Simpler journalist workflow


Would the following journalist workflow be worse than what is suggested in the documentation ? This is assuming there is a single machine connected with a RJ45 to the network. Instead of a USB drive as the transfert device, the hard drive the machine is used. We assume a single journalist is in charge of getting the document and never transfert them outside of the secure viewing station (because this is a rare event and can be addressed separately).

  • The RJ45 is plugged in the machine
  • The machine is booted on the journalist tails
  • The journalist downloads all new documents from sources and move the archive to the hard drive
  • The machine is shutdown
  • The RJ45 is unplugged from the machine
  • The machine is booted on the secure viewing station tails
  • The journalist moves the documents from the hard drive to the persistent partition of the secure viewing station
  • The journalist decrypts all documents / messages and
    • trashes what is of no interest
    • if there is something of interest, they call the admin and they both work carefully on doing the right thing

This looks like a light weight process that can be repeated weekly or so. And if some valuable information is found, it is acceptable to spend all the time needed to do things slowly and carefully. Or am I missing an important aspect that makes this approach vulnerable ?


Not a good idea after all because unlocking an encrypted hard drive requires setting the root password. Unlocking an usb drive does not. So it creates more interactions and the inconvenience of having one more USB drive is much less than having additional steps.