DOCSLIB.ORG

Securedrop Documentation Release 0.3.5

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Securedrop Documentation Release 0.3.5 SecureDrop Documentation Release 0.3.5 SecureDrop Team and Contributors June 03, 2016 User Guides 1 Source Guide 3 1.1 Choose who to submit to.........................................3 1.2 Get the Tor Browser...........................................3 1.3 Making your First Submission......................................4 1.4 Continuing the Conversation.......................................9 2 Journalist Guide 15 2.1 Workflow................................................. 15 2.2 Create GPG key for the journalist.................................... 15 2.3 Connect to the Document Interface................................... 15 2.4 Move Documents to the Secure Viewing Station............................ 17 2.5 Decrypt and work on the Secure Viewing Station............................ 21 2.6 Interact With Sources.......................................... 23 2.7 Work with Documents.......................................... 26 2.8 Encrypt and move documents to Journalist Workstation........................ 26 2.9 Decrypt and prepare to publish...................................... 28 3 Administrator Guide 29 3.1 Adding Users............................................... 29 4 Overview 35 4.1 Technical Summary........................................... 35 4.2 Infrastructure............................................... 35 4.3 Operation................................................. 37 5 Terminology 39 5.1 App Server................................................ 39 5.2 Monitor Server.............................................. 39 5.3 Source Interface............................................. 39 5.4 Document Interface........................................... 39 5.5 Journalist Workstation.......................................... 39 5.6 Admin Workstation............................................ 40 5.7 Secure Viewing Station......................................... 40 5.8 Two-Factor Authenticator........................................ 40 5.9 Transfer Device............................................. 40 6 Passphrases 41 6.1 Admin.................................................. 41 6.2 Journalist................................................. 42 i 7 Hardware 43 7.1 Required Hardware............................................ 43 7.2 Optional Hardware............................................ 44 7.3 Specific Hardware Recommendations.................................. 45 8 Before you begin 49 9 Create Tails USBs 51 9.1 Install Tails................................................ 51 9.2 Enable Persistent Storage........................................ 52 10 Set up the Secure Viewing Station 53 11 Set up the Data Transfer Device 55 12 Generate the SecureDrop Application GPG Key 61 12.1 Correct the system time......................................... 61 12.2 Create the key.............................................. 61 13 Set up the Admin Workstation 67 13.1 Start Tails with Persistence Enabled................................... 67 13.2 Download the SecureDrop repository.................................. 67 13.3 Create the Admin Passphrase Database................................. 68 14 Set up the Network Firewall 69 14.1 Before you begin............................................. 69 14.2 Initial Configuration........................................... 71 14.3 SecureDrop Configuration........................................ 74 14.4 Keeping pfSense up to date....................................... 85 15 Set up the Servers 89 15.1 Install Ubuntu.............................................. 89 15.2 Test Connectivity............................................. 94 15.3 Set up SSH keys............................................. 94 15.4 Minor Admin Tasks........................................... 94 16 Install SecureDrop 97 16.1 Install Ansible.............................................. 97 16.2 Configure the Installation........................................ 97 16.3 Run the Ansible playbook........................................ 99 17 Configure the Admin Workstation Post-Install 101 17.1 Auto-connect to the Authenticated Tor Hidden Services........................ 101 17.2 Set up two-factor authentication for the Admin............................. 102 18 Create an admin account on the Document Interface 103 19 Test the Installation 105 19.1 Test connectivity............................................. 105 19.2 Sanity-check the install.......................................... 105 19.3 Test the web interfaces.......................................... 106 20 Onboard Journalists 107 20.1 Determine access protocol for the Secure Viewing Station....................... 107 20.2 Create a Journalist Tails USB...................................... 107 20.3 Set up automatic access to the Document Interface........................... 108 ii 20.4 Add an account on the Document Interface............................... 108 21 SecureDrop Deployment Best Practices 109 21.1 Landing Page............................................... 109 21.2 Minimum requirements for the SecureDrop environment........................ 112 21.3 Suggested................................................. 113 21.4 Whole Site Changes........................................... 113 22 Google Authenticator 115 22.1 iOS.................................................... 115 22.2 Android.................................................. 115 23 Useful Logs 117 23.1 Both servers............................................... 117 23.2 App Server................................................ 117 23.3 Monitor Server.............................................. 117 24 OSSEC Guide 119 24.1 Setting up OSSEC alerts......................................... 119 24.2 Troubleshooting............................................. 122 24.3 Analyzing the Alerts........................................... 125 25 Tails Guide 127 25.1 Installing Tails on USB sticks...................................... 127 25.2 Configure Tails for use with SecureDrop................................ 128 26 Setting up a printer with Tails 131 27 SecureDrop On-Site Training Schedule 141 27.1 Day 1: Preparation and Install...................................... 141 27.2 Day 2: Journalist and Admin Training.................................. 142 28 Using YubiKey with the Document Interface 145 28.1 Download the YubiKey personalization tool............................... 145 28.2 Set up OATH-HOTP........................................... 145 28.3 Set up a user with the OATH-HOTP secret key............................. 146 29 Backup and Restore SecureDrop 149 29.1 Minimizing disk space.......................................... 149 29.2 Backing Up................................................ 150 29.3 Restoring................................................. 151 30 Upgrade to 0.3.x 153 30.1 Upgrade from 0.2.1 to 0.3.x....................................... 153 30.2 Upgrade from 0.3pre to 0.3.x...................................... 154 31 Upgrade from 0.3.x to 0.3.5 159 31.1 Important Changes............................................ 159 31.2 Prerequisites............................................... 160 31.3 Upgrade Procedure............................................ 160 32 Upgrade from 0.3.5 to 0.3.6 163 32.1 Important Changes............................................ 163 32.2 Prerequisites............................................... 163 32.3 Upgrade Procedure............................................ 164 iii 33 Upgrade from 0.3.6 to 0.3.7 165 33.1 Upgrade Procedure............................................ 165 34 Upgrade Tails from 1.x to 2.x 167 34.1 Upgrade each Tails device........................................ 167 34.2 Finishing up............................................... 176 34.3 Troubleshooting............................................. 177 35 Getting Started 181 35.1 Prerequisites............................................... 181 35.2 Clone the repository........................................... 182 35.3 Virtual Environments........................................... 182 35.4 Tips & Tricks............................................... 185 36 Generating AppArmor profiles for Tor and Apache 187 37 SecureDrop apt repository 189 38 Documentation Guidelines 191 38.1 Integration with Read the Docs..................................... 191 38.2 Style Guide................................................ 192 39 Serverspec Tests 193 39.1 Install directions (Ubuntu)........................................ 193 39.2 Running the tests............................................. 193 39.3 Updating the tests............................................ 193 39.4 Spectest layout.............................................. 194 40 Threat Model 195 40.1 Assumptions............................................... 195 40.2 Attack Scenarios............................................. 197 iv SecureDrop Documentation, Release 0.3.5 SecureDrop is an open-source whistleblower submission system that media organizations can use to securely accept documents from and communicate with anonymous sources. User Guides 1 SecureDrop Documentation, Release 0.3.5 2 User Guides CHAPTER 1 Source Guide 1.1 Choose who to submit to There are currently over 20 organizations running SecureDrop. Each instance is totally independent, and submissions to that instance are only available to journalists associated with that organization. All organizations have a landing page that provides their own organization-specific recommendations for using Se- cureDrop. We encourage you to consider an organization’s landing
Load more

Recommended publications
  • Backbox Penetration Testing Never Looked So Lovely
    DISTROHOPPER DISTROHOPPER Our pick of the latest releases will whet your appetite for new Linux distributions. Picaros Diego Linux for children. here are a few distributions aimed at children: Doudou springs to mind, Tand there’s also Sugar on a Stick. Both of these are based on the idea that you need to protect children from the complexities of the computer (and protect the computer from the children). Picaros Diego is different. There’s nothing stripped- down or shielded from view. Instead, it’s a normal Linux distro with a brighter, more kid-friendly interface. The desktop wallpaper perhaps best We were too busy playing Secret Mario on Picaros Diego to write a witty or interesting caption. exemplifies this. On one hand, it’s a colourful cartoon image designed to interest young file manager. In the programming category, little young for a system like this, but the it children. Some of the images on the we were slightly disappointed to discover it may well work for children on the upper end landscape are icons for games, and this only had Gambas (a Visual Basic-like of that age range. should encourage children to investigate the language), and not more popular teaching Overall, we like the philosophy of wrapping system rather than just relying on menus. languages like Scratch or a Python IDE. Linux is a child-friendly package, but not On the other hand, it still displays technical However, it’s based on Debian, so you do dumbing it down. Picaros Diego won’t work details such as the CPU usage and the RAM have the full range of software available for every child, but if you have a budding and Swap availability.
    [Show full text]
  • How to Use Encryption and Privacy Tools to Evade Corporate Espionage
    How to use Encryption and Privacy Tools to Evade Corporate Espionage An ICIT White Paper Institute for Critical Infrastructure Technology August 2015 NOTICE: The recommendations contained in this white paper are not intended as standards for federal agencies or the legislative community, nor as replacements for enterprise-wide security strategies, frameworks and technologies. This white paper is written primarily for individuals (i.e. lawyers, CEOs, investment bankers, etc.) who are high risk targets of corporate espionage attacks. The information contained within this briefing is to be used for legal purposes only. ICIT does not condone the application of these strategies for illegal activity. Before using any of these strategies the reader is advised to consult an encryption professional. ICIT shall not be liable for the outcomes of any of the applications used by the reader that are mentioned in this brief. This document is for information purposes only. It is imperative that the reader hires skilled professionals for their cybersecurity needs. The Institute is available to provide encryption and privacy training to protect your organization’s sensitive data. To learn more about this offering, contact information can be found on page 41 of this brief. Not long ago it was speculated that the leading world economic and political powers were engaged in a cyber arms race; that the world is witnessing a cyber resource buildup of Cold War proportions. The implied threat in that assessment is close, but it misses the mark by at least half. The threat is much greater than you can imagine. We have passed the escalation phase and have engaged directly into full confrontation in the cyberwar.
    [Show full text]
  • Diplomat: Using Delegations to Protect Community Repositories
    Diplomat: Using Delegations to Protect Community Repositories Trishank Karthik Kuppusamy, Santiago Torres-Arias, Vladimir Diaz, and Justin Cappos, New York University https://www.usenix.org/conference/nsdi16/technical-sessions/presentation/kuppusamy This paper is included in the Proceedings of the 13th USENIX Symposium on Networked Systems Design and Implementation (NSDI ’16). March 16–18, 2016 • Santa Clara, CA, USA ISBN 978-1-931971-29-4 Open access to the Proceedings of the 13th USENIX Symposium on Networked Systems Design and Implementation (NSDI ’16) is sponsored by USENIX. Diplomat: Using Delegations to Protect Community Repositories Trishank Karthik Kuppusamy Santiago Torres-Arias Vladimir Diaz Justin Cappos Tandon School of Engineering, New York University Abstract software. Major repositories run by Adobe, Apache, Debian, Fedora, FreeBSD, Gentoo, GitHub, GNU Sa- Community repositories, such as Docker Hub, PyPI, vannah, Linux, Microsoft, npm, Opera, PHP, RedHat, and RubyGems, are bustling marketplaces that distribute RubyGems, SourceForge, and WordPress repositories software. Even though these repositories use common have all been compromised at least once [4,5,7,27,28,30, software signing techniques (e.g., GPG and TLS), at- 31,35,36,39–41,48,59,61,62,67,70,79,80,82,86,87,90]. tackers can still publish malicious packages after a server For example, a compromised SourceForge repository compromise. This is mainly because a community repos- mirror located in Korea distributed a malicious ver- itory must have immediate access to signing keys in or- sion of phpMyAdmin, a popular database administration der to certify the large number of new projects that are tool [79]. The modified version allowed attackers to gain registered each day.
    [Show full text]
  • Introduction to Fmxlinux Delphi's Firemonkey For
    Introduction to FmxLinux Delphi’s FireMonkey for Linux Solution Jim McKeeth Embarcadero Technologies [email protected] Chief Developer Advocate & Engineer For quality purposes, all lines except the presenter are muted IT’S OK TO ASK QUESTIONS! Use the Q&A Panel on the Right This webinar is being recorded for future playback. Recordings will be available on Embarcadero’s YouTube channel Your Presenter: Jim McKeeth Embarcadero Technologies [email protected] | @JimMcKeeth Chief Developer Advocate & Engineer Agenda • Overview • Installation • Supported platforms • PAServer • SDK & Packages • Usage • UI Elements • Samples • Database Access FireDAC • Migrating from Windows VCL • midaconverter.com • 3rd Party Support • Broadway Web Why FMX on Linux? • Education - Save money on Windows licenses • Kiosk or Point of Sale - Single purpose computers with locked down user interfaces • Security - Linux offers more security options • IoT & Industrial Automation - Add user interfaces for integrated systems • Federal Government - Many govt systems require Linux support • Choice - Now you can, so might as well! Delphi for Linux History • 1999 Kylix: aka Delphi for Linux, introduced • It was a port of the IDE to Linux • Linux x86 32-bit compiler • Used the Trolltech QT widget library • 2002 Kylix 3 was the last update to Kylix • 2017 Delphi 10.2 “Tokyo” introduced Delphi for x86 64-bit Linux • IDE runs on Windows, cross compiles to Linux via the PAServer • Designed for server side development - no desktop widget GUI library • 2017 Eugene
    [Show full text]
  • Tails Free Download Tails Nightmare Game Free Download
    tails free download Tails nightmare game free download. Most people looking for Tails nightmare game free downloaded: Sonic - The Tails Nightmare. This is a Sonic fan-based game. The characters in this game are copyright to Sega and Sonic Team. Similar choice. › Ww2 tail gunner game download pc › Tails nightmare download. Programs for query ″tails nightmare game free download″ Naruto World Screensaver. Naruto is a carrier of nine-tails demon-fox sealed up in his body and he has incredible abilities. of nine- tails demon-fox . Ultimate Sonic. Ultimate Sonic is an amazing remake of the Sega genesis game Sonic the Hedgehog. Sega genesis game Sonic the . Select Sonic, Tails , Knuckles or . a life. The game ends once . SPL De-Verb. SPL De-Verb is a program that provides support for dynamic sound processing. and reverb- tails . De-Verb . Sonic Compilation. Save the world from destruction by defeating the evil Dr. Robotnik with your choice of Sega's best heroes. , Knuckles and Tails ! Blast through . enter a video game , this is . Perfect Cut. This application gives you the possibility of entering cutting orders even with different material families, with automatic decomposition into sub- problems. obtain reusable tails and sectioning . can reduce tails significantly) and . Rainbow Web. In the heart of a wonderland, surrounded by crystal clear lakes, mighty stone, and age-old forests there existed the Rainbow Kingdom. all fairy tails , there appears . all fairy tail creatures and . you must free letters from . Let's Ride Friends Forever. In Let's Ride Friends Forever you need to groom, train and care for your horse and practice hard to perfect your riding .
    [Show full text]
  • Debian \ Amber \ Arco-Debian \ Arc-Live \ Aslinux \ Beatrix
    Debian \ Amber \ Arco-Debian \ Arc-Live \ ASLinux \ BeatriX \ BlackRhino \ BlankON \ Bluewall \ BOSS \ Canaima \ Clonezilla Live \ Conducit \ Corel \ Xandros \ DeadCD \ Olive \ DeMuDi \ \ 64Studio (64 Studio) \ DoudouLinux \ DRBL \ Elive \ Epidemic \ Estrella Roja \ Euronode \ GALPon MiniNo \ Gibraltar \ GNUGuitarINUX \ gnuLiNex \ \ Lihuen \ grml \ Guadalinex \ Impi \ Inquisitor \ Linux Mint Debian \ LliureX \ K-DEMar \ kademar \ Knoppix \ \ B2D \ \ Bioknoppix \ \ Damn Small Linux \ \ \ Hikarunix \ \ \ DSL-N \ \ \ Damn Vulnerable Linux \ \ Danix \ \ Feather \ \ INSERT \ \ Joatha \ \ Kaella \ \ Kanotix \ \ \ Auditor Security Linux \ \ \ Backtrack \ \ \ Parsix \ \ Kurumin \ \ \ Dizinha \ \ \ \ NeoDizinha \ \ \ \ Patinho Faminto \ \ \ Kalango \ \ \ Poseidon \ \ MAX \ \ Medialinux \ \ Mediainlinux \ \ ArtistX \ \ Morphix \ \ \ Aquamorph \ \ \ Dreamlinux \ \ \ Hiwix \ \ \ Hiweed \ \ \ \ Deepin \ \ \ ZoneCD \ \ Musix \ \ ParallelKnoppix \ \ Quantian \ \ Shabdix \ \ Symphony OS \ \ Whoppix \ \ WHAX \ LEAF \ Libranet \ Librassoc \ Lindows \ Linspire \ \ Freespire \ Liquid Lemur \ Matriux \ MEPIS \ SimplyMEPIS \ \ antiX \ \ \ Swift \ Metamorphose \ miniwoody \ Bonzai \ MoLinux \ \ Tirwal \ NepaLinux \ Nova \ Omoikane (Arma) \ OpenMediaVault \ OS2005 \ Maemo \ Meego Harmattan \ PelicanHPC \ Progeny \ Progress \ Proxmox \ PureOS \ Red Ribbon \ Resulinux \ Rxart \ SalineOS \ Semplice \ sidux \ aptosid \ \ siduction \ Skolelinux \ Snowlinux \ srvRX live \ Storm \ Tails \ ThinClientOS \ Trisquel \ Tuquito \ Ubuntu \ \ A/V \ \ AV \ \ Airinux \ \ Arabian
    [Show full text]
  • Slides Ndh2k16.Pdf
    Tails: Security, Maintainability and Usability Pick three! Julien Voisin Jérôme Boursier July 4, 2016 Nuit du Hack Who are we ? Who are we ? Julien Voisin Jérôme Boursier • Radare2 • AdwCleaner • NBS-System • Student • dustri.org • fr33tux.org 1 Who are we ? Julien Voisin Jérôme Boursier • Radare2 • AdwCleaner • NBS-System • Student • dustri.org • fr33tux.org 1 Tails - The Amnesic Incognito Live System Tails - The Amnesic Incognito Live System What is Tails? Tails, born in 2009, is a live operating system, aiming at preserving your privacy and anonymity. 2 Tails - The Amnesic Incognito Live System What is Tails? Tails, born in 2009, is a live operating system, aiming at preserving your privacy and anonymity. • All connections to the Internet are forced to go through the Tor network; • It leaves no trace on the computer you are using unless you ask it explicitly; • It provides cryptographic tools to encrypt your files, emails and IM. • Secure and usable by default 2 Tails - The Amnesic Incognito Live System According to the NSA (S//REL) Tails: Complete Bootable OS on CD for anonymity - includes Tor (S//REL) Adds Severe CNE1 misery to equation 1Computer Network Exploitation 3 Tails - The Amnesic Incognito Live System According to the NSA (S//REL) Tails: Complete Bootable OS on CD for anonymity - includes Tor (S//REL) Adds Severe CNE These variables define terms and websites relating to the TAILs (The Amnesic Incognito Live System) software program, a comsec mechanism advocated by extremists on extremist forums. 3 Tails - The Amnesic Incognito Live System According to the NSA1 (S//REL) Tails: Complete Bootable OS on CD for anonymity - includes Tor (S//REL) Adds Severe CNE These variables define terms and websites relating to the TAILs (The Amnesic Incognito Live System) software program, a comsec mechanism advocated by extremists on extremist forums.
    [Show full text]
  • Online Self Defense – Black Belt Level
    Online Self Defense – Black Belt Level Review - White Belt Level 1.Do your updates 2.Use good antivirus/antimalware software 3.A long password is a strong password 4.Be suspicious of all emails, particularly those asking you to click on links, or that have attachments. Review – Yellow Belt 1.Always verify t!at you are on the we#site you mean to be 2.$et #rowser to more secure settings 3.Use privacy enhancing browser plugins 4.$can everything you download %.Only download programs from the official we#site Review - Green Belt Level ● (nformation is the currency of the internet ● )rivacy has finincial as well as ethical implications ● *a"e sure that your connection is encrypted +,--)$. ● Anonymizing we# proxies can help ● 1)Ns are better ● -or Browser is even better Review – Brown Belt Level 1.Unencrypted email is like sending a postcard instead of a letter 2.-o encrypt email use *ozilla -!under#ird with the 3nigmail plugin 3.-o encrypt chat use Pidgin with the OTR plugin Threat Modeling Decide what your most likely t!reats and plan your defense based on the following questions. 1. What is the most vulnerable/exploitable? 2. What is the most valuable? 3.How can I mitigate my vulnerabilities? 4. What can I o to limit amage i! an attac" is success!ul? Segregation of Identity ● Limit ability of a t!ird party to connect di'erent aspects of your life. 7or e0ample casual we# #rowsing and !ome #anking. ● 8roup activities wit! similar security re5uirements. ● Be self disciplined a#out t!is segregation.
    [Show full text]
  • Given the Pace of Development in Linux, It's Always
    BEST DISTRO Is your current Linux distribution really 2014 the best in town, or are you missing something even better? Graham, Ben and Mike put a bunch to the test. e’re going to get a lot of flak for writing pace of development in Linux, it’s always worth these words, but we’re not scared – Linux keeping your eyes open for something better. WVoice drops ice cubes down the vest of With all these things in mind, we decided to look at fear. So here we go: you might be using the wrong the current state of play in the Linux distro world. We Linux distribution. Or to put it more diplomatically, wanted to see which distros excel in certain you might not be running the distro that’s best suited important areas, to find out who’s leading the charge to you. “What a load of codswallop!”, you respond. here in mid-late 2014. “My distro does In tests like these, exactly what I need it it’s often possible to to do. I’ve been using “Given the pace of development in bundle certain distros it for years and I’m Linux, it’s always worth keeping an together as they’re so happy with it.” closely related. In the That’s great, but eye out for something better.” Packages section, for could it still do a lot instance, we look at more? Have you really tried all of the big-name Ubuntu and Mint together because they share the distros in depth? Could there be another distro out same repositories.
    [Show full text]
  • A New Generation of Linux-Only
    Newsdesk THIS ISSUE: Linux-exclusive PCs Linus Torvalds has doubts Microsoft protects Linux severs Steam on Chromebooks HARDWARE SYSTEMS A new generation of Dell Linux-only PCs CREDIT: It’s the year of Linux on some desktops – perhaps this whole FOSS thing will catch on! omething unusual is happening in the output supporting 4K at world of computing: companies big and 60Hz it’s ideal for use as a S small are releasing PCs with Linux media centre system, but running on them. Crucially, in these cases a Linux would run well as either a The Dell XPS 13 Developer operating systems being the only OS option. mini-destop or mini-server. Edition is an Ubuntu-only model. This shows an operational change in the Juno Computers, based both in the UK and marketplace, demonstrating that companies are the US, has made us aware of its all-new gaming not only confident that Linux-only models can laptop, the Neptune 15, that can be bought either sell in enough volume to make money, but that with Ubuntu 20.04 pre-installed, or no OS at all3. they’re happy to support those devices. It’s one It’s powered by the latest Intel Core i7-10875H thing to offer variations of existing Windows eight-core processor and runs a high-end Nvidia models, but quite another to only build a model GeForce RTX 2060 GPU with 6GB of GDDR6. At that offers Linux. £1,650 it’s one powerful – if expensive – system. We reported in LXF265 that Lenovo has We could argue that this trend, in part, extended its Ubuntu certification, making it able coincides with figures that show during the to offer Ubuntu pre-installed on a wider range of its Workstation offerings.
    [Show full text]
  • Untraceable Links: Technology Tricks Used by Crooks to Cover Their Tracks
    UNTRACEABLE LINKS: TECHNOLOGY TRICKS USED BY CROOKS TO COVER THEIR TRACKS New mobile apps, underground networks, and crypto-phones are appearing daily. More sophisticated technologies such as mesh networks allow mobile devices to use public Wi-Fi to communicate from one device to another without ever using the cellular network or the Internet. Anonymous and encrypted email services are under development to evade government surveillance. Learn how these new technology capabilities are making anonymous communication easier for fraudsters and helping them cover their tracks. You will learn how to: Define mesh networks. Explain the way underground networks can provide untraceable email. Identify encrypted email services and how they work. WALT MANNING, CFE President Investigations MD Green Cove Springs, FL Walt Manning is the president of Investigations MD, a consulting firm that conducts research related to future crimes while also helping investigators market and develop their businesses. He has 35 years of experience in the fields of criminal justice, investigations, digital forensics, and e-discovery. He retired with the rank of lieutenant after a 20-year career with the Dallas Police Department. Manning is a contributing author to the Fraud Examiners Manual, which is the official training manual of the ACFE, and has articles published in Fraud Magazine, Police Computer Review, The Police Chief, and Information Systems Security, which is a prestigious journal in the computer security field. “Association of Certified Fraud Examiners,” “Certified Fraud Examiner,” “CFE,” “ACFE,” and the ACFE Logo are trademarks owned by the Association of Certified Fraud Examiners, Inc. The contents of this paper may not be transmitted, re-published, modified, reproduced, distributed, copied, or sold without the prior consent of the author.
    [Show full text]
  • Design of the Next-Generation Securedrop Workstation Freedom of the Press Foundation
    1 Design of the Next-Generation SecureDrop Workstation Freedom of the Press Foundation I. INTRODUCTION Whistleblowers expose wrongdoing, illegality, abuse, misconduct, waste, and/or threats to public health or safety. Whistleblowing has been critical for some of the most important stories in the history of investigative journalism, e.g. the Pentagon Papers, the Panama Papers, and the Snowden disclosures. From the Government Accountability Project’s Whistleblower Guide (1): The power of whistleblowers to hold institutions and leaders accountable very often depends on the critical work of journalists, who verify whistleblowers’ disclosures and then bring them to the public. The partnership between whistleblowers and journalists is essential to a functioning democracy. In the United States, shield laws and reporter’s privilege exists to protect the right of a journalist to not reveal the identity of a source. However, under both the Obama and Trump administrations, governments have attempted to identify journalistic sources via court orders to third parties holding journalist’s records. Under the Obama administration, the Associated Press had its telephone records acquired in order to identify a source (2). Under the Trump Administration, New York Times journalist Ali Watkins had her phone and email records acquired by court order (3). If source—journalist communications are mediated by third parties that can be subject to subpoena, source identities can be revealed without a journalist being aware due to a gag that is often associated with such court orders. Sources can face a range of reprisals. These could be personal reprisals such as reputational or relationship damage, or for employees that reveal wrongdoing, loss of employment and career opportunities.
    [Show full text]