The Secure Online Dropbox – a short history

The advent of the secure online dropbox allows whistleblowers to make a disclosure online, which may include the submission of source documents, with reasonable confidence that their identity will not be revealed by the means of transmission.

Secure online dropbox systems typically make use of the Tor network in order to obfuscate the digital origin of any material submitted. They also enable those making disclosures to have an ongoing conversation with the person on the receiving end of a submission.

This is a powerful combination of features that is difficult to replicate as securely with other, older forms of anonymous submission, such as by post or telephone.

The secure online dropbox as a technology is less than 15 years old. They were initially developed to enable whistleblowers to disclose sensitive information to media organisations and the public directly. It is no coincidence that the public visibility of whistleblowing – and support for the protection of whistleblowers – has increased dramatically since the first appearance of major news stories facilitated by dropbox technology.

Major public interest disclosures of the past 15 years have transformed public understanding of complex issues like money laundering and tax avoidance. In several cases, public authorities have been able to use the information from news stories to launch investigations and take enforcement action.

In recent years, the use of secure online dropboxes has spread beyond media applications into private companies and public institutions, in particular local government and anticorruption authorities. This move has partly been prompted by legal changes mandating the introduction of internal channels, as in Italy, but also by public sector innovation supported by civil society, as seen in the Anti Corruption Authorities of Catalunya (Oficina Antifrau de Catalunya or OAC) and Valencia (Agencia Valenciana Antifraude or AVAF).

Today two established open source dropbox systems are available – GlobaLeaks, maintained by EAT partner Hermes (Italy) and SecureDrop (USA), which is maintained by the US-based Freedom of the Press Foundation. Together they are used by a large number of established media organisations and are increasingly being adopted as reporting channels within organisations as well as by public bodies. Commercial integrity systems operated or sold by a number of different entities are also available.

Keeping track of how many dropboxes are live, and who runs them, can be challenging. A list of existing dropboxes, focusing primarily on current GlobaLeaks and SecureDrop instances was produced for the EAT Project and is available here.