SecureDrop Launches New Open-Source Submission System For Journalists

Aaron Swartz is landing one final blow to the powers that be, with an assist from Edward Snowden.

Before his untimely death, the legendary Reddit co-founder and RSS co-creator had just finished the code for a WikiLeaks-style submission system called DeadDrop, designed for journalists to communicate anonymously with their sources. Now, with the help of Snowden's revelations about the NSA's decryption tactics, the system's underlying code has been made even more resistant to government snooping. On Tuesday, the Freedom of the Press Foundation announced a new version of Swartz's project, renamed SecureDrop.

"We want this to be part of his legacy," said Trevor Timm, executive director of the nonprofit transparency organization. The group hopes that SecureDrop "really acts as that safety valve, that when the transparency of government breaks down, whistleblowers still have a place to go."

The idea was to create an encrypted platform through which journalists and sources could communicate files and messages. Sources are given code names so that they can remain anonymous, if they wish. And everything is open-source, so outside security researchers and hackers can add their own two cents about which aspects of the system work and which don't.

Security and anonymity are topics of significant interest to journalists in the wake of Snowden's revelations about widespread government surveillance, and in light of President Barack Obama's unprecedented use of the Espionage Act to prosecute national security leakers.

Timm says his group is keenly aware of "the fact that nothing is ever 100 percent secure," but he believes widespread adoption of SecureDrop will make every journalist who uses it safer.

"If everyone has an anonymous admissions system, it's even harder for the government to put a target on everyone's backs, because then they're targeting everybody," he said.

SecureDrop has been reviewed by several prominent online encryption researchers: Security experts from the University of Washington have audited SecureDrop's code with an assist from cryptopgrapher Bruce Schneier and Tor developer Jacob Appelbaum. Most of the audit was finished prior to Snowden's revelations, but Timm said at least two additional changes were made in response to security flaws Snowden exposed.

The audit concluded that "many of the technical properties of DeadDrop are decent; however, we do not believe that DeadDrop is yet ready for deployment in an ecosystem with nation-state capable adversaries and non-expert users." Timm said that many of the weaknesses identified by the researchers have been addressed.

The Freedom of the Press Foundation, meanwhile, counts the two journalists who broke the Snowden stories -- the Guardian's Glenn Greenwald and independent filmmaker Laura Poitras -- among its board members. The group was also active in raising funds to document the trial of WikiLeaks source Chelsea Manning.

The group plans to help journalistic organizations with the technical details of installing SecureDrop, and expects to announce the names of additional outlets that are adopting it in the coming weeks.

The New Yorker has been using an earlier version of Swartz's code since May. The magazine's online editor told Dan Froomkin in August that "Not only is it a good tool for people we didn't know about to send us information we don't know, it's also a good tool for just communicating with sources who don't want to meet in a park."



SAY WHAT?! The Strangest Bills Of 2013