly saying anything that would compromise themselves, but poor OPSEC on their part. RIP.
Why did you disclose your Whistleblower (though this term barely fits here) to his employer? I don't understand what you are trying to achieve here. This will prevent further WBs from contacting you I'm afraid.
First, on the word "whistleblower." A whistleblower is someone who, at personal cost, discloses institutional wrongdoing to the public. Dan Norman sent us, unsolicited, from his corporate Elsevier email, during his work hours, using authenticated Scopus credentials, a document demonstrating methodology for identifying cleared US defense personnel through his employer's own products. The document did not mention 3I/ATLAS once, the topic his outreach claimed to be about. On Signal, in the same conversation, he stated papers could be blocked at peer review by disagreeing reviewers and denied in the same breath that suppression was occurring. That is not whistleblowing. That is something else. THE PUBLICATION GAP documented what it was. Readers can decide.
Second, on "disclosure to his employer." We did not disclose Mr. Norman to Elsevier. Mr. Norman disclosed himself to Elsevier when he used Elsevier's authenticated corporate infrastructure, Elsevier's email servers, Elsevier's Microsoft 365 tenant, Elsevier's Scopus credentials, and Elsevier's LeapSpace access to transmit material to an independent publication. Every one of those systems logs every action. Elsevier has known about this outreach since the moment he sent it, because Elsevier's systems told them. The formal email on Monday did not disclose anything. It asked Elsevier to place its existing institutional knowledge on the record.
Third, on what this prevents. Legitimate whistleblowers do not use their employer's corporate infrastructure to contact press. They use personal devices, anonymous channels, and secure drops.
The Sentinel Network™ operates sentinel.intel.drop@proton.me for exactly that purpose. Our source protection standards are documented in THE PUBLICATION GAP in forensic detail, we redacted every piece of identifying metadata that could have named Mr. Norman before publication, and we would do the same for any genuine source who contacted us through an appropriate channel. What this does prevent is corporate employees using company infrastructure to socially engineer independent press while publicly claiming whistleblower status. That prevention is a feature.
He may have acted not in a very professional way. You don't know if this was a deliberate attempt to manipulate you (If it WAS, it was pathetic, right?). You just assume that the EMail he sent you was tracked by his employer, what if it wasn't? Then you exposed him to his employer.
On "you don't know if it was tracked." Every corporate Microsoft 365 tenant logs every outbound email at the server level. That is how Microsoft 365 is architected. It is not a feature Elsevier can opt out of. The document Mr. Norman sent also carried Microsoft Information Protection sensitivity labels, which are applied by the tenant's compliance engine and recorded in the compliance log. The Scopus session IDs embedded in the file require authentication through Elsevier's SSO, which is also logged. The LeapSpace follow-up files were generated on Elsevier's own internal research tool, which is logged at the service level.
On "deliberate attempt to manipulate." We made no claim about his intent. THE PUBLICATION GAP described what he did and the infrastructure he used to do it. THE FOLLOW-UP describes the institutional response to being asked about it. Readers are free to draw their own conclusions about intent. We drew none.
Sentinel, thank you for your continued phenomenal work on this topic and others. I have learned so much from your investigations and articles. Your commitment to transparency is so refreshing when there is almost none at all in the areas you are focusing. You have found a unique niche in documenting not just potential cover ups themselves, but how they may be engineered. No one else does this. I’ll continue to follow the work here with great interest, especially as a PhD scientist who has interacted with Elsevier many times.
I think although his OPSEC was poor, initiating communication via his work credentials proved that he had credibility working for who he says he works(ed) for. In my opinion he wanted us to read between the lines a little and was just confirming statements you already made about the suppression from an internal perspective? Not sure
Does Hanlon's Razor apply here? "Never attribute to malice that which is adequately explained by stupidity." I would have let this one play out longer, perhaps even indefinitely so long as any legal liability could be avoided.
Peggy, they are letting it play out longer but are reporting after their first deadline was missed. Clearly stated in the article.
I didn’t make my meaning clear. I would have not called attention to the fact that there was an internal source within Elsevier and would have given it more time to see what other info he volunteered. The “source” obviously sucks at remaining anonymous and not getting caught. If Elsevier is in fact suppressing 3I Atlas paper publication and redirecting attention away from this activity, it strains credulity that they are this bad at it. I lean a tiny bit toward thinking the source was acting on his own.
Yeah I agree I feel like they were genuinely trying to point out the internal structure for the benefit of us without directly saying anything that would compromise themselves, but poor OPSEC on their part. RIP.
Got it, fair point.
Why did you disclose your Whistleblower (though this term barely fits here) to his employer? I don't understand what you are trying to achieve here. This will prevent further WBs from contacting you I'm afraid.
First, on the word "whistleblower." A whistleblower is someone who, at personal cost, discloses institutional wrongdoing to the public. Dan Norman sent us, unsolicited, from his corporate Elsevier email, during his work hours, using authenticated Scopus credentials, a document demonstrating methodology for identifying cleared US defense personnel through his employer's own products. The document did not mention 3I/ATLAS once, the topic his outreach claimed to be about. On Signal, in the same conversation, he stated papers could be blocked at peer review by disagreeing reviewers and denied in the same breath that suppression was occurring. That is not whistleblowing. That is something else. THE PUBLICATION GAP documented what it was. Readers can decide.
Second, on "disclosure to his employer." We did not disclose Mr. Norman to Elsevier. Mr. Norman disclosed himself to Elsevier when he used Elsevier's authenticated corporate infrastructure, Elsevier's email servers, Elsevier's Microsoft 365 tenant, Elsevier's Scopus credentials, and Elsevier's LeapSpace access to transmit material to an independent publication. Every one of those systems logs every action. Elsevier has known about this outreach since the moment he sent it, because Elsevier's systems told them. The formal email on Monday did not disclose anything. It asked Elsevier to place its existing institutional knowledge on the record.
Third, on what this prevents. Legitimate whistleblowers do not use their employer's corporate infrastructure to contact press. They use personal devices, anonymous channels, and secure drops.
The Sentinel Network™ operates sentinel.intel.drop@proton.me for exactly that purpose. Our source protection standards are documented in THE PUBLICATION GAP in forensic detail, we redacted every piece of identifying metadata that could have named Mr. Norman before publication, and we would do the same for any genuine source who contacted us through an appropriate channel. What this does prevent is corporate employees using company infrastructure to socially engineer independent press while publicly claiming whistleblower status. That prevention is a feature.
He may have acted not in a very professional way. You don't know if this was a deliberate attempt to manipulate you (If it WAS, it was pathetic, right?). You just assume that the EMail he sent you was tracked by his employer, what if it wasn't? Then you exposed him to his employer.
On "you don't know if it was tracked." Every corporate Microsoft 365 tenant logs every outbound email at the server level. That is how Microsoft 365 is architected. It is not a feature Elsevier can opt out of. The document Mr. Norman sent also carried Microsoft Information Protection sensitivity labels, which are applied by the tenant's compliance engine and recorded in the compliance log. The Scopus session IDs embedded in the file require authentication through Elsevier's SSO, which is also logged. The LeapSpace follow-up files were generated on Elsevier's own internal research tool, which is logged at the service level.
On "deliberate attempt to manipulate." We made no claim about his intent. THE PUBLICATION GAP described what he did and the infrastructure he used to do it. THE FOLLOW-UP describes the institutional response to being asked about it. Readers are free to draw their own conclusions about intent. We drew none.
Sentinel, thank you for your continued phenomenal work on this topic and others. I have learned so much from your investigations and articles. Your commitment to transparency is so refreshing when there is almost none at all in the areas you are focusing. You have found a unique niche in documenting not just potential cover ups themselves, but how they may be engineered. No one else does this. I’ll continue to follow the work here with great interest, especially as a PhD scientist who has interacted with Elsevier many times.
I think although his OPSEC was poor, initiating communication via his work credentials proved that he had credibility working for who he says he works(ed) for. In my opinion he wanted us to read between the lines a little and was just confirming statements you already made about the suppression from an internal perspective? Not sure