The Guardian says it is bringing in a “much higher quality” of tips from sources since its new secure messaging technology launched last year.
Secure Messaging, which rolled out in June, uses espionage-style techniques to conceal and encrypt messaging sent by sources to journalists within The Guardian app.
Only the relevant journalists have the decryption key to view the messages before they disappear after 14 days.
And because the app is constantly sending signals from every phone on which it has been downloaded, sources have better cover than most other encrypted services.
Secure Messaging has just been named a finalist for best new digital product in the International News Media Association’s Global Media Awards.
Luke Hoyland, who leads The Guardian’s investigations and reporting developer teams, told Press Gazette the impact of the product has been “beyond our expectations”.
Hoyland said the ratio of tips received to stories is now “profoundly different”.
He said: “We’ve had so many stories come from this platform, lots of top stories as well, front page stuff.”
The Guardian was unable to share any specific examples of stories that have emerged as a result of the technology because it could provide a clue to allow sources to be identified.
Many US and Australia story tips have come out of the platform, despite The Guardian app being most popular in the UK and Europe.
“It’s been really contributing to a lot of the reporting going on in the US under the current hostile environment to journalism, because people are seeing there’s this organisation that’s clearly very serious about getting the truth out,” Hoyland said.
“So we think it’s quite likely that quite a lot of people are downloading the app in order to talk to us… Also in Australia, it just seems somehow there was a market for a way to get in touch with news organisations, because we’ve had floods of stuff for our Australia teams as well.”
The Guardian app has a metered paywall but the secure messaging tech sits fully outside that system, meaning non-paying users can submit tips no matter how many stories they’ve read.
Hoyland said because the platform is “relatively easy to use” (although deliberately not too easy to stop spammers) they believe they are hearing from “more people who were just intimidated by some of the most secure alternatives”.
But what has made the “biggest difference”, he added, is the fact that it is bringing in “a much higher quality set of communications than we do from any other platform. It’s just orders of magnitude better”.
As well as people getting in touch with totally new potential stories, sources also use the app to provide more information to stories that have already been published.
Hoyland said the “real success story” had been from the collaboration between The Guardian’s journalists, software developers and product designers.
“We ended up finding this magical sweet spot where you don’t get tonnes of crap and you get these higher quality messages. The quantity of messaging we get seems to be just right.
“We do add some friction. People do have to go through an onboarding experience because you don’t want to encourage people to just spam you, and we just seem to have hit exactly the right mark. We would never have done that if it had just been a technical team. We would never have done something that serves the journalists perfectly without talking to them.”
The tech was designed to solve the problem of “first contact” and making sure people know how and where to get in touch with an initial tip.
They may message back and forth with a journalist a few times on the app before the journalist decides the best level of communication for them to continue the conversation, for example via Signal or a phone call. Keeping it on the app is impractical due to the security protections, which mean there is a delay of up to an hour between messages being sent and received, resulting in slow exchanges.
Hoyland said: “You have to start with the bar pretty high, so that people are safe, even if they don’t need to be, because some people do. Thereafter, once you’ve formed a degree of trust between a journalist and the source, you can then moderate that to a level that’s appropriate for what they’re talking about, where they are, where they’re working, and the amount of trust that you’ve already established.”
‘I am Spartacus’: All Guardian app users helping to protect sources
The Guardian said in September its app had one million daily active users.
Every instance of the app sends and receives random automated cover messages back and forth with The Guardian. This uses a tiny amount of bandwidth so is not noticeable to users but helps to hide potential source messages.
Hoyland explained: “Basically, it’s even better than hiding a needle in a big haystack, because when a real message gets sent, rather than you hitting send and it immediately being sent off to The Guardian, it just replaces one of these garbage messages when that was next due to get sent, which means it’s basically, to all intents and purposes, a piece of hay rather than needle in that haystack, because they’re all exactly the same. But once we receive it at the other end, we can find encryption keys that prove to us that it’s a real message, and then work it out. But you can’t see that in the message transmission over the internet.
“So everybody who’s reading The Guardian on The Guardian app is protecting the very small number of sources who are getting in touch with us.”
He added: “If you just wanted to contribute to source protection around the world, you could literally just download the app and it will start doing that.”
He described this as the “I am Spartacus” effect.
The Guardian has other ways for sources to get in touch but each have pros and cons and Secure Messaging is the most secure. For example Secure Drop is an encrypted system that allows people to send messages and documents but requires them to download Tor software (which is associated with the dark web and secrecy) to use it, which could arouse suspicion if they are being surveilled.
Similarly Whatsapp and Signal can allow adversaries to determine that someone is communicating with a journalist, even if they cannot see the exact content of a message. These apps also require the journalist’s contact details to be available on the internet, which they may not want.
How to get better story tips
The Guardian put a lot of effort into guiding people into making their tips better.
The aim was to avoid sources getting in touch with vague messages like “I know something very important, please contact me” or with a document dump that does not explain where to find the crucial information.
The Guardian app and website explain how to compose a good tip. For example, potential whistleblowers are told: “Specifics are critical, such as names, locations and dates.” And they are asked to “clearly state” what they know, rather than what they suspect, and to provide evidence.
Chloe Kirton, senior user experience designer, told Press Gazette she felt this was “the first time that I’ve seen any organisation go into this much detail about what a journalist wants to hear from a potential whistleblower”. Messages now often follow the exact suggested template, showing people found the guidance useful.
Kirton also said that building Secure Messaging was “much more challenging than we imagined”.
She said they had to “throw the rule book out the window, because it’s totally different when you’re dealing with a whistleblower. This is not buying slippers. This is like making a life-changing decision.”
They were unable to test the product with real whistleblowers so simulated the experience with a group of staff tasked with pretending they were sources sharing information about a made-up scenario.
One of the changes made as a result was one of the first dialogue boxes about setting up a secure inbox. The test subjects felt this sounded too insecure so it was changed to “secure message vault”.
Why The Guardian is sharing the secure messaging tech for free
The Guardian made the technology open source which means it can be adopted by any other newsroom. None others are believed to have done so yet, although several have copied the source code and some are in talks with The Guardian to learn more about their experience.
Hoyland said: “I’m very excited about the idea of someone else doing it because the more people that are doing this, the better it is, because we’re just increasing the amount of people who are all contributing and therefore hiding [sources].”
The decision to make the tech open source was made because it built on insights that had originally been put out by the University of Cambridge and most in-house Guardian technology is already treated this way.
Hoyland added: “But there’s also another side to this, which is that as a body owned by The Scott Trust, we have a sort of constitutional requirement not only to support The Guardian, but to support liberal journalism around the world in the public interest and furthering the fourth estate’s role in democracy.”
The Guardian is now working with whistleblower charity The Signals Network and the University of Cambridge to get feedback from people who have already been a whistleblower. The Signals Network would be able to help them stay anonymous if needed, meaning a new pool of people that can contribute to the work.
Kirton said the aim is to create a “foundational knowledge” of what whistleblowers need when they first reach out to a journalist “and what built trust and what broke trust?”
This will initially mean qualitative interviews with whistleblowers to understand more about that first contact. More user experience testing could follow later.
The next steps for the tech itself include improving the side of the software that the journalists use, as this was not the initial priority.
Hoyland explained: “You’ve got to get the source-to-Guardian bit really, really, really safe. The journalist bit needs to comply with that security model but we didn’t spend a lot of time on the actual software that the journalists are using.
“We’re doing a lot of work on that to take advantage of what we learned from these secure systems to make it more useful to journalists, which we think will go beyond secure messaging, because we’ve now built this secure platform for communication, we can broaden it out into other forms of newsgathering activity where you need a secure place to collaborate.”
The post Guardian source messaging tech bringing in ‘much higher quality’ of tips appeared first on Press Gazette.
