Freedom of the Press Foundation Launches SecureDrop, an Open-Source Submission Platform for Whistleblowers

Freedom of the
Press Foundation has taken
charge
of the DeadDrop project, an open-source whistleblower
submission system originally coded by the late transparency advocate
Aaron Swartz. In the coming months, the Foundation will also
provide on-site installation
and technical support to news
organizations that wish to run the system, which has been renamed
“SecureDrop.”

By installing SecureDrop,
news organizations around the world can securely accept documents from
whistleblowers, while better protecting their sources’ anonymity. 
Although it is important to note that no security system can ever be 100
percent impenetrable, Freedom of the Press Foundation believes that this
system is the strongest ever made available to media outlets. Several
major news agencies have already signed up for installations, and they
will be announced in the coming weeks.

“We’ve reached a time in America when the only way the press can assure
the anonymity and safety of their sources is not to know who they are,”
said JP Barlow, co-founder and board member of Freedom of the Press
Foundation. “SecureDrop is where real news can be slipped quietly under
the door.”

Originally created by Swartz in partnership with investigative reporter
Kevin Poulsen, SecureDrop is
a Python application that accepts messages and documents from the web
and encrypts them for secure storage. Each source who uses the platform
is assigned a unique codename that lets the source establish a
relationship with the news organization without having to reveal her
real identity or resort to e-mail.

In addition to installation support, Freedom of the Press Foundation will
provide media organizations with instruction
on security best
practices and long-term technical support.  Small media
organizations with significant financial need may also apply to Freedom
of the Press Foundation for help obtaining hardware. The New Yorker, the
first news organization to use the SecureDrop code, through its StrongBox project, will
continue to operate its system in partnership with the Freedom of the
Press Foundation.

Freedom of the Press Foundation is hiring computer-security specialist
James Dolan to help maintain the SecureDrop code, install the system for
media organizations, and teach journalists about information
security.  Dolan previously helped manage the New Yorker’s
installation of StrongBox, the magazine’s version of SecureDrop. He also
originally reviewed and hardened the security architecture before the
initial launch.

“Journalists are starting to recognize that sophisticated communications
security is a key element in the newsgathering process,” Freedom of the
Press Foundation’s Chief Technology Officer Micah Lee said.
SecureDrop is the safest way we know for an anonymous
source to send information to journalists while protecting their identity.”

SecureDrop’s code has gone through a
detailed security audit
by a team of University of Washington
researchers, led by Alexei Czeckis. Other authors of the audit include
renowned security expert Bruce Schneier and Tor developer Jacob
Appelbaum. Freedom of the Press Foundation has made a number of updates
to SecureDrop based on these findings and will be making a significant
investment in continually improving the system.  

“A truly free press hinges on the ability of investigative journalists
to build trust with their sources,” Freedom of the Press Foundation
Executive Director Trevor Timm said.  “The recent NSA revelations
and record number of whistleblower prosecutions under the current
administration have shown the grave challenges to this relationship and
the lengths governments will go to undermine it.  Freedom of Press
Foundation is committed ushering in a new era of security for
journalists and newsrooms of all sizes.”

Freedom of the Press Foundation offers thanks to Poulsen, who
developed the original project
with Swartz, managed it for the first
six months since it went public, and is handing over the reins. Poulsen,
who serves as Wired’s investigations editor, is advising the
Foundation on the transition, and will continue to serve as a journalism
consultant on the project.

"The goal in creating this system was to see it implemented in newsrooms
far and wide," Poulsen said. "Freedom of the Press Foundation is the
perfect organization to do that."

Contact

Trevor Timm, Executive Director trevor@pressfreedomfoundation.org

Micah Lee, CTO micah@pressfreedomfoundation.org

More
information:

FAQ about Secure Drop

Secure Drop – Installation instructions

Media organization request form (for on-site installation assistance)

How We Plan On Keeping SecureDrop As Secure As Possible – Blog Post.

• Security Audit by University of Washington researchers: http://homes.cs.washington.edu/~aczeskis/research/pubs/UW-CSE-13-08-02.PDF