Meet SecureDrop, a New Lock Box for Whistleblowers

A new way for sources to reach journalists, based on technology developed by the late activist and coder Aaron Swartz

  • Share
  • Read Later
Adrees Latif / REUTERS

The Statue of Liberty is seen from this aerial view on October 31, 2012.

A U.S. press freedom group has taken charge of Aaron Swartz’s DeadDrop project, and is launching an open-source whistleblower submission system to the public. SecureDrop, which sources can use to send documents and messages to reporters safely, was originally put together by Swartz and Wired investigative editor Kevin Poulsen. The new system should make it easier for whistleblowers to talk to reporters.

Freedom of the Press Foundation, which is spearheading the project, will provide on-site installation and technical support to news organizations that wish to run this new system, according to program director Trevor Timm, who specializes in digital civil liberties. This open-source system is designed for whistleblower submissions via a platform originally coded by the late transparency advocate Aaron Swartz. “We’re trying to get the top media outlets involved,” Timm told TIME in a telephone interview Monday.

In May, the New Yorker introduced an open-source whistleblower system based on the underlying code, called StrongBox. “We are very glad to be the first to bring it out into the world, fully implemented,” the New Yorker‘s Amy Davidson wrote. The Guardian and the New York Times have been experimenting with similar models.

Wired’s Poulsen provided some background on the effort: “By December, 2012, Aaron’s code was stable, and a squishy launch date had been set,” Poulsen wrote. “Then, on January 11th, he killed himself. In the immediate aftermath, it was hard to think of anything but the loss and pain of his death,” Poulsen wrote. “Journalists are starting to recognize that sophisticated communications security is a key element in the news gathering process.”

(MOREAaron Swartz’s Father Blasts MIT Report, Says School Wasn’t Neutral)

Swartz, a celebrated young computer programmer and Internet activist, committed suicide in January. He was facing a federal prison sentence on felony data-theft charges for downloading academic articles using MIT’s network. Swartz’s death triggered an outpouring of grief in the technology and Internet community, and prompted soul-searching questions among policy experts, lawmakers and MIT officials.

SecureDrop is where “real news can be slipped quietly under the door,” according to JP Barlow, co-founder and board member of Freedom of the Press Foundation. Any news organization can install SecureDrop for free and make modifications to the open-source software. Freedom of the Press Foundation is offering to help news organizations install SecureDrop and train their journalists in the system to ensure the best protection for sources.

“Journalists are starting to recognize that sophisticated communications security is a key element in the news gathering process,” Micah Lee, chief technology officer at Freedom of the Press Foundation, said in a statement. “SecureDrop is the safest way we know for an anonymous source to send information to journalists while protecting their identity.”

SecureDrop’s code has gone through a “detailed security audit” by a team of University of Washington researchers, led by Alexei Czeskis. Bruce Schneier and Tor developer Jacob Appelbaum have also reviewed the code. It’s worth noting that SecureDrop, like all security systems, is not 100% secure. “Any organization or product that promises 100% security is not telling the truth,” according to the Freedom of the Press Foundation. “SecureDrop attempts to create a significantly more secure environment for sources to get information than currently exists through normal digital channels, but there are always risks.”

Still, SecureDrop represents a step forward in the battle to protect news sources. “A truly free press is based on the ability of investigative journalists to build trust with their sources,” says Timm, who serves as Executive Director of the Freedom of the Press Foundation. “The recent NSA revelations and record number of whistleblower prosecutions under the Obama administration have shown the grave challenges to this relationship and the lengths governments will go to undermine it.”

Poulsen, who serves as Wired’s investigations editor, is advising the Foundation on the transition, and will continue to serve as a journalism consultant on the project. “The goal in creating this system was to see it implemented in newsrooms far and wide,” Poulsen said in a statement. “Freedom of the Press Foundation is the perfect organization to do that.”

Freedom of the Press Foundation has hired computer-security expert James Dolan to help maintain the SecureDrop code and install the system for media organizations. For now, Freedom of the Press Foundation will bear the cost of sending Dolan to news organizations to help them install the system. Dolan previously helped manage the New Yorker’s installation of StrongBox, the magazine’s version of SecureDrop.