Aaron Swartz's Final Project: Secure Whistleblower Submission Platform Gets New Support

from the and-a-detailed-security-audit dept

Back in May, we wrote about Aaron Swartz's final project, done in collaboration with Wired's Kevin Poulsen, to create a very secure platform to allow whistleblowers to anonymously submit documents to the press. At the time it was called DeadDrop, and the initial media partner was The New Yorker, which set up its version as Strongbox. It's unclear if anyone's actually used Strongbox, but obviously since that launch there's been renewed attention concerning leakers and whistleblowers, and ways to leak information safely.

Today it was announced that the Freedom of the Press Foundation, an offshoot of the EFF which we've covered before, has taken over the project, now dubbed SecureDrop. Besides having the support of the Foundation to help with development and deployment of the platform, they've also announced that the system has gone through a significant security audit by some of the most respected names in the business, leading to a few additional improvements:
SecureDrop’s code has gone through a detailed security audit by a team of University of Washington researchers, led by Alexei Czeckis. Other authors of the audit include renowned security expert Bruce Schneier and Tor developer Jacob Appelbaum. Freedom of the Press Foundation has made a number of updates to SecureDrop based on these findings and will be making a significant investment in continually improving the system.  
On top of that the Foundation has hired computer security expert James Dolan to maintain the code and to help install the system for media organizations. He helped do the original installation of StrongBox for the New Yorker. Hopefully a bunch of media organizations look into using this system, as it will help provide better ways to protect whistleblowers, especially in an age where they're under such constant attack from the government.


Reader Comments (rss)

(Flattened / Threaded)

  •  
    identicon
    Anonymous Coward, Oct 16th, 2013 @ 1:06am

    Hmmm that's why US Government has been trying to spy on Tor users...

     

    reply to this | link to this | view in chronology ]

  •  
    icon
    Ninja (profile), Oct 16th, 2013 @ 3:10am

    Seems like a good way to protect these guys from the Government. I haven't seen the details but the first question that came to mind is how you can trust the submissions? I mean Manning and Snowden for instance had ties to the Govt so it adds credibility. How does that system work? Does it identify who is uploading?

     

    reply to this | link to this | view in chronology ]

  •  
    identicon
    Anonymous Coward, Oct 16th, 2013 @ 5:20am

    let's face it, every government etc relies on and encourages whistleblowers until they release something about them, then it's a totally different matter! if being embarrassed is too much attention for those concerned, they should have thicker skins. if doing something illegal is exposed, those concerned need prosecuting and not be able to hide behind their positions. governments, however, are in the public eye more than any other and need to be squeaky clean. if they are not, they deserve the wrath of the public. what they should not do is persecute and prosecute those that expose the wrong doing. that is destroying the public trust and replacing democracy with Fascism or something similar!

     

    reply to this | link to this | view in chronology ]

  • This comment has been flagged by the community. Click here to show it
     
    identicon
    horse with no name, Oct 16th, 2013 @ 7:15am

    whistleblowing or data dump?

    I think that the real risk these days is that there is little difference between whistleblowers and data dumpers. A true whistleblower would spot a more specific instance of something, and perhaps leak data related to that particular event or situation.

    The Manning situation is a perfect example of a data dump. He dumped tons of data that had nothing to do with whistleblowing any particular situation, rather it was done to put as much stuff out there so many someone else might find something that was perhaps unseemly. That isn't whistleblowing at all.

    I am sure that almost any business or company could be a victim of this sort of thing. If you look at the lunch or travel expenses for every person every time, you are very likely to find someone who fudged a few dollars along the way, reported an extra meal, or something similar. A datadump from almost any company could turn up something, without any particular whistleblowing.

    Tools that encourage mindless and vengeful data dumping does not really help us in the long run. It only encourages governments, companies, and individuals to hide and restrict stuff more, and to find better ways to disguise their misdeeds. That isn't going to benefit anyone.

     

    reply to this | link to this | view in chronology ]

    •  
      icon
      John Fenderson (profile), Oct 16th, 2013 @ 11:35am

      Re: whistleblowing or data dump?

      If you look at the lunch or travel expenses for every person every time, you are very likely to find someone who fudged a few dollars along the way


      True, but irrelevant. The wrongdoing that's been exposed by Manning, Snowden, etc., has hardly been of that sort. And, really, nobody would care at all if the only wrongdoing was trivial fudging of expense reports.

      It only encourages governments, companies, and individuals to hide and restrict stuff more


      Meh. They've been in maximum coverup mode for years. We're well above the threshold where further encouragement has any effect.

       

      reply to this | link to this | view in chronology ]

    •  
      identicon
      Anonymous Coward, Oct 16th, 2013 @ 11:41pm

      Re: horse blowing or horse taking a dump?

      horse with no name just hates it when due process is enforced.

       

      reply to this | link to this | view in chronology ]

  •  
    identicon
    Pixelation, Oct 16th, 2013 @ 7:48am

    Que the NSA...

    showing up with "Legal Papers" demanding a back door.

     

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This