Today, Forbes launched SafeSource, the first iteration of SecureDrop since Freedom of the Press Foundation took over the project last month. SecureDrop is the open-source whistleblower submission system for journalism organizations originally coded by the late transparency advocate Aaron Swartz.
Forbes investigative journalist Andy Greenberg wrote a detailed post about the security features of Forbes’ SafeSource, and explained how it uses Tor, GPG encryption, and several other security features to create a significantly more anonymous form of communications than email. Read the whole post here.
Greenberg describes SafeSource’s set-up like this:
Anyone can visit Safesource.forbes.com and use the anonymity software Tor to upload sensitive documents or messages for our reporters. Tor protects the identities of those users by triple-encrypting their traffic and bouncing it through three volunteers' computers among thousands distributed around the global Internet. The system is designed to prevent anyone--even us--from determining the source of an anonymously uploaded file or message.
Greenberg is an experienced reporter who has covered technology and security for years, and also authored the book This Machine Kills Secrets, which, in part, explored how whistleblower submission systems have fared since WikiLeaks revolutionized the process over a half decade ago. Only he and investigative journalist Nathan Vardi will be operating SafeSource for Forbes:
SafeSource's protections go beyond Tor, too. Following the guidelines designed for SecureDrop, any material uploaded to the system will be immediately encrypted such that only two reporters on our staff--for now, investigative journalist Nathan Vardi and myself--will have the keys to decrypt it. And Vardi and I will only unscramble the files on a PC without a hard drive or any ability to connect to the Internet. On that offline machine, we'll scrub the uploads for any metadata that might identify users before we share it with other journalists at Forbes or publish it.
We’re encouraged and excited he and Forbes has decided to implement SecureDrop, and for their commitment to security. We look forward to working with them in making sure the SecureDrop code stays as secure as possible and SafeSource is continually updated.
In the coming weeks and months, Freedom of the Press Foundation will also assist several other major news organizations install and implement their own iterations of SecureDrop. If you’re a media organization and would like to apply for installation and technical assistance, please go here to fill out a simple form.
As the recent AP scandal, the Fox News case, and NSA revelations have shown, reporters have never been under greater scrutiny by the government. While the major press freedom battles of the 20th Century have focused on reporter’s privilege, the record number of leak prosecutions under the Obama administration has shown the government no longer needs reporters to testify in court to go after whistleblowers. The biggest press freedom fight of the 21st Century will be keeping the communications channels of sources and journalists safe from government before they ever get to court. We hope SecureDrop is the first step in that process.
If you’d like to help the SecureDrop project, you can donate to make sure we can keep it as secure as possible here.