[Infowarrior] - New Yorker reveals Aaron Swartz-inspired system to protect sources

[Richard Forno]

http://www.ft.com/cms/s/0/390e684a-bd7d-11e2-890a-00144feab7de.html

New Yorker reveals Aaron Swartz-inspired system to protect sources

By Andrew Edgecliffe-Johnson in New York

Four decades after Deep Throat met Bob Woodward in a Washington parking garage, news organisations are scrambling to find ways to protect their confidential sources in the digital age as they push back against government attempts to identify whistleblowers.

On Wednesday, the New Yorker unveiled a nine-step process for sources to send documents and messages to the Condé Nast-owned magazine, saying the system could offer them “a reasonable degree of anonymity”. Called Strongbox, it involves the use of multiple computers, thumb drives, encryption codes and secure networks.

The launch came two days after the Associated Press news agency revealed that the Department of Justice had secretly obtained two months’ worth of reporters’ office, mobile and home phone records as part of a leak inquiry.

The AP has accused the DoJ of “serious interference” with constitutionally guaranteed press freedoms, and the revelations have triggered a storm of protest from news outlets alarmed by the government’s clampdown on leaks.

Six serving or former government officials have been prosecuted over leaks during President Barack Obama’s time in office, more than in any other administration. Bradley Manning, a US army private, has admitted to providing classified military and diplomatic information to WikiLeaks, the website behind the biggest such leak in US history.

The timing of Strongbox’s launch was coincidental, said Nicholas Thompson, editor of newyorker.com, but he added: “It’s an extraordinary week to launch this.”

The project was started by Aaron Swartz, the internet activist who committed suicide earlier this year, and Kevin Poulsen of Wired, another of Condé Nast’s magazines. They designed Strongbox using open source software, Mr Thompson said, to encourage developers to be able to continue strengthening its security code.

Mr Thompson said the system had been designed to be complex to use, which may deter some sources, but that this was necessary to ensure security. “It takes a lot of steps to make it really hard to hack into this. Hackers are clever people. We’ll see what happens.”

Other news organisations have tried to devise similar efforts through which to communicate with confidential sources, such as SafeHouse, launched by the Wall Street Journal in 2011. Some have struggled with the technology involved, however.

Users of Strongbox start by accessing a secure network, upload files using a randomly generated code name and send them in encrypted form to a server held separately from the rest of the Condé Nast network.

New Yorker editors then check the server using a laptop with a virtual private network connection, download encrypted files to a thumb drive, boot up a second laptop without an internet connection and decrypt the files over a second thumb drive.


---
Just because i'm near the punchbowl doesn't mean I'm also drinking from it.