Aaron Swartz's Last Project: Open Source System To Securely & Anonymously Submit Documents To The Press

from the add-it-to-the-long-list dept

The New Yorker has announced a new anonymous document sharing system called Strongbox, that will allow people to anonymously and securely submit documents to reporters from the New Yorker. Other publications have tried to set up something like this — often inspired by Wikileaks — but for the most part, they’ve been full of security holes, sometimes big and serious ones. What may be more interesting than the fact that this system is being set up is the story behind it. It’s based on DeadDrop, an open source system that was put together by Aaron Swartz and Kevin Poulsen.

Poulsen has the backstory of DeadDrop here, which is well worth reading. Basically, he and Aaron worked on this project on and off for quite some time, and it was only just completed a few weeks before Aaron’s death. The full story is worth reading, though here’s a snippet:

I wondered about this young tech-startup founder who put his energy into the debate over corporate-friendly copyright term extensions. That, and his co-creation of an anonymity project called Tor2Web, is what I had in mind when I approached him with the secure-submission notion. He agreed to do it with the understanding that the code would be open-source—licensed to allow anyone to use it freely—when we launched the system.

He started coding immediately, while I set out to get the necessary servers and bandwidth at Conde Nast. The security model required that the system be under the company’s physical control, but with its own, segregated infrastructure. Requisitioning was involved. Executives had questions. Lawyers had more questions.

Poulsen also notes that there were questions raised about the code after Aaron’s death, but those were eventually sorted out:

By December, 2012, Aaron’s code was stable, and a squishy launch date had been set. Then, on January 11th, he killed himself. In the immediate aftermath, it was hard to think of anything but the loss and pain of his death. A launch, like so many things, was secondary. His suicide also raised new questions: Who owned the code now? (Answer: he willed all his intellectual property to Sean Palmer, who gives the project his blessing.) Would his closest friends and his family approve of the launch proceeding? (His friend and executor, Alec Resnick, reports that they do.) The New Yorker, which has a long history of strong investigative work, emerged as the right first home for the system.

Of course, Poulsen leaves out his own history here as well. As (perhaps?) many of you know, Poulsen was a somewhat infamous hacker back in the day who eventually (after avoiding law enforcement for quite some time) went to prison for some of his hacks. Since then, he’s become one of my favorite journalists, writing for SecurityFocus and then Wired (and writing a wonderful book, Kingpin about some more recent hackers). While Poulsen and Swartz met long before Swartz was indicted — and Swartz and Poulsen were indicted for very different types of activities — having the two of them work together on a project like this is really quite fascinating.

The unfortunate part of all of this, of course, is that DeadDrop is basically Aaron’s “final project.” Given how much he accomplished prior to that in his short life, it’s just one more thing to add to a very long list of incredible accomplishments, but yet another reminder of how much potential was wiped away by his suicide.

Filed Under: , , , , , , ,
Companies: conde nast

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Aaron Swartz's Last Project: Open Source System To Securely & Anonymously Submit Documents To The Press”

Subscribe: RSS Leave a comment
Anonymous Coward says:

Re: Re:

That’s why the documents are only viewed on an offline machine that has no network access, and is booted from a readonly LiveCD… and then erased completely every time it’s booted thereafter.

In other words, there should be nothing the originator of the docs can do to alert them that the docs are “out there”.

Anonymous Coward says:

[OT] Reminder: House Judiciary on Copyright Reform

[Off-Topic] Reminder: The House Judiciary’s Subcommittee on Courts, Intellectual Property and the Internet will be holding a hearing today on copyright reform.

A Case Study for Consensus Building: The Copyright Principles Project
Thursday 5/16/2013 – 2:00 p.m.
2141 Rayburn House Office Building

Last week’s Techdirt article.

out_of_the_blue says:

Kids, this REQUIRES trustable "man-in-the-middle"!

So it’s MUCH MORE risky than uploading from an internet cafe to several file hosts, the files plainly named, and just relying on the info being recognized by someone.

Why does this require Tor, Conde Nast, and The New Yorker, all three of which are suspect, besides the usual other network weak points? This looks designed to funnel leaks straight into “old media”, where are definitely stenographers on gov’t payroll calling themselves “journalists”.

Then there’s this tacit admission: “he willed all his intellectual property” — SO intellectual property IS a legitimate concept! Guess it only counts when you wish.

Machin Shin (profile) says:

Re: Kids, this REQUIRES trustable "man-in-the-middle"!

Are you really as stupid as you seem or are you just too lazy to actually read what your commenting on?

“Kids, this REQUIRES trustable “man-in-the-middle”!”

How do you figure this? This system has you first get on Tor, hiding your identity, you then upload files that are encrypted to a server(you know, as in the people who own server cant see what it is because umm ITS ENCRYPTED) Then the people at The New Yorker check the box and download the still encrypted data, they then move it to a special computer that is not even online, there they can finally decrypt it.

So, where is this “man in the middle” going to grab the data?

Also… Stenographers? really?

“Definition of STENOGRAPHER
1: a writer of shorthand
2: a person employed chiefly to take and transcribe dictation “

Oh No!!! The government has people who can write SHORTHAND!!!!

Anonymous Coward says:

Re: Kids, this REQUIRES trustable "man-in-the-middle"!

Then there’s this tacit admission: “he willed all his intellectual property” — SO intellectual property IS a legitimate concept! Guess it only counts when you wish.

Uh, you do realize that indented paragraphs in italics are quotes from the source article, right? Mike is not admitting to anything, tacitly or otherwise, simply by quoting Kevin Poulsen in a report on things Kevin Poulsen said.

Coyote (profile) says:

Re: Kids, this REQUIRES trustable "man-in-the-middle"!

Intellectual property is a legitimate concept, but as it exists in its’ current form — last I read, 75+ creator’s lifespan, which is ludicrous — it is pretty bull.

That being said, I suspect you assume people [sorry, “pirates.”] think that it isn’t, and only choose to copy it [whoops, there I go again. “Steal.” is probably the only word you’ll recognize].

Besides that, using someone’s death to further an agenda of further copyright restrictions is just stupid and nonsensical. This can only mean good things, especially since it’s the New Yorker — one of the few ‘old media’ as you call them, that people trust [though I’ve personally never heard of them, so I cannot comment on whether or not I trust them.]

Tor is not ‘suspect.’ Tor is used to legitimately, along with V.P.N. hide your net address and provides actual internet anonymity, something that is REQUIRED nowadays since the Wikileaks situation, to leak information and documents to get them out to the public.

Regardless if it’s used to go into the Deep Web for CP, the black market, etc. it also has legitimate uses. Stop pretending everything you do not like has no legitimate uses in today’s world, and that the current networks we have are secure — they aren’t. I don’t know why you assume Conde Nast is suspect; I suspect that’s more from ignorance than actual awareness or knowledge of it, and just deciding to spout off ‘this is terribibible! oh my gooooooood!!!!’ rather than actually thinking this through.

tqk (profile) says:

Re: Re: Kids, this REQUIRES trustable "man-in-the-middle"!

Intellectual property is a legitimate concept …

No, it’s not. Substitute “imaginary” for “intellectual”, and it becomes clear. How do you transfer a thought held in one person’s imagination to another person? You can describe it in words, or perform it in their presence, but there’s no guarantee they’ll then have the same thought that you’re imagining. In fact, they’ll immediately translate or transform it based on their personal point of view. It can’t possibly be a one to one transferrance.

Throw the concept out. It’s meaningless.

RonKaminsky (profile) says:

Re: Re:

As opposed to crawling out from under a rock and posting on Techdirt? Your post shows how little you actually understand the legal reality of what happened…

BTW, the most important thing he did (which you missed — perhaps because of a blind spot?) was probably this: he made a lot of friends (not necessarily close personal ones) and gained a lot of respect.

tqk (profile) says:

Re: Re:

I could possibly 3 [sic], stole some documents (and got caught), wrote some code, killed himself..

I see you enjoy displaying your ignorance:

Swartz was involved in the development of the web feed format RSS,[4] the organization Creative Commons,[5] the website framework web.py[6] and the social news site Reddit, in which he was an equal partner after its merger with his Infogami company.[i] Swartz also focused on sociology, civic awareness and activism.[7][8] In 2010, he became a research fellow at Harvard University?s Edmond J. Safra Research Lab on Institutional Corruption, directed by Lawrence Lessig.[9][10] He founded the online group Demand Progress, known for its campaign against the Stop Online Piracy Act.

Do you have a wikipedia page, or are your many accomplishments listed anywhere online?

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...