A tribute to James Dolan, co-creator of SecureDrop, who has tragically passed away at age 36 [1]

In 2012, James worked with Aaron Swartz and journalist Kevin Poulsen to build the original prototype of SecureDrop, the open source whistleblower submission system, which was then called DeadDrop. Poulsen described James’s role in the project’s creation in the New Yorker in 2013:

In New York, a computer-security expert named James Dolan persuaded a trio of his industry colleagues to meet with Aaron to review the architecture and, later, the code. We wanted to be reasonably confident that the system wouldn’t be compromised, and that sources would be able to submit documents anonymously—so that even the media outlets receiving the materials wouldn’t be able to tell the government where they came from. James wrote an obsessively detailed step-by-step security guide for organizations implementing the code. “He goes a little overboard,” Aaron said in an e-mail, “but maybe that’s not a bad thing.”

Beyond a couple references on our website, that New Yorker story is virtually all that is in the public domain about James’s involvement in the project—and that’s how he preferred it. James was an intensely private and modest person, and despite the fact the SecureDrop soon got a lot of attention when Freedom of the Press Foundation (FPF) took the project over, he constantly insisted that Aaron deserved all the credit.

James Dolan and Garrett Robinson at Aaron Swartz Day 2013

James Dolan (left) and Garrett Robinson at Aaron Swartz Day 2013

***

10/2013 – SecureDrop Project Will Pay To Install Media Outlets’ WikiLeaks-Style Submission Systems [2]

In an age of pervasive surveillance that makes no exception for the media, the idea of a WikiLeaks-style secure submission system for anonymous whistleblowers may be more important than ever. Now one group believes in those leaking tools so strongly that it’s willing to pay for mainstream media to install them.

On Tuesday the non-profit Freedom of the Press Foundation (FPF) announced the launch of SecureDrop, a piece of open-source software designed to serve as an anonymous submission systems for media organizations. And to encourage news outlets to install it, the Foundation has offered to send one of SecureDrop’s creators, security consultant James Dolan, to willing news outlets to help install it, in some cases even paying for the necessary hardware.

“We want to take all the pain out of this process so that they have no excuse but to use this technology. The barrier has been cost and the technical ability,” says Trevor Timm, the Freedom of the Press Foundation’s executive director. “So we’re actually going to physically fly [Dolan] around the country to major media organizations to install this.”

SecureDrop, which like WikiLeaks depends on the anonymity software Tor to hide leakers’ identities, was developed from the open-source software DeadDrop, initially created by the late coder and activist Aaron Swartz along with Dolan and Wired editor Kevin Poulsen. The system was initially created to serve as a leak submission system for Wired, but was dropped after a management shakeup at the magazine and adopted instead by fellow Conde Nast publication the New Yorker under the name Strongbox and launched in May. The code behind that system has remained free and open-source, allowing any other media outlet to adopt it.

That need for heightened source security has been strongly felt in the last few years, as the Obama administration has prosecuted more leakers to the media under the Espionage Act than all other presidents in American history, combined. Earlier this year it was revealed, for instance, that the FBI had obtained two months of phone records for twenty Associated Press reporters in an investigation that discovered the leak of a foiled Yemeni bomb plot.

“One of the reasons that the Obama administration has prosecuted so many whistleblowers is that there’s an easy way to find digital trails of how journalists meet sources and talk to them,” says Timm. “We need to figure out a way for journalists to talk to sources without that fear.”

[3]

James Dolan, former Marine and co-creator of the whistle blower submission system SecureDrop alongside Aaron Swartz and Wired editor Kevin Poulsen, has died. The Freedom of the Press Foundation, which took over SecureDrop, reports that Dolan, age 36, took his own life. [4]

First deployed as StrongBox with The New Yorker, organizations such as the Washington Post, the New York Times, the Associated Press, and Gizmodo Media Group have all come to rely on SecureDrop—which allows highly secure communication between journalists and sources in possession of sensitive information or documents. As an industry tool, it has become invaluable for reporters. Dolan joined the Freedom of the Press Foundation to maintain SecureDrop after co-creator Aaron Swartz took his life in 2013 at age 26, as pressure mounted in a federal investigation against him that many felt was overzealous.

Aaron Swartz’s legacy lives on: SecureDrop is a WikiLeaks for any journalist [5]

In May, The New Yorker revealed what hacktivist Aaron Swartz was building before his untimely death: an encrypted dead drop system that would let whistleblowers leak documents to journalists without fear of exposing their identity. The New Yorker launched its own implementation, Strongbox, and other media outlets were free to do the same — but in August, noted security researchers at the University of Washington reported that DeadDrop wasn’t quite ready for primetime, citing issues installing and using the software among many other things.That’s where Aaron Swartz’s legacy stood — until today.

Today, the Freedom of the Press Foundation has announced that it has taken over the project, specifically hiring computer security expert James Dolan full-time to maintain the code, help media organizations install the software, and teach them how to use it well. The organization plans to address “virtually all” of the recommendations made by the University of Washington security researchers, and says it’s already addressed a number of specific issues that were pointed out. While the Freedom of the Press Foundation is clear that SecureDrop isn’t 100 percent secure, the organization says that it’s the safest method for communicating with anonymous sources yet, and hopes to make it safer still. If you’re interested, you can contribute to Aaron Swartz’s open-source legacy at this Github repository.

***

***

 

Related someway??? – Clinton secrets hacked by spy in bag [6]

THE MI6 spy found dead in a holdall had illegally hacked into secret data on Bill Clinton, The Sun on Sunday can reveal.

Gareth Williams, 31, dug out the guest list for an event the former American president was going to as a favor for a pal. The codebreaker — who had breached his security clearance — handed the list to the friend, who was also to be a guest. MI6 bosses raged over the data breach amid growing tensions with US security services over Mr Williams’s transatlantic work.

Today, just over five years since his body was found inside a padlocked bag, his death remains one of Britain’s most mysterious unsolved cases. The Sun on Sunday can reveal that voicemail messages Mr Williams left for family and pals were deleted in the days after his death. And a rival agent may also have broken into the flat to destroy or remove evidence.

His sister Ceri Subbe also told the inquest he did not enjoy the “flash car competition and post-work drinking culture” of MI6. He had applied to return to GCHQ, in Cheltenham, but bosses were slow in approving this. Mr Williams, a keen cyclist originally from Anglesey, North Wales, died shortly after returning from a hacking conference in America. He had been to see a drag queen show by himself two days before he was last seen alive, on August 15, 2010. Eight days later his naked body was found folded into the 32in by 19in bag placed in the bath of his flat in Pimlico, central London. His mobile phone and sim cards were laid out on a table. The last computer evidence of him being alive showed him looking at a cycling website. A reconstruction of the MI6 man's tragic end

n 2012, lawyers for his family said he could have been killed by someone who specialized in the “dark arts of the secret services”. The police did not rule out his intelligence work playing a part in his death. They thought he may have been stuffed in the bag by killers who later broke back in to cover their tracks. Investigators also suspect the flat had been “steam-cleaned”, which would explain why no DNA evidence was found. The nature of Mr Williams’s work remains a secret, but sources claim he dealt with equipment that tracked the flow of cash from Russia to Europe. The technology let MI6 follow money trails from accounts in Russia to criminal gangs. A Kremlin car was spotted near his home on the day he was last seen alive. Police also issued e-fits of a “Mediterranean” couple said to have visited Mr Williams in either June or July. Coroner Dr Fiona Wilcox, who heard the 2012 inquest into his death, criticized MI6 for failing to report Mr Williams missing for a week. The delay meant a Home Office pathologist was unable to find a cause of death.

References:

[1] FreedomPress

[2] Forbes

[3] SecureDrop

[4] Gizmodo

[5] Yahoo

[6] The Sun UK