The Trump administration is subpoenaing journalists to reveal sources. Their data security is more important than ever.

"Historically, the Justice Department has sought to subpoena reporters only as a last resort after other reasonable options have been exhausted." Now the FBI is doing it to satisfy an angry President.

Link: White House Directed Patel to Oversee Investigation Involving Times Reporting, by Devlin Barrett, Glenn Thrush, and Maggie Haberman at the New York Times

The White House personally directed FBI Director Kash Patel to issue subpoenas to journalists reporting on the President’s new Qatari-gifted Air Force One.

“The White House’s deep involvement in the case came after officials said that President Trump was enraged about the coverage of the Qatari-donated plane, which The Times reported Thursday lacks the same defensive countermeasures of the previous Air Force One.”

These subpoenas were delivered by hand to some of the reporters at home, echoing the FBI’s raid of a Washington Post engagement reporter’s home earlier this year. In both cases, it’s highly likely that these were attempts to discover who leaked information to their respective newsrooms.

There’s lots to say about first amendment issues here, and commentators like Dan Kennedy at Media Nation have pertinent thoughts. It’s clear that journalism is under attack by the administration, and they rescinded rules that protected journalists in leak investigations last year. The US Press Freedom Tracker is a sobering read. But it’s also important to take a moment to talk about the technology side of this story.

When the administration wants to issue a subpoena to a newsroom, it has a few avenues available to it. The first is to issue it directly to the newsroom or to its reporters, as they did here. In some ways, this is the best outcome: then the newsroom knows about the subpoena and can actively fight it in court.

The other avenue is to subpoena the newsroom’s service providers. If source information is stored unencrypted on a service like Google Workspace, the administration could subpoena Google. If a gag order is added — which might well happen if it’s a criminal subpoena or labeled a matter of national security — then the newsroom would never find out and have the chance to fight it. This is true even if the service provider nominally promises to notify the newsrooms about subpoenas: a gag order is a gag order.

Larger newsrooms have strong data security practices for this reason: they know to create policies and architectures which force subpoenas to come through them. But not every newsroom has the capacity to build a strong security strategy. Which means for every story we hear about that involves these newsrooms, there may be many more that took place in secret.

The Freedom of the Press Foundation maintains digital security resources and runs training for newsrooms and specific advice about source protection. The EFF also has some great resources. More resources are out there. But there is more of a need than ever for every newsroom to make sure they have access to someone who can advise them on digital security both holistically and on a case-by-case basis. Not every newsroom can afford a permanent member of staff, but finding access to some kind of resource is vital.

Likewise, journalism funders should focus on providing access to experts, understanding that these issues are existential for the organizations they fund. Not only is this an attack on press freedoms, but it’s also an attack on trust. Every newsroom can do its reporting because sources feel safe to reach out to it; if their safety is in question, they may be less likely to leak, and we may be less likely to read the stories that help us make good democratic decisions. That’s what the administration seems to be banking on.