The New Yorker Launches Strongbox

Using Tor to help journalists and sources communicate securely

To start the Wednesday work day on the East Coast, the New Yorker released Strongbox. Strongbox allows sources to share messages and files with the New Yorker in a form that is more secure than an email or phone call by using a Tor network. And of course, the release came two days after news that the US Justice Department obtained two months of telephone records of reporters and editors at the Associated Press.

How Strongbox Came About

The plans for Strongbox started nearly two years ago. Kevin Poulsen, investigations editor at Wired magazine, described how he built the tool with Aaron Swartz, who took on the coding for the project. Strongbox runs on the open-source DeadDrop.

Through Strongbox, sources can securely and anonymously contact the New Yorker by accessing the New Yorker’s network on the Tor Project. Joshua Rothman of the New Yorker laid out the importance of tools like Strongbox to support investigative reporting, while also sharing a month’s worth of New Yorker investigative long reads.

In releasing Strongbox, the New Yorker walks potential sources through the nine-step process. (Image: New Yorker Close Read blog)

Immediate Reactions

Before lunch, Strongbox held the top three spots on Hacker News and had inspired many positive reactions. Ex-WikiLeaker James Ball described it as:

In addition to providing a tool for communications, the release of the project could become a teachable moment for many journalists:

Knight-Mozilla Fellow Mike Tigas presented on information security at a recent journalism conference and has a course on this topic in the works for For Journalism. He explained that:

Tor is hard. Even with the Tor Browser Bundle (as easy as “download, unzip, and run program”, no need to install anything), the usability of Tor leaves much to be desired unless you’re someone with something to hide. This tool obviously won’t be for everyone, but the existence of strong tools for strong circumstances (whistleblowers come to mind) can elevate and protect the journalistic process.

To help people just encountering Tor get up to speed, Adrienne LaFrance shared a piece from the Nieman Lab about how the Tor Project can help journalists securely communicate with sources. The Freedom of the Press Foundation had a post out right away that situated the tool within the recent history of information leaks to the media. And Source gathered reactions from around the journalism code community on Storify.

Where From Here?

With the importance of secure communications increasingly clear, how can DeadDrop and Strongbox be used effectively by news organizations and potential sources? It was just released today, but some initial reactions point to ideas for further development.

In addition to the Twitter commentary, we have emailed comments from Tigas, Stray, and Harris, which we’ll be publishing shortly in a follow-up post.

Your Thoughts?

As people get a chance to spend some time with Strongbox, it seems that questions for further discussion are crystallizing around a few main areas:

  • The technology itself: How secure is each step in the process? Where are the pain points? How can other news organizations implement the open-source DeadDrop?
  • The people using it: How technically adept do people need to be to use Strongbox? What kind of training and documentation do people, both journalists and sources, need to use it appropriately? Are people willing to opt for slow and secure over quick and email?
  • The use case: What problem is this solving? Are there other ways to solve that problem that may be less technically challenging? What related problems does this use case highlight that need to be addressed?

So, what do you think about Strongbox? Please, take the conversation to the comments. How can news organizations support this project? How can OpenNews help?




Current page