The New Yorker launched Wednesday Strongbox, an online drop box designed for sources to anonymously submit tips, messages and files to editors at the venerable magazine. Strongbox is the marriage of The New Yorker and DeadDrop, an open-source project created by Kevin Poulsen and the late Aaron Swartz.
The timing for Strongbox couldn’t be better, as it's gotten much easier to use phone records, email and hacking techniques to trace sources. IBTimes previously reported that the FBI wanted to hack an anonymous computer to use its webcam for surveillance. On Monday, the president and CEO of the Associated Press disclosed that the Justice Department obtained two months of AP phone records without notifying the news organization.
Strongbox is set up so not even the journalists at The New Yorker can figure out where anonymous information comes from. If a government demands information about a source (with a national security letter, for example), the staff at The New Yorker won’t be able to answer.
To use Strongbox, a user must first download and install the Tor Project, a free software that directs traffic through a relay network to conceal the user’s location. It enables online anonymity and security.
From there, the process sounds like something out of a "Mission Impossible" movie. Potential sources to The New Yorker can get to Strongbox through the Tor network and upload files or messages with a randomly generated code name. These are encrypted and uploaded to a server independent of Conde Nast that only editors at The New Yorker can access with a private laptop. The encrypted files are downloaded to a thumb drive and transferred to a second, offline laptop where they can be decrypted using keys contained on a second thumb drive. This laptop gets erased after each use.
Journalists with The New Yorker can send a response that will only be visible if the source returns to Strongbox and enters his or her code. The code name that the journalist sees is different from the code name that the source uses. The New Yorker also promises that it will not record IP addresses or browser information, nor embed third-party content or cookies to browsers accessing Strongbox.
Strongbox is the first implementation of the DeadDrop code that Swartz worked on prior to his suicide in January. After his death, the code and the rest of Swartz’s intellectual property were transferred to Sean Palmer, who gave Strongbox his blessing, according to a blog post by Poulsen.
Swartz was a computer programmer, writer, political organizer and activist deeply concerned with Internet freedom and privacy. He was central in the movement against the Stop Online Piracy Act, or SOPA. In January 2011, he was arrested on charges of illegally downloading academic journal articles from JSTOR.
Poulsen explained that when he first approached Swartz about designing something like Strongbox, Swartz agreed under the condition that it would be open-source. The resulting DeadDrop code is available as a free download, meaning any news organization can use it to set up their own anonymous online drop box.