- George Zimmerman is suing Pete Buttigieg, Elizabeth Warren 6 Years Ago
- Netflix’s ‘Horse Girl’ accused of ripping off 2017 indie film 6 Years Ago
- The Genyus Network is a safe social space for stroke survivors 6 Years Ago
- MAGA hat-wearing dog finishes last in ‘Today Show’ fan vote—still named winner 6 Years Ago
- Reddit users share stories of the worst things guests have done in their homes Today 1:25 PM
- WikiLeaks lawyer says Trump offered Assange a pardon—if he’d deny Russian hack Today 1:16 PM
- 6-year-old placed in psychiatric facility for ‘trantrum’ is seen acting calm in body cam footage Today 1:05 PM
- Amy Klobuchar devouring Ivanka Trump is the 2020 vore crossover no one wanted Today 12:32 PM
- Review: Hulu’s ‘Devs’ is a brilliant work of near-future science fiction Today 11:53 AM
- Rapper Pop Smoke dead at 20 Today 11:42 AM
- KSI says he will back Team YouTube if Logan Paul fights Antonio Brown Today 11:29 AM
- William Barr questions whether tech companies should be protected for user content Today 11:10 AM
- The Bloomberg campaign has reached its post-parody zenith Today 10:35 AM
- Ben Affleck explains why he lied about his back tattoo Today 10:28 AM
- Kim Kardashian West accidentally praises Jeff Bezos for threatening to fire employees Today 10:19 AM
SecureDrop, Aaron Swartz’s secure software for whistleblowers, gets a reboot
SecureDrop uses four different servers to keep communications between whistleblowers and reporters private.
In the wake of Edward Snowden‘s revelations about secret National Security Agency surveillance programs, government whistleblowers are under more scrutiny than ever before—but they also have more tools to carry out their activities securely.
This week, the Freedom of the Press Foundation announced it was taking over the DeadDrop project, a system developed by late Internet activist and transparency advocate, Aaron Swartz. The system provides a secure platform for journalists and their sources to communicate, without the need to meet or exchange contact information. A previous version of the system, called StrongBox, was implemented by The New Yorker last June.
On Oct. 15, Freedom of the Press publicly detailed their plans to share SecureDrop with journalistic organizations far and wide. Over the next few weeks, the names of several major news agencies planning to implement the system will be made public. The organization has offered to aid these agencies with the installation of SecureDrop, as well as provide long-term technical support. The public has also been encourage to examine the system’s open source code and provide feedback.
SecureDrop’s application environment relies on four dedicated computers to function properly. Three of the computers run Ubuntu Server. The fourth uses Tails, a privacy-oriented operating system. Tails is accessed via USB drive, so information isn’t automatically copied onto the computer, which means there are fewer tracks to cover.
Sources use a server that runs Tor anonymizing software to send messages and documents to journalists. Journalists download the data onto a document server, which also uses Tor, and then physically transfer it to a secure, offline viewing station using a USB drive. The documents are then decrypted using PGP (Pretty Good Privacy) software. As an extra layer of security, a monitoring server provides email notifications when activity is detected on the system.
Journalists will use their own laptops to access the document server and send encrypted messages to their sources, but all data must be transferred via USB drive once decrypted at the viewing station. Freedom of the Press recommends using the Diceware method to generate secure passphrases.
Regardless of how guarded a system is, there’s no such thing as absolute protection. However, Freedom of the Press claims SecureDrop is by far the most secure system ever offered publicly to the media.
“Journalists are starting to recognize that sophisticated communications security is a key element in the newsgathering process. SecureDrop is the safest way we know for an anonymous source to send information to journalists while protecting their identity,” said Micah Lee, Chief Technology Officer.
— Trevor Timm (@trevortimm) October 15, 2013
SecureDrop has been widely referred to as Aaron Swartz’s “final gift to the Internet.” Freedom of the Press also consulted with Wired journalist Kevin Poulsen, who previously partnered with Swartz in developing the original code used to create SecureDrop.
Swartz took his own life in January while facing charges under the Computer Fraud and Abuse Act. He had been arrested by MIT police after rapidly downloading online copies of academic journals from the digital library JSTOR. The charges carried a maximum prison sentence of 35 years. Following Swartz’s death, the U.S. Justice Department was accused of bullying him over what was essentially a victimless crime. Among the accusers was his father, Robert, who while speaking at his son’s funeral said, “He was killed by the government.”
My talk from yesterday, “How We Stopped SOPA”: http://t.co/N5gYrX3L
— Aaron Swartz (@aaronsw) May 22, 2012
Last month, Swartz won the Electronic Frontier Foundation’s 2013 Pioneer Award. He contributed to the development of RSS, the founding of Reddit, the founding of Demand Progress, the founding of Creative Commons, and the creation of OpenLibrary, among countless other successful projects and websites. As an activist, he passionately defended universal free access to information and combated legislation that would have imposed a policy of censorship throughout the Internet. This year, he was posthumously inducted into the Internet Hall of Fame.
Swartz was only 26 years old.
Photo by Jacob Applebaum (Remix by Dell Cameron)
Dell Cameron was a reporter at the Daily Dot who covered security and politics. In 2015, he revealed the existence of an American hacker on the U.S. government's terrorist watchlist. He is a co-author of the Sabu Files, an award-nominated investigation into the FBI's use of cyber-informants. He became a staff writer at Gizmodo in 2017.