Right after the SecureDrop posts happened ... they posted a fix for a security flaw; posted links to such here at the time. There was a backdoor through their key handling as I recall such that the ‘company’ (black or white) could hook in. Impression is/was that then anything that whistle blowers submit anything, they were turning it over to others without knowing or realizing.