https://pressfreedomfoundation.org

2013

  • Raised $500,000 for transparency journalism organizations, including $200,000 for WikiLeaks
  • Funded transcripts for Chelsea Manning Trial
  • Advocacy around First Amendment, whistleblowers, and digital security

First audit

Adopted DeadDrop in August 2013

Second audit

Current deployments

  • New Yorker
  • Forbes
  • BalkanLeaks
  • Global Mail
  • ProPublica
  • The Intercept
  • More coming soon...

Why is SecureDrop needed?

  • For decades, journalists protected their sources by going to jail rather than giving them up to prosecutors.
  • Starting around 2008, the government realized they didn’t need journalists to testify against their sources anymore.

Why is SecureDrop needed?

  • Unprecedented crackdown on whistleblowers
  • Government has access to your digital trail
  • NSA revelations
  • Some sources demand it

Crypto the rescue!

... or is it?

Usability

  • For journalists
    • the "Glenn Greenwald problem" (apologies to Glenn)
  • For sources
    • Do you need the technical skills of a Chelsea Manning or Edward Snowden to safely blow the whistle in 2014?
    • Should you?

Threat Model

  • Published documents should not be attributable to a source
  • Source is default anonymous, even to the journalists
  • Ultimate goal: resist powerful adversaries (nation states)

Architecture (0.x)

  • Current system is a web application (Python/Flask)
  • Plaintext submissions are encrypted by the server
  • Source reply keys are managed by the server

Interesting problems

  • Usable, transparent encryption
  • Establishing trust in journalist keys (PKI)
  • Submission metadata (potentially identifying)
  • DoS prevention
  • Improving journalist workflow (while maintaining security)

Architecture (1.x)

  • API
  • End-to-end encryption
  • Distributed Auditability
  • Resist traffic analysis?

Opsec

  • Technology alone is not enough
  • "Tor is not magic OPSEC sauce"
  • Sources need to practice good OPSEC to stay safe.
  • Journalists need good OPSEC to protect their sources (and are already being targeted)

Transparency

  • All of our code is open source and on Github
  • Every release is audited by an independent security team before deployment
    • 0.1 was audited by a team from the University of Washington, along with Bruce Schneier and Jacob Appelbaum
    • 0.2 was audited by Cure53

Future