Taking care with source security when reporting on abortion
Freedom of the Press Foundation
July 11, 2022
Credit: Sabrina Gröschke (CC BY-NC-ND 2.0)
Journalists covering reproductive rights are tackling a challenging — but critical — beat with fast-evolving digital security risks. No matter from which direction one approaches the topic, there’s a duty of care to sources with these elevated security needs. Learning how to minimize risks for both sources and oneself requires identifying digital security considerations, knowing when to communicate them and how to keep reporting materials safe.
With the U.S. Supreme Court overturning Roe v. Wade, sources seeking or providing abortions do so in a country where it is illegal or under threat in at least half the states. Given the uncertainty, risk assessment varies widely based on whether someone is personally seeking an abortion, assisting someone else in doing so and the laws of their state. Electronic surveillance makes this threat to sources even more acute.
Threats to press freedom around the world are at an all-time high. Sign up to stay up to date and take action to protect journalists and whistleblowers everywhere.
Thanks for signing up for our newsletter. You are not yet subscribed! Please check your email for a message asking you to confirm your subscription.
Following the ruling, Google announced it would delete abortion clinic visits and other “sensitive locations” from the location history of its users. A user is still responsible for deleting one’s own search history, and this is certainly not the only type of data at issue. When reporters exchange a phone call with a source the phone company has a record of that call, possibly tying the two together. Device data, like calls to a reproductive health provider, online search history and other kinds of data provide hints of abortion-related activities.
Understanding what digital security precautions, if any, someone has taken before reaching out to a media organization is a starting point for a journalist to understand possible risks to sources. While no one wants to scare off a source, it’s important to be honest about risk and, when appropriate, how to minimize it.
Most journalists are already at least somewhat familiar with operational security, or the idea of keeping critical information from getting into the wrong hands.
Because abortion activists and seekers might be reasonably cautious about where they are willing to physically meet a journalist, consider places where people are able to speak with plausible deniability. Jessica Bruder’s reporting on abortion activists is instructive here. As part of her reporting, Bruder met at a public beach for a source who didn’t want to risk revealing where they lived or their name, citing concerns around harassment or violence from anti-choice extremists.
Given the fast-changing nature of abortion rights reporting, journalists should also carefully consider what they really need to ask about and collect in order to tell the story.
Think about what context is enough to tell this particular story while causing minimal headaches for a source. If you provide additional color about the source in an article, how likely is it to be tied to them? Anecdotes and characteristics that can be tied to many people are safer than the more specific ones.
Journalists should ensure sources understand what information or background will be published about them.
Media formats matter. Redacting and publishing a single photo is much simpler than redacting a video. If a file or piece of media needs to be published to help tell a story, consider what level of detail is necessary to tell the story.
It’s equally important to keep perspective on these threats. Kendra Albert, Maggie Delano and Emma Weil write on the topic of period tracking apps that people are a bigger risk than large-scale data collection of reproductive health-related data. Citing the work of Kate Bertash, director of the Digital Defense Fund, the authors wrote that criminal prosecution has often been when a third party called the police on alleged or suspected abortions. “Usually, it is hospital staff or other individuals (including friends, partners, and relatives!) who know or are suspicious that someone has miscarried for “illegal” reasons.”
With that said, technology makes it possible for strangers to threaten the livelihoods of at-risk individuals as well.
Journalists can help minimize the risk of sources being harassed or doxxed — when someone gathers and publicly shares information on a target. This might include information such as someone’s phone number, home address, old photos or information about their families. Typically trolls will use these dossiers to issue threats and harassment through electronic communications, but sometimes they also become more physical.
If sources are pro-choice advocates or seeking an abortion and could even potentially be identified, this may place them at elevated risk of experiencing harassment and doxxing. Reporters are also at risk of being doxxed.
Data broker and “people search” websites gather data on everyone they can find and will sell to anyone who pays — unless you opt out. Journalist Yael Grauer’s Big Ass Data Broker Opt-Out List shows how to navigate these websites and remove personal data.
Learning more about techniques to prepare for online harassment and taking care to minimize risk to sources by asking permission before sharing any potentially identifying information are steps journalists can take for themselves and others. This is not just important when thinking about publishing someone’s name or photo, but even potentially identifying markers such as photos of nearby scenery that could be tied back to them.
As soon as information is in an electronic medium, it can be searched by anyone with access. If something needs to be placed into a digital format, additional concerns come into play.
Phone data, including messaging data, contact information and online accounts are all vulnerable to legal requests. This is a serious risk. Search engine queries about the abortion medication misoprostol as well as text messages about abortions have been used to convict women even before Roe v. Wade was overturned. This is why we generally suggest minimizing what data on sources journalists store electronically and, where possible, opt for safer service providers that cannot access your user data.
Risk will vary based on the location of journalists, their sources, and respective service providers. Though journalist shield laws are very incomplete, in most states sources are more likely to have their data scooped up in a law enforcement request than journalists are.
Let’s talk about a few different kinds of data at issue.
Data retention periods and the types of data that telecom providers hold can vary significantly. Investigators with a valid subpoena or court order can request text messages and call records from these phone companies. This is one reason why it’s a good idea to use end-to-end encrypted messaging — phone and chat tools that can only be read by those in the conversation. With end-to-end encryption, not even the service provider can read the messages.
While a growing number of apps provide end-to-end encryption, we recommend Signal because of its track record of security audits and open source development, meaning external groups can look at the code to ensure it does what it promises. Journalists should consider enabling the disappearing messages feature by default to ensure messages are regularly deleted for everyone in conversation. Likewise, law enforcement agencies have widespread access to phone search equipment and can often read messages on seized devices. Enable disappearing messages in Signal settings and ensure your device is password protected and properly encrypted. Learn how to get started here. Long-time users can also learn more advanced topics on locking down Signal. Read more about communicating securely.
Phone address books may hold names and numbers dating back years. You might have even uploaded that address book at some point to a backup service such as Apple’s iCloud or Google Drive.
Journalists should learn how to delete unwanted contact information on cloud service providers.
Most popular transcription services can decrypt your uploaded audio, whether it involves human or computer-automated transcription. While transcription companies may be compelled to turn over this data in response to a legal request, it’s unclear how often this happens in practice because these services rarely offer a transparency report.
Likewise, with few notable exceptions (e.g., Otter.ai, Rev) many of these services do not provide two-factor authentication, meaning anyone can log in with just a password, putting your interview data at elevated risk.
This doesn’t mean these services should never be used, and they may be great options for many types of interviews and audio, particularly where a transcript needs to be published in full and will be public regardless. But journalists should consider carefully whether an interview should be uploaded to a transcription service, and when it makes sense to transcribe by hand or try one of a few, though typically less accurate, transcription tools that work offline.
For more on data exposed using transcription services and alternative choices, read our guide.
Phones are noisy beacons, always checking in with nearby cellphone towers to maintain connectivity, even if GPS is disabled. If location services are enabled, any app that has permission to obtain location may also get ahold of location data and in some cases, may sell that data. Geolocation data has been used to target anti-choice ads at those seeking an abortion and visits to abortion clinics through geo-fencing, meaning targeting people in a specific location. If this is a concern, it may be appropriate to leave a phone behind or purchase a second device for temporary use.
Before publishing any files connected to abortion reporting, such as photos or documents, examine those files for clues that point back to sources. Sometimes files contain metadata, or embedded data about a file that could point to its origins. It can be GPS coordinates where a photo was taken or the name of a person who created a file. The simplest way to address this problem is to avoid publishing original files. If files must be published, there are creative ways to remove metadata, such as taking a screenshot of a document or retyping it instead of publishing an original.
This isn’t foolproof; There might be subtleties in the content or form of a document that still point to a source, particularly if they would have unique access to a given document. This is why it’s generally safest not to publish documents in full, unless those are available to many people and necessary to tell the story. Learn more about dealing with file metadata.
The most common way attackers steal data is by hijacking online accounts, typically by tricking someone into divulging their credentials. If someone gets into a reporter’s account, any unpublished details about contacts seeking or supporting reproductive care are now at greater risk.
Usually account hijackings take the form of phishing attacks — tricking someone into entering credentials on a fake login page designed to impersonate a website. The attacker may pose as a familiar or trusted actor, such as an email provider. While these attacks can be automated and sent to the masses, journalists are likely to face targeted attacks.
The good news is that it’s fairly straightforward to harden accounts by enabling two-factor authentication. This just means requiring a second piece of information (a second “factor”) beyond a password when logging into a website. This can be a short code generated on your phone, or the requirement to insert a physical USB device into the computer or phone before logging in. Read more about how to enable two-factor authentication.
Another way attackers break into accounts is by leveraging reused passwords. There is no shortage of leaked password databases passed around in hacker forums. This is why password reuse is so dangerous; if a password is ever leaked, attackers can try it on multiple websites.
Password managers allow users to generate and store unique, randomized passwords, one for each website. With a password manager, you only need to remember one password needed to unlock the encrypted password vault that stores the rest. Not even the service provider can read the passwords. There are dozens of great password managers, some of which are free to journalists. Learn about getting started with password managers. We also offer several resources on online account security.
Reporters should never have to do this critical work alone. Here are just a few groups offering free and useful services for media organizations:
Acknowledgements: A big FPF thank you to Kendra Albert for their invaluable thoughts on this piece. Read their piece on period tracking apps. We also thank the team at OpenNews and participants at SRCCON for their outsized roles in inspiring this material.