Why journalists should practise safe data hygiene

At the Investigative Reporters and Editors workshop in Toronto last month, Steve Doig talked to journalists about protecting themselves and sources from government surveillance.

At the Investigative Reporters and Editors workshop in Toronto last month, Steve Doig talked to journalists about protecting themselves and sources from government surveillance.

Doig (@sdoig) is the Knight Chair in Journalism for the Walter Cronkite School of Journalism and Mass Communication at Arizona State University, specializing in computer-assisted reporting—the use of computers and social science techniques to help journalists do their jobs better. Doig is a Pulitzer Prize-winning journalist whose 23-year career as a newspaper journalist includes 19 years at the Miami Herald.

In this Q&A with J-Source reporter Eric Mark Do, Doig explains why practising “safe data hygiene” is important, and how do go about doing it.

J-Source: Can you explain what safe data hygiene is and why it is important for journalists?

Steve Doig: Safe data hygiene means making sure that any sensitive documents on your computer are encrypted or that you securely delete such documents from your computer. This is of particular importance to journalists who have made promises to a source that his or her identity will be kept confidential. Practising safe data hygiene means that anyone who tries to identify your source by looking into your computer will not be able to learn his or her identity.

Related content on J-Source:

J-Source: What are your top five tips or strategies for journalists looking to practise safe data hygiene?


  • Keep all sensitive documents in a folder that can be encrypted with a strong pass phrase.
  • Become familiar with how to use a good encryption program like TrueCrypt or GnuPG.
  • Consider keeping sensitive documents on an encrypted USB drive that can be physically separated from your computer and hidden someplace safe.
  • Think carefully about how you communicate with your confidential source, making sure that there are no obvious connections revealed—for example, using your own email address or personal cellphone to get in touch. Instead, use "throw-away" email addresses and cheap burner cellphones purchased with cash. And if you do use email, don't send messages from your office or home computer.
  • Talk with your source about the importance of them practising safe data hygiene as well. They need to know that their computers or phones should not reveal connections to you.

J-Source: On that note, which websites or tools do you recommend journalists use regularly?

SD: Searching for information about a source can leave behind information in the search engine server logs about who made such a search. Major search engines, such as Google, keep those logs, which are known now to be accessed by the NSA or are subject to subpoena from government investigators. Instead, use a search engine like DuckDuckGo.com that deliberately doesn't keep server logs of searches; that way, even a subpoena won't reveal the connection.

J-Source: Some people may see this as a form of paranoia. What's the best example that comes to mind where practising safe data hygiene would have helped a journalist?

SD: You don't have to be paranoid all the time. But it is important to recognize when you are in one of those rare situations when your practice of safe data hygiene can protect sources who may lose their job, their freedom or even their life if their identity is linked to you. There have been several recent prosecutions of whistleblowers who have helped journalists get inside information, such as a CIA agent who recently was sent to prison for working with a reporter. So safe data hygiene isn't so much to protect the journalist—rather, it's to protect those brave sources who give us information that puts them in danger.

Related content on J-Source: