Each drop-box consists of a secure web connection and a form that encrypts both files and the text submitted (then destroys the originals) as well as removes identifying metadata from documents. The system also makes every effort to leave no traceable remnants from the transaction, such as identifiable session cookies on the client side or logging of any IP addresses on the server side.
Once a file is submitted, the newspaper will receive an email, alerting them to the tip. The newspaper then needs to reply that it’s interested. Then a temporary secure file transfer is established. This last step isn’t automated yet, according to Matthew Terenzio, Web Development Director at The Hour Publishing Co and one of the members of this project. The best way to do so, he says, would be to have the encryption software – the open source GnuPG in this case – set up on the newspaper’s end. “It is unlikely that most would have it yet,” says Terenzio, who says he’s working on helping some newspapers set up their own drop-boxes to avoid this step.