Supporting SecureDrop with Creative Commons

Dear SecureDrop supporters,

As of writing, there are 17 organizations actively using SecureDrop [1] in order to support secure and anonymous document submission. This number needs to increase for redundancy and diversity purposes. In this post I will describe one important way to enhance SecureDrop adoption.

Administrators of SecureDrop are responsible for creating an HTTPS landing page with the goal of educating its visitors about the technology including the ideal ways to use their SecureDrop server. Organizations employing SecureDrop must write thoughtful and clear instructions for their landing page based on their unique organizational requirements and goals. Freedom of the Press Foundation has written a sample privacy policy [2] that provides a solid foundation for some of this landing page content.

Exceptional SecureDrop landing pages already exist, and The Intercept’s SecureDrop landing page [3] is one example. I believe there is always room for improvement, which I have detailed in a related post, The limitations of SecureDrop and Tor for whistleblowers [4].

Proposal


To best support the use of high-quality information:

  1. Freedom of the Press Foundation should encourage SecureDrop adopters to license the semantic and/or graphics content of their respective landing page as Creative Commons Public Domain (CC0) [5] or Creative Commons Attribution-ShareAlike (CC-BY-SA) [6].
  2. Existing organizations employing SecureDrop should apply a CC0 or CC-BY-SA license to their SecureDrop landing page.

Tor Project already licenses their website’s content as CC-BY-SA [7] which is an important contribution in addition to their existing open source software.

SecureDrop is a complex security environment that depends on Tor. Tor Browser is also a complex security tool despite Tor Project’s usability achievements. Additionally, high quality SecureDrop landing pages explain that Tails Linux should be used instead of Tor Browser when submitting documents in order to mitigate specific security concerns. These are three independently complicated security tools that require clear and thoughtful information pertaining to their use. Of all of the possible users of Tor and SecureDrop, supporting the extreme security-sensitive population, whistleblowers, demands providing high quality information.

An unrestrictive Creative Commons license such as CC0 or CC-BY-SA applied to a SecureDrop landing page allows other organizations the ability to easily adopt high quality information. Applying an open license would help foster a stronger community of organizations working hard to best support possible whistleblowers. Having to reword complex security precautions because of copyright restrictions is a dangerous proposition given the limited amount of open source privacy technologies available.

Thank you!

References

1 https://freedom.press/securedrop/directory

2 https://securedrop.org/sample-privacy-policy

3 https://theintercept.com/securedrop/

4 https://yawnbox.com/?p=3655

5 https://creativecommons.org/publicdomain/zero/1.0/

6 https://creativecommons.org/licenses/by-sa/3.0/us/

7 https://www.torproject.org/docs/trademark-faq.html.en

License

CC0

To the extent possible under law, the person who associated CC0 with Supporting SecureDrop with Creative Commons has waived all copyright and related or neighboring rights to Supporting SecureDrop with Creative Commons. This work is published from the United States.