Aaron Swartz's Inbox for Whistleblowers Is Back With an NSA-Proof Makeover

The last person to blow the whistle on the US government is now hiding for his life in Russia, branded as America's most-wanted "traitor." That doesn't bode well for other would-be sources weighing whether or not it's safe to leak sensitive, revealing information to the press. Especially considering any online service used to send that leaked information can be monitored by the government. Double especially since the leading secure email providers—including the one used by Edward Snowden himself—have since shut down after refusing to succumb to government snooping.

That's all to say there's never been a more crucial time to roll out a hyper-secure, anonymous inbox for whistleblowers and journalists to use to communicate with each other. Boom. The Freedom of the Press Foundation announced today it's launching SecureDrop, a new tool that does just that.

SecureDrop is a new-and-improved version of the DeadDrop technology created by Aaron Swartz shortly before he died, that was used to create Strongbox, the secure inbox for journalists first implemented by the New Yorker. The system was examined and improved after news of the NSA surveillance programs broke, and will now be managed by the foundation and freely available to any news organization.

In a blog post announcing the launch, the nonprofit's executive director Trevor Timm said, “The recent NSA revelations and record number of whistleblower prosecutions under the current administration have shown the grave challenges to this relationship and the lengths governments will go to undermine it."

In other words, If there's any question of how important protecting sources is for a free press, look no further than the politicians and law enforcement trying to thwart it.

After the public learned that the government could spy on all online communications, even encrypted messages, and collect and store that data, researchers from the University of Washington, security expert Bruce Schneier, and Tor developer Jacob Appelbaum reviewed the DeadDrop technology to see how safe it really was.

"DeadDrop comes at an interesting time when leaked documents are being discussed in the media," they wrote in the resulting report. "If DeadDrop takes off, it could significantly change the way that journalists and individuals communicate anonymously across the world."

They found that while the tool was "decent," there were a number of issues that needed to be addressed before it was ready for mass deployment—especially in "an ecosystem with nation-state capable adversaries" (read: government spies). They concluded, "The lack of software versioning, reliance on VPN, the errors in the installation and deployment documentation, leaking of document metadata, and lack of anonymity best practices all contribute to our reluctance."

The Freedom of the Press Foundation said it's made "a number of updates" to the system based on these findings, and will continue to work with technology experts to improve it in the weeks and months to come. It also pointed out that no product can ever be 100 percent secure and there will always be risks, but SecureBox is "significantly more secure" than anything we've got now.

The foundation has made a "significant investment" in the platform and is raising funds to support it on its website. It plans to help publications install and manage the open-source software, which is free to install and modify. (Details are available on Gihub.) The group hopes to spread the secure inbox to “newsrooms far and wide,” emphatic that the Fourth Estate can't survive if whistleblowers are afraid to speak out.