Deploying SecureDrop in the Netherlands



If SecureDrop was to be deployed for a media organization, are there legal aspects to consider ? Is the newsroom of a Dutch media a good idea ? Or should the app/mon servers be hidden somewhere intsead ?



We’d be better off asking the question to a lawyer from there.
As far a I know, the Grand Chamber Judgment “Sanoma Uitgers v. The Netherlands” has pushed the Netherlands towards implemeting sound protection for journalist sources, so media newsroom should be a safe place for hiding a server.

If this project becomes more specific, we might ask a contact of mine (the lawyer who brought the case before the Court and works for most media outlets out there) for advice as the process plays out



Lawyer(s) must be asked, preferably by the media organisations in question. Once in a while a media organization will be confronted with the opinion that they’re not a media organization (because of structure, public, size, …), so this will remain something to be decided by the media orga in question whether they want to disclose the location and if they think that the newsroom is an appropriate location. Also: don’t forget that the ‘verschoningsrecht’ isn’t absolute, see Van den Biggelaar (1996). Sanoma has had a case already (Autoweek) that they won, but that helps only so much afterwards :wink: Jean-Philippe: whom were you thinking of?


Right. What we need is a rationale, with legal basis and opinions from sysadmins with previous experience managing servers that received classified information in the past, in the Netherlands or in Europe. I fully expect this rationale won’t be perfect the first time around. But it will be better than no rationale at all. And it will help news organizations decide where and how to host SecureDrop.