Disclaimer: it is very possibly a naive view, I’m still learning. I do not have access to any privileged information regarding any media or on-going investigations. I write code and help people with technical stuff.
It stands to reason that journalists getting documents via SecureDrop are highly motivated to protect their sources anonymity. I wonder if that goes as far as to conduct an interview of the source to assert if classified documents they exfiltrated cannot be traced back to them.
For instance, I can imagine this dialog between the journalist and Terry James Albury:
- Journalist: How did you access the documents you sent?
- Albury: Using my regular login, at my workplace
- Journalist: How did you copy these documents?
- Albury: I made screenshots and took pictures using my camera and store them on a separate SDCard
- Journalist: Did you do this in the range of video surveillance cameras?
- Albury: I’m not sure.
- Journalist: How many people have the necessary credentials to access these documents?
- Albury: Not many, it is likely that a two dozen people accessed these documents in the past few years
- Journalist: If we publish these documents or a story based on them, there is a very high chance your anonymity cannot be protected. Do you want to take the risk?
- Albury: Yes, I do.
Are there guidelines for journalists to assess the risk a source is taking and ask them for an informed consent?