In the eleven years since we founded Alley Interactive, it has grown from a niche technology consultancy into the go-to strategic digital partner and tool creator for some of the largest and most influential media companies, think tanks, foundations, universities, government agencies, and enterprises. Our incredible team has executed complex and high-profile site launches for
In 2020 there were a tremendous number of tips that came to newsrooms directly from whistleblowers. From the FinCen files, Trump’s taxes, continued revelations of sexual harrasment, discrimination and unequitable treatment within organizations, and many in the healthcare fields speaking up. But, how can a newsroom make sure that they are the one that a source turns to?
Before the pandemic, my book A Public Service: Whistleblowing, Disclosure, and Anonymity was released. The book is a guide for a would-be whistleblower to safely reveal information to the public with a focus on working with partners in the media. The last chapter in the book is titled “Recommendations for Partners,” and looks at how lawyers, journalists, and those within governments and organizations can support whistleblowers and their ability to point out fraud, waste, abuse, and injustices when they see them. For years I have focused on teaching and training others on the use of digital security tools, this article expands on the general recommendations in the book and looks at actual digital security, web, and infrastructure measures media organizations can implement.
Here at Alley, I work specifically on Lede, a platform optimized towards teams of journalists that are ready to create robust media organizations. We bring custom designed sites to life with newsletters, subscriber paywalls, lots of other features, and above all else: strategic guidance. One of the thing’s I’ve been in charge of is making sure we’re putting in place best practices for source security and tips in the sites we build.
So while all media organizations are unique, there are enough similarities that I was able to put together a set of concrete steps that any organization or individual journalists could start working on to protect sources and immediately impact the security and tips they receive. Below is a matrix that outlines the steps organizations can take, organized by the level of effort and the impact any initiative can have on increasing tips and source protection.
If you are a newsroom or media organization and want to increase the number of tips you receive while doing better to protect sources and their livelihoods, consider implementing these items in the following order, you’ll get the most bang for your buck:
- Setting up a Signal number for the newsroom
- Putting tips information on every page in the footer
- Newsrooms listing Signal numbers and/or Wire usernames, secure email addresses on author pages and in articles
- Hire for a dedicated digital investigations/information security position
- Training for staff on managing tips intake and security
- Journalists actively using Wire / Signal
- Journalists setting up an encrypted email accounts (ProtonMail or the like)
- Journalist having burner phone numbers for Signal
- General security training for staff, on device security and phishing attempts
- Journalists listing contact methods on Twitter / keybase.io / social media
- Setting up and running an OnionShare
- Setting up SecureDrop or Globaleaks