Swartz's Whistleblower Protection Scheme to Carry On
Whistleblowers will have a new way of anonymously communicating with the press, thanks to the work of the late Aaron Swartz. The Freedom of the Press Foundation has picked up where Swartz et al left off, making some improvements to the technology and announcing its launch as SecureDrop. "At this point, we think it's a pretty good system," said security expert Bruce Schneier.
Oct 16, 2013 10:59 AM PT
A press freedom advocacy group announced Tuesday it would be taking charge of a project started by Aaron Swartz to protect whistleblowers leaking confidential documents to journalists.
The Freedom of the Press Foundation will provide in-site installation of the DeadDrop technology, renamed "SecureDrop," as well as support for news organizations that want to securely receive confidential documents.
Swartz, an Internet activist and information transparency advocate, committed suicide while being prosecuted by the U.S. Justice Department for liberating documents from JSTOR, an online academic article service.
With SecureDrop, news organizations around the world can securely accept documents from whistleblowers while protecting their anonymity, the FPF maintained.
"We've reached a time in America when the only way the press can assure the anonymity and safety of their sources is not to know who they are," said FPF cofounder and board member John Perry Barlow. "SecureDrop is where real news can be slipped quietly under the door."
SecureDrop is the strongest system ever made available to news outlets, according to the FPF.
The installation of SecureDrop on a news organization's servers allows a source with confidential documents to visit the site and communicate anonymously with it.
On a deployment page, the source is given four random codewords that can be used to decrypt communication from the news organization.
Documents and messages sent to SecureDrop are automatically encrypted and can be decrypted only by a journalist receiving them.
The system includes techniques that prevent a journalist from learning a source's identity and safeguard a source's messages and files from prying parties -- even if those parties physically remove the servers from the news organization.
Vulnerable to Powerful Attackers
Concerns have been raised that faults in Swartz's DeadDrop technology could make it vulnerable to powerful adversaries, based on an audit performed this summer by members of the computer science and engineering department faculty at the University of Washington, together with security experts Jacob Appelbaum and Bruce Schneier.
"Based on our evaluation of the DeadDrop design and implementation, we believe that the DeadDrop's core application is a technically decent system for supporting anonymous communication between sources and journalists," the audit says.
"However, we are concerned about the level of technical sophistication that journalists are expected to have and that they might, for usability reasons, make mistakes that leak the confidential information about the source," it continues.
"Furthermore, we caution that the system will likely be unable to protect the source against the most powerful type of adversaries which can monitor network flows, confiscate physical machines at will, or watermark documents that the source might try to submit to the journalists," warns the audit.
However, improvements have been made in the technology since the release of the DeadDrop audit.
"At this point, we think it's a pretty good system," Schneier told TechNewsWorld. "I'm pretty confident in DeadDrop."
Solutions like SecureDrop can keep a source's identity unknown to a journalist, but a potential downside is that total anonymity might interfere with the proper assessment of documents leaked to a news organization.
"What makes this work is you don't know who your source is -- but it's also what makes it dangerous," Dan Kennedy, an assistant professor of journalism at Northeastern University, told TechNewsWorld.
"You have to figure out if these are legitimate documents that you're getting without knowing who gave them to you," he said.
"Just as important as figuring out if these are legitimate documents is what documents are this anonymous person not giving you that might cast the documents he or she is giving you in a different light," added Kennedy.
While using a source's identity in weighing the worth of documents is an important consideration, it doesn't negate the value of SecureDrop or that of StrongBox, a similar service offered by The New Yorker.
"It's a legitimate concern, and we think about it every time something comes into StrongBox," NewYorker.com Editor Nicholas Thompson told TechNewsWorld.
"This doesn't replace vetting sources or talking to them. This is just one way to get documents that you would otherwise have no access to," he said.
"This isn't replacing the journalistic work our reporters do," added Thompson. "It's just creating another avenue for material to come to us. And when it comes to us, we weigh the fact that we don't know the person who sent it to us, so we have to try doubly hard to verify it and to make sure we put it in its proper context."