Security Considerations When Engaging Sensitive Sources

If you are a journalist working on a high-level project or investigation, then it’s possible that an adversary, like a government or corporation, would take additional steps to track you or your sources. The attacks and the scenarios that we describe in this resource are unlikely to happen in most investigations.

These recommendations are targeted towards individuals working with sensitive sources on high-level projects that uncover government or corporate misdeeds. We have drafted a few additional steps you should keep in mind if you will be communicating with sensitive sources. Following the below steps will make it much harder for a dedicated adversary to figure out who your sources are.

When drafting this resource, we talked to many journalists and experts in Central Europe, and conducted desk research as well. We base our recommendations on case studies we observed from the US, Central Europe, and other regions. This list is designed to be a series of potential, often unconfirmed risks. We are sharing them with you not because we expect you to be on the lookout for these risks at every moment of your reporting. We share them so that you can identify potential causes of sophisticated leaks and adjust your procedures accordingly if you feel it’s necessary to do so. A small change in procedures could play a huge part in helping to protect the most sensitive sources even further.