In the wake of Edward Snowden‘s revelations about secret National Security Agency surveillance programs, government whistleblowers are under more scrutiny than ever before—but they also have more tools to carry out their activities securely.
This week, the Freedom of the Press Foundation announced it was taking over the DeadDrop project, a system developed by late Internet activist and transparency advocate, Aaron Swartz. The system provides a secure platform for journalists and their sources to communicate, without the need to meet or exchange contact information. A previous version of the system, called StrongBox, was implemented by The New Yorker last June.
On Oct. 15, Freedom of the Press publicly detailed their plans to share SecureDrop with journalistic organizations far and wide. Over the next few weeks, the names of several major news agencies planning to implement the system will be made public. The organization has offered to aid these agencies with the installation of SecureDrop, as well as provide long-term technical support. The public has also been encourage to examine the system’s open source code and provide feedback.
SecureDrop’s application environment relies on four dedicated computers to function properly. Three of the computers run Ubuntu Server. The fourth uses Tails, a privacy-oriented operating system. Tails is accessed via USB drive, so information isn’t automatically copied onto the computer, which means there are fewer tracks to cover.
Sources use a server that runs Tor anonymizing software to send messages and documents to journalists. Journalists download the data onto a document server, which also uses Tor, and then physically transfer it to a secure, offline viewing station using a USB drive. The documents are then decrypted using PGP (Pretty Good Privacy) software. As an extra layer of security, a monitoring server provides email notifications when activity is detected on the system.
Journalists will use their own laptops to access the document server and send encrypted messages to their sources, but all data must be transferred via USB drive once decrypted at the viewing station. Freedom of the Press recommends using the Diceware method to generate secure passphrases.
Regardless of how guarded a system is, there’s no such thing as absolute protection. However, Freedom of the Press claims SecureDrop is by far the most secure system ever offered publicly to the media.
“Journalists are starting to recognize that sophisticated communications security is a key element in the newsgathering process. SecureDrop is the safest way we know for an anonymous source to send information to journalists while protecting their identity,” said Micah Lee, Chief Technology Officer.
— Trevor Timm (@trevortimm) October 15, 2013
SecureDrop has been widely referred to as Aaron Swartz’s “final gift to the Internet.” Freedom of the Press also consulted with Wired journalist Kevin Poulsen, who previously partnered with Swartz in developing the original code used to create SecureDrop.
Swartz took his own life in January while facing charges under the Computer Fraud and Abuse Act. He had been arrested by MIT police after rapidly downloading online copies of academic journals from the digital library JSTOR. The charges carried a maximum prison sentence of 35 years. Following Swartz’s death, the U.S. Justice Department was accused of bullying him over what was essentially a victimless crime. Among the accusers was his father, Robert, who while speaking at his son’s funeral said, “He was killed by the government.”
My talk from yesterday, “How We Stopped SOPA”: https://t.co/N5gYrX3L
— Aaron Swartz (@aaronsw) May 22, 2012
Last month, Swartz won the Electronic Frontier Foundation’s 2013 Pioneer Award. He contributed to the development of RSS, the founding of Reddit, the founding of Demand Progress, the founding of Creative Commons, and the creation of OpenLibrary, among countless other successful projects and websites. As an activist, he passionately defended universal free access to information and combated legislation that would have imposed a policy of censorship throughout the Internet. This year, he was posthumously inducted into the Internet Hall of Fame.
Swartz was only 26 years old.
Photo by Jacob Applebaum (Remix by Dell Cameron)