Google Strongbox DeadDrop,and SecureDrop Thwarting Big Brother | Truth Lies Deception and Coverups - Democracy Under Fire


Strongbox DeadDrop,and SecureDrop Thwarting Big Brother

Strongbox, DeadDrop, and SecureDrop 

Thwarting Big Brother

New Zealand Media and Whistle Blowers - Take Note

On 15 May 2013 The New Yorker revealed what hacktivist Aaron Swartz was building before his untimely death: an encrypted dead drop system that would allow whistleblowers to leak documents to journalists without fear of exposing their identity. The New Yorker launched its own implementation, Strongbox so people could send messages and documents to the magazine anonymously in a more secure fashion.   This was done because the US Justice Department had been spying on AP reporter's phone records, and persecuting and prosecuting reporters and their sources.

Strongbox was based on DeadDrop - a secure online communication program - a legacy from the late Aaron Swartz and Wired's Kevin Poulsen.

Aaron Swartz had been working on an ambitious project prior to his death: an encrypted dead drop system that could receive and protect files from anonymous sources. Wired editor Kevin Poulsen, who met Swartz when his site Reddit was sold to Condé Nast (which owns both Wired and The New Yorker), had asked him to help design a secure and anonymous inbox for investigative reporting. 

Over the course of a year, Poulsen and Swartz worked out the system with help from security expert James Dolan, creating a stable version by December 2012.

The idea behind SecureDrop / 
DeadDrop and Strongbox is essentially a secure dropbox which uses various protocols that will make messages harder to trace. To connect to it, a source must use the TOR anonymization network. From there, they can upload a file and receive an randomly generated code name in return. Files will be encrypted and sent to a server separate from the rest of Condé Nast's network, and editors must take a number of security precautions — including decrypting the files themselves on a separate computer not connected to the internet — in order to view them. Further communication uses the code name.

Unless a source chooses to identify themselves, even the reporters won't know who they are, and unlike with an email from a throwaway account, there's no Google or Yahoo to subpoena. Strongbox is used only by The New Yorker, but the underlying code, known as DeadDrop, is available under an open source license on GitHub.

The Freedom of the Press Foundation has announced it will be taking over the DeadDrop system, renaming it SecureDropIt has hired computer security expert James Dolan full-time to maintain the code, help media organizations install the software, and teach them how to use it well. The organization plans to address "virtually all" of the recommendations made by the University of Washington security researchers, and says it's already addressed a number of specific issues that were pointed out. While the Freedom of the Press Foundation indicates that SecureDrop isn't 100 percent secure, the organization says that it's the safest method for communicating with anonymous sources yet, and hopes to make it safer still.

Aaron Swartz

You may find part of the history of Aaron Swartz - one of the developer's of DeadDrop (the basis of SecureDrop and StrongBox) of interest.

Aaron Hillel Swartz (November 8, 1986 – January 11, 2013) was an American computer
programmer, writer, political organizer and Internet activist. He developed the site Working with Web inventor Tim Berners-Lee at MIT, he helped develop and popularize standards for sharing data on the Web. He also coauthored the RSS 1.0 specification, now widely used for publishing news stories. Swartz was also involved in the development of the organization Creative Commons, the website framework and the social news site Reddit. Swartz became an equal partner in Reddit after its merger with his company, Infogami.

In 2009, wanting to learn about effective activism, he helped launch the Progressive Change Campaign Committee. In 2010, he became a research fellow at Harvard University’s Safra Research Lab on Institutional Corruption, directed by Lawrence Lessig.
His later work focused on sociology, civic awareness and activism.

In 2010, Swartz co-founded Demand Progress, a political advocacy group that organizes people online to “take action by contacting Congress and other leaders, funding pressure tactics, and spreading the word” about civil liberties, government reform, and other issues. It launched the campaign against the Internet censorship bills Stop Online Piracy Act  (SOPA) and the PROTECT IP Act (PIPA) Acts. These Acts would have made it easier for the U.S. government to shut down web sites accused of violating copyright and would have placed intolerable burdens on Internet providers. Demand Progress reached over a million members.

In 2011–2012, Swartz and Kevin Poulsen designed Strongbox, a system that allows

anonymous informants to send electronic documents to reporters at The New Yorker without fear of disclosure. It was introduced in 2013. Strongbox and SecureDrop are based on DeadDrop - an encrypted dead drop system that would allow whistleblowers to leak documents to journalists without fear of exposing their identity.

On January 6, 2011, Swartz was arrested by MIT police on state breaking-and-entering charges, after systematically downloading academic journal articles from JSTOR.  According to state and federal authorities, Swartz used JSTOR, a digital repository, to download a large number of academic journal articles through MIT’s computer network over the course of a few weeks in late 2010 and early 2011. At the time, Swartz was a research fellow at Harvard University, which provided him with a JSTOR account. Visitors to MIT’s "open campus" were authorized to access JSTOR through its network.

US Federal prosecutors later charged him with two counts of wire fraud and 11 violations of the Computer Fraud and Abuse Act, carrying a cumulative maximum penalty of $1 million in fines, 35 years in prison, asset forfeiture, restitution and supervised release.

JSTOR's lawyer, former U.S. Attorney for Manhattan Mary Jo White, had asked the lead prosecutor to drop the charges.
MIT remained involved in the federal case against Swartz.

Slate technology columnist Farhad Manjoo wrote that "If MIT truly wants to atone for joining the federal case against Swartz ... it should pledge to spend its money, prestige, and moral authority to launch a multiuniversity campaign to free every scholarly article from behind paywall archives like JSTOR."

On September 12, 2012, federal prosecutors filed a superseding indictment adding nine more felony counts, which increased Swartz's maximum criminal exposure to 50 years of imprisonment and $1 million in fines

Two years later, two days after the prosecution denied his lawyer's second request for a plea deal, Swartz was found dead in his Brooklyn, New York apartment, where he had hanged himself.

After his death, federal prosecutors dropped the charges.

Speaking at his son's funeral, Robert Swartz said, 

"[Aaron] was killed by the government, and MIT betrayed all of its basic principles."

The Huffington Post reported that "[US Attorney Carmen] Ortiz has faced significant backlash for pursuing the case against Swartz, including a petition to the White House to have her fired." Other news outlets reported similarly.

After Swartz's death, more than 50,000 people signed an online petition  to the White House calling for the removal of U.S. Attorney Carmen Ortiz, "for overreach in the case of Aaron Swartz." A similar petition was submitted calling for prosecutor Stephen Heymann's firing.

On January 13, 2013, members of Anonymous hacked two websites on the MIT domain, replacing them with tributes to Swartz that called on members of the Internet community to use his death as a rallying moment for the open access movement. The banner included a

list of demands for improvements in the U.S. copyright system, along with Swartz's Guerilla Open Access Manifesto.

In June 2013, Swartz was posthumously inducted into the Internet Hall of Fame.

In 2013, Aaron Swartz was posthumously awarded the American Library Association’s James Madison Award for being an "outspoken advocate for public participation in government and unrestricted access to peer-reviewed scholarly articles."

In March, the editor and editorial board of the Journal of Library Administration resigned en masse, citing a dispute with the journal’s publisher. One board member wrote of a "crisis of conscience about publishing in a journal that was not open access" after the death of Aaron Swartz. published 4 items of note regarding Aaron Swartz persecution and prosecution from the 104 pages released to Kevin Poulsen under a Freedom of Information Act inquiry:

1. The government seemed to be interested in Swartz due to his involvement in the "Guerilla Open Access Manifesto," which they used to establish some sort of malicious intent on Swartz's part (a copy of which is at the end of this post). But, you will see from the link to the text of Aaron's "manifesto" at the end of this post - that this was the belief system of an idealist with the public interest at heart; and,

2. In response to downloading JSTOR files off of MIT computers, after JSTOR decided not to press charges; in addition to having his home, storage units, and office raided, Swartz had 12 appearances in Middlesex Superior, Boston Federal, and Cambridge District Courts on his record over the course of 2011, sometimes being required to make multiple appearances on the same day; and,

3. The documents list pages of lists of property confiscated from him for the minor JSTOR charge (charges JSTOR dropped); and,

4. A heavily redacted interview with a good friend which reveled that he considered open access a human rights issue.

Aaron Swartz 
Open Access Guerilla Manifesto

In 2002, Swartz had stated that when he died he wanted all the contents of his hard drives made publicly available. A long-time supporter of Open Access, Swartz wrote what he called his Open Access Guerilla Manifesto...

It is a simple document which records his heart-felt belief that it is a human right to have open access to knowledge.

The full text is here:

But, this pretty well summarizes his thoughts:

"The world’s entire scientific ... heritage ... is increasingly being digitized and locked up by a handful of private corporations....

The Open Access Movement has fought valiantly to ensure that scientists do not sign their copyrights away but instead ensure their work is published on the Internet, under terms that allow anyone to access it."


The world has sustained a great loss on the death of Aaron Swartz.

The US government once again is guilty of the unwarranted persecution and prosecution of someone who truly was acting in the public good.

They are responsible for his death - but his legacy lives on.

For more info:

No comments: