역사상 가장 강력한 익명 제보 시스템
정보 자유화 운동을 벌이던 해커 aaron swartz가 미국방성으로 부터 처벌 압력을 받다가 자살한 것은 2013년 1월.
http://www.ibtimes.co.uk/articles/423545/20130113/swartz-dead-mit-jstor.htm
MIT와 JSTOR를 해킹해서 받은 학술 자료을 뿌리려다 정부의 조사를 받던 중 뉴욕의 자기 아파트에서 자살했다고.
그가 자살하기 전 만들던 프로젝트였던 scuredrop이란 소프트웨어가 탐사보도인 단체인 비영리 언론 자유 재단에서 이어받아 개발중이라고.
에드워드 스노든과 같은 사람이 정부의 추적을 피하는 유일한 방법은 이제 언론인과 제보자가 서로 모르는 것이라는 시대가 되었다고 한다.이 프로그램은 두 사람에게만 임의의 식별자를 부여해서 메시지를 주고받을 때 확인할 수 있도록 하고 나머지 과정은 완전히 익명화 되도록 설계되었다고 한다.
http://www.ibtimes.co.uk/articles/514298/20131016/securedrop-aaron-swartz-wikileaks-style-anonymous-submission.htm
Aaron Swartz-Designed Whistleblower Tool SecureDrop Launched by Press Freedom Foundation
By Alistair Charlton : Subscribe to Alistair's RSS feed | October 16, 2013 10:36 AM BST
The "strongest-ever" whistleblowing tool for sources to speak anonymously with journalists, partly developed by the late Reddit co-founder Aaron Swartz, has been launched by the Freedom of The Press Foundation.
Before his suicide in January 2013, Swartz had been working on a tool for sources to anonymously submit documents to journalists online, without using traceable email and in a way that could be easily catalogued by news organisations.
Called SecureDrop, the tool can be installed on any news organisation's website as a 'Contact Us' form page. But where these pages usually require a name and email address, the encrypted SecureDrop system is completely anonymous, assigning the whistleblower two unique identifiers - one seen by the journalist, and one seen by the whistleblower. These identities stay the same, so a conversation can be had without names being shared or known.
The launch of SecureDrop comes at a time when people are more aware than ever of the insecurity of online commuications. The leaks from NSA-whistleblower Edward Snowden has revealed widespread government monitoring of email and other forms of online communication.
SecureDrop, which is similar to the Wikileaks submission system, began life as Swartz's DeadDrop project - a way of helping journalists communicate anonymously with their sources. In May this year, The New Yorker used some of the tool's code to create its own system, called StrongBox.
'Strongest-ever' whistleblowing tool
The non-profit Freedom of The Press Foundation now has control of the renamed project and has pledged to provide continuous support and improvements for the submission tool, which is built on Python code and is open source, letting users modify it to best suit their needs.
The Foundation believes that, while "no security system can ever by 100% impenetrable," SecureDrop system is "the strongest ever made available to media outlets," claiming several major, but unnamed, news agencies have already signed up for the service. Their names will be announced in the coming weeks, the Foundation claims.
Co-founder and board member of the Foundation, JP Barlow, said: "We've reached a time in America when the only way the press can assure the anonymity and safety of their sources is not to know who they are. SecureDrop is where real news can be slipped quietly under the door."
In a bid to make the system available to everyone, regardless of their technical ability, the Foundation will help news outlets install the system on their websites, provide instructions on keeping their security tight, and offer long-term technical support. Smaller organisations can apply to the Foundation for help in obtaining hardware, such as servers on which SecureDrop data is stored.
Before launching, SecureDrop was subject to a detailed security audit conducted by a team of University of Washington researchers which included security expert Bruce Schneier and a developer of the anonymous Tor internet browser, Jacob Appelbaum.
Grave challenges
Foundation executive director Trevor Timm said: "A truly free press hinges on the ability of investigative journalists to build trust with their sources...recent NSA revelations and a record number of whistleblower prosecutions under the current administration have shown the grave challenges to this relationship and the lengths governments will go to undermine it."
Timm said the Foundation is committed to "ushering in a new era of security for journalists and newsrooms of all sizes."
Since the leaking of thousands of top secret NSA and GCHQ documents by Edward Snowden, it has been widely reported that email - even through services claiming enhanced encryption - can be traced.
Lavabit
One such email service is Lavabit, used by Snowden, which was shut down in August, with its owner citing legal reasons preventing him from explaining the sudden closure.
Owner Ladar Levison said he would rather close his company, which had over 400,000 users, than become complicit in "crimes against the American people."
However, from 14 October the service has been reinstated, giving users 72 hours to change their passwords and recover data stored on their accounts.
A legal fund set up to help pay for Levison's legal costs has so far raised more than $93,000 (£58,000).
To report problems or to leave feedback about this article, e-mail: a.charlton@ibtimes.co.uk
To contact the editor, e-mail: editor@ibtimes.co.uk