Aaron Swartz's Final Project: Secure Whistleblower Submission Platform Gets New Support
from the and-a-detailed-security-audit dept
Back in May, we wrote about Aaron Swartz's final project, done in collaboration with Wired's Kevin Poulsen, to create a very secure platform to allow whistleblowers to anonymously submit documents to the press. At the time it was called DeadDrop, and the initial media partner was The New Yorker, which set up its version as Strongbox. It's unclear if anyone's actually used Strongbox, but obviously since that launch there's been renewed attention concerning leakers and whistleblowers, and ways to leak information safely.Today it was announced that the Freedom of the Press Foundation, an offshoot of the EFF which we've covered before, has taken over the project, now dubbed SecureDrop. Besides having the support of the Foundation to help with development and deployment of the platform, they've also announced that the system has gone through a significant security audit by some of the most respected names in the business, leading to a few additional improvements:
SecureDrop’s code has gone through a detailed security audit by a team of University of Washington researchers, led by Alexei Czeckis. Other authors of the audit include renowned security expert Bruce Schneier and Tor developer Jacob Appelbaum. Freedom of the Press Foundation has made a number of updates to SecureDrop based on these findings and will be making a significant investment in continually improving the system.On top of that the Foundation has hired computer security expert James Dolan to maintain the code and to help install the system for media organizations. He helped do the original installation of StrongBox for the New Yorker. Hopefully a bunch of media organizations look into using this system, as it will help provide better ways to protect whistleblowers, especially in an age where they're under such constant attack from the government.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: aaron swartz, freedom of the press, journalism, securedrop, security, whistleblowers
Companies: freedom of the press foundation
Reader Comments
Subscribe: RSS
View by: Time | Thread
[ link to this | view in chronology ]
Re:
[ link to this | view in chronology ]
[ link to this | view in chronology ]
[ link to this | view in chronology ]
whistleblowing or data dump?
The Manning situation is a perfect example of a data dump. He dumped tons of data that had nothing to do with whistleblowing any particular situation, rather it was done to put as much stuff out there so many someone else might find something that was perhaps unseemly. That isn't whistleblowing at all.
I am sure that almost any business or company could be a victim of this sort of thing. If you look at the lunch or travel expenses for every person every time, you are very likely to find someone who fudged a few dollars along the way, reported an extra meal, or something similar. A datadump from almost any company could turn up something, without any particular whistleblowing.
Tools that encourage mindless and vengeful data dumping does not really help us in the long run. It only encourages governments, companies, and individuals to hide and restrict stuff more, and to find better ways to disguise their misdeeds. That isn't going to benefit anyone.
[ link to this | view in chronology ]
Re: whistleblowing or data dump?
True, but irrelevant. The wrongdoing that's been exposed by Manning, Snowden, etc., has hardly been of that sort. And, really, nobody would care at all if the only wrongdoing was trivial fudging of expense reports.
Meh. They've been in maximum coverup mode for years. We're well above the threshold where further encouragement has any effect.
[ link to this | view in chronology ]
Re: horse blowing or horse taking a dump?
[ link to this | view in chronology ]
Que the NSA...
[ link to this | view in chronology ]