What a pleasant surprise to visit a profile page on The Guardian website and see a big, prominent link to the member of staff’s public key. Is this routine? It seems it is: an advanced search for profile pages mentioning “public key” brings up over 1000 results.
Are other news organisations also making it easy for users to contact journalists securely? In a word: no.
None of the staff profiles, as far I can find, on The Telegraph, Times or Independent websites mention ‘PGP’, ‘encrypted’ or ‘public key’.
What about in the US? One Twitter user suggested that some outlets did make PGP keys routinely available…
…But did they?
A search through Buzzfeed profiles found 20 that listed a PGP key, but that’s out of over 200 profiles I could find more broadly.
Still, that was better than The Washington Post, New York Times and Huffington Post: an advanced search for profiles mentioning any form of encryption brought up only one result at each publication:
Worse still, the general ‘contact us’ page at the New York Times failed to mention PGP at all – something that was repeated at various UK news organisations.
Back to The Guardian, then, where the Contact Us page includes clear direction to a page providing support on contacting the organisation securely:
This seems such a simple thing to do. Indeed, the whole exercise highlights four steps that news organisations can take:
- One page advising potential sources how to be safe
- One encryption key for the news desk
- Making it easy for reporters to include PGP keys on their contact pages if they have one
- Providing support to help more reporters set up encrypted emails
The first three steps are cheap. The last one is, essentially, health and safety. Now, who’s doing it?
UPDATE [January 2017]: News organisations using SecureDrop
In January 2017 Laura Hazard Owen reported on how easy it was to get to grips with the leaking service SecureDrop – and also listed 10 news organisations who were using it. The SecureDrop directory includes more, including CBC, Dagbladet, NRK and Gawker. More tweets and updates below.