Creating Technology for Social Change

HOPE X: SecureDrop: A WikiLeaks in Every Newsroom

by |Published

Liveblogged at HOPE X.

Garrett Robinson, Security and Privacy Engineer, Mozilla
William Budington, Developer, EFF
Yan Zhu, Technologist, EFF

The Freedom of the Press Foundation processes payments for WikiLeaks and raises funds for encryption and free speech initiatives. Secure Drop is their open source whistleblower platform.

Thomas Drake leaked info on the NSA’s Trailblazer program. He was indicted by the Obama administration under the Espionage act in 2005. The act wasn’t meant to be used on journalists, but that’s what it’s been used for. In recent years, Shamai Leibowitz, Stephen Kim, Chelsea Manning, Jeffrey Sterling, John Kiriakou, Edward Snowden have been prosecuted. There’s an attack on whistleblowers, and there haven’t been good tools to communicate with reporters.

TOR Hidden Services can provide anonymity. Not just whistleblowers/journalists use TOR, so there is plausible deniability. SecureDrop is hosted directly in a newsroom. Because there is no third party email service, there are extra legal protections. Aaron Swartz and Kevin Poulsen created it as DeadDrop in 2010. There are at least 12 major news organizations using SecureDrop today.

Users go to a .onion address published by a news organization and see an interface to submit leaks and view responses. Journalists have access to a private site to view leaks and communicate with leakers.

SecureDrop used to require a full-time employee to install, now you can install it with a single command. There are some tradeoffs in the design. It’s a web app, so it’s easier to set up and use. The TOR browser also gives plausible deniability. But browsers have lots of vulnerabilities, and leakers are encouraged to turn off JavaScript. It’s built on GPG, and users don’t need to manage keys, but encryption is not end-to-end. This is really usable but opens up the server to attacks. A man-in-the-middle could read plaintext messages, and is still vulnerable to DoS attacks.

The team is developing a generic API to support more use cases and threat models. They’re also working on end-to-end encryption. The infrastructure requires an air-gap between the server and the network, which is very secure but a real pain. They’re working on improvements to make the infrastructure more secure.