Nieman Foundation at Harvard
HOME
          
LATEST STORY
Newsonomics: Tribune’s Thursday night surprise rescrambles the consolidation puzzle
ABOUT                    SUBSCRIBE
May 13, 2016, 9 a.m.
Reporting & Production
LINK: www.gitbook.com  ➚   |   Posted by: Ricardo Bilton   |   May 13, 2016

For newsrooms, the first rule about SecureDrop is you don’t talk about SecureDrop — or not too much, anyway.

That’s clear from a new report from Columbia’s Tow Center for Journalism, which looked at how sites such as The Intercept, Gawker and ProPublica are making use of SecureDrop, the encrypted anonymous communication software maintained by The Freedom of the Press Foundation (FPF). As of writing, 14 news organizations, three journals, and eight nonprofit groups are using SecureDrop, according to FPF. Eighty organizations are waiting for the FPF to help them get it installed.

Here are a few takeaways from the report, which looks at how SecureDrop works, how it’s become a source for stories, and why publishers don’t want to talk too much about how they’re using it.

News organizations say SecureDrop is useful, the definition of usefulness varies. While most news organizations have adopted SecureDrop as a way to get new stories, news organizations say that SecureDrop is useful even if no stories come from it. Gawker editor John Cook, for example, said that, at the very least, using SecureDrop communicates Gawker’s commitment to protecting sources.

News organizations are reluctant to discuss exactly how they use SecureDrop.  In fact, out of the nine organizations profiled in the report, The Intercept is the only organization that discloses when SecureDrop is used to report stories,  as it did with its story detailing how prisons were recording inmate phone calls. Charles Berret, the report’s researcher, said that he knew that this would be a challenge going in. “Although [the lack of detailed information] is a limitation of the study, it’s great that the security of the process itself is taken so seriously by the practitioners,” he said.

Here’s Gawker’s John Cook explaining why news organizations are so skittish about sharing too much detail on how they use SecureDrop:

It’s kind of a Catch-22 in that one of the things I’ve always wanted to do is say, “Hey, we got this through SecureDrop.” But you don’t want to do that because you don’t want to do anything that would lead someone to go look if someone’s work laptop has Tor on it, or whatever might lead to suspicion.

Most news organizations designate just a few people to monitor their SecureDrop. These people, usually editors, then distribute those tips to the right reporters. This arrangement is due to the complexity of accessing SecureDrop, which can only be used via a dedicated computer in a newsroom. The average news organization doesn’t have many people capable of using the system.

Not even encrypted channels are immune to trolls and spam. Running a SecureDrop, like any other communications channel, means having to sift through plenty of spam, unhelpful news tips and conspiracy theories from well-meaning readers. Some submissions aren’t news at all. Over half of the early submissions to The New Yorker’s SecureDrop deployment weren’t sensitive leaks but rather fiction and poetry from people looking to get published in the magazine.

SecureDrop is good for the first point of contact, but reporters often switch to other channels. After receiving the initial tips, reporters will often switch to other channels, such as encrypted email, PGP, or secure chat. “SecureDrop is really just the tip of the iceberg for the story and reporting process,” Berret said.

Show tags Show comments / Leave a comment
 
Join the 50,000 who get the freshest future-of-journalism news in our daily email.
Newsonomics: Tribune’s Thursday night surprise rescrambles the consolidation puzzle
Could the moves presage the major rollup that’s been increasingly talked about in America’s now-in-play, ever-struggling daily newspaper industry?
Anti-vaxxers are among the WHO’s top 10 global health threats, and Ebola fake news is killing people
During an outbreak in the Democratic Republic of Congo, “as rumors surface, communications experts rebut them with accurate information via WhatsApp or local radio.”
Nine steps for how Facebook should embrace meaningful interac— er, accountability
“There are broad concerns that Facebook continues to engage in deceptive behavior when it comes to user privacy, and that it is biased against certain groups, but outsiders currently have almost no possibilities to verify these claims.”