Journalist assessment of a source at risk


#1

Bonjour,

Disclaimer: it is very possibly a naive view, I’m still learning. I do not have access to any privileged information regarding any media or on-going investigations. I write code and help people with technical stuff.

It stands to reason that journalists getting documents via SecureDrop are highly motivated to protect their sources anonymity. I wonder if that goes as far as to conduct an interview of the source to assert if classified documents they exfiltrated cannot be traced back to them.

For instance, I can imagine this dialog between the journalist and Terry James Albury:

  • Journalist: How did you access the documents you sent?
  • Albury: Using my regular login, at my workplace
  • Journalist: How did you copy these documents?
  • Albury: I made screenshots and took pictures using my camera and store them on a separate SDCard
  • Journalist: Did you do this in the range of video surveillance cameras?
  • Albury: I’m not sure.
  • Journalist: How many people have the necessary credentials to access these documents?
  • Albury: Not many, it is likely that a two dozen people accessed these documents in the past few years
  • Journalist: If we publish these documents or a story based on them, there is a very high chance your anonymity cannot be protected. Do you want to take the risk?
  • Albury: Yes, I do.

Are there guidelines for journalists to assess the risk a source is taking and ask them for an informed consent?

Cheres


SecureDrop simplification (take 2)
#2

This is one of the first checkup I manage to deal with my sources, in order to figuring out how many people had access to dochments they want to leak, and avoid their identification.