Whistleblower app SecureDrop takes investigative journalism to the 21st Century!

A system that allows anonymous informants to send electronic documents without fear of disclosure developed by the late Internet ‘hacktivist’ Aaron Swartz and investigative journalist Kevin Poulsen back in 2011 is gaining traction amongst big-name international media organisations. Originally named DeadDrop, management and rollout of the system has since been taken over by the Freedom of the Press Foundation (FPF) and re-named SecureDrop.

securedrop_logoBefore the FPF took over SecureDrop, the first instance of the software was launched by The New Yorker under the name StrongBox in May 2013 at the request of Poulsen. Poulsen had previously met Swartz in 2006 during the sale of Reddit to Condé Nast (owner of Wired and the New Yorker). See Poulsen’s The New Yorker article on his friendship and collaboration with Swartz here.

Another instance was launched by Forbes in October 2013 under the name SafeSource. Forbes staff writer Andy Greenberg writes, of the new system: “Communicating through SafeSource won’t be as fast or convenient for either end of the conversation as a phone call or an email. But unlike a brown envelope, it allows for a two-way conversation. And more importantly, it offers sources of sensitive information the highest standard of security we can practically achieve.”

Subscribe to our Substack community GRP Insider to receive by email our in-depth free weekly newsletter. Opt into a paid subscription and you'll get premium insider briefs and insights from us.
Subscribe to our Substack newsletter, GRP Insider!
Learn more

The latest additions to the roll of A-List SecureDrop users are The Washington Post and The Guardian both of which implemented the system on the 5th of June and the 6th of June this year respectively.

SecureDrop is an open-source project and, as such, any organisation can install the system for free and make their own modifications on it. The FPF website provides detailed installation instructions and a site for submitting requests for technical assistance.

According to the FPF website, this is how SecureDrop works…

The code underlying SecureDrop is a Python application that accepts messages and documents from the web and GPG-encrypts them for secure storage. Essentially, it’s a more secure alternative to the “contact us” form found on a typical news site.

In operation, every source is given a unique “codename.” The codename lets the source establish a relationship with the news organization without revealing his/her real identity or resorting to e-mail. They can enter the code name on a future visit to read any messages sent back from the journalist — “Thanks for the Roswell photos! Can you explain what the dark smudge on the left side is?” — or submit additional documents or messages under the same persistent, but pseudonymous, identifier. The source is known by a different code name on the journalist’s side. All of the source’s submissions are grouped together into a “collection.”

Every time there’s a new submission by that source, their collection is bumped to the top of the submission queue. SecureDrop was designed to use two physical servers: a public-facing server that stores messages and documents, and a second that does security monitoring of the first.

Investigative reporting has become an important aspect of democratic governance in the Philippines and the rest of southeast Asia — a region renowned for highly-secretive corruption-infested governments surrounded by inner circles of wealthy oligarchs who own monopolies that hold entire economies hostage. Where efforts to implement legislation to assure the general public’s access to critical information (say, under ‘Freedom of Information’ frameworks of laws) consistently hit dead-ends, perhaps systems like SecureDrop offer the best citizens’ countermeasure not only to politicians’ stonewalling but also to rampant hearsay “reporting” of the tabloidesque standards of “journalism” of profit-hungry mainstream media organisations in the region.

2 Replies to “Whistleblower app SecureDrop takes investigative journalism to the 21st Century!”

  1. The Get Real Philippines site is already a “secure drop box”. You just write the truth. Let the readers be the judge. If they use their brains and common sense.They can connect the dots; ans see the truth… At least people/readers are now begining to use their common senses…Media is no longer a monopoly of those idiot politicians.

    We don’t need that damn useless box…

    1. There are idiot politicians because of idiot voters. How long have we been a democracy, where we can vote the people we want and yet year after year we end up with the same clowns? Is it because we have an average IQ of 86, lower than Indonesia’s 91? We have so many intellectuals in our midst and yet they cannot sway the majority of voters to vote wisely. The rich, the intellectuals and the youth have great power that we could harness, if we only know how.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.