Sunday, March 5, 2017

Newsrooms Are Making Leaking Easier–and More Secure–Than Ever

A growing number of disaffected government insiders have been approaching journalists to share information anonymously since the election in November and the inauguration just over a month ago. In response, news organizations have made it safer and easier for potential whistleblowers by actively encouraging them to use a variety of secure communication channels.

Many outlets have even posted instructions and assigned additional staff to monitor the information that arrives over these channels–such as the encrypted mobile application Signal and the dedicated whistleblowing platform SecureDrop. The Washington Post wrote a lengthy piece offering advice for leaking government documents. ProPublica updated its “How to Leak” page and posted an instructional video with Nieman Lab. And The New York Times published a page titled “Got a confidential news tip?” which details a number of secure channels, from encrypted email to plain manila envelopes, alongside basic instructions for using them safely.

But even as more news outlets promote secure channels for outreach from potential sources, it is still incredibly rare for these tools to be mentioned in published stories. Every newsroom has editorial policies regarding the treatment of anonymous sources, and most interpret the mere mention of tools like Signal or SecureDrop to be an unnecessary risk. As a result, the usefulness of these tools is underpublicized, and a study published by the Tow Center for Digital Journalism last year still offers the only account of SecureDrop’s value in newsrooms. Of the ten news outlets studied at the time, nine said that they regularly receive newsworthy information through SecureDrop.

The demand for secure communication tools has only risen since Trump’s election. The Times launched SecureDrop just a week after the election, while downloads of the Signal app rose 400 percent during the month of November. There are currently 22 active SecureDrop installations in newsrooms—nearly twice as many as there were just a year ago. A handful of freelance journalists and about a dozen non-profit groups also use SecureDrop.

Government employees, too, are taking advantage. Members of the Environmental Protection Agency, Foreign Service, and Department of Labor have been using Signal to communicate with the press against the President’s gag order. Aids to politicians are using Signal and a similar app called Confide not just for leaking, but for personal protection under increased suspicion and surveillance. These apps may pass unnoticed unless users are subjected to a “phone check,” like the one press secretary Sean Spicer allegedly demanded from a dozen communications staffers last week.

According to Derek Kravitz, research editor at ProPublica, a single source often uses multiple secure channels to communicate with a reporter. Signal has become the most common way for new sources to contact them, while SecureDrop mainly serves as a guarded vessel for documents and data dumps. “It’s mostly people contacting us on Signal or another medium,” Kravitz said, “and then we’ll go to SecureDrop to see if they’ve sent anything.”

Kravitz added that “the flow of tips and leaks has been consistent since inauguration,” and so has their quality: “Nearly all messages have had some news value or public interest.”

Tools like Signal and SecureDrop are not only resilient to attack, but also fairly user-friendly. They are designed to minimize risk, even for inexperienced users. “Not every source is an expert on being an anonymous source,” says Kevin Poulsen, the hacker and longtime Wired reporter who originally conceived of SecureDrop. “That’s not why they’re contacting a reporter. It’s because they’re an expert on something else.”

It makes sense that so many first-time whistleblowers are turning to Signal, in particular: There is little separating the experience of using Signal from typical texting and calling on a smartphone. Yet this ease does not come at the expense of security. Signal’s code, developed by Open Whisper Systems, is freely available for anyone to test and verify. Even Edward Snowden endorses Signal as the best secure communication tool for most people.

by Charles Berret, Columbia Journalism Review |  Read more:
Image: Getty