Do not try to handle two whistleblowers at once on the same phone or email account

Do not try to handle two whistleblowers at once on the same phone or email account

It is not possible to tell if what seems to be a low level, low risk whistleblower or journalistic contact, might not develop into a high risk one in the future, once they trust you. The only professional and ethical way to conduct yourself is to to treat all of them with maximum "Moscow Rules" precautions, all of the time.

Most people would probably never contemplate setting up a physical face to face meeting, to discuss confidential matters, with all of their confidential whistleblower contacts at the same place, at the same time.

However, it is surprising how many journalists or bloggers etc., in contact with several confidential sources or whistleblowers at once, risk comprising the security and anonymity of all of them, by sharing a phone or email address with more than one of them i.e. if one of them gets identified (or eventually goes public), this could betray all of the others they are dealing with at the same time.

It may be acceptable to take the risk of using a shared phone number or email address for initial contacts, but do not continue to do so for more detailed contacts or for setting up physical meetings - they deserve a separate, confidential phone number or email address each.

Therefore keep a spare "whistleblowers only" mobile phone and set up some email accounts (and PGP Encryption Keys) beforehand, so that you do not arouse suspicions by suddenly obtaining these just after a whistleblower has initially contacted you.

Remember that some pre-paid mobile phone SIM cards are de-activated if they are not used after, say 6 months, and that, free Hushmail accounts need to be used at least once every 3 weeks.

If you are a whistleblower contacting a journalist etc. (or a political activist contacting a political group organiser) , then ask them if the phone number or email address that they have given you is unique to you, or if it is shared with other confidential sources, who may be currently under more investigative scrutiny than you are at present.

This works the other way for whistleblowers. They should assume that some or all of the journalists ore bloggers or elected politicians or regulatory authorities who they are initially sounding out to see if they may be interested in taking on their whistleblower story and evidence, are under various degrees of surveillance.

This may be for purposes other than that of a specific "mole hunt" or leak inquiry regarding the whistleblower's area of concern or activity.

The Communications Data Traffic Analysis which say, a leading investigative journalist will be subjected to, will reveal a list of mobile and landline phone calls (or SMS messages etc) that he receives. The next level of automated analysis will chase up each of these to see who they have been in contact with.

If your phone number or email address has been in contact with several investigative journalists etc., this will indicate suspected whistleblowing / breaches of the Official Secrets Act or commercial confidentiality etc., even if each of those contacts has not contained any incriminating details.

Therefore whistleblowers should also use individual email addresses and / or mobile phone numbers etc. for contacting each media organisation / elected politician / independent regulatory authority etc so as not to tip off their employers or other snoopers that someone is about to "blow the whistle" on something.

There is no hard and fast rule about whether to contact several potential whistleblower assistance contacts at once, or whether to try them sequentially one at a time.

Part of the problem from a whistleblower's point of view is getting anyone to listen and then getting anyone to believe their story, let alone protect their identity in the meantime, before any arrangements have been made for publication or for the secure submission of evidence.


About this blog

We know that there are decent, honest, trustworthy individual politicians, civil servants, law enforcement, intelligence agency personnel and broadcast, print and internet journalists etc., who often feel powerless or trapped in the system. They need the assistance of external, detailed, informed, public scrutiny to help them to resist deliberate or unthinking policies, which erode our freedoms and liberties.

Some of these people will, in the public interest, act as whistleblowers, and may try to leak documents or information to the mainstream media, or to political blog websites etc.

Here are some Spy Blog "Hints and Tips", giving some basic preecautions, and some more obscure technical tips, which both whistleblowers, journalists, and bloggers need to be aware of, in order to help preserve the anonymity of whisteleblowing or other journalistic sources, especially in the United Kingdom, but applicable in other countries as well.

Whistleblower anonymity may not always be possible, or even necessary, forever into the future, but it is usuially crucial during at least the early stages of a "leak", whilst it is being evaluated by others, to see if it merits wider publication and publicity.

Email & PGP Contact

Please feel free to email your views about this blog, or news about the issues it tries to comment on.


Our PGP public encryption key is available for those correspondents who wish to send us news or information in confidence, and also for those of you who value your privacy, even if you have got nothing to hide.

You can download a free copy of the PGP encryption software from
(available for most of the common computer operating systems, and also in various Open Source versions like GPG).

We look forward to the day when UK Government Legislation, Press Releases and Emails etc. are Digitally Signed so that we can be assured that they are not fakes. Trusting that the digitally signed content makes any sense, is another matter entirely.


Tag Cloud

CryptoParty London

CryptoParty London

Most months there is a CryptoParty London event. where some of these Hints and Tips and other techniques are demonstrated and taught.

Usually at:

Juju's Bar and Stage 15 Hanbury St, E1 6QR, London

Follow on Twitter: @CryptoPartyLDN

Syndicate this site (XML):


Campaign Button Links

Watching Them, Watching Us, UK Public CCTV Surveillance Regulation Campaign
UK Public CCTV Surveillance Regulation Campaign

NO2ID Campaign - cross party opposition to the NuLabour Compulsory Biometric ID Card
NO2ID Campaign - cross party opposition to the NuLabour Compulsory Biometric ID Card and National Identity Register centralised database.

Gary McKinnon is facing extradition to the USA under the controversial Extradition Act 2003, without any prima facie evidence or charges brought against him in a UK court. Try him here in the UK, under UK law.
Gary McKinnon is facing extradition to the USA under the controversial Extradition Act 2003, without any prima facie evidence or charges brought against him in a UK court. Try him here in the UK, under UK law.

FreeFarid_150.jpg - Kafkaesque extradition of Farid Hilali under the European Arrest Warrant to Spain

Peaceful resistance to the curtailment of our rights to Free Assembly and Free Speech in the SOCPA Designated Area around Parliament Square and beyond

Parliament Protest blog - resistance to the Designated Area restricting peaceful demonstrations or lobbying in the vicinity of Parliament.

Petition to the European Commission and European Parliament against their vague Data Retention plans
Data Retention is No Solution Petition to the European Commission and European Parliament against their vague Data Retention plans.

Open Rights Group

renew for freedom - renew your passport in 2006
Renew For Freedom - renew your Passport in the Summer Autumn of 2006.

The Big Opt Out Campaign - opt out of having your NHS Care Record medical records and personal details stored insecurely on a massive national centralised database.

Tor - the onion routing network
Tor - the onion routing network - "Tor aims to defend against traffic analysis, a form of network surveillance that threatens personal anonymity and privacy, confidential business activities and relationships, and state security. Communications are bounced around a distributed network of servers called onion routers, protecting you from websites that build profiles of your interests, local eavesdroppers that read your data or learn what sites you visit, and even the onion routers themselves."

Tor - the onion routing network
Anonymous Blogging with Wordpress and Tor - useful Guide published by Global Voices Advocacy with step by step software configuration screenshots (updated March 10th 2009).

Amnesty International's campaign

BlogSafer - wiki with multilingual guides to anonymous blogging

NGO in a box - Security Edition privacy and security software tools

Home Office Watch blog, "a single repository of all the shambolic errors and mistakes made by the British Home Office compiled from Parliamentary Questions, news reports, and tip-offs by the Liberal Democrat Home Affairs team."

Reporters Without Borders - Reporters Sans Frontières - campaign for journalists 'and bloggers' freedom in repressive countries and war zones.

Committee to Protect Bloggers - "devoted to the protection of bloggers worldwide with a focus on highlighting the plight of bloggers threatened and imprisoned by their government."

wikileaks_logo_low.jpg - the controversial "uncensorable, anonymous whistleblowing" website based currently in Sweden.

Public Concern at Work - "(PCaW) is the independent authority on public interest whistleblowing. Established as a charity in 1993 following a series of scandals and disasters, PCaW has played a leading role in putting whistleblowing on the governance agenda and in developing legislation in the UK and abroad. All our work is informed by the free advice we offer to people with whistleblowing dilemmas and the professional support we provide to enlightened organisations."