Guardian profiles routinely link to PGP keys – why aren’t other news orgs doing this?


What a pleasant surprise to visit a profile page on The Guardian website and see a big, prominent link to the member of staff’s public key. Is this routine? It seems it is: an advanced search for profile pages mentioning “public key” brings up over 1000 results.


Are other news organisations also making it easy for users to contact journalists securely? In a word: no.

None of the staff profiles, as far I can find, on The Telegraph, Times or Independent websites mention ‘PGP’, ‘encrypted’ or ‘public key’.

What about in the US? One Twitter user suggested that some outlets did make PGP keys routinely available…

…But did they?

A search through Buzzfeed profiles found 20 that listed a PGP key, but that’s out of over 200 profiles I could find more broadly.


Still, that was better than The Washington Post, New York Times and Huffington Post: an advanced search for profiles mentioning any form of encryption brought up only one result at each publication:washpo-pgp nyt-pgp huffpo-pgp

Worse still, the general ‘contact us’ page at the New York Times failed to mention PGP at all – something that was repeated at various UK news organisations. nytimes-contact

Back to The Guardian, then, where the Contact Us page includes clear direction to a page providing support on contacting the organisation securely:


This seems such a simple thing to do. Indeed, the whole exercise highlights four steps that news organisations can take:

  1. One page advising potential sources how to be safe
  2. One encryption key for the news desk
  3. Making it easy for reporters to include PGP keys on their contact pages if they have one
  4. Providing support to help more reporters set up encrypted emails

The first three steps are cheap. The last one is, essentially, health and safety. Now, who’s doing it?

UPDATE [January 2017]: News organisations using SecureDrop

In January 2017 Laura Hazard Owen reported on how easy it was to get to grips with the leaking service SecureDrop – and also listed 10 news organisations who were using it. The SecureDrop directory includes more, including CBC, Dagbladet, NRK and Gawker. More tweets and updates below.


2 thoughts on “Guardian profiles routinely link to PGP keys – why aren’t other news orgs doing this?

  1. Pingback: Facebook liegt en Snapchat komt met een zonnebril waarmee je kunt filmen! - Blog - De Nieuwe Reporter - Journalistiek & Nieuwe Media

  2. Pingback: Brave new world? 5 things your newsroom can do now to protect your journalism against the Snooper’s Charter | Online Journalism Blog

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.