Tag Archives: Wired

Wired: SecureDrop Leak Tool Produces a Massive Trove of Prison Docs

SecureDrop Leak Tool Produces a Massive Trove of Prison Docs

by Andy Greenberg for Wired, November 11, 2015

This is really exciting, and what great timing!

The whole purpose of last weekend’s event was to get the word out about SecureDrop‘s usefulness to the common man, and yet I couldn’t point directly to an example of it in action.

Then, low and behold, when I woke up yesterday afternoon (heh, been a long week), I could not believe my eyes! A real world, shining example of SecureDrop in action. A hacker obtained over 70 million phone records that exposed some first class corruption: exploiting  those who are already underprivileged and underserved in the community. In this case, prisoners and their families, which often barely have enough money for the essentials.

I’ll be posting a summary of The Intercept article that fully explains what the hack, and subsequent anonymous upload, exposed, shortly. It’s a little complicated, and therefore took me a minute to be able to summarize it – but it will be up soon… :-)

From the article:

“It’s been more than two years since the debut of SecureDrop, a piece of software designed to help whistleblowers easily and anonymously leak secrets to media outlets over the Tor anonymity network. Now, that system is finally bearing fruit, in the form of a massive dump of files from one of the country’s largest prison phone companies…”

“Just as significant as those revelations, perhaps, is how the Intercept obtained the documents that enabled them: The news site has confirmed that it first made contact with the anonymous source who provided the Securus files through the Intercept’s SecureDrop platform, starting with an initial sample of the Securus database uploaded around the beginning of 2015.

That Tor-enabled leak marks a landmark for a still-evolving form of journalism that takes a page out of the playbook invented by WikiLeaks: Like Julian Assange’s secret-spilling organization, SecureDrop allows anyone to run a cryptographically anonymous submission system for leaks and tips. Because that upload site runs as a Tor “hidden service,” anyone who visits has to run Tor too, making it very difficult for anyone to trace his or her location or identity—even the news outlet on the receiving end.

The Intercept’s lead security technologist—and a co-author of the Securus story—Micah Lee says SecureDrop’s benefit isn’t just anonymity, it’s ease of use. Instead of carefully using Tor to create an anonymous email address and figuring out how to encrypt email so that service can’t read their leaked secrets, sources can upload their leak or message using SecureDrop in seconds.

Lee says that this is far from the first time the Intercept has received useful leaks through the SecureDrop system. But the Securus revelations represent the first story of national significance where a news outlet has publicly revealed that the story’s source used SecureDrop anonymous submissions.

“We use SecureDrop on a regular basis, but this story is a little exceptional because we decided it was safe for us to mention that it came from SecureDrop,” Lee says. “This is exactly why we decided to run SecureDrop: to get juicy stories like this and do it in a way where we protect our sources.”

How Universities Can Lead The Way For Legal Reform and Protection of Student Innovators

This article sets out a straight forward plan for how universities can support student innovation and protect their students from unnecessary prosecution (see very bottom of this post).

Students Who Push Tech Boundaries Should Be Encouraged, Not Punished

By April Glaser for Wired

From the article:

Notably, after faculty members and students circulated an open letter, MIT President Rafael Reif announced plans to support the Tidbit innovators, and MIT sent a formal letter to New Jersey’s Attorney General, asking it to withdraw the subpoena. The open letter stated that the subpoena from the New Jersey Attorney General will have, “a chilling effect on MIT teaching and research.” Soon after, MIT faculty and MIT students wrote additional letters of support, asking New Jersey to withdraw the subpoena. Over 800 members of the MIT community signed onto these letters.

President Reif appears to get it. In response to the outcry over the Tidbit controversy, Reif announced that MIT plans to create a new legal resource for students threatened by legal challenges as a result of their innovative work and entrepreneurial pursuits. “In the case of someone creating an innovative new product and then getting into legal trouble doing something that was a part of their classwork — then, MIT absolutely does have a legal interest to be involved,” Ethan Zuckerman, director of MIT’s Center for Civic Media, told the press.

Also from the article:

Now is the time for students and campus communities that want to vitalize innovation to speak up and demand university support. There are some simple steps that universities can take to foster inventiveness in their campus communities:

1. Create a legal intake mechanism or program for students who receive subpoenas and are threatened by computer crime laws. Student innovators need to know where to go to receive help.

2. Publish a guide on CFAA and in-state computer crime laws so that students and researchers can better understand the contours of the laws that may be leveraged against them.

3. Universities should be pushing for computer crime legal reform and come out with strong institutional support for reform efforts on the federal and state level.

Just as laws are frequently outdated by the accelerated pace of technology, campus policies often lag behind in addressing the potential legal needs of their most innovative students exploring the frontiers of digital invention. Yet universities don’t have to move at the slothful pace of legal change.