• United States




Globe And Mail rolls out SecureDrop and why other publications should

Mar 09, 20153 mins

I have been a long time reader of the venerable Canadian publication, The Globe and Mail. This is a paper that continues to turn out great content despite the massive shift to online delivery which has seen an end to so many print publications.

Now, they have joined the smattering of publications that are using a piece of software that was originally written by the programmer and Internet activist, Aaron Schwartz. He contributed to the development of RSS and the Markdown language format. In addition to that he also wrote the code called Deaddrop in 2012 before his untimely passing. This is a software package that allows for someone who wanted to maintain their anonymity to send documents without being worried that they would be discovered.

In 2013 the publication The New Yorker implemented the software to allow whistleblowers to submit information. Since that time a handful of other publications such as Forbes, The Guardian and the Washington Post. Now, the Globe and Mail has joined these ranks. The Freedom of the Press Foundation has since taken over support for the open source whistle blower software and has renamed it, SecureDrop.

So, how does it work? SecureDrop operates over Tor to anonymize interactions between the whistleblower and the organization having the information disclosed to it. Think of it as the digital version of a chalk mark on a post box. Messages are uploaded to SecureDrop and can be decrypted by the recipient. This is by no means a guaranteed secure solution as, well, let’s be honest, there is no such beast. 

That being said, the software has been subjected to a code audit.

From Freedom of the Press:

A major security audit of SecureDrop (then called DeadDrop) was conducted in mid-2013 by security expert Bruce Schneier and a team of University of Washington researchers led by Alexei Czeckis, which you can read here (.pdf). We have discussed in detail how we re-vamped SecureDrop in response to this audit, and some of the risks that still remain.

Globe and Mail is the first Canadian news outlet to implement SecureDrop.

From Globe and Mail:

“Strong news organizations rely on brave and often confidential contributors to ensure the news gets out,” says David Walmsley, The Globe and Mail’s editor in chief. “SecureDrop is the 21st-century equivalent of the manila envelope: It provides you with an anonymous venue for relaying material you believe to be in the public interest and you have no other way to get it out publicly.”

“By being the first Canadian news organization to introduce this encrypted technology, we are signalling our intent at The Globe and Mail to chase the news aggressively and work with, and protect the identities of, confidential whistle-blowers from all walks of life,” Mr. Walmsley said.

This is great news. As we have seen in recent years, whistleblowers have become vilified by governments who once purported to support them. Now, being a whistleblower has become a precarious proposition. As a result, measures need to be taken to protect those who expose malfeasance. SecureDrop is a great first step.

A recommended second step is for more news organizations to take measures like this to protect their sources. Just imagine the stories that could show up as a result.

(Image used under CC from Melody Ayres-Griffiths)


Dave Lewis has over two decades of industry experience. He has extensive experience in IT security operations and management. Currently, Dave is a Global Security Advocate for Akamai Technologies. He is the founder of the security site Liquidmatrix Security Digest and co-host of the Liquidmatrix podcast.

The opinions expressed in this blog are those of Dave Lewis and do not necessarily represent those of IDG Communications, Inc., its parent, subsidiary or affiliated companies.

More from this author