The Freedom of the Press Foundation (FPF), an organization committed to defending and supporting aggressive, public interest journalism has taken control of a system for accepting submissions from whistleblowers and protecting the confidentiality of news sources.
Developed and originally coded by the late transparency advocate Aaron Swartz and Wired magazine investigations editor Kevin Poulsen, SecureDrop is capable of accepting documents from individuals while protecting their anonymity.
Trevor Timm, co-founder of the Freedom of the Press Foundation, explained the system allows for a source to choose whether to share his or her identity with a media organization. The system can be used by media organizations as they authenticate documents. It can be utilized as a communications tool after documents are received, which can help journalists obtain answers from sources to better authenticate documents.
Several media organizations, according to FPF, have already indicated interest in having the system installed. To assist media organizations, FPF has hired computer-security specialist James Dolan to help install the system for media organizations and also teach journalists how to use it correctly.
As indicated in a press release, “SecureDrop is a Python application that accepts messages and documents from the web and encrypts them for secure storage. Each source who uses the platform is assigned a unique codename that lets the source establish a relationship with the news organization without having to reveal her real identity or resort to email.”
Previously, The New Yorker installed a version of SecureDrop, which they launched as StrongBox in May. Dolan helped the magazine install the system.
Nicholas Thompson, the editor of newyorker.com, told Dan Froomkin that Strongbox had “turned out to be even more useful than anticipated.” He said, “Not only is it a good tool for people we didn’t know about to send us information we don’t know, it’s also a good tool for just communicating with sources who don’t want to meet in a park.”
A security audit of SecureDrop was conducted by a group of security researchers, including Jacob Appelbaum and Bruce Schneier. The system’s main flaws were found to be related to usability, which made it likely the system would be operated insecurely.
The system “requires a fair amount of technical sophistication on behalf of journalists (such as being able to use the GPG encryption software) and sources (such as being able to sanitize the metadata in the submitted documents),” according to the audit. “We believe that this lack of usability may lead to failures in anonymization.”
The audit briefly analyzed StrongBox. It found that the system may not have been installed appropriately. Those involved in the audit submitted documents to The New Yorker to see if they were “checking submissions correctly.” In the documents, they requested that staff reply to the documents and gave instructions on how that could be done. “More than 9 weeks” later, they still had not received a reply indicating whether documents had been received, even though staff were “repeatedly informed” via a media contact about the submissions.
Prior to FPF’s acquiring control of this system, it was called DeadDrop. The way it works is described in the audit:
…a media organization deploys DeadDrop on its servers. Individuals (sources) who want to anonymously communicate with journalists visit the organization’s DeadDrop deployment page and are shown four random codewords, which the source is supposed to remember. The source is then shown a page that allows him or her to submit messages and documents. The DeadDrop system is designed to encrypt all messages and documents in such a way that only the journalists are able to decrypt them. The journalists can communicate back to the source by leaving messages in the DeadDrop application, which the source can view by visiting the DeadDrop page as before and entering his/her codewords. Messages for the source are encrypted and are designed to only be decryptable using the codewords. Conceptually, DeadDrop creates anonymous mailboxes that the source and journalist can use to communicate with each other. DeadDrop uses several techniques designed to prevent the journalist from learning the source’s identity (including the source’s IP address or location). Similarly, DeadDrop is designed to safeguard the privacy and confidentiality of the source’s submitted messages and files in case of global internet monitoring and even physical removal of the DeadDrop servers…
The new effort by FPF could not be more timely. Last week, the Committee to Protect Journalists released a ground-breaking report on the effect surveillance and leaks investigations by President Barack Obama’s administration have had on the press.
Veteran national security journalist R. Jeffrey Smith of the Center for Public Integrity told Leonard Downie Jr., author of the report, “I worry now about calling somebody because the contact can be found out through a check of phone records or e-mails. And, “It leaves a digital trail that makes it easier for the government to monitor those contacts.”
Rajiv Chandrasekaran, Washington Post national security reporter, said there was now greater concern communications—office phones, email systems, etc—were being monitored. “I have to resort to personal email or face to face, even for things I would consider routine.”
The Tow Center for Digital Journalism also recently released a report on the effects of mass surveillance on journalism. It condemned the broader issue of “indiscriminate collection of information on the communications of all possible sources.”
“It is not enough to protect journalists,” the report stated. “For a free press to function, we must also protect the means of communicating with a journalist. At the present time, the NSA has made private electronic communication essentially impossible, at least in practical terms.”
This effort offers a way for reporters to continue to engage in investigative journalism, which is crucial to exposing abuses of power, by creating a mechanism for dodging invasive and total surveillance.