Today The Global Mail introduces a new, secure way for sources to work with our journalists to expose wrongdoing. The TGM Vault is powered by SecureDrop, “an open-source whistleblower submission system”, managed by Freedom of the Press Foundation. The Vault is a discreet, private place to share information the public has a right to know about; think of it as the digital age equivalent of the parking garage where Bob Woodward met Deep Throat. It’s the most sophisticated of many ways sources can communicate with The Global Mail.
The SecureDrop system is also behind both The New Yorker’s Strongbox and Forbes’ SafeSource. It’s a powerful encryption network that allows media organisations to securely accept documents from anonymous sources. We are proud to be the third media organisation – and the first outside the US – to incorporate this critical tool.
The code for SecureDrop was originally written by the late Aaron Swartz, a 26-year-old computer programmer and open-government activist who – facing prosecution for downloading paywalled academic research articles – committed suicide a year ago today, January 11, 2013. In creating SecureDrop, Swartz was assisted by Wired editor Kevin Poulsen and security expert James Dolan, who has continued to refine the program’s code with the Freedom of the Press Foundation. The Foundation continually audits and tests SecureDrop’s security.
The Freedom of the Press Foundation exists to defend and support “aggressive, public-interest journalism focused on exposing mismanagement, corruption, and law-breaking in government”.
Such stop-the-rot journalism makes a difference; some stories – think Pentagon Papers, WikiLeaks cables, the Abu Ghraib prison photos, Edward Snowden’s NSA surveillance revelations – change the world’s power dynamics.
Such stories come to light when people inside corporations, governments or other powerful groups help journalists expose how the system was breaking down. Courageous sources get evidence to journalists about stories large and small. At TGM we’re committed to protecting our sources, keeping them safe and their identities unknown.
So the TGM SecureDrop Vault is a new channel for receiving information, which allows us to leverage the power of the internet for the public’s interest.
This is new technology, but not a new concern for democracy. The ancient Greeks had a term, parrhesia, often crudely translated as “free speech”. But the 20th century French intellectual Michel Foucault explained it as:
“To say everything – from pan (everything) and rhema (that which is said).”
At The Global Mail, we believe this freedom should hold for modern societies as well. Too often though, present-day parrhesiastes are threatened by the powers that be.
That’s why we’ve set up TGM’s SecureDrop Vault.
The Global Mail has reported on the warrantless surveillance now routinely carried out on Australians, and investigative journalist Ross Coulthart has described for us how whistleblowers and journalists alike must be careful to protect the source of any information. The vault isn’t the only way to communicate with The Global Mail without jeopardising your privacy or anonymity; we have published some guidelines to help you identify the channel that fits your circumstances.
Why TGM and FPF Are Doing This
Neither source nor journalist can expect information about our phones or emails to be private any longer. It’s increasingly difficult to find a truly anonymous email address or cell phone. More importantly, third-party phone providers store all sorts of identifying metadata, sometimes for years, and email providers do the same plus also store the content of your emails. Sources have increasingly been prosecuted in recent years because these third-party email and phone providers can hand over all this information to the government without a media organization finding out until it’s too late.
Worse, even when email providers do not hand data over to the government, the recent NSA revelations have shown, intelligence agencies have attempted to tap the data streams and directly access message content.
The Freedom of the Press Foundation, launched just over a year ago, was originally inspired by the financial blockade of WikiLeaks – when Visa, MasterCard and PayPal buckled to government pressure, to financially censor WikiLeaks for publishing what it considered damaging information.
“What happened with WikiLeaks was terribly unjustand we wanted to make sure that couldn’t happen to another organisation in the future,” says Foundation executive director Trevor Timm. “Since then there have been a lot of other press-freedom issues that have bubbled up on the internet as well.”
Since it began the Foundation has crowd-sourced donations and used them in various ways to enhance transparency: to hire court stenographers for the Chelsea Manning trial (allowing the shut-out media transcripts from which they could report the proceedings); to help fund independent investigative journalism (including TGM partner the International Consortium of Investigative Journalists); and to support encryption and security initiatives .
“In 2014 our big mission is digital security around journalism, and talking to sources and trying to create a systematic training program for journalists to learn how to use encryption tools so their emails and phone records aren't subpoenaed by prosecutors and their sources don't end up in jail,” Timm says.
“Our goal is to have [SecureDrop] in a dozen or two dozen major news organisations in the next year,” says Timm, calling TGM “exactly the type of model we like to see and support”.
As surveillance by governments – including that of Australia, where The Global Mail is based – becomes wider-reaching, citizens’ ability to speak freely without taking on personal risk is more important than ever.
“It's clear this is a way for sources to get their information into journalists,” Timm says, “and given that the climate of surveillance is so intense at the moment, we hope [SecureDrop will be] a small way of tilting the scales back towards journalists being able to talk to sources without worry that the source or the journalist will be prosecuted.”
How the TGM SecureDrop Vault Works
SecureDrop works like this: Say you have evidence of wrongdoing committed by corporations, government, or other organisations. You can begin the secure whistleblower process by using Tor, an internet browser that masks your IP address, allowing you to keep your location and identity anonymous. (So, as you will see from our step-by-step instructions, your first step will be to download Tor, for free.)
After you upload the file it will be encrypted and stored on the TGM SecureDrop Vault server until our journalists download and decrypt it. TGM SecureDrop Vault does not log any identifying metadata and both journalists and sources are encouraged to regularly delete messages, so there won’t be any trail left behind even if someone wants to find it.
If we find evidence that we can act on, we’ll initiate an investigation into what we’ve seen. Importantly, the TGM SecureDrop Vault also allows us to maintain communication with the original sender, to verify the information or otherwise follow up.
While no system can provide perfect security, all these added layers make SecureDrop much more secure than the channels we normally use to communicate digitally, if also less convenient. SecureDrop aims for ease of use; it is still decidedly more involved than sending an e-mail – but in some cases it’s worth the extra effort.
Check it out here.