Category Archives: SecureDrop

Wired: SecureDrop Leak Tool Produces a Massive Trove of Prison Docs

SecureDrop Leak Tool Produces a Massive Trove of Prison Docs

by Andy Greenberg for Wired, November 11, 2015

This is really exciting, and what great timing!

The whole purpose of last weekend’s event was to get the word out about SecureDrop‘s usefulness to the common man, and yet I couldn’t point directly to an example of it in action.

Then, low and behold, when I woke up yesterday afternoon (heh, been a long week), I could not believe my eyes! A real world, shining example of SecureDrop in action. A hacker obtained over 70 million phone records that exposed some first class corruption: exploiting  those who are already underprivileged and underserved in the community. In this case, prisoners and their families, which often barely have enough money for the essentials.

I’ll be posting a summary of The Intercept article that fully explains what the hack, and subsequent anonymous upload, exposed, shortly. It’s a little complicated, and therefore took me a minute to be able to summarize it – but it will be up soon… :-)

From the article:

“It’s been more than two years since the debut of SecureDrop, a piece of software designed to help whistleblowers easily and anonymously leak secrets to media outlets over the Tor anonymity network. Now, that system is finally bearing fruit, in the form of a massive dump of files from one of the country’s largest prison phone companies…”

“Just as significant as those revelations, perhaps, is how the Intercept obtained the documents that enabled them: The news site has confirmed that it first made contact with the anonymous source who provided the Securus files through the Intercept’s SecureDrop platform, starting with an initial sample of the Securus database uploaded around the beginning of 2015.

That Tor-enabled leak marks a landmark for a still-evolving form of journalism that takes a page out of the playbook invented by WikiLeaks: Like Julian Assange’s secret-spilling organization, SecureDrop allows anyone to run a cryptographically anonymous submission system for leaks and tips. Because that upload site runs as a Tor “hidden service,” anyone who visits has to run Tor too, making it very difficult for anyone to trace his or her location or identity—even the news outlet on the receiving end.

The Intercept’s lead security technologist—and a co-author of the Securus story—Micah Lee says SecureDrop’s benefit isn’t just anonymity, it’s ease of use. Instead of carefully using Tor to create an anonymous email address and figuring out how to encrypt email so that service can’t read their leaked secrets, sources can upload their leak or message using SecureDrop in seconds.

Lee says that this is far from the first time the Intercept has received useful leaks through the SecureDrop system. But the Securus revelations represent the first story of national significance where a news outlet has publicly revealed that the story’s source used SecureDrop anonymous submissions.

“We use SecureDrop on a regular basis, but this story is a little exceptional because we decided it was safe for us to mention that it came from SecureDrop,” Lee says. “This is exactly why we decided to run SecureDrop: to get juicy stories like this and do it in a way where we protect our sources.”

EFF: Aaron Swartz Hackathon This Weekend Is Your Chance To Hack for a Better World

Aaron Swartz Hackathon This Weekend Is Your Chance To Hack for a Better World

 From the post:

This weekend marks the third annual Aaron Swartz Day hackathon, and a chance for you to meet up with other people working to use technology to make the world a better place. Once again, cities around the world will host two days of meetups.

The Internet Archive in San Francisco is the main event hub, with film screenings, talks from developers working on projects started or inspired by Aaron, a mini-conference of privacy-enhancing technologies, and a two-day hackathon.

The hackathon will focus on SecureDrop, an anonymous whistleblower document submission system originally developed by Aaron, and now maintained by the Freedom of the Press Foundation. SecureDrop has grown significantly in the years since Aaron began the project—it is now installed in newsrooms around the world—and it benefits from a robust community of developers and supporters who help build and document the project. Lead developer Garrett Robinson will lead the hackathon and explain where people with different skillsets can pitch in.

SecureDrop will not be the only thing to work on. The founder of the OpenArchive project will also be there to lead prospective hackers on developing that app. Developers from our own Privacy Badger browser tool will be there hacking, and EFF staff technologist Cooper Quintin will present during the privacy mini-conference.

Also at the privacy mini-conference on Saturday: presentations on Keybase; former EFF staffer Micah Lee, now with The Intercept, presenting on encryption for journalists; and Brad Warren on exciting developments with the Let’s Encrypt certificate authority.

Starting at 6pm after the first day of hacking, the Internet Archive will host a reception where people can meet. At 7:30, there will be a rare opportunity to see excerpts of the upcoming “From DeadDrop to SecureDrop,” a documentary about that software and Aaron’s role in developing it.

Finally, on Saturday night from 8 to 10pm an impressive line-up of speakers, including EFF Executive Director Cindy Cohn and co-founder John Perry Barlow, will present on their work and Aaron’s legacy. Tickets for the evening event—including the reception, screening, and talks—are available on a sliding scale.

The hackathon and mini-conference continue on Sunday, with more talks from Library Freedom Project’s Alison Macrina and Restore The 4th’s Zaki Manian.

For friends of EFF, and people who want to advance the causes Aaron dedicated his life to, this weekend’s event is a can’t-miss. If you can make it, please RSVP so the organizers can plan accordingly. We hope to see you there.

Freedom of the Press Foundation: Come Hack on SecureDrop at the Third Annual Aaron Swartz Day

freedompresslogo
Come hack on SecureDrop and Celebrate the Third annual Aaron Swartz Day

From the blog post:

Next week on Saturday November 7th is the third annual Aaron Swartz Day, which celebrates the life of Aaron and the many wonderful Internet projects he created or worked on during his brief but brilliant life.

One of Aaron’s last projects was SecureDrop, the open-source whistleblower submission system, which Freedom of the Press Foundation adopted after his untimely passing in 2013. Every year on Aaron Swartz Day, we help host a weekend-long hackathon in Aaron’s honor.

This year, the hackathon will be held at the Internet Archive in San Francisco (there are also other cities holding similar events). We will be at the Internet Archive on Saturday and Sunday to help guide and hack alongside any volunteer developers who want to learn about SecureDrop and work on the many open issues.

If you’re interested, you can read through our developer guide and the new-and-improved SecureDrop documentation. On our GitHub page, there is a list of open issues, and by November 7th, many will be tagged specifically for developers to work on at the hackathon.

Please RSVP for the hackathon here if you’d like to attend.

Also make sure to stick around the Internet Archive Saturday night for the Aaron Swartz Day celebration. There will be many great speakers at the event, including SecureDrop’s lead developer Garrett Robinson to talk about the latest on the project, as well as two of our board members and co-founders, Micah Lee and J.P. Barlow.

Many thanks to Lisa Rein, who tirelessly organizes Aaron Swartz Day every year and always makes it a celebration to remember.

 

Come to this year’s Aaron Swartz Day and International Hackathon

INVITATION

This year we are celebrating whistleblowers and hackers that work hard to make the world a better place, and, specifically, the “SecureDrop,” anonymous whistleblower submission system, now at the Freedom of the Press Foundation (originally prototyped by Aaron and Kevin Poulsen).

There’s also an “Encryption Training for Beginners” day going on in San Francisco, upstairs all day, at the SF Hackathon. (See below for more details.)

Now, thanks to SecureDrop, whistleblowers can connect directly, safely and anonymously to news organizations, such as the Washington Post, Guardian, The Intercept, the New York, Gawker, and other news outlets.

Evening speakers include:  Garrett Robinson (Lead Developer, SecureDrop), Alison Macrina (Library Freedom Project), Brewster Kahle (Digital Librarian, Internet Archive), Cindy Cohn (Executive Director, Electronic Frontier Foundation), Micah Lee (Co-founder, Board Member, and Technologist at “The Intercept,”) Jacob Appelbaum (Wikileaks volunteer, Security Expert/Citizen Four, Tor Project), and John Perry Barlow (EFF and Freedom of the Press Foundation co-founder) and Special Guests.  See more details in the INVITATION.

In San Francisco, at the hackathon, there will be a mini-conference for beginners to receive training on encryption and privacy-enabling software.

In the morning, the Keybase folks will be giving tutorials on encryption basics and tools that you can use to protect your privacy.

In the afternoon, Micah Lee, Technologist for The Intercept and The Freedom of the Press Foundation, with be giving his “Encryption for Journalists” tutorials. Then Micah will give tutorials on OnionShare (a P2P-based anonymous whistleblowing submission platform) and SecureDrop. Details on mini-conference/hackathon

Congrats to Citizen Four’s Oscar Win! Ed Snowden’s Statement via the ACLU

Congratulations to Laura Poitras and her team for winning an Oscar for Best Documentary! Her film is truly unprecedented.

academy awards newLaura lists SecureDrop (the whistleblower submission platform originally developed by Aaron Swartz and Kevin Poulsen) in the credits of tools she used during the making of Citizen Four.

citizen four

Ed Snowden is legally represented by the ACLU. (See his statement on the film winning here, and also reprinted below.) He is  on the Board of Directors of the Freedom of the Press Foundation, the organization that picked up SecureDrop’s development, at Kevin Poulsen’s request, after Aaron’s death.

Garrett Robinson, Lead Developer of SecureDrop, presented at last year’s Aaron Swartz Day (video). Here’s a relevant interview with Garrett Robinson from last year about why SecureDrop is so important for a functioning democracy.

The purpose of SecureDrop is to provide a secure, anonymous platform where citizens can upload information to a news organization, but without having to potentially put their whole life at risk in the process. There are now 15 SecureDrop implementations all over the world!

Here’s the ACLU press release:

Edward Snowden Congratulates Laura Poitras for Winning Best Documentary Oscar for Citizenfour

The following is a statement from Edward Snowden provided to the American Civil Liberties Union, which represents him:

“When Laura Poitras asked me if she could film our encounters, I was extremely reluctant. I’m grateful that I allowed her to persuade me. The result is a brave and brilliant film that deserves the honor and recognition it has received. My hope is that this award will encourage more people to see the film and be inspired by its message that ordinary citizens, working together, can change the world.”

Anthony D. Romero, executive director of the ACLU, had this reaction:

“Laura’s remarkable film has helped fuel a global debate on the dangers of mass surveillance and excessive government secrecy. The ACLU could not be more delighted that she has been recognized with an Academy Award.”

The ACLU’s petition asking President Obama to grant clemency to Snowden is at:
https://www.aclu.org/secure/grant_snowden_immunity

Information on government spying is at:
https://www.aclu.org/nsa-surveillance

Help Protect The Next Aaron Swartz (ACLU Petition)

 

Video From Aaron Swartz Day at the Internet Archive

lisareinVideo of Speakers:

Lisa Rein (Coordinator, Aaron Swartz Day)                                                                         April Glaser (EFF, Freedom to Innovate Summit)
Yan Zhu (Yahoo, SF Hackathon Organizer)
Brewster Kahle (Digital Librarian, Internet Archive)
Cindy Cohn (EFF Legal Director – CFAA Reform)
Kevin Poulsen (Journalist – FOIA case that MIT intervened in)
Garrett Robinson (SecureDrop)
Daniel Purcell (Keker & Van Nest, one of Aaron’s lawyers)

Q and A after the movie:  with Brian Knappenberger, Director, “The Internet’s Own Boy,” Trevor Timm (executive director and co-founder, Freedom of the Press Foundation), John Perry Barlow (co-founder, EFF, Freedom of the Press Foundation), and Lisa Rein (Coordinator, Aaron Swartz Day).

SecureDrop’s Garrett Robinson Talks About Last Year’s San Francisco Aaron Swartz Day Hackathon

garrettGarrett Robinson (Lead Developer, SecureDrop) will be presenting at Aaron Swartz Day, November 8th. (Reception 6pm – Speakers 7pm sharp!)

SecureDrop is a Tor-based open source whistleblower submission platform that was originally prototyped by Aaron Swartz and Kevin Poulsen (called “DeadDrop” and later “StrongBox,” when implemented by the New Yorker. It was taken over by the Freedom of the Press Foundation in October 2013.

I had a chance to speak with Garrett Robinson briefly, and get the scoop on the ongoing relationship between the Aaron Swartz Hackathons and SecureDrop.

Lisa:

Please tell us more about SecureDrop at last year’s Aaron Swartz Hackathon. You mentioned that it ended up being very productive for SecureDrop’s development.

Garrett:

Sure. Last year’s Aaron Swartz Memorial Hackathon, in November 2013, was an incredibly exciting weekend that SecureDrop benefited immensely from. I had just accepted the offer to take the role of lead developer on SecureDrop, and so I wasn’t quite sure what to expect from the event. Imagine my surprise when over 30 people showed up on the first day (Saturday), and around 15 on the second! More than that, many of the people who showed up were skilled developers and committed to the cause behind the project. It was the most productive hackathon I have ever attended, let alone been a part of leading (along with Yan Zhu, Jack Singleton, and many others).

Lisa:

Could you explain a little about why you feel these hackathons are such a fitting tribute to Aaron?

Garrett:

Sure. When we took over SecureDrop, the code that we received was barely complete and very messy – just enough to express the big idea. Aaron was a visionary with an endless supply ideas, and he seemed to be constantly churning them out, prototyping them to the bare minimum, and letting others take them on, refine them, improve them. Hackathons are like that too – a constant refinement, churn.

It’s like a dozen sculptors all working on the same block of material simultaneously. It might not look exciting to a casual observer – just a lot of people typing on their laptops, drawing on whiteboards, and talking. But to a participant, there is a kind of collaborative dance going on, and it takes refined processes and care to avoid stepping on other people’s toes as you go.

There is a great satisfaction in improving some part of the project and sharing it with others, hearing the collective murmurs of appreciation at a bug fixed or a bit of workflow eased. There is also excitement in going off in new directions, and taking radical departures, seeing those ideas come to life on someone’s smudged
laptop screen. I think that energy, creativity, and the inclination to dive right in and start doing are what make these hackathons a fitting tribute for Aaron.

Lisa:

Last year’s Aaron Swartz Hackathon went so well that you’ve started up hackathons on a regular basis, to enable more folks to contribute?

Garrett:

Yes. Since the very positive experience at the first hackathon, we have continued hosting regular “hack nights” approximately biweekly, and have had several weekend-long hackathons. This is always a great time for all of the core developers to get together. We debate things, show each other the cool stuff we’ve been working on, do code reviews together, which makes them much more efficient and effective, and just joke around and socialize. We also often get newcomers or infrequent contributors, and we introduce them to the project, answer their questions, and, if they’re interested, try to find a project that they can work on.

Now that I have recently joined Freedom of the Press Foundation full time, we will be having more regular hack nights. I am also going to work hard to establish connections and follow up more quickly and thoroughly with contributors, as a way of improving and expanding SecureDrop as an open source project. All of this was in some way inspired by the initial awesome experience that we had at that Aaron Swartz hackathon back in November.

Lisa:
Why is having something like SecureDrop so vital in a functioning democracy? You mentioned in your talk last year (linked) about how important it is that we have what you called an “adversarial press.” Could you elaborate a bit on that please?

Garrett:

In our increasingly online and networked society, information is incredibly powerful. We have seen an increasing willingness to crack down on the leaking of information, especially when that information may be damaging or embarrassing to powerful people and organizations. We have seen the Obama administration’s unprecedented crackdown on whistleblowers, with the most recent development being the Supreme Court’s rejection of Jame’s Risen’s appeal in United States v. Sterling, which sets the stage for him to potentially be imprisoned for refusing to testify against a source. SecureDrop is designed to protect sources and journalists, from these and other threats, to allow them to continue to provide the information that informs public debate and the democratic process.

Additionally, we hope that empowering whistleblowers and journalists has a similar counter-effect on those in power. If they cannot trust that something unethical or illegal will stay secret, they may think twice before doing it in the first place.

SecureDrop’s Garrett Robinson and James Dolan – At Aaron Swartz Day 2013

Link to video here.

James Dolan and Garrett Robinson at Aaron Swartz Day 2013
James Dolan (left) and Garrett Robinson at Aaron Swartz Day 2013

SecureDrop is an open-source whistleblower submission system managed by Freedom of the Press Foundation that media organizations use to securely accept documents from anonymous sources. It was originally coded by the late Aaron Swartz.

The goal of SecureDrop is to simplify the process of using Tor and an airgapped computer viewing station (decrypted with a private key) to protect the identity of a whistleblower uploading documents.

(From video) Garrett Robinson:

“The impetus behind SecureDrop is that we (FPF) want to restore the balance between governments and journalists who want to communicate with anonymous sources. Historically, the U.S. has had really strong press freedoms. This is essential for a functioning democracy.”

Main page:
https://pressfreedomfoundation.org/securedrop

Project page on Github:
https://github.com/freedomofpress/securedrop/

Form to fill out to request help with SecureDrop:
https://pressfreedomfoundation.org/securedrop#contact

SecureDrop Development List:
https://lists.riseup.net/www/info/securedrop-dev

SecureDrop FAQ:
https://pressfreedomfoundation.org/securedrop#faq

SecureDrop User Manual:
https://github.com/freedomofpress/securedrop/blob/develop/docs/user_manual.md