Aaron Swartz's Last Project: Open Source System To Securely & Anonymously Submit Documents To The Press
from the add-it-to-the-long-list dept
The New Yorker has announced a new anonymous document sharing system called Strongbox, that will allow people to anonymously and securely submit documents to reporters from the New Yorker. Other publications have tried to set up something like this -- often inspired by Wikileaks -- but for the most part, they've been full of security holes, sometimes big and serious ones. What may be more interesting than the fact that this system is being set up is the story behind it. It's based on DeadDrop, an open source system that was put together by Aaron Swartz and Kevin Poulsen.Poulsen has the backstory of DeadDrop here, which is well worth reading. Basically, he and Aaron worked on this project on and off for quite some time, and it was only just completed a few weeks before Aaron's death. The full story is worth reading, though here's a snippet:
I wondered about this young tech-startup founder who put his energy into the debate over corporate-friendly copyright term extensions. That, and his co-creation of an anonymity project called Tor2Web, is what I had in mind when I approached him with the secure-submission notion. He agreed to do it with the understanding that the code would be open-source—licensed to allow anyone to use it freely—when we launched the system.Poulsen also notes that there were questions raised about the code after Aaron's death, but those were eventually sorted out:
He started coding immediately, while I set out to get the necessary servers and bandwidth at Conde Nast. The security model required that the system be under the company’s physical control, but with its own, segregated infrastructure. Requisitioning was involved. Executives had questions. Lawyers had more questions.
By December, 2012, Aaron’s code was stable, and a squishy launch date had been set. Then, on January 11th, he killed himself. In the immediate aftermath, it was hard to think of anything but the loss and pain of his death. A launch, like so many things, was secondary. His suicide also raised new questions: Who owned the code now? (Answer: he willed all his intellectual property to Sean Palmer, who gives the project his blessing.) Would his closest friends and his family approve of the launch proceeding? (His friend and executor, Alec Resnick, reports that they do.) The New Yorker, which has a long history of strong investigative work, emerged as the right first home for the system.Of course, Poulsen leaves out his own history here as well. As (perhaps?) many of you know, Poulsen was a somewhat infamous hacker back in the day who eventually (after avoiding law enforcement for quite some time) went to prison for some of his hacks. Since then, he's become one of my favorite journalists, writing for SecurityFocus and then Wired (and writing a wonderful book, Kingpin about some more recent hackers). While Poulsen and Swartz met long before Swartz was indicted -- and Swartz and Poulsen were indicted for very different types of activities -- having the two of them work together on a project like this is really quite fascinating.
The unfortunate part of all of this, of course, is that DeadDrop is basically Aaron's "final project." Given how much he accomplished prior to that in his short life, it's just one more thing to add to a very long list of incredible accomplishments, but yet another reminder of how much potential was wiped away by his suicide.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: aaron swartz, anonymity, deaddrop, journalism, kevin poulsen, open source, strongbox, the new yorker
Companies: conde nast
Reader Comments
Subscribe: RSS
View by: Time | Thread
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
Re:
In other words, there should be nothing the originator of the docs can do to alert them that the docs are "out there".
[ link to this | view in chronology ]
Re: Re:
[ link to this | view in chronology ]
[OT] Reminder: House Judiciary on Copyright Reform
A Case Study for Consensus Building: The Copyright Principles Project
Thursday 5/16/2013 - 2:00 p.m.
2141 Rayburn House Office Building
Last week's Techdirt article.
[ link to this | view in chronology ]
All the security in the world can't help
[ link to this | view in chronology ]
Re: All the security in the world can't help
[ link to this | view in chronology ]
Re: All the security in the world can't help
[ link to this | view in chronology ]
Kids, this REQUIRES trustable "man-in-the-middle"!
Why does this require Tor, Conde Nast, and The New Yorker, all three of which are suspect, besides the usual other network weak points? This looks designed to funnel leaks straight into "old media", where are definitely stenographers on gov't payroll calling themselves "journalists".
Then there's this tacit admission: "he willed all his intellectual property" -- SO intellectual property IS a legitimate concept! Guess it only counts when you wish.
[ link to this | view in chronology ]
Re: Kids, this REQUIRES trustable "man-in-the-middle"!
"Kids, this REQUIRES trustable "man-in-the-middle"!"
How do you figure this? This system has you first get on Tor, hiding your identity, you then upload files that are encrypted to a server(you know, as in the people who own server cant see what it is because umm ITS ENCRYPTED) Then the people at The New Yorker check the box and download the still encrypted data, they then move it to a special computer that is not even online, there they can finally decrypt it.
So, where is this "man in the middle" going to grab the data?
Also... Stenographers? really?
"Definition of STENOGRAPHER
1: a writer of shorthand
2: a person employed chiefly to take and transcribe dictation "
Oh No!!! The government has people who can write SHORTHAND!!!!
[ link to this | view in chronology ]
Re: Re: Kids, this REQUIRES trustable "man-in-the-middle"!
[ link to this | view in chronology ]
Re: Kids, this REQUIRES trustable "man-in-the-middle"!
[ link to this | view in chronology ]
Re: Kids, this REQUIRES trustable "man-in-the-middle"!
Uh, you do realize that indented paragraphs in italics are quotes from the source article, right? Mike is not admitting to anything, tacitly or otherwise, simply by quoting Kevin Poulsen in a report on things Kevin Poulsen said.
[ link to this | view in chronology ]
Re: Kids, this REQUIRES trustable "man-in-the-middle"!
That being said, I suspect you assume people [sorry, "pirates."] think that it isn't, and only choose to copy it [whoops, there I go again. "Steal." is probably the only word you'll recognize].
Besides that, using someone's death to further an agenda of further copyright restrictions is just stupid and nonsensical. This can only mean good things, especially since it's the New Yorker -- one of the few 'old media' as you call them, that people trust [though I've personally never heard of them, so I cannot comment on whether or not I trust them.]
Tor is not 'suspect.' Tor is used to legitimately, along with V.P.N. hide your net address and provides actual internet anonymity, something that is REQUIRED nowadays since the Wikileaks situation, to leak information and documents to get them out to the public.
Regardless if it's used to go into the Deep Web for CP, the black market, etc. it also has legitimate uses. Stop pretending everything you do not like has no legitimate uses in today's world, and that the current networks we have are secure -- they aren't. I don't know why you assume Conde Nast is suspect; I suspect that's more from ignorance than actual awareness or knowledge of it, and just deciding to spout off 'this is terribibible! oh my gooooooood!!!!' rather than actually thinking this through.
[ link to this | view in chronology ]
Re: Re: Kids, this REQUIRES trustable "man-in-the-middle"!
No, it's not. Substitute "imaginary" for "intellectual", and it becomes clear. How do you transfer a thought held in one person's imagination to another person? You can describe it in words, or perform it in their presence, but there's no guarantee they'll then have the same thought that you're imagining. In fact, they'll immediately translate or transform it based on their personal point of view. It can't possibly be a one to one transferrance.
Throw the concept out. It's meaningless.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
an elaborate system
[ link to this | view in chronology ]
Far easier ways...
E.g. http://www.wired.com/opinion/2013/05/listen-up-future-deep-throats-this-is-how-to-leak-to-the-press- today/
is my discussion of the problem.
[ link to this | view in chronology ]
Re: Far easier ways...
[ link to this | view in chronology ]
very long list ???
I could possibly 3, stole some documents (and got caught), wrote some code, killed himself..
[ link to this | view in chronology ]
Re:
BTW, the most important thing he did (which you missed --- perhaps because of a blind spot?) was probably this: he made a lot of friends (not necessarily close personal ones) and gained a lot of respect.
[ link to this | view in chronology ]
Re:
I see you enjoy displaying your ignorance:
Do you have a wikipedia page, or are your many accomplishments listed anywhere online?
[ link to this | view in chronology ]
Deadrop
And clearly Aaron believe copyright and IP is something real and physical, why else put it in his will?
[ link to this | view in chronology ]
Re: Deadrop
Of course he thought it was real (as in, currently a legal reality), why do you think he was so careful not to infringe?
> and physical
Now you're letting your stupidity show.
[ link to this | view in chronology ]
Re: Deadrop
[ link to this | view in chronology ]
Re: Deadrop
[ link to this | view in chronology ]