SecureDrop 

(Full disclosure: As of February 2018, I work for the Freedom of the Press Foundation, which develops SecureDrop. This review was written almost a year before then and reflects only my personal opinion at the time. I do not intend to update it.)

There’s little doubt that Donald Trump owes a large debt to Wikileaks. In 2016, the site systematically and incrementally released a stream of hacked emails about Trump’s political opponent through the final weeks of the 2016 presidential campaign, while not releasing any materials about Trump himself. Defenders believe that Wikileaks simply releases what it gets its hands on, but its Twitter account, as well as the targeted timing of past releases, speak to clear political intentions.

Wikileaks has repeatedly disseminated conspiracy theories, spread info from fake news sites, even weighed in with its “hot takes” on the vice presidential debate. It has ignored Trump scandals while joining alt-right speculation about Hillary Clinton’s health. As I write this, its most recent tweet is not about, say, an example of corruption in the Trump administration, but yet another Podesta email.

Political bias aside, Wikileaks has also been frequently criticized for its lack of curation, including by NSA whistleblower Edward Snowden (“their hostility to even modest curation is a mistake”) and by progressive activist/scholar Lawrence Lessig. It has overhyped leaks and dismissed valid concerns about linking to a “doxing” site. It has carelessly flirted with anti-Semitic tropes in its commentary.

So what’s the alternative? The late Aaron Swartz knew that tools for whistleblowers would become increasingly important and started a project called “Deaddrop”, an open source platform for secure communication between whistleblowers and media. After his death, development has been taken up by the Freedom of the Press Foundation.

Unlike Wikileaks, SecureDrop is a piece of software, not an actual site to leak to. It can be installed by any media organization that wants to make itself accessible to whistleblowers beyond accepting anonymous brown envelopes. Under the hood, SecureDrop uses the anonymous Tor network, to allow sources to connect to media organizations while significantly mitigating the risk of discovery.

Sources are assigned a code phrase they can use for additional document uploads and two-way communication. I haven’t leaked anything, but I’ve walked through the first bits of the user flow and can confirm that, from the source’s point of view, it’s very easy to use. (Of course, there are still many risks when dealing with confidential/sensitive information, including digital fingerprints that could give away a whistleblower’s identity.)

SecureDrop has since been installed by countless media organizations: the New York Times, the Associated Press, the Washington Post the CBC, ProPublica, the New Yorker, The Intercept, VICE Media, The Guardian, and many others. The site offers a helpful directory of all of them.

Does it work? David Fahrenthold thinks so. He is the Washington Post reporter who broke the story about Trump bragging about being able to sexually assault women with impunity, and who also reported extensively on many legally and ethically questionable activities of the Trump Foundation. In October 2016, he tweeted meaningfully: “It works. I know.”

He’s not alone. An in-depth report by the Tow Center for Digital Journalism concludes:

I spoke to representatives of ten news organizations for this study, and nine told me that they regularly receive useful tips or publish stories based on information provided to them directly through SecureDrop.

While any submission system like this is bound to also draw in crackpots and nonsense, “most reporters were adamant that the trouble of installing and maintaining a SecureDrop system has been worth it, whether it is measured on journalistic value, financial return, or moral principle.”

The software has already been independently audited four times, is fully open source, and managed by a small nonprofit (you can donate here).

The alternative to Wikileaks, then, is not simply yet another website. It’s a piece of software that, like a webserver, can be installed by any journalistic organization, giving whistleblowers full control over whom to trust with a given piece of information. And that alternative isn’t one we have to wait for. It exists today.

True to Aaron Swartz’s vision, there is now a decentralized set of secure drop boxes that whistleblowers can choose from. The idea of a central uber-platform for leaks – one which doesn’t hesitate to abuse its standing for political purposes – is obsolete. It’s time, in other words, to kick Wikileaks to the curb.