Hey whistleblowers

GOOD TECH ISSUE: We want your leaks!

|
(6)
Guardian illustration by Matthew Fleming

rebecca@sfbg.com

The San Francisco Bay Guardian newsroom is tapping some high-tech tools to continue its journalistic mission.

Working in partnership with a group of technologists who dislike government corruption just as much as we do, we're launching a new web-based system to enable sources to anonymously submit documents directly to our news staff.

The system offers better safeguards for protecting sources' identities than conventional email can offer.

Powered by a software system called SecureDrop, the system is designed to protect the identities of whistleblowers if they wish to share information without fear of retaliation.

If the documents we receive contain newsworthy information that can be independently verified, we'll use it as the basis for our reporting.

Since this is an experiment, we have no idea what will land in our SecureDrop folder — but it creates the potential for us to partner with sources in breaking significant news items.

The SecureDrop program originated with the late Aaron Swartz, who developed it in collaboration with Wired Editor Kevin Poulson. Swartz was an Internet activist and programmer known for hashing out inventive ways to fight corruption and promote transparency. He's remembered, among other things, for cofounding Reddit, the online news site; and for founding Demand Progress, an online activism group known for its 2012 campaign against the Stop Online Piracy Act.

Now, SecureDrop is managed by the Freedom of the Press Foundation, a nonprofit organization founded in 2012 that is "dedicated to helping support and defend public-interest journalism focused on exposing mismanagement, corruption, and law-breaking in government."

Files submitted to the Guardian through the SecureDrop system will remain encrypted until they are securely downloaded. This means there's no way for a third party to view their contents and trace them back to the sender.

Sources' actual identities will never be revealed, and they'll be identified to our news staff only through randomly generated code names.

Of course, whistleblowers desiring to keep their identities unknown always have the option of putting some documents into an unmarked envelope and dropping it in the mail.

But by submitting documents through SecureDrop, sources will have the ability to send high volumes of information that would be logistically difficult to print out or send. The program also enables sources to communicate with journalists in real time without revealing their actual identities.

Stay tuned. In coming weeks, the Guardian will publish a clip-out guide with instructions on how to submit documents to our news staff using SecureDrop. Sending encrypted files to journalists begins with downloading the Tor Browser Bundle, a system that makes online activity invisible to third parties.

Comments

Rebecca,

It's really great that the Guardian has adopted SecureDrop. but I'm curious how much use it is likely to get. I can't think of too many stories published in your publication in recent years that relied on the kind of information that would likely trigger the kind've leak investigation to root out sources using even a modicum of security to hide their identity.

It'd be great if the Guardian could publish an update in a couple months with some information about how the service is being used.

Posted by Josh Wolf on Jan. 26, 2014 @ 4:19 pm

Please protect this landing/informational page with HTTPS/SSL. Otherwise traffic can be intercepted and a potential source identified.

Posted by Kevin on Feb. 28, 2014 @ 7:19 pm

Please protect this landing/informational page with HTTPS/SSL. Otherwise traffic can be intercepted and a potential source identified.

Posted by Kevin on Feb. 28, 2014 @ 7:20 pm

Please protect this landing/informational page with HTTPS/SSL. Otherwise traffic can be intercepted and a potential source identified.

Posted by Kevin on Feb. 28, 2014 @ 7:20 pm

Please protect this landing/informational page with HTTPS/SSL. Otherwise traffic can be intercepted and potential sources identified.

Posted by Kevin on Feb. 28, 2014 @ 7:21 pm

It's vitally important that all this anonymous trolling be done over secure sockets.

Posted by Guest on Feb. 28, 2014 @ 8:15 pm

Post new comment

The content of this field is kept private and will not be shown publicly.

Related articles

  • Judging hackers

    GOOD TECH ISSUE: Social Good Hackathon wants nerds, Luddites...and even the Guardian

  • Seeking technology and economic/social justice columnists

  • Positive starts

    GOOD TECH ISSUE Toward a more holistic integration of technology into Bay Area life