Earlier this year, The New Yorker launched StrongBox, a system based on DeadDrop, which was written by Aaron Swartz, an internet activist who committed suicide while facing a possible prison sentence for downloading academic journals from JSTOR through the computer network at MIT.
The system used Tor anonymizing software to allow journalists to access leaked documents from a hidden, secure server, and even exchange messages without compromising a source's security, or even necessarily learning their identity.
But the system proved too difficult for sources and journalists alike who may not be well versed in online security measures. An audit performed by experts at the University of Washington found the user processes for both StrongBox and DeadDrop too complicated.
"We are concerned about the level of technical sophistication that journalists are expected to have and that they might, for usability reasons, make mistakes that leak the confidential information about the source," they wrote, though they acknowledged that when used properly, the system is technically sound.
In an effort to spread the whistleblower software to more newsrooms, Freedom of the Press Foundation took over the project, simplified the user process to eliminate the possibility of user error compromising security, and renamed the system SecureDrop.
"Usability problems are security problems, because if it's easy for people to make mistakes, then even if the system technically works correctly, if there's user error then that doesn't matter."
Micah Lee, the Foundation's Chief Technology Officer says they've written a thorough and detailed user manual, and made the installation process easier.
"Journalists still have to jump through some hoops, but it's much simpler than it was before, and we plan on making it even simpler in future versions," Lee said.