With the US government collecting worldwide communications and monitoring journalists’ phone calls, making an anonymous disclosure of wrongdoing has become extraordinarily difficult. But, it’s a worthwhile effort because going public with disclosures can have very negative consequences, especially for whistleblowers who hold security clearances.
For some whistleblowers, it may be safest to contact journalists or whistleblower organizations in person, but that is not always feasible. Making disclosures online is more convenient but more difficult to make secure. The Freedom of the Press Foundation has taken up that challenge by adopting a project called DeadDrop, renaming it SecureDrop. The Foundation, co-founded by the renowned whistleblower Daniel Ellsberg, describes SecureDrop as follows.
Originally created by Swartz in partnership with investigative reporter Kevin Poulsen, SecureDrop is a Python application that accepts messages and documents from the web and encrypts them for secure storage. Each source who uses the platform is assigned a unique codename that lets the source establish a relationship with the news organization without having to reveal her real identity or resort to e-mail.
Today, there are many websites offering to accept disclosures, but all are not equal when it comes to protecting the discloser’s anonymity. It’s important therefore to proceed cautiously, assessing the security of the website, researching the track record of the organization, and identifying potential conflicts of interest. Also, one should have a Plan B ready to implement if one’s identity is disclosed.
More information about SecureDrop is available here.