While there are no perfect safeguards, there are a number of concrete measures reporters can take to minimize the amount of source-compromising information a raid and accompanying device seizure can produce. Electronic Frontier Foundation (CC BY 2.0) The recent FBI raid on a Washington Post reporter’s home marks a drastic escalation in the government’s ongoing attack on the press and their sources, going beyond secretive subpoenas served to service providers for phone and email logs to outright seizures of journalists’ personal and work devices. Fortunately, while there are no perfect safeguards, there are a number of concrete measures reporters can take to minimize the amount of source-compromising information a raid and accompanying device seizure can produce. Get Weekly Tips & Advice Subscribe for easy and actionable tips that improve your digital security awareness. Full Name Email Address Subscribe See all newsletters Go to mailing list subscription page Thanks for subscribing to Freedom of the Press Foundation’s digital security mailing list. We’ll send you easy and actionable tips that improve your digital security awareness. Perform a data inventory The first step to reducing the risk of information exposure is to take stock of what information you have, what harm it can cause if viewed by adversaries such as the government, and where you have everything stored. Select a story you worked on that involved sensitive sourcing, and go through a mental inventory exercise. Ask yourself, “What story materials did I hang onto?” “Do I maybe still have my … ”: Interview audio files? Interview transcripts? Primary documents or other materials supplied by my source? Story drafts? Email chains about the story? Records of my correspondence with the source, like our back-and-forth messages? Now, think about what could happen if the government gained access to any of these materials. Work through questions like: What if the government obtained the copies of documents a source sent you, which you used in your reporting, but elected not to publish? Those copies may allow the government to further link a suspected leaker to you as your source. What about your drafts? Do early versions contain potential source-identifying information that you opted to remove in later versions? If you’ve left drafts lying around with potentially sensitive information in them, you may further compromise your source. And so on, going through each piece of story material and considering the potential ramifications for your source if an adversary such as the government got ahold of each item. Once you have an idea of what exactly you have and the threat its discovery could pose to your source, figure out where everything is. Ask yourself: Do I still have copies of my interviews on my laptop or phone? (And does my phone or laptop autosync to the cloud?) What about on my stand-alone recorder? Did I upload copies of the interview to any third-party transcription service? Do I have notes scribbled in a notebook on my desk? Did I print out copies of the documents my source sent me? Do I have early drafts with sensitive content on my work computer? Did I email them to myself and save them on my personal laptop? Did I copy materials onto a thumb drive? Resist the hoarding instinct Though you may have an urge to preserve every single draft version or every conversation with a source, keep in mind that the best way not to compromise your source is to minimize the amount of information you retain about them. If you or your editors balk at the notion of not retaining source materials, set up a designated data custodian , such as your editor, who will retain an encrypted (see below) copy of all materials you wish to preserve, while you yourself can delete everything from your devices and not keep any physical copies of materials in your home or workplace. Don’t count on post-raid wiping While various solutions exist for remote-wiping devices, don’t count on your newsroom’s IT staff being able to remotely wipe your work device after it’s been seized in a raid. A key initial step in forensic acquisition is known as device isolation : preventing the seized devices from being able to “phone home,” precisely to prevent any possible alteration or tampering. In other words, when forensic investigators begin analyzing the seized devices, the devices very likely will not have any way to receive a remote wipe command before they no longer have any Wi-Fi or cellular data access. Wiping devices may also come with legal repercussions. For instance, an activist was recently charged with evidence destruction after wiping his phone. Instead of reliance on remote wiping, greater emphasis should be placed on setting up secure, full-disk encryption of the devices. Encrypt all the things No sensitive, potentially source-compromising material should be kept unencrypted. If you’re maintaining materials that don’t readily lend themselves to being encrypted, then transform th...