The battle over freedom of information is one of the leading issues of our time, and the San Francisco office is part of the movement to protect our right to dissent, privacy, and information access. Between regularly scheduled internal meets and more focused events with the Electronic Frontier Foundation (EFF), one of the leading organizations in the United States on privacy, and the Freedom of the Press Foundation (FPF), the office has become a busy place. Some highlights include weekly meets exploring a wide range of privacy related topics, getting to know many members of the EFF and FPF, and a SecureDrop Hackathon in the San Francisco office.
Above: Rainey Reitman talks to a room of EFFers and TWers about what we can do to promote rights online.
Internally we’ve been holding weekly “InSecurity” nights each Tuesday to focus and discuss the current issues around freedom and privacy on the internet. We’ve had a fairly wide range of informal sessions, starting off with a great mathematical breakdown of cryptography by Chris Schuster (Developer). We have also explored how Tor works, held a crypto party (signing gpg keys), and watched recordings from ReDecentralize.net (a movement to revive the decentralized nature of the internet) and 30C3 (Chaos Computer Congress 2013, a conference that blends hackers, technology, and politics). More recently, we’ve gone through the dev environment setup for SecureDrop - which we will dig into more deeply in upcoming sessions.
One of the most popular suggestions to come out of our first InSecurity night was to meet up with people at the EFF (Electronic Frontier Foundation) - arguably the go to organization for all issues regarding privacy and freedom on the internet - which is based right here in San Francisco. Luckily, Amit Kaul (Regional Director, @amitk_tw), and Jonny Leroy (@jahnnie) were already on it, and have been in steady contact with, among others, Trevor Timm, formerly of the EFF and co-founder of FPF (Freedom of the Press Foundation).
Trevor came to talk at our last home office happy hour about SecureDrop, a project started by Aaron Swartz and Kevin Poulsen, which a few of us at TW have been getting involved in. SecureDrop is a tool to allow journalists to accept documents from sources anonymously. It’s open source software, and designed to be hosted by the news organization directly. This model prevents the seizure of records from third party service providers, and provides alternatives to (still very admirable) centralized services such as WikiLeaks.
We had a lot of enthusiasm around the office, so with the help of some great networking by Grant Joung (SF director / software delivery partner), managed to schedule a dedicated event here at the office to get to know the EFF and FPF. This event was a huge success, with a great showing from both Thoughtworks and our guests. In true Thoughtworks fashion we gathered a bunch of smart, enthusiastic people into a room, added some beer, and let the ideas flow.
Among the things to come out of that evening was the decision to host a SecureDrop Hackathon right here in the San Francisco office. There was already a hackathon planned to take place at MIT, but by hosting a coordinated hackathon at Thoughtworks we could foster participation on both coasts in one go. Even though it was short notice, it was a great opportunity for us to step up and help out. Thanks to keen interest from Rosalie Tolentino (@rosatolen), Vladimir Zelmanov (Developer), and Sophie Krisch (Junior Developer) we had enough support to host a public hackathon. Will Ducey (@will_ducey) and Pam Ocampo (Caffeinated Coder, @pmocampo) helped get the word out through social media, and Rainey Reitman from the EFF even gave us a shout out at a panel event in Berkeley - alongside Daniel Ellsberg!
The hackathon ended up being a huge success. Garrett Robinson, the lead developer for SecureDrop, decided to stay in San Francisco - and we set up a video conference with the team at MIT. In all we had about 15 people working on SecureDrop on Saturday. The diversity of work done was amazing. One of the big accomplishments was setting up vagrant for developer setup. What used to be a fairly long and error prone developer setup process is now as simple as “clone the repo, install vagrant, vagrant up."
On the other hand, on Sunday Craig Wattrus (Developer) was working on the user interface and user experience. He developed some great mockups to bring the UI into the modern world. Back on the deployment side of things, Chris Ng (DevOps) got deep into ops land and added GPG encryption of OSSEC email alerts to prevent eavesdroppers from getting access to potential security vulnerabilities. Many others came by and paired, set up dev environments, and dug into the code. A big thanks to everyone who came along and helped make the event happen.
Looking forward, I hope this is only the beginning of a long and fruitful relationship between Thoughtworks and the EFF, FPF, and SecureDrop. To keep the ball rolling, we will be having hack nights every other week on Tuesday evening. There is lots of work to be done, and lots of ways to contribute.
If you couldn’t make it the the hackathon, consider coming to a hack night.
Disclaimer: The statements and opinions expressed in this article are those of the author(s) and do not necessarily reflect the positions of Thoughtworks.