[LINK] StrongBox / SecureDrop / DeadDrop

Roger Clarke Roger.Clarke at xamax.com.au
Sun Nov 17 12:18:49 AEDT 2013 

>
>            CRYPTO-GRAM
>
>          November 15, 2013
>
<http://www.schneier.com/crypto-gram-1311.html>. These same essays 
and news items appear in the "Schneier on Security" blog at 
<http://www.schneier.com/blog>, along with a lively and intelligent 
comment section. An RSS feed is available.
...
>** *** ***** ******* *********** *************
>
>      SecureDrop
>
>SecureDrop is an open-source whistleblower support system, 
>originally written by Aaron Swartz and now run by the Freedom of the 
>Press Foundation.  The first instance of this system was named 
>StrongBox and is being run by "The New Yorker."  To further add to 
>the naming confusion, Aaron Swartz called the system DeadDrop when 
>he wrote the code.
>
>I participated in a detailed security audit of the StrongBox 
>implementation, along with some great researchers from the 
>University of Washington and Jake Applebaum.  The problems we found 
>were largely procedural, and things that the Freedom of the Press 
>Foundation are working to fix.
>
>Freedom of the Press Foundation is not running any instances of 
>SecureDrop.  It has about a half dozen major news organization lined 
>up, and will be helping them install their own starting the first 
>week of November.  So hopefully any would-be whistleblowers will 
>soon have their choice of news organizations to securely communicate 
>with.
>
>Strong technical whistleblower protection is essential, especially 
>given President Obama's war on whistleblowers. I hope this system is 
>broadly implemented and extensively used.
>
>SecureDrop:
>https://pressfreedomfoundation.org/securedrop
>https://pressfreedomfoundation.org/blog/2013/10/freedom-press-foundation-launches-securedrop 
>or http://tinyurl.com/mujzg8j
>
>StrongBox:
>http://www.newyorker.com/strongbox/
>
>DeadDrop:
>http://deaddrop.github.io/
>
>Our security audit:
>http://homes.cs.washington.edu/~aczeskis/research/pubs/UW-CSE-13-08-02.PDF 
>or http://tinyurl.com/prf7rxv
>
>Obama's war on whistleblowers:
>http://www.motherjones.com/politics/2012/06/obamas-whistleblowers-stuxnet-leaks-drones 
>or http://tinyurl.com/buqm984
>http://www.techdirt.com/articles/20130722/01430523882/architect-obamas-war-whistleblowers-its-good-to-hang-admiral-once-while-as-example.shtml 
>or http://tinyurl.com/lz28uwl
>https://www.cpj.org/reports/2013/10/obama-and-the-press-us-leaks-surveillance-post-911.php 
>or http://tinyurl.com/l3vx8k5
>
>The US government sets up secure indoor tents for the president and 
>other officials to deal with classified material while traveling 
>abroad.
>http://www.theage.com.au/world/barack-obamas-portable-secrecy-tent-some-assembly-required-20131111-2xb0l.html
>
>** *** ***** ******* *********** *************

-- 
Roger Clarke                                 http://www.rogerclarke.com/

Xamax Consultancy Pty Ltd      78 Sidaway St, Chapman ACT 2611 AUSTRALIA
Tel: +61 2 6288 6916                        http://about.me/roger.clarke
mailto:Roger.Clarke at xamax.com.au                http://www.xamax.com.au/

Visiting Professor in the Faculty of Law            University of N.S.W.
Visiting Professor in Computer Science    Australian National University

More information about the Link mailing list