“It should be clear that unencrypted journalist-source communication is unforgivably reckless.”
As Snowden, Greenwald, and Poitras’ experiences demonstrate, adopting robust digital security measures has largely been the project of individual journalists and personal networks. Even in large organizations, these practices are often confined to a handful of individuals who have preexisting technical knowledge or work with sensitive sources or material.
This situation is inadequate for a number of reasons. At the individual and organizational level, ad-hoc source protection is incompatible with sensitive–and sometimes essential–reporting. Few organizations could afford the kind of protracted legal battle James Risen has faced, yet the alternative is either to abandon this coverage altogether or allow sources to wither under an atmosphere of increasingly aggressive leak prosecutions. Moreover, those doing sensitive reporting are not the only targets for attack; for an adversary seeking to infiltrate a news organization’s network–as experienced by Bloomberg, the The New York Times, the Wall Street Journal and the Washington Post–any point of entry will do. In this sense and others, digital source protection is a “herd” protection. It works best–and, arguably, only truly works at all–if everyone is doing it.