Making SecureDrop Easier to Use for More Journalists

Our Q&A with SecureDrop on plans for a new workstation (and how you can help)

On our November 1 community call, we talked to UX researcher and designer Nina Alter of SecureDrop about a new workstation that’s currently being developed, and the user research that SecureDrop is beginning with journalists to create that product. We also talked about some excellent research to look forward to, about how journalists use tech.

(If you’re a journalist and would like to participate in user research for the new SecureDrop workstation, you can raise your hand to volunteer by filling out this form.)

Here’s our lightly edited call discussion, which starts with the backstory of what’s happening right now at SecureDrop, and why this workstation is being created.

How SecureDrop is Building a New Workstation, Based on Feedback

Nina Alter: Six months ago, some of our developer community starting fussing around with a new operating system called Qubes that allows for compartmentalization of functions that people are doing on their computers, similar to air gapping, but with virtual machines. An ongoing, known pain point for journalists using SecureDrop has been that we are a multi-device experience for newsrooms—which can also impose cost barriers for smaller orgs.

After getting the broader SecureDrop ship in order over the past few years and a lot of refactoring of the existing code, some of the core team finally decided, “Ok, we now have time to step back and really think about how to make this an easier product for newsrooms to adopt, a less expensive product to adopt, and an easier product to train people on and have them want to actually use. Not just because they want to provide best-in-breed security to their sources—people often risking their lives to provide information—but because it’s also a desirable, easy to use, relevant tool that just makes everyone’s jobs a lot easier.”

One point of feedback that the team did hear from a lot of folks before the workstation project began, is that some of our largest newsroom customers only have two or three journalists who use SecureDrop because of the amount of time it takes, to go through the whole process which today involves at least two laptops and multiple USB sticks with Tails on them.

Opening the Whole Newsroom to SecureDrop

Nina Alter: So the integrated workstation itself is really cool. It’s one laptop. Newsrooms still need the SecureDrop server, but only an IT person will need to interact with the server. The integrated workstation will provide an inbox experience similar to a common email client or a messaging app like Signal, where correspondence is readily available for a person to read in the GUI.

Decryption on the integrated workstation happens automatically in the background, and on the same computer that retrieves and displays correspondence—whereas in today’s SecureDrop experience, you have to manually decrypt everything on a separate computer, not knowing the value of—or anything about—each item you’re taking the time to individually decrypt.

Today’s triage process is cumbersome and the signal-to-noise ratio that many newsrooms have is up to 90 percent. That makes it especially tedious to sift through all the conspiracy theories and find the valid tips.

For the early research sessions we’ve been doing with folks over the past 2 months, we’ve been providing low-fidelity prototypes that have been created in Sketch and Invision; no dynamic information, and all made-up data. The prototypes have demonstrated only the most basic functionality, while mimicking the experience of booting the Qubes workstation, launching VMs, opening the client within a VM—demonstrating the complete experience, but at a high level.

People are really excited by it, they love the idea that they can have such a simple and straightforward experience. The time savings and opportunities have been praised, but we still have many details to work out. We have yet to do any testing within marginalized communities, which is a huge priority to all of us. We are also looking to recruit more research participants on the non-technical side, because most of our customers today tend to have the nerds from an investigative team as their only SecureDrop users; those folks, being the only ones willing to invest the patience, or really capable of understanding how to do today’s whole end-to-end process. Many more journalists get trained in newsrooms today, than stick with using SecureDrop—leaving all the SecureDrop responsibilities in the hands of a select few. Which burdens everyone.

There’s a lot of excitement for how the new workstation could open up whole newsrooms to using SecureDrop. We’re looking to go into a pilot with the product in early 2019, on the assumption it passes an auditor examination that we’re about to enter into with an Alpha build of the workstation. The team is also excited to learn from the auditors about how the core architecture can be made more secure.

Looking for Research Participants

Nina Alter: With user testing we’re looking to expand our pool of volunteer research participants, beyond existing SecureDrop customers. We’re in the user-research game to learn, and we need to learn from a broader swath of folks. It’s not about any interest in or commitment to using the product, it’s about learning from the folks we’re building the product to serve (journalists!), agnostic of current product awareness or familiarity. So: all journalists, we need you!

We have a live webpage with a brief survey and our outreach call, at https://securedrop.org/ux-research-cfp/. Our most immediate need for testing is with journalists who are staff employees within news orgs. We have been mostly testing with journalists at North American news orgs but are excited to learn from teams in other countries. We’re also excited to learn more about how the new workstation may or may not meet journalists’ unique workflow needs, as well as basic usability needs.

Sharing Research on How Journalists Use Tech

Erika Owens: It’s all so fascinating to hear… it sounds like this is a tremendous upgrade in the user experience of SecureDrop. Are you going to be able to share any of the findings in terms of the usability things that come up, from this actually being in newsrooms? Are other folks going to be able to learn from the research you are doing?

Nina Alter: Yes, that’s a high priority for all of us. As a UX designer and researcher who has kept her activism life very separate from a more corporate professional life to provide a stable paycheck for most of my career, this is something I’m deeply honored to work on. I’m also excited to pick up the broader problem of “how do I educate others in the design community, that there’s all these opportunities to serve users for whom anonymity is the most important of all factors in their use of technology, in the face of very real safety threats.”

Everyone at Freedom of the Press Foundation has learned throughout working on SecureDrop and other projects that there really is not that much available research today on how journalists use technology—or, of how the tech industry currently serves them. There’s definitely an excitement at Freedom of the Press Foundation to gather and publish these findings, and to endeavor as much of this kind of research as funding is able to provide for.

Among the challenges for all of us is how do we do share this work in the most meaningful and comprehensive fashion possible, with the appropriate context, while still protecting not only the identity of individual journalists but also of the newsrooms that make this work possible. We want to be very conscious to not expose anyone or make people vulnerable to the adversarial threats that make all of this work necessary.

If folks want to look at the work happening in progress, there is a GitHub project page that I’m currently maintaining. In-progress findings and other data associated with ongoing research are being posted, as well as prototypes, as things happen. Everything posted is fully redacted and intentionally vague because the material is publicly available. So far the team at Freedom of the Press Foundation has been really excited to see the progress. It’s all awesome, and we’re looking forward to making what we learn reach the masses as much as we can.

The Appeal of Human Triage

Erika Owens: How journalists use technology generally is a big question, and when you’re working with something as sensitive as leaked materials, the importance of that technology actually being usable and used in the way it’s intended is even more important. A question from someone on the call: How are folks currently doing the 90 junk /10 signal triage that you mentioned? Are y’all thinking about spam filtering or any things to that effect?

Nina Alter: SecureDrop has never done any automatic filtering, and that’s not something that users seem to want. It’s been really exciting learning in this research that the human triaging process is a big deal and is important. Frankly, in our personal emails and work emails the spam filter is really important because the volume of messages is so high, with the stakes for missing something “important” filtered out as spam, very low. In one day my Gmail’s spam filter might catch 50 messages. For the most prolific newsrooms in terms of mainstream visibility, and the most prolific investigative newsrooms—such as the ones an individual would think to reach out to if they feel they have evidence of an abuse of power—most of those newsrooms do not get a similarly high volume of SecureDrop submissions every day. There could be a delta of awareness in the general public that there are these highly secure ways to reach out to newsrooms. That could also be an issue of source courage, inspiring people to walk outside the boundaries of society to hold people in power accountable. But yes, folks in newsrooms like to do the manual spam filtering.

How Participation Works in User Research

Erika Owens: Thank you so much for telling us about this. We’re excited to help spread the word. It looks like, for the form on that link: you collect some information and then follow up with folks to do the 30–45 minute research session?

Nina Alter: Correct. Because our time is limited we are unlikely to follow up with every participant immediately. The way user research typically works is that an initial outreach campaign is launched. The first participant volunteers we engage are those who meet our most urgent needs criteria; then down the line, when other studies come up or other projects come up, we dip back into the pool of volunteers who may have not qualified immediately. The key is to build up that pool through early outreach. The participatory spirit, present in both the open source and journalism communities, has been a fantastic support in this—and it’s really been a delight thus far, connecting with and learning from journalists and newsroom support folks in the field.

Erika Owens: Thanks again for joining us, and can’t wait to have you all back when you’re able to release this more fully.



Current page