This Science News Wire page contains a press release issued by an organization and is provided to you "as is" with little or no review from Science X staff.

Research-based whistleblowing tech launched by The Guardian

June 10th, 2025

Whistleblowers can contact journalists more securely thanks to a new confidential and anonymous messaging technology co-developed by University of Cambridge researchers and software engineers at the Guardian.

The Guardian has launched Secure Messaging as a module within its mobile news app to provide a secure and usable method of establishing initial contact between journalists and sources.

It builds on a technology—CoverDrop—developed by Cambridge researchers and includes a wide range of security features. The code is available online and is open source, to encourage adoption by other news organizations.

The app automatically generates regular decoy messages to The Guardian to create "air cover" for genuine messages, even when they are passing through the cloud, preventing an adversary from finding out if any communication between a whistleblower and a journalist is taking place.

"This provides whistleblowers with plausible deniability," said Professor Alastair Beresford from Cambridge's Department of Computer Science and Technology.

"That's important in a world of pervasive surveillance where it has become increasingly hazardous to be a whistleblower," said Cambridge's Dr. Daniel Hugenroth, who co-led the development of CoverDrop with Beresford.

The technology also provides digital "dead drops"—like virtual bins or park benches—where messages are left for journalists to retrieve. These are just two of a suite of functions that protect a source from discovery even if their smartphone is seized or stolen.

CoverDrop encrypts outgoing messages between the source and their named contact at the news organization to ensure no other party can read their content. For this, it relies on cryptography using digital security key pairs consisting of a public and a secret key.

The source is given the public key that instructs the existing encryption technology on their smartphone to encrypt their messages to The Guardian. This key only works one way, so it can lock—but not unlock—their messages. The only person able to decode them is the whistleblower's named contact at The Guardian, who uses their secret key to retrieve and decode the messages left in the dead drop.

CoverDrop also pads all messages to the same length, making it harder for adversaries—whether acting on their own behalf or for an organization or state—to distinguish real messages from decoy ones.

The system fulfills a need long identified by media organizations: providing a highly secure, yet easy-to-use, system for potential sources who want to contact them with sensitive information.

"The Guardian is committed to public-interest journalism," said Luke Hoyland, product manager for investigations and reporting at The Guardian. "Much of this is possible thanks to first-hand accounts from witnesses to wrongdoing. We believe whistleblowing is an important part of a functioning democracy and will always do our utmost to avoid putting sources at risk. So we're delighted to have worked with the University of Cambridge on turning their groundbreaking CoverDrop research into a reality."

The research began with workshops with U.K. news organizations to find out how potential sources first contacted them. The researchers learned that whistleblowers often reach out to them via platforms that are either insecure or hard to use.

Beresford said that when they started looking for a practical solution to this problem, "we realized that news organizations already run a widely available platform from which they can offer a secure, usable method of initial contact—their mobile news app."

"When sources send messages, their confidentiality and integrity can be assured through the secure messaging protocols on their smartphone," said Hugenroth. "CoverDrop goes one step further and also protects the communication patterns between sources and journalists by using decoy messages to provide cover and padding all messages to the same length."

Importantly, the researchers say, users of the new CoverDrop system won't need to install any specialist software that chews up large amounts of battery power or slows down their phones.

Its simple interface looks and works just like a typical messaging app. And there are no traces left on the device that the CoverDrop system has ever been used on that phone before.

"When you open the app," said Beresford, "even if you've already set up an account on it, the CoverDrop feature will look as though you haven't used it. Its home screen will only offer two prompts—"Get started' or "Check your message vault." This is because if it's stolen, or a user is under duress, we don't want your phone to reveal to anyone that you've already used it."

The development of CoverDrop began in the years after the whistleblower Edward Snowden, a former U.S. intelligence contractor, leaked classified documents revealing the existence of global surveillance programs.

This showed, the researchers said, the mass surveillance infrastructure available to nation states, which has profound implications for those who wish to expose wrongdoing within companies, organizations, and government.

Work on CoverDrop was first unveiled at an international Symposium on Privacy-Enhancing Technologies in 2022 by the Cambridge researchers (who originally included the late Professor Ross Anderson, a leader in security engineering and privacy).

When they published their paper on the research at the conference, it attracted interest from The Guardian, which, in collaboration with the researchers, subsequently helped develop CoverDrop from an academic prototype into a fully usable technology.

"The free press fulfills an important function in a democracy," said Beresford. "It can provide individuals with a mechanism through which they can hold powerful people and organizations to account. We're delighted that the Guardian is the first media organization to adopt CoverDrop and will use it to help protect their sources."

"All the CoverDrop code will be available online and open source," said Hugenroth. "This transparency is essential for security-critical software and allows others to audit and improve it. Open-sourcing the code also means that other news organizations, particularly those with expertise in investigative journalism, could also use it. We would be excited to see them do so."

A new technical report on CoverDrop, describing its architecture and explaining how it works, is available at: www.coverdrop.org/coverdrop_guardian_implementation_june_2025.pdf

Provided by University of Cambridge

Citation: Research-based whistleblowing tech launched by The Guardian (2025, June 10) retrieved 11 June 2025 from https://sciencex.com/wire-news/511011282/research-based-whistleblowing-tech-launched-by-the-guardian.html

This document is subject to copyright. Apart from any fair dealing for the purpose of private study or research, no part may be reproduced without the written permission. The content is provided for information purposes only.