Protecting Your Sources When Releasing Sensitive Documents by Ted Han and Quinn Norton.
From the post:
Extraordinary documentation can make for an extraordinary story—and terrible trouble for sources and vulnerable populations if handled without enough care. Recently, the Intercept published a story about a leaked NSA report, posted to DocumentCloud, that alleged Russian hacker involvement in a campaign to phish American election officials. Simultaneously, the FBI arrested a government contractor, Reality Winner, for allegedly leaking documents to an online news outlet. The affidavit partially revealed how Winner was caught leaking by the FBI, including a postmark and physical characteristics of the document that the Intercept posted.
The Intercept isn’t alone in leaving digital footprints in their article material. In a post called “We Are with John McAfee Right Now, Suckers,” Vice posted a picture of the at-the-time fugitive John McAfee, complete with GPS coordinates pinpointing their source’s location, who was shortly in official custody. In 2014, the New York Times improperly redacted an NSA document from the Snowden trove, revealing the name of an NSA agent.
The first step with any sensitive material is to consider what will happen when the subjects or public sees that material. It can be hard to pause in the rush of getting a story out, but giving some thought to the nature of the information you’re releasing, what needs to be released, what could be used in unexpected ways, and what could harm people, can prevent real problems.
…
Han and Norton cover document metadata, which I omitted in Are Printer Dots The Only Risk? along with some of the physical identifiers I mentioned.
Plus they have good advice on other identifying aspects of documents, such as content and locations.
Despite my waiting and calling for a full release of the Panama Papers, is there a credibility aspect to the publication of sensitive documents?
Another era but had Walter Cronkite said that he read a leaked NSA document and reported the same facts as the Intercept, his report would have been taken as the “facts” contained in that report.
To what extent is journalism losing credibility because it isn’t asking to be treated as credible? Merely as accurate repeaters of lies prepared and printed elsewhere?