The presentation discusses the implementation of SecureDrop, an open-source whistleblower submission system, by the New York Times and its efforts to ensure security and anonymity for sources.
- SecureDrop is an open-source whistleblower submission system used by the New York Times
- The New York Times conducted a security audit of SecureDrop and made contributions to improve its security
- The goal is to ensure security and anonymity for sources submitting information
- Operational measures are taken to reduce risk, such as deleting files after download
- End-to-end encryption for file uploads is being developed
The New York Times conducted a security audit of SecureDrop and made contributions to improve its security. They reached out to the developers of SecureDrop and funded a code review by Leviathan Security. The findings were shared with the developers and the necessary fixes were submitted and accepted into the main branch. The New York Times also worked with the developers to set up a prototype for end-to-end encryption for file uploads.
Here’s the use case. You learn of a problem with a government system or some technology, and you want to do the right thing. You want to get the information into the right hands, but you’d be more comfortable sharing if you knew you couldn’t be identified as the messenger of the problem. Sound familiar?
This very problem has been the subject of a years-long conversation in the space between government and independent security research. The goal is to create a sturdy, anonymous system for hackers and researchers that shares your tip directly with the part of government that needs to know, and keeps you out of the equation. This is your chance to be part of the conversation. Join The Dark Tangent, the NYT’s Runa Sandvik, Leviathan’s Corbin Souffrant, SOFWERX and The Donovan Groups Pablo Breuer, the ACLU’s Jennifer Granick and the DHS CISA Christopher Krebs and have your voice heard.