The New Yorker | The Washington Post | The New York Times | Wired | Guardian | All Things D
The New Yorker on Tuesday introduced its new, anonymous electronic tip tool Strongbox, coincidentally on the heels of renewed concerns over privacy for journalists’ sources following revelations of Department of Justice surveillance of AP staffers (which The Washington Post’s Timothy B. Lee notes is “likely perfectly legal”)
The Strongbox site ostensibly allows people to submit letters, documents, emails or any other files to the New Yorker anonymously. It was developed in conjunction with Wired investigations editor Kevin Poulsen and the late Web activist and developer Aaron Swartz, who hanged himself in January after facing charges of wire fraud and computer fraud. Poulsen, whose publication also is owned by New Yorker parent Conde Nast, wrote about Swartz’s involvement, and why Strongbox was a necessity.
There’s a growing technology gap: phone records, e-mail, computer forensics, and outright hacking are valuable weapons for anyone looking to identify a journalist’s source. With some exceptions, the press has done little to keep pace: our information-security efforts tend to gravitate toward the parts of our infrastructure that accept credit cards.
New Yorker senior editor Amy Davidson said Strongbox offers sources “a reasonable amount of anonymity,” and noted the site’s code, called DeadDrop, was open source. Archives editor Joshua Rothman also wrote about the magazine’s history of investigative journalism, and how it can benefit from Strongbox.
Nicholas Weaver wrote Tuesday for Wired about just how difficult it is to maintain anonymity in the electronic age.
With the recent revelation that the Department of Justice under the Obama administration secretly obtained phone records for Associated Press journalists — and previous subpoenas by the Bush administration targeting the Washington Post and New York Times — it is clear that whether Democrat or Republican, we now live in a surveillance dystopia beyond Orwell’s Big Brother vision. Even privately collected data isn’t immune, and some highly sensitive data is particularly vulnerable thanks to the Third Party Doctrine.
The Wall Street Journal in 2011 introduced a similar tool, called SafeHouse, which was inspired by WikiLeaks. Almost immediately, it came under fire for a lack of security and “should not have been launched” when it was, according to the Guardian:
“These are technical issues that only technical experts will notice,” said Rik Ferguson, a security analyst at Trend Micro. “But given the kind of data that the Journal will hope to get from this, if I [was a whistleblower] there would absolutely be enough for me not to choose that site to upload to.
All Things D’s Peter Kafka, who also noted SafeHouse’s apparent shortcomings, admitted he had “zero ability to judge the relative security of the New Yorker’s box,” but wrote Poulsen sees the AP’s issues with the DOJ as a clear indication the product is needed.
The New Yorker had planned on introducing Strongbox last month, but delayed it for technical tweaks. But the last week’s revelations about the federal government’s surveillance of the Associated Press helps illustrate the need for the tech, says Poulsen.
“We see governments around the world putting a lot of resources into tracking journalistic sources,” he says. “So far, technology has been an ally not of journalists but the government.”