SecureDrop Wants to Protect Whistleblowers in a World of Over-Surveillance

Joining the likes of large media organizations like The New Yorker and The Guardian, The Globe and Mail announced this week that it would become the first Canadian media organization to use SecureDrop, a submission system that allows journalists to receive documents from sources that wish to stay anonymous.

In the statement from The Globe and Mail, editor-in-chief David Walmsley called SecureDrop the “Twenty-first century Manila envelope,” and said that its use would allow them to both report on important news and protect the sources that provide them with potentially sensitive information. In a post-Edward Snowden era, and amidst recent reports that the Canadian government is aggressively trying to increase the surveillance powers of the Canadian Security Intelligence Services with Bill C-51, services like SecureDrop are becoming increasingly necessary. 

Aaron Swartz, the Internet activist famous for co-authoring the RSS 1.0 specification and creating Infogami, which later merged with reddit, co-created the program with Wired journalist Kevin Poulson and fellow architect James Dolan. He committed suicide two years ago just before he was to stand trial for downloading millions of documents from JSTOR with the intent of distributing them.  After his death, the California-based Freedom of The Press Foundation took over the project with the aim of distributing it to more media outlets.

The SecureDrop system works by allowing sources to access a website anonymously using the Tor Browser. Once a secure connection has been set up, sources can provide documents to the news outlet that are encrypted; as part of the process, a code phrase is provided to sources to affirm their identities.

“A record number of whistleblowers have recently been prosecuted in large part because the government thinks it can obtain the email and phone call records of any interaction, without ever attempting to force journalist to testify against their sources in court,” FPF says on its website. Because interactions on SecureDrop are encrypted, it removes the need for that third party.

Any media organization can download SecureDrop for free off GitHub. Although the FPP doesn’t promise 100 per cent protection—any organization that does is lying, FPF says—the fact that its program is open source is important in allowing its users to find potential bugs or weaknesses in its system before they are discovered by government surveillance agents. And they’ve just recently conducted their second audit with security experts as more news organizations adopt the technology.

As the Internet increasingly becomes the method of choice for communication, digital security and privacy are constant hot-button issues in the media. Luckily, services like SecureDrop add an extra layer of security for those brave enough to share stories in the public interest.