SF-Based Organization Creates Software to Protect Whistleblowers
Some of the most important investigative stories begin with information from a confidential source, and the San Francisco-based Freedom of the Press Foundation has just launched a software system that aims to make it easier for these types of sources to reach reporters.
Called SecureDrop, it’s an encrypted submission system that lets whistle-blowers leak information to journalists without revealing their identity.
KQED’s Mina Kim spoke with Trevor Timm, co-founder and head of the Freedom of the Press Foundation.
Listen to an extended interview, or read an edited transcript below.
Mina Kim: Mr. Timm, if I were a whistle-blower how would I use the system?
Trevor Timm: SecureDrop offers potential whistle-blowers with basically a more secure and encrypted contact form – same type of contact form that you see on all sorts of websites, and it allows you with one click to upload any sort of document, and then, in transit, it will encrypt this document and send it to the journalist. So, on the journalist end another code name will pop up, and the journalist can then download the encrypted file and decrypt it. Along the way, all of the metadata and content that normally gets collected if you were to email somebody the same document is not actually there. The system doesn’t collect that. And if the source wants, they can even stay anonymous from the journalists themselves.
Kim: The use of “anonymous sources” can be point of contention in newsrooms. There are concerns that they weaken journalists’ credibility, for example. Do you hear concerns that having a system that makes it easier to be an unnamed source will actually encourage more demands for anonymity?
Timm: Absolutely. I think that’s definitely a concern when you’re talking about government officials, particularly high-level government officials, who give background briefings to reporters to basically give the administration’s public position without attaching their name to it. But I think that’s an entirely different category than whistle-blowers who are trying to expose wrongdoing and who are keeping their name anonymous so that they can protect themselves from being fired or going to jail. There are definitely two types of anonymous sources, and the former type that I mentioned is certainly a concern when we’re talking about journalism and not wanting to take government claims at face value. But to keep a source anonymous who is revealing important information that the public has the right to know, and to protect them from retribution, is definitely an important attribute of journalism and always has been.
Kim: I read that Edward Snowden’s leak of NSA (National Security Administration) files actually prompted you to make improvements to the security of your system.
Timm: Yes, absolutely. The New York Times did a huge story based on the Edward Snowden documents that talked about all the ways the NSA has tried to weaken certain encryption services over the years. Not just weaken them so they can surveil suspected terrorists, but just weaken them across the board so everybody’s communications are less secure. So, we’re made a couple changes to the architecture of the system that will hopefully make it more secure in the case of any sort of state-sponsored attack, whether it be NSA or otherwise.
Kim: About a dozen or so news organizations are planning to implement this system?
Timm: Yes, so far. Actually, everybody we asked beforehand has said yes. There’s about a half-dozen major news organizations we approached before we launched, and we will, in the coming months, we are not only offering the service as an open-source project, so everybody can download it and set it up for free, but they can also modify it in any way they wish, but we’re actually going to media organizations to help them install it, because the installation is a little complex. At the same time we’re going to train journalists on how to use it, and also just train them how to use secure communications more easily and better protect their sources, in general.
Kim: Mr. Timm thanks for talking to us.
Timm: Thank you for having me.