Strongbox was Aaron Swartz's final project. Michael P. Kassner explains why The New Yorker requested a way to keep sources and their information secret.
It's not often a news agency promotes an "above-the-fold" breaking-news article about itself:
WASHINGTON (AP) -- The Justice Department secretly obtained two months of telephone records of reporters and editors for The Associated Press in what the news cooperative's top executive called a "massive and unprecedented intrusion" into how news organizations gather the news.
"Freedom of the Press" is one of the founding principles of the United States. All throughout our history, news services also known as the "Fourth Estate" ensured balance, keeping democracy healthy. Also, all throughout our history, individuals or groups have tried to suppress those who want to shed light on wrongdoing. There's even a term for it -- chilling effect.
The New Yorker has either impeccable timing or fortuitous luck. Just two days (May 15th) after the Associated Press story made headlines, New Yorker contributor Amy Davidson introduced Strongbox, a method for maintaining anonymity between reporters and sources:
Readers and sources have long sent documents to the magazine and its reporters, from letters of complaint to classified papers. But, over the years, it's also become easier to trace the senders, even when they don't want to be found. Strongbox addresses that; as it's set up, even we won't be able to figure out where files sent to us come from. If anyone asks us, we won't be able to tell them.
As I read further, I began to realize Strongbox (originally called DeadDrop) has been a long time coming; in fact, it was a two-year collaboration between Kevin Poulsen and the late Aaron Swartz. The reason Kevin asked Aaron to work on Strongbox was Aaron's extensive coding skills, familiarity with anonymity, and Aaron already having a piece of the puzzle in place; Tor2Web, a previous project of Aaron's that allows anonymous posting of sensitive documents on the Internet. Aaron, true to form, only agreed to take the project on if the code would be open-source.
Kevin provides an insightful account of how Strongbox came to fruition in his New Yorker article, "Strongbox and Aaron Swartz." A particularly poignant moment in Kevin's article describes Aaron's untimely death:
By December, 2012, Aaron's code was stable, and a squishy launch date had been set. Then, on January 11th, he killed himself. In the immediate aftermath, it was hard to think of anything but the loss and pain of his death.
Kevin eventually wondered about the appropriateness of continuing Strongbox:
His suicide also raised new questions: Who owned the code now? (Answer: he willed all his intellectual property to Sean Palmer, who gives the project his blessing.) Would his closest friends and his family approve of the launch proceeding? (His friend and executor, Alec Resnick, reports that they do.)
How Strongbox works
Also true to form, Aaron provided exact details and flow charts of how Strongbox worked on GitHub. Below, I attempt to give the short version of how it works:Steps taken by the source: Download and install client software from Tor Project (https://www.torproject.org). Next access Strongbox (http://tnysbtbxsf356hiy.onion/) using the Tor Network. Once there, instructions inform how to upload messages and or confidential files. After that, the source receives a random-generated code name. (I blocked out my code name.)
What happens behind the scenes is an interesting and intricate process. The following slide (courtesy of the Aaron Swartz estate) provides an idea as to how complex the process actually is.
Click image to enlarge.
Please note where the source and journalist are in relation to each other and all the steps in between.The internal steps: The following bullets explain some of the more important "behind the scenes" pieces of the process:
- Once uploaded, the source's files are encrypted, and sent to a server independent of the Conde Nast network.
- Using a VPN connection, one of only two reporters from New Yorker check the Strongbox server for new material.
- Any new files found by the reporter are downloaded to a flash drive.
- A stand-alone computer is booted via a live CD.
- A second flash drive containing the decryption keys is plugged into the stand-alone computer.
- The first flash drive with the encrypted material is also plugged into the stand-alone computer.
- The source's files are decrypted, and checked with forensic software for incriminating metadata and malware.
- If The New Yorker needs to send a return message, the process is reversed using the source's code name.
On occasion, I have been asked to protect a source's anonymity, giving me a sense of the responsibility and pressure mainstream journalists and news agencies must cope with. So, if the new normal is going to become Grace Hopper's, "It's easier to ask forgiveness, than it is to get permission," I'm glad tools like Strongbox/DeadDrop are available, and open-source for all to use.
I also wanted to thank Tyler Pitchford for walking me through the legal intricacies of the rapidly developing AP incident.