Guardian profiles routinely link to PGP keys – why aren’t other news orgs doing this?

What a pleasant surprise to visit a profile page on The Guardian website and see a big, prominent link to the member of staff’s public key. Is this routine? It seems it is: an advanced search for profile pages mentioning “public key” brings up over 1000 results.

guardian-pgp

Are other news organisations also making it easy for users to contact journalists securely? In a word: no.

None of the staff profiles, as far I can find, on The Telegraph, Times or Independent websites mention ‘PGP’, ‘encrypted’ or ‘public key’.

What about in the US? One Twitter user suggested that some outlets did make PGP keys routinely available…

@paulbradshaw @GazTheJourno

NYT, Buzzfeed, WaPo, HuffPo there's others too, I think

— An Individual (@Citizen751908) September 20, 2016

…But did they?

A search through Buzzfeed profiles found 20 that listed a PGP key, but that’s out of over 200 profiles I could find more broadly.

buzzfeed-pgp

Still, that was better than The Washington Post, New York Times and Huffington Post: an advanced search for profiles mentioning any form of encryption brought up only one result at each publication: washpo-pgp nyt-pgp huffpo-pgp

Worse still, the general ‘contact us’ page at the New York Times failed to mention PGP at all – something that was repeated at various UK news organisations. nytimes-contact

Back to The Guardian, then, where the Contact Us page includes clear direction to a page providing support on contacting the organisation securely:

guardian-contact-us

This seems such a simple thing to do. Indeed, the whole exercise highlights four steps that news organisations can take:

One page advising potential sources how to be safe
One encryption key for the news desk
Making it easy for reporters to include PGP keys on their contact pages if they have one
Providing support to help more reporters set up encrypted emails

The first three steps are cheap. The last one is, essentially, health and safety. Now, who’s doing it?

UPDATE [January 2017]: News organisations using SecureDrop

In January 2017 Laura Hazard Owen reported on how easy it was to get to grips with the leaking service SecureDrop – and also listed 10 news organisations who were using it. The SecureDrop directory includes more, including CBC, Dagbladet, NRK and Gawker. More tweets and updates below.

Intercept has always done this, we have our fingerprints on our business cards! https://t.co/zit0HobAQc

— Jenna McLaughlin (@JennaMC_Laugh) September 20, 2016

Nice! But still on a weird external server & often linked to via bitly.
See why that's a bad idea at https://t.co/O7akeymwFw #SecurityIsHard https://t.co/vNff3EnoL1

— Terence Eden ⏻ (@edent) September 20, 2016

There is!!! The @washingtonpost homepage has a "secure DropBox" function on the lower right. It works. I know. https://t.co/SyGd3Q3tfC

— David Fahrenthold (@Fahrenthold) October 9, 2016

Interesting – since I wrote this https://t.co/adHWzWHn6G this has happened… https://t.co/cqRR7IMc0x

— Paul Bradshaw (@paulbradshaw) December 16, 2016

2 thoughts on “Guardian profiles routinely link to PGP keys – why aren’t other news orgs doing this?”

Online Journalism Blog

Comment, analysis and links covering online journalism and online news, citizen journalism, blogging, vlogging, photoblogging, podcasts, vodcasts, interactive storytelling, publishing, Computer Assisted Reporting, User Generated Content, searching and all things internet.

Guardian profiles routinely link to PGP keys – why aren’t other news orgs doing this?

UPDATE [January 2017]: News organisations using SecureDrop

2 thoughts on “Guardian profiles routinely link to PGP keys – why aren’t other news orgs doing this?”

Leave a Reply Cancel reply

UPDATE [January 2017]: News organisations using SecureDrop

Share this:

Like this:

Related

2 thoughts on “Guardian profiles routinely link to PGP keys – why aren’t other news orgs doing this?”

Leave a Reply Cancel reply