Personal Democracy Plus Our premium content network. LEARN MORE You are not logged in. LOG IN NOW >

The New Yorker Hopes "Strongbox" Is a Wiretap-Proof Sieve for Leaks

BY Miranda Neubauer | Thursday, May 16 2013

The New Yorker yesterday became the first outlet to implement DeadDrop, a new system for sources to submit information to journalists online in a more secure and anonymous way than, for example, email.

The announcement comes just a few days after the Associated Press announced it had been notified that the Justice Department subpoenaed journalists' phone records in secret, building a contact list for phone lines in offices where as many as 100 journalists were at work.

Wired Investigations Editor Kevin Poulsen writes that the project was developed with the help of the late activist and programmer Aaron Swartz, and the code is open-source for others to use. The New Yorker, which, like Wired, is owned by Conde Nast, calls its implementation "Strongbox" and has made it available for use already. Observers who develop software in newsroom say it's just another early step on the continuing path towards a 21st-century delivery system for sources to give sensitive information to journalists, and are offering ideas for improvement and highlighting challenges.

The platform is only accessible to people using Tor, software that connects a computer to a secured, anonymized network. The New Yorker says it will not record a Strongbox user's I.P. address or other information about a user's browser, computer or operating system, nor embed third-party content or deliver cookies to a user's browser. (Journalist Julia Angwin noted on Twitter that the Ghostery extension shows six trackers for the New Yorker's explanatory website on Strongbox, but Strongbox itself, says Poulsen, has no cookies.) Anyone who uses the system to submit a document receives a unique "code name" which New Yorker writers or editors can use to contact the user, and that is the only way communication between the two sides can take place. The system, Poulsen explains, is even stored on servers physically separate from the rest of the magazine's infrastructure.

But in shades of WikiLeaks — which lost its star source, Bradley Manning, despite its own technological expertise — the New Yorker also cautions that Strongbox does not offer "perfect security." If a user shares his or her codename, or if a user's computer is compromised, problems can begin, The New Yorker warns.

As response to the platform starts to trickle in, Poulsen said, the development team has already started making changes.

"Since yesterday there have been a few changes to the distribution mostly in the documentation and in the setup," he said.

There are also ongoing discussions about further improvement, he said.

"I would like there to be future iteration mechanisms to guard against a malicious attack that floods the system with false and spammy contributions," he explained, adding that the challenge in implementing that feature would be for it not to inconvenience users.

Many observers have also taken a closer look at the security of the platform, which launched just a day after another Wired article highlighted the challenges future "Deep Throats" might face if they wish to communicate safely with a journalist.

Other observers offered feedback for the Knight-Mozilla OpenNews blog Source.

Jacob Harris, New York Times software architect, called the platform "a very solid design with some very strong components." In comments to Source, he praised the use of Tor, writing that it is "an excellent development beyond the HTTPS-based approaches taken by some earlier dropboxes." But he also cautioned that Tor is not perfect and not a "magical leak safety device."

"If a leaker is foolish enough to upload a file from their work computer, it still might be possible to figure out who he or she is by noting which machine has made a massive upload through a Tor relay recently," Harris wrote. He suggested platforms like Strongbox include guidance for potential leakers.

"[Imagine] if law enforcement was able to hack into and control the machine quietly," he also wrote. "Even if prior messages were deleted, the law could request a further meet or try some other trick to solicit information from the leaker." Harris also cautioned that the success of such a system depends on both sides maintaining "perfect operational discipline," which can be an almost impossible mandate.

It's also unclear how much demand there will be for platforms like these.

"Are anonymous leakers out there and common, or was Bradley Manning a black swan?" he wrote. "As much as I find this topic interesting, I still feel that there would be many benefits reaped from making insecure leaking easier and more effective at most newspapers ... Most news orgs are more systemic about handling photo submissions and tweets than we are at handling tips, and there is likely a lot of value in tackling that problem (although it’s not as sexy)."

Jonathan Stray from the Overview Project also praised the platform for how it addressed the specific problem of "anonymous file submission."

But Stray also worried that in practice the platform does not overcome many hurdles in secure communication between sources and journalists.

"In my experience, even savvy technologists vastly overestimate the number of people who can reliably complete tasks like 'download and install this software,'" Stray wrote to Source. "Strongbox cannot help users who are too frustrated to get it working properly ... There doesn’t seem to be any usability testing yet."

Stray also noted the limitations of the two-way communications system, remarking that "dead-drop messaging is a terrible way to work on deadline," but warned that switching to any other communications system would then void the security. In addition, he pointed out that metadata that might be contained in submitted documents could inadvertently reveal compromising information, especially if journalists or sources don't know to look for it.

Mike Tigas, OpenNews Fellow at Pro Publica, also praised the platform but questioned its usability. "Even with the Tor Browser Bundle (as easy as 'download, unzip, and run program,' no need to install anything), the usability of Tor leaves much to be desired unless you’re someone with something to hide," he wrote. "Security nerds will debate whether this is bulletproof or not—but what is, in this day and age? ... This tool, if used at all, is far more secure than the existing state of affairs for anonymous sources."

News Briefs

RSS Feed tuesday >

With Vision of Internet Magna Carta, Web We Want Campaign Aims To Go Beyond Protest Mode

On Saturday, Tim Berners-Lee reiterated his call for an Internet Magna Carta to ensure the independence and openness of the World Wide Web and protection of user privacy. His remarks were part of the opening of the Web We Want Festival at the Southbank Centre in London, which the Web We Want campaign envisioned as only the start of a year long international process underlying his call to formulate concrete visions for the open web of the future, going beyond protests and the usual advocacy groups. GO

First POST: Lifestyles

Google's CEO on "work-life balance"; how CloudFlare just doubled the size of the encrypted web; Dems like Twitter; Reps like Pinterest; and much, much more. GO

monday >

First POST: Showdown

How demonstrators in Hong Kong are using mobile tech to route around government control; will the news penetrate mainland China?; dueling spin from Dems and Reps on which party's tech efforts will matter more in November; and much, much more. GO

friday >

Pirate MEP Crowdsources Internet Policy Questions For Designated EU Commissioners

While the Pirate Party within Germany was facing internal disputes over the last week, the German Pirate Party member in the European Parliament, Julia Reda, is seeking to make the European Commission appointment process more transparent by crowdsourcing questions for the designated Commissioner for Digital Economy & Society and the designated Vice President for the Digital Single Market. GO

First POST: Dogfood

What ethical social networking might look like; can the iPhone promise more privacy?; how Obama did on transparency; and much, much more. GO

thursday >

First POST: Sucks

How the FCC can't communicate; tech is getting more political; Facebook might see a lawsuit for its mood manipulation experiment; and much, much more. GO

wednesday >

First POST: Wartime

A bizarre online marketing effort targets actress Emma Watson; why the news media needs to defend the privacy of its online readers; Chicago's playbook for civic user testing; and much, much more. GO

More