This is my first attempt to advocate for SecureDrop. To explain why it is necessary and what makes it unique. I hesitated to post it because it is a little embarrassing. My interest is very recent and I’m convinced someone with more experience will find what I wrote either naive or a little ridiculous. But this is part of my learning curve and I should not be ashamed about it.
With that disclaimer, enjoy
European directives and national laws offer protection to whistleblowers, under certain conditions. If they act in the interest of the public when they publish secret information, no charges will be brought against them. At least that’s the ideal goal everyone agrees to in theory. The reality is different and in the past few years the legal landscape shifted significantly. It has been the subject of much debate, laws passed and the courts ruling can hardly be predicted.
However, when it comes to national security, whistleblowing is something entirely different. It does not matter if the whistleblower acts in good faith. It does not matter if an intelligence agency acts outside of the law. When secret documents involving national security are leaked, there can be no trial, the judge has no option but to declare the whistleblower guilty, the legal system is blocked. The legislator feels so powerless that the reform of the whistleblower protection European directive in preparation before Ed. Snowden revelations did not even address the issue.
Years later the situation did not improve and the whistleblowers must act outside of the legal system and protect themselves. They are in a very precarious situation, trying to outrun the authorities of their country. Using makeup and a wig to change their appearance is relatively easy. Evading digital surveillance is much more difficult and the tools we use every day are not enough. Even platforms dedicated to whistleblowers fighting corruption are too fragile. They are designed for ease of use and offer many functionalities, necessary for day to day use within the institutions they serve.
There is an urgent need for a software tool designed to provide the best protection technology can offer to whistleblowers acting in good faith when they are tracked by the full resources of a nation. At least until the law evolves and makes it redundant, which could take a few years. Such a software is not convenient to use because it maximizes security. But the sources of a journalist will only use it once in a lifetime and convenience is not their primary concern. And the same is true for most journalists.
Without the best possible software to protect potential whistleblowers, government agencies acting outside of the law have a better chance to remain hidden behind the protection of national security.
Thanks Loic, but I’m not sure that securedrop’s threat model should focus on “intelligence & government agencies” : they can, for sure, be part of a whistleblower’s threat model, but most of them are mainly willing to be able to send documents to journalists without fearing being identified by their (public or private) employers.
Ed Snowden or Chelsea Manning are the exceptions, not the rule. Besides, as TOR is used by whistleblowers, but also and presumably by LEA, intel or gov employees (for their jobs), I’m not sure that securedrop should focus on a sole or particular threat model, but onseveral ones, as whistleblowers can be targeted, not only by their employers, but also by private security & surveillance, contractors, rogue states, etc. See https://www.torproject.org/about/torusers.html.en
I’m glad you disagree because that’s exactly the point I’m trying to make. In my humble opinion you need two different software (two different workflow really because it does not rely on a single piece of software) to address these two different threat models. It seems unlikely that a software addressing a threat model where the adversary is the “intelligence & government agencies” can also provide the features desired when they are not the adversary.
Maybe there should be a NotSoSecureButEasierToUseDrop But I believe this is already available with specialized solutions. And it could probably be implemented with best practices based on robust and widely spread software instead of more fragile specialized software.
well… sort of, as SecureDrop does not present itself as a software addressing a threat model where the adversary is the “intelligence & government agencies” (and does not even mention intelligence nor government agencies), but as “an open-source whistleblower submission system that media organizations can install to accept documents from anonymous sources” : https://securedrop.org/faq#what_is
That’s also why I tend to think that SD should, as Tor does, mention the entire scope of threat models, and not a particular one, and… especially not only this intel/gov’s threat model, as this is not the sole problem whistleblowers (nor journalists) face, but also because I don’t think, in terms of goals to address, as in strategic communications, this is the proper road to follow.
There are, for sure, other ways to send files, anonymously, to journalists. But PEBCAK : SD should elevate the cost of surveillance, and try to learn to people the best way(s) to achieve this goal.
Hum, that’s a fair point. And maybe I’m mistaken about the intended SecureDrop audience. I’m sure @conorsch or @redshiftzero will have an authoritative answer on that topic
Everything a journalist does is subject to government scrutiny. Which doesn’t sound so bad, but then there is no journalism. What it kept in check, is then free to reign.
As long as there is a means of communication, the battle is over who is in control of it. “Software” is no more the solution than it is the problem, more or less so than an eroded judicial system is. Free software keeps things honest because everyone gets to play on what amounts to a more equal playing-field.
As a foundation, the Internet, upon the standards that popularized it, serves as a tugging rope between shifting positions, but polar opposites.
But I believe this is already available with specialized solutions. And it could probably be implemented with best practices based on robust and widely spread software instead of more fragile specialized software.