Digital Security for Journalists: Protecting Sources and Communications

Digital Security for Journalists

Journalists face unique digital security challenges. Protecting confidential sources, securing communications with editors, and maintaining operational security are not just best practices but professional obligations. In an era of mass surveillance, journalists must actively defend their digital security.

Threat Assessment for Journalists

Understanding your threat model is the first step:

• Government surveillance: State actors monitoring journalists investigating corruption or national security topics
• Corporate surveillance: Companies tracking journalists investigating their practices
• Legal discovery: Court orders compelling disclosure of sources and communications
• Hacking: Targeted spyware like Pegasus deployed against investigative journalists
• Physical surveillance: Tracking journalists' locations to identify sources

Essential Security Tools

• Anonymous eSIM: Use a separate eSIM not linked to your identity for sensitive source communications
• Signal: Register with your anonymous eSIM number for encrypted source communications
• SecureDrop: Use your organization's SecureDrop instance for receiving sensitive documents
• VPN: Always use a VPN, especially when researching sensitive topics
• Tor Browser: For anonymous web research on sensitive subjects
• Encrypted email: ProtonMail or Tutanota for email communications with sources

Protecting Sources

Source protection is a journalist's highest duty. These practices help:

• Never contact sources from your personal or work phone number
• Use an anonymous eSIM dedicated to source communications
• Meet sources in person when possible, with phones in Faraday bags
• Never store source identities and their information in the same location
• Use codenames for sources in your notes
• Enable disappearing messages for all source communications

Operational Security Practices

• Compartmentalize your work: different devices or profiles for different investigations
• Regularly check your devices for spyware using tools like Mobile Verification Toolkit
• Keep your devices updated to prevent known vulnerability exploitation
• Be cautious of links and attachments, even from known contacts
• Use two-factor authentication with hardware keys, not SMS
• Have an emergency plan for device seizure at borders or during arrests

An anonymous eSIM is one of the most important tools in a journalist's security toolkit. It provides a communication channel that cannot be easily traced back to you or your organization, helping protect your sources from exposure.