Nieman Foundation at Harvard
HOME
          
LATEST STORY
Can you spot a fake photo online? Your level of experience online matters a lot more than contextual clues
ABOUT                    SUBSCRIBE
May 13, 2016, 9 a.m.
Reporting & Production
LINK: www.gitbook.com  ➚   |   Posted by: Ricardo Bilton   |   May 13, 2016

For newsrooms, the first rule about SecureDrop is you don’t talk about SecureDrop — or not too much, anyway.

That’s clear from a new report from Columbia’s Tow Center for Journalism, which looked at how sites such as The Intercept, Gawker and ProPublica are making use of SecureDrop, the encrypted anonymous communication software maintained by The Freedom of the Press Foundation (FPF). As of writing, 14 news organizations, three journals, and eight nonprofit groups are using SecureDrop, according to FPF. Eighty organizations are waiting for the FPF to help them get it installed.

Here are a few takeaways from the report, which looks at how SecureDrop works, how it’s become a source for stories, and why publishers don’t want to talk too much about how they’re using it.

News organizations say SecureDrop is useful, the definition of usefulness varies. While most news organizations have adopted SecureDrop as a way to get new stories, news organizations say that SecureDrop is useful even if no stories come from it. Gawker editor John Cook, for example, said that, at the very least, using SecureDrop communicates Gawker’s commitment to protecting sources.

News organizations are reluctant to discuss exactly how they use SecureDrop.  In fact, out of the nine organizations profiled in the report, The Intercept is the only organization that discloses when SecureDrop is used to report stories,  as it did with its story detailing how prisons were recording inmate phone calls. Charles Berret, the report’s researcher, said that he knew that this would be a challenge going in. “Although [the lack of detailed information] is a limitation of the study, it’s great that the security of the process itself is taken so seriously by the practitioners,” he said.

Here’s Gawker’s John Cook explaining why news organizations are so skittish about sharing too much detail on how they use SecureDrop:

It’s kind of a Catch-22 in that one of the things I’ve always wanted to do is say, “Hey, we got this through SecureDrop.” But you don’t want to do that because you don’t want to do anything that would lead someone to go look if someone’s work laptop has Tor on it, or whatever might lead to suspicion.

Most news organizations designate just a few people to monitor their SecureDrop. These people, usually editors, then distribute those tips to the right reporters. This arrangement is due to the complexity of accessing SecureDrop, which can only be used via a dedicated computer in a newsroom. The average news organization doesn’t have many people capable of using the system.

Not even encrypted channels are immune to trolls and spam. Running a SecureDrop, like any other communications channel, means having to sift through plenty of spam, unhelpful news tips and conspiracy theories from well-meaning readers. Some submissions aren’t news at all. Over half of the early submissions to The New Yorker’s SecureDrop deployment weren’t sensitive leaks but rather fiction and poetry from people looking to get published in the magazine.

SecureDrop is good for the first point of contact, but reporters often switch to other channels. After receiving the initial tips, reporters will often switch to other channels, such as encrypted email, PGP, or secure chat. “SecureDrop is really just the tip of the iceberg for the story and reporting process,” Berret said.

Show tags Show comments / Leave a comment
 
Join the 50,000 who get the freshest future-of-journalism news in our daily email.
Can you spot a fake photo online? Your level of experience online matters a lot more than contextual clues
Whether an image looks like a random Facebook post or part of a New York Times story doesn’t make much of a difference. But your level of experience with the Internet and image editing does.
Publishers will soon no longer be able to detect when you’re in Chrome’s incognito mode, weakening paywalls everywhere
A growing number of news sites block incognito readers, figuring they’re probably trying to get around a paywall. But a change from Google will again let people reset their meter with a keystroke.
R.I.P. Quartz Brief, the innovative mobile news app. Maybe “chatting with the news” isn’t something most people really want to do?
Just because people like to chat on their phones doesn’t mean they want to chat with you, news organizations.