Aaron Swartz’ Legacy: SecureDrop Allows Anonymous Whistleblowing
Freedom of the Press Foundation Launches SecureDrop, an Open-Source Submission Platform for Whistleblowers
October 15, 2013 San Francisco, CA: Freedom of the Press Foundation has taken charge of the DeadDrop project, an open-source whistleblower submission system originally coded by the late transparency advocate Aaron Swartz. In the coming months, the Foundation will also provide on-site installation and technical support to news organizations that wish to run the system, which has been renamed “SecureDrop.”
By installing SecureDrop, news organizations around the world can securely accept documents from whistleblowers, while better protecting their sources’ anonymity. Although it is important to note that no security system can ever be 100 percent impenetrable, Freedom of the Press Foundation believes that this system is the strongest ever made available to media outlets. Several major news agencies have already signed up for installations, and they will be announced in the coming weeks.
“We’ve reached a time in America when the only way the press can assure the anonymity and safety of their sources is not to know who they are,” said JP Barlow, co-founder and board member of Freedom of the Press Foundation. “SecureDrop is where real news can be slipped quietly under the door.”
Originally created by Swartz in partnership with investigative reporter Kevin Poulsen, SecureDrop is a Python application that accepts messages and documents from the web and encrypts them for secure storage. Each source who uses the platform is assigned a unique codename that lets the source establish a relationship with the news organization without having to reveal her real identity or resort to e-mail.
In addition to installation support, Freedom of the Press Foundation will provide media organizations with instruction on security best practices and long-term technical support. Small media organizations with significant financial need may also apply to Freedom of the Press Foundation for help obtaining hardware. The New Yorker, the first news organization to use the SecureDrop code, through its StrongBox project, will continue to operate its system.
Freedom of the Press Foundation is hiring computer-security specialist James Dolan to help maintain the SecureDrop code, install the system for media organizations, and teach journalists about information security. Dolan previously helped manage the New Yorker’s installation of StrongBox, the magazine’s version of SecureDrop. He also originally reviewed and hardened the security architecture before the initial launch.
“Journalists are starting to recognize that sophisticated communications security is a key element in the newsgathering process,” Freedom of the Press Foundation’s Chief Technology Officer Micah Lee said. “SecureDrop is the safest way we know for an anonymous source to send information to journalists while protecting their identity.”
SecureDrop’s code has gone through a detailed security audit by a team of University of Washington researchers, led by Alexei Czeskis. Other authors of the audit include renowned security expert Bruce Schneier and Tor developer Jacob Appelbaum. Freedom of the Press Foundation has made a number of updates to SecureDrop based on these findings and will be making a significant investment in continually improving the system.
“A truly free press hinges on the ability of investigative journalists to build trust with their sources,” Freedom of the Press Foundation Executive Director Trevor Timm said. “The recent NSA revelations and record number of whistleblower prosecutions under the current administration have shown the grave challenges to this relationship and the lengths governments will go to undermine it. Freedom of Press Foundation is committed ushering in a new era of security for journalists and newsrooms of all sizes.”
Freedom of the Press Foundation offers thanks to Poulsen, who developed the original project with Swartz, managed it for the first six months since it went public, and is handing over the reins. Poulsen, who serves as Wired’s investigations editor, is advising the Foundation on the transition, and will continue to serve as a journalism consultant on the project.
“The goal in creating this system was to see it implemented in newsrooms far and wide,” Poulsen said. “Freedom of the Press Foundation is the perfect organization to do that.”
Trevor Timm, Executive Director email@example.com
Micah Lee, CTO firstname.lastname@example.org
Link to this press release –https://pressfreedomfoundation.org/blog/2013/10/freedom-press-foundation…
FAQ about Secure Drop —https://pressfreedomfoundation.org/securedrop#faq
Secure Drop – Installation instructions –https://github.com/freedomofpress/securedrop
Media organization request form (for on-site installation assistance) –https://pressfreedomfoundation.org/securedrop#contact
How We Plan On Keeping SecureDrop As Secure As Possible – Blog Post –https://pressfreedomfoundation.org/blog/2013/10/how-we-plan-keeping-secu…
Security Audit by University of Washington researchers –http://homes.cs.washington.edu/~aczeskis/research/pubs/UW-CSE-13-08-02.PDF