Information Security for Journalists
By Silkie Carlo and Arjen Kamphuis
We're very glad to be able to provide this handbook as a free download, and we really want to keep it that way.
If you've found the handbook useful, or you want to help ensure it remains available to those who couldn't afford to buy a copy, please consider making a donation here.
Many thanks from the Centre for Investigative Journalism.
Download the book:
(Version 1.3 available only online or as PDF, all other formats currently still V1.2)
This handbook is a very important practical tool for journalists and it is of particular importance to investigative reporters. For the first time journalists are now aware that virtually every electronic communication we make or receive is being recorded, stored and subject to analysis. As this surveillance is being conducted in secret, without scrutiny, transparency or any realistic form of accountability, our sources, our stories and our professional work itself is under threat.
The UK Government’s new surveillance legislation, the Investigatory Powers Bill, marks a disconcerting departure from legal principles of source protection in favour of unbridled spying powers.
Journalists were dismayed by the realisation that almost all digital communications are now being recorded; for them and their sources there are real risks and now danger in their work. This danger does not just worry reporters, whistleblowers and other sources, but all those who hear privileged information and whose privacy is considered fundamental to the courts, the practice of law, and justice in all of its meanings. Lawyers and accountants and their clients are now without the protection of client confidentiality, and are vulnerable to the secret surveillance of an increasingly authoritarian and unaccountable state.
After knowing how Snowden’s disclosures were safely presented to the public, we know that there are real protective measures available. The CIJ’s handbook, Information Security for Journalists, lays out the most effective means of keeping your work private and safe from spying. It explains how to write safely, how to think about security and how to safely receive, store and send information that a government or powerful corporation may be keen for you not to know, to have or to share. To ensure your privacy and the safety of your sources, Information Security for Journalists will help you to make your communications indecipherable, untraceable and anonymous.
When planning work that must remain private and confidential it is important to carefully assess the level of threat that may be associated with it. Shop floor maintenance, building site health and safety, restaurant hygiene, and hospital cleaning may be areas where the precautions and methods described here are unnecessary or might act to complicate and slow down your work. In these cases a phone call made or received away from work or home to a source or a reporter, may ensure sufficient protection at least in making an initial contact.
People working or reporting on national security, the military, intelligence, nuclear affairs, or at high levels of the state and in major corporations should probably consider this handbook as very important to their safety.
Although this handbook is largely about how to use your computer, you don’t need to have a computer science degree to use it. Its authors, and other experts advising on the project have worked to ensure its practical accuracy and usability. The authors expect that after six months, updates and some changes will be required. Please return to the tcij.org website to download the latest edition. You will not of course want to download this on a machine identified with or close to your employer or your source or your home.
Gavin MacFadyen, Director of the Centre for Investigative Journalism
Download links for the book:
The links to download the book in various formats can be found in the table below, along with their respective SHA-256 hashes which can be used to verify the integrity of the download.
|1-page instruction leaflet for starting Tails USB-drives||
This book is also available as a set of webpages. We have put much valuable feedback from the Summer School 2014 and several readers in the improved version. Slides from the Summer School 2014 lectures on information security are here in PDF and PPT.
Articles by participants who attended our training:
Securing our information – we have the technology; we just have to have the will to do it
Valentina Novak interviews Arjen Kamphuis
Information security for journalists: staying secure online
How can journalists protect both the sources and the communications when online? Infosec expert Arjen Kamphuis shared his advice on top-level security by Alastair Reid (from journalism.co.uk)
A day with the surveillance expert - CIJ's Arjen Kamphuis
by Jason Murdock, Offtherecord.in
We are always looking for ways to make this book better, so any feedback about this book will be most gratefully received.
Please email firstname.lastname@example.org
If you want to use encryption to secure these mails please use KeyID :0x23F5FB02
Fingerprint: 3E93 1B31 7676 CC7F 1F98 71E9 37A1 396C 23F5 FB02
The PGP key can be downloaded from keyservers by searching for KeyID mentioned above. Failing that copying the key below manually will also work.