Anonymous Whistleblowing with SecureDrop

Transcript

1. Anonymous Whistleblowing with SecureDrop Jennifer Helsby (@redshiftzero) SecureDrop Lead Developer

   Mozilla Festival 2017 SecureDrop Release Signing Key Fingerprint: 2224 5C81 E3BA EB41 38B3 6061 310F 5612 00F4 AD77

2. What you’ll leave with • An understanding of the challenges

   journalists face keeping sources safe • A high-level view of the SecureDrop architecture • You’ll have leaked your first document • An understanding of how you can contribute your skills to SecureDrop if you wish • Discussion and questions

3. Some of the most important stories in investigative journalism have

   come from whistleblowers.

4. picture of all the presidents men In the past, journalists

   could protect their sources by simply not revealing their identities when asked Still from “All the Presidents Men”, a film adaptation of Carl Bernstein and Bob Woodward’s reporting on the Watergate break-in

5. GCHQ surveillance base in Bude, UK. Image credit: Trevor Paglen

   “SecureDrop restores the effectiveness of a reporter’s privilege to protect their sources through principled non-cooperation—such as refusing to testify in court—whereas pervasive digital surveillance has made this gesture effectively moot over the last decade.” - Charles Berret, Tow Center for Digital Journalism Report on SecureDrop
6. None

7. SecureDrop • No third parties: Each organization using SecureDrop operates

   its own independent instance • Encrypts data in transit and in rest • Minimizes metadata trail between sources and journalists • System hardening to protect against hackers • Free and open-source
8. None

9. Current SecureDrop Team our Ford-Mozilla Open Web Fellow! + contributors

   prototyping next generation SecureDrop workstation
10. None

11. … more at https://securedrop.org/directory

12. How do sources find out about SecureDrop?

13. None
14. None
15. None
16. None
17. None

18. You should download and use Tor Browser to stay anonymous

    online and provide cover for those that rely on Tor to stay safe. https://torproject.org

19. How does SecureDrop work?

20. SecureDrop server Source A source submits documents to an organization’s

    SecureDrop server

21. “Source interface”: Web application running on a Tor onion service

    (*.onion) advertised by the news organization

22. SecureDrop server Source They are stored encrypted on the SecureDrop

    server.

23. SecureDrop server Journalist A journalist logs in to SecureDrop to

    look at recent submissions.

24. “Journalist interface”: Web application running on an authenticated Tor onion

    service kept secret

25. SecureDrop server Journalist She downloads the encrypted documents.

26. SecureDrop server Journalist She downloads the encrypted documents.

27. Journalist Secure Viewing Station She moves the encrypted documents to

    a special computer used for viewing SecureDrop submissions.

28. Journalist Secure Viewing Station This air-gapped computer contains the decryption

    key for the documents.

29. Journalist Secure Viewing Station The journalist decrypts the documents.

30. Journalist Secure Viewing Station She reads them and can publish

    stories based on their content!
31. None

32. Now it’s your turn 1. Download Tor Browser from: https://torproject.org

    2. Go to pu7yqpfi5cn6sow7.onion and submit a document or message!

33. How you can help

34. Localization

35. Help us translate SecureDrop! • Get started translating SecureDrop: https://weblate.securedrop.club

    • Join our community forum: https://forum.securedrop.club https://www.localizationlab.org/
36. None

37. Internet-connected VM Disposable VM not connected to the internet Journalist

    Workstation

38. Help us write code or documentation for SecureDrop! • Install

    SecureDrop: https://docs.securedrop.org/en/stable/overview.html • Help us develop SecureDrop: • Developer documentation: https://docs.securedrop.org/en/latest/development/ getting_started.html • Server code and documentation: https://github.com/freedomofpress/securedrop • Journalist Workstation: https://github.com/freedomofpress/securedrop- workstation • Developer mailing list: [email protected]

39. Thanks • Please come and talk to one of us

    after if you are interested in helping out! • Translation: https://weblate.securedrop.club • Code and documentation: https://github.com/freedomofpress/securedrop and https://github.com/freedomofpress/securedrop-workstation • Chat with us: • https://forum.securedrop.club (forum) • https://gitter.im/freedomofpress/securedrop (team chat) • [email protected] • Donate: https://securedrop.org/donate • Follow: @SecureDrop and @FreedomOfPress