Aaron Swartz's Last Project: Open Source System To Securely & Anonymously Submit Documents To The Press

from the add-it-to-the-long-list dept

The New Yorker has announced a new anonymous document sharing system called Strongbox, that will allow people to anonymously and securely submit documents to reporters from the New Yorker. Other publications have tried to set up something like this -- often inspired by Wikileaks -- but for the most part, they've been full of security holes, sometimes big and serious ones. What may be more interesting than the fact that this system is being set up is the story behind it. It's based on DeadDrop, an open source system that was put together by Aaron Swartz and Kevin Poulsen.

Poulsen has the backstory of DeadDrop here, which is well worth reading. Basically, he and Aaron worked on this project on and off for quite some time, and it was only just completed a few weeks before Aaron's death. The full story is worth reading, though here's a snippet:
I wondered about this young tech-startup founder who put his energy into the debate over corporate-friendly copyright term extensions. That, and his co-creation of an anonymity project called Tor2Web, is what I had in mind when I approached him with the secure-submission notion. He agreed to do it with the understanding that the code would be open-source—licensed to allow anyone to use it freely—when we launched the system.

He started coding immediately, while I set out to get the necessary servers and bandwidth at Conde Nast. The security model required that the system be under the company’s physical control, but with its own, segregated infrastructure. Requisitioning was involved. Executives had questions. Lawyers had more questions.
Poulsen also notes that there were questions raised about the code after Aaron's death, but those were eventually sorted out:
By December, 2012, Aaron’s code was stable, and a squishy launch date had been set. Then, on January 11th, he killed himself. In the immediate aftermath, it was hard to think of anything but the loss and pain of his death. A launch, like so many things, was secondary. His suicide also raised new questions: Who owned the code now? (Answer: he willed all his intellectual property to Sean Palmer, who gives the project his blessing.) Would his closest friends and his family approve of the launch proceeding? (His friend and executor, Alec Resnick, reports that they do.) The New Yorker, which has a long history of strong investigative work, emerged as the right first home for the system.
Of course, Poulsen leaves out his own history here as well. As (perhaps?) many of you know, Poulsen was a somewhat infamous hacker back in the day who eventually (after avoiding law enforcement for quite some time) went to prison for some of his hacks. Since then, he's become one of my favorite journalists, writing for SecurityFocus and then Wired (and writing a wonderful book, Kingpin about some more recent hackers). While Poulsen and Swartz met long before Swartz was indicted -- and Swartz and Poulsen were indicted for very different types of activities -- having the two of them work together on a project like this is really quite fascinating.

The unfortunate part of all of this, of course, is that DeadDrop is basically Aaron's "final project." Given how much he accomplished prior to that in his short life, it's just one more thing to add to a very long list of incredible accomplishments, but yet another reminder of how much potential was wiped away by his suicide.

Filed Under: aaron swartz, anonymity, deaddrop, journalism, kevin poulsen, open source, strongbox, the new yorker
Companies: conde nast


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. icon
    Machin Shin (profile), 16 May 2013 @ 7:07am

    Re: Kids, this REQUIRES trustable "man-in-the-middle"!

    Are you really as stupid as you seem or are you just too lazy to actually read what your commenting on?

    "Kids, this REQUIRES trustable "man-in-the-middle"!"

    How do you figure this? This system has you first get on Tor, hiding your identity, you then upload files that are encrypted to a server(you know, as in the people who own server cant see what it is because umm ITS ENCRYPTED) Then the people at The New Yorker check the box and download the still encrypted data, they then move it to a special computer that is not even online, there they can finally decrypt it.

    So, where is this "man in the middle" going to grab the data?

    Also... Stenographers? really?

    "Definition of STENOGRAPHER
    1: a writer of shorthand
    2: a person employed chiefly to take and transcribe dictation "

    Oh No!!! The government has people who can write SHORTHAND!!!!

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Special Affiliate Offer

Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.