We’ve decided to pledge our support to Open to All, a national nonprofit campaign based around the idea that everyone should be welcome regardless of race, ethnicity, national origin, sex, sexual orientation, gender identity and expression, immigration status, religion, or disability.
In 2020 there were a tremendous number of tips that came to newsrooms directly from whistleblowers. From the FinCen files, Trump’s taxes, continued revelations of sexual harrasment, discrimination and unequitable treatment within organizations, and many in the healthcare fields speaking up. But, how can a newsroom make sure that they are the one that a source turns to?
Before the pandemic, my book A Public Service: Whistleblowing, Disclosure, and Anonymity was released. The book is a guide for a would-be whistleblower to safely reveal information to the public with a focus on working with partners in the media. The last chapter in the book is titled “Recommendations for Partners,” and looks at how lawyers, journalists, and those within governments and organizations can support whistleblowers and their ability to point out fraud, waste, abuse, and injustices when they see them. For years I have focused on teaching and training others on the use of digital security tools, this article expands on the general recommendations in the book and looks at actual digital security, web, and infrastructure measures media organizations can implement.
Here at Alley, I work specifically on Lede, a platform optimized towards teams of journalists that are ready to create robust media organizations. We bring custom designed sites to life with newsletters, subscriber paywalls, lots of other features, and above all else: strategic guidance. One of the thing’s I’ve been in charge of is making sure we’re putting in place best practices for source security and tips in the sites we build.
So while all media organizations are unique, there are enough similarities that I was able to put together a set of concrete steps that any organization or individual journalists could start working on to protect sources and immediately impact the security and tips they receive. Below is a matrix that outlines the steps organizations can take, organized by the level of effort and the impact any initiative can have on increasing tips and source protection.
If you are a newsroom or media organization and want to increase the number of tips you receive while doing better to protect sources and their livelihoods, consider implementing these items in the following order, you’ll get the most bang for your buck:
- Setting up a Signal number for the newsroom
- Putting tips information on every page in the footer
- Newsrooms listing Signal numbers and/or Wire usernames, secure email addresses on author pages and in articles
- Hire for a dedicated digital investigations/information security position
- Training for staff on managing tips intake and security
- Journalists actively using Wire / Signal
- Journalists setting up an encrypted email accounts (ProtonMail or the like)
- Journalist having burner phone numbers for Signal
- General security training for staff, on device security and phishing attempts
- Journalists listing contact methods on Twitter / keybase.io / social media
- Setting up and running an OnionShare
- Setting up SecureDrop or Globaleaks