The Guardian has rolled out new secure messaging technology which allows sources to anonymously contact journalists.
Secure Messaging uses espionage-style techniques to conceal and encrypt messaging sent by sources to journalists within The Guardian app.
Messages are so secret that only the journalists themselves have a decryption key to view them before they self-destruct, disappearing after 14 days.
The technology, which was developed in partnership with the University of Cambridge, is open source which means it can be adopted by any other newsroom.
It is standard practice for secure messaging services to be open source so that other developers can check the technology is robust. Sharing the technology also chimes with The Guardian’s ethos of promoting journalism worldwide.
The Guardian already operates a website called Secure Drop which allows sources to anonymously submit documents to the publisher.
But Secure Drop has limitations, including the fact that sources don’t know exactly who they are speaking to. If the computer of a source is being tracked (as it could be by a state intelligence network) the requirement to connect to the Tor network – which is associated with the dark web and secrecy – in order to access Secure Drop sites could be a red flag in itself. Secure Drop also requires sources to download and install Tor software to do this.
More secure messaging services like Signal and Whatsapp still require a source to share their telephone number and also for journalists to publicise their mobile numbers, which is something not all reporters wish to do.
Embedding messaging within the main Guardian app allows sources to make contact with journalists anonymously without arousing suspicion. Anyone tracking their internet use would only know they are among the millions of Guardian readers.
Data files pass back and forth between The Guardian and app customers anyway. Encrypted messages from sources are hidden within this data under the new system which provides “cover” for secure communications.
Once a journalist has opened up communications with a source via the app they can then move to another form of communication appropriate to the level of security required.
Email is a far less secure way for sources to contact journalists. Emails can be disclosed by publishers to law enforcement bodies and to private companies if a judge makes a disclosure request. Phone records are also frequently seized from telecom companies in the UK to enable law enforcement bodies to identify journalists’ sources.
Professor Alastair Beresford, head of Cambridge’s Department of Computer Science and Technology, said in a statement to accompany the launch of Secure Messaging: “News organisations serve a key role in a democracy, providing all of us with independent information about our society, and holding the powerful to account.
“Protecting the identity of sources is a critical component of what makes investigative journalism safe and effective. We are pleased to collaborate with The Guardian to improve communication security between sources and journalists by using Secure Messaging in their main news app. It’s wonderful to see this technology released as open source software, and we are keen to work with other global news organisations to adopt this.”
Email pged@pressgazette.co.uk to point out mistakes, provide story tips or send in a letter for publication on our "Letters Page" blog
