Freedom of the Press Foundation Launches SecureDrop, an Open-Source Submission Platform for Whistleblowers

Freedom of the Press Foundation has taken charge of the DeadDrop project, an open-source whistleblower submission system originally coded by the late transparency advocate Aaron Swartz. In the coming months, the Foundation will also provide on-site installation and technical support to news organizations that wish to run the system, which has been renamed “SecureDrop.”

By installing SecureDrop, news organizations around the world can securely accept documents from whistleblowers, while better protecting their sources’ anonymity.  Although it is important to note that no security system can ever be 100 percent impenetrable, Freedom of the Press Foundation believes that this system is the strongest ever made available to media outlets. Several major news agencies have already signed up for installations, and they will be announced in the coming weeks.

“We’ve reached a time in America when the only way the press can assure the anonymity and safety of their sources is not to know who they are,” said JP Barlow, co-founder and board member of Freedom of the Press Foundation. “SecureDrop is where real news can be slipped quietly under the door.”

Originally created by Swartz in partnership with investigative reporter Kevin Poulsen, SecureDrop is a Python application that accepts messages and documents from the web and encrypts them for secure storage. Each source who uses the platform is assigned a unique codename that lets the source establish a relationship with the news organization without having to reveal her real identity or resort to e-mail.

In addition to installation support, Freedom of the Press Foundation will provide media organizations with instruction on security best practices and long-term technical support.  Small media organizations with significant financial need may also apply to Freedom of the Press Foundation for help obtaining hardware. The New Yorker, the first news organization to use the SecureDrop code, through its StrongBox project, will continue to operate its system in partnership with the Freedom of the Press Foundation.

Freedom of the Press Foundation is hiring computer-security specialist James Dolan to help maintain the SecureDrop code, install the system for media organizations, and teach journalists about information security.  Dolan previously helped manage the New Yorker’s installation of StrongBox, the magazine’s version of SecureDrop. He also originally reviewed and hardened the security architecture before the initial launch.

“Journalists are starting to recognize that sophisticated communications security is a key element in the newsgathering process,” Freedom of the Press Foundation’s Chief Technology Officer Micah Lee said. SecureDrop is the safest way we know for an anonymous source to send information to journalists while protecting their identity.”

SecureDrop’s code has gone through a detailed security audit by a team of University of Washington researchers, led by Alexei Czeckis. Other authors of the audit include renowned security expert Bruce Schneier and Tor developer Jacob Appelbaum. Freedom of the Press Foundation has made a number of updates to SecureDrop based on these findings and will be making a significant investment in continually improving the system.  

“A truly free press hinges on the ability of investigative journalists to build trust with their sources,” Freedom of the Press Foundation Executive Director Trevor Timm said.  “The recent NSA revelations and record number of whistleblower prosecutions under the current administration have shown the grave challenges to this relationship and the lengths governments will go to undermine it.  Freedom of Press Foundation is committed ushering in a new era of security for journalists and newsrooms of all sizes.”

Freedom of the Press Foundation offers thanks to Poulsen, who developed the original project with Swartz, managed it for the first six months since it went public, and is handing over the reins. Poulsen, who serves as Wired’s investigations editor, is advising the Foundation on the transition, and will continue to serve as a journalism consultant on the project.

"The goal in creating this system was to see it implemented in newsrooms far and wide," Poulsen said. "Freedom of the Press Foundation is the perfect organization to do that."


Trevor Timm, Executive Director

Micah Lee, CTO

More information:

FAQ about Secure Drop

Secure Drop – Installation instructions

Media organization request form (for on-site installation assistance)

How We Plan On Keeping SecureDrop As Secure As Possible – Blog Post.

• Security Audit by University of Washington researchers:

Notable Replies

  1. I think you answered your own question!

  2. It's true, nobody knows. But this tool, combined with using some kind of open terminal, may help.

    If I was going to leak something, I'd do it from an internet cafe in another country.

  3. It's a start. More tools will be developed. The solution to this problem will be political and technological. The technology will come first because there are not barriers. The political is fraught with barriers but that will be defeated and I believe sooner than we think. Billions of eyes are focus on the problem. Billions of hands will fix it. Trillions of dollars are on the way too.

  4. I have to agree, but with trepidation. Given recent revelations about the NSA's technological reach, planners and programmers will certainly think more deeply about the security of their products, which will then increase the security of the end users using those products (that's a generalization, but notice how much the implementation of SSL cut down on the NSA's ability to grab address books and the like). That said, state-sponsored spying will always be difficult to defeat given the resources they can bring to bear. But we've gotta start somewhere...

Continue the discussion

8 more replies