Wednesday, October 16, 2013

Aaron Swartz’s unfinished whistleblowing platform finally launches

SecureDrop was heavily audited by Bruce Schneier, Jacob Appelbaum, and others.

About nine months ago, the Internet lost one of its most beloved activists in Aaron Swartz. But starting today, his legacy lives on through the formal launch of a project called SecureDrop.
The new online platform was originally coded by Swartz in collaboration with Wired reporter Kevin Poulsen. It has since been taken over by the Freedom of the Press Foundation, a group founded by a handful of Electronic Frontier Foundation staffers. The group describes its SecureDrop in this way:
SecureDrop is a Python application that accepts messages and documents from the Web and encrypts them for secure storage. Each source who uses the platform is assigned a unique codename that lets the source establish a relationship with the news organization without having to reveal her real identity or resort to e-mail.
The project’s code has gone through a “detailed security audit” (PDF) by a team from the University of Washington, which also included Bruce Schneier and Jacob Appelbaum (Tor developer and renowned security researcher).
“I think the [former National Security Agency contractor, Edward Snowden] case showed that there are sources out there that really care about security and will only go to journalists who take it seriously,” Trevor Timm, the Freedom of the Press Foundation’s executive director, told Ars.
“On the flip side of things, I don’t think your average source is as brilliant as Snowden. He may have been able to [leak information securely] through various methods because he was a trained expert in this type of way of communicating. For others it may not be so easy. What we hope to accomplish with this is to allow a source who does not have as much technical prowess as Snowden to feel much safer than using an open source communication like e-mail.”
Timm added that media organizations that want to participate in installing this software on their servers can do so for free, and the group also offers technical assistance. That would involve reimbursements of “travel and hardware costs” to the Freedom of the Press Foundation, probably totaling in the “single thousands of dollar” range.
SecureDrop is hardly the first online submission system to launch in the years since WikiLeaks’ debut. Many similar whistleblowing sites have come and gone (a few even had some limited success) since then, as Ars has previously documented.
Since May 2013, The New Yorker has been using this code to run its StrongBox project (like Ars, The New Yorker is a CondĂ© Nast publication). At this time, it's unclear what, if any, impact the project has had so far. But Nicholas Thompson, editor of newyorker.com, told Nieman Reports in August 2013 that Strongbox has been useful.
"Not only is it a good tool for people we didn't know about to send us information we don't know, it's also a good tool for just communicating with sources who don't want to meet in a park,” he said.

No comments:

Post a Comment