A system that allows anonymous informants to send electronic documents without fear of disclosure developed by the late Internet ‘hacktivist’ Aaron Swartz and investigative journalist Kevin Poulsen back in 2011 is gaining traction amongst big-name international media organisations. Originally named DeadDrop, management and rollout of the system has since been taken over by the Freedom of the Press Foundation (FPF) and re-named SecureDrop.
Before the FPF took over SecureDrop, the first instance of the software was launched by The New Yorker under the name StrongBox in May 2013 at the request of Poulsen. Poulsen had previously met Swartz in 2006 during the sale of Reddit to Condé Nast (owner of Wired and the New Yorker). See Poulsen’s The New Yorker article on his friendship and collaboration with Swartz here.
Another instance was launched by Forbes in October 2013 under the name SafeSource. Forbes staff writer Andy Greenberg writes, of the new system: “Communicating through SafeSource won’t be as fast or convenient for either end of the conversation as a phone call or an email. But unlike a brown envelope, it allows for a two-way conversation. And more importantly, it offers sources of sensitive information the highest standard of security we can practically achieve.”
|SUPPORT INDEPENDENT SOCIAL COMMENTARY!|
Subscribe to our Substack community GRP Insider to receive by email our in-depth free weekly newsletter. Opt into a paid subscription and you'll get premium insider briefs and insights from us daily.
Subscribe to our Substack newsletter, GRP Insider!
The latest additions to the roll of A-List SecureDrop users are The Washington Post and The Guardian both of which implemented the system on the 5th of June and the 6th of June this year respectively.
SecureDrop is an open-source project and, as such, any organisation can install the system for free and make their own modifications on it. The FPF website provides detailed installation instructions and a site for submitting requests for technical assistance.
According to the FPF website, this is how SecureDrop works…
The code underlying SecureDrop is a Python application that accepts messages and documents from the web and GPG-encrypts them for secure storage. Essentially, it’s a more secure alternative to the “contact us” form found on a typical news site.
In operation, every source is given a unique “codename.” The codename lets the source establish a relationship with the news organization without revealing his/her real identity or resorting to e-mail. They can enter the code name on a future visit to read any messages sent back from the journalist — “Thanks for the Roswell photos! Can you explain what the dark smudge on the left side is?” — or submit additional documents or messages under the same persistent, but pseudonymous, identifier. The source is known by a different code name on the journalist’s side. All of the source’s submissions are grouped together into a “collection.”
Every time there’s a new submission by that source, their collection is bumped to the top of the submission queue. SecureDrop was designed to use two physical servers: a public-facing server that stores messages and documents, and a second that does security monitoring of the first.
Investigative reporting has become an important aspect of democratic governance in the Philippines and the rest of southeast Asia — a region renowned for highly-secretive corruption-infested governments surrounded by inner circles of wealthy oligarchs who own monopolies that hold entire economies hostage. Where efforts to implement legislation to assure the general public’s access to critical information (say, under ‘Freedom of Information’ frameworks of laws) consistently hit dead-ends, perhaps systems like SecureDrop offer the best citizens’ countermeasure not only to politicians’ stonewalling but also to rampant hearsay “reporting” of the tabloidesque standards of “journalism” of profit-hungry mainstream media organisations in the region.
benign0 is the Webmaster of GetRealPhilippines.com.