Information Security for Journalists

By Silkie Carlo and Arjen Kamphuis

We're very glad to be able to provide this handbook as a free download, and we really want to keep it that way.

If you've found the handbook useful, or you want to help ensure it remains available to those who couldn't afford to buy a copy, please consider making a donation here.

Many thanks from the Centre for Investigative Journalism.

Download the book:

(Version 1.3 available only online or as PDF, all other formats currently still V1.2)

PDFePub, MOBI, AWZ3, LIT and FB2 formats or view it online. For SHA-256 hashes for verifying the integrity of the download, please see the table below.

This handbook is a very important practical tool for journalists and it is of particular importance to investigative reporters. For the first time journalists are now aware that virtually every electronic communication we make or receive is being recorded, stored and subject to analysis. As this surveillance is being conducted in secret, without scrutiny, transparency or any realistic form of accountability, our sources, our stories and our professional work itself is under threat.

The UK Government’s new surveillance legislation, the Investigatory Powers Bill, marks a disconcerting departure from legal principles of source protection in favour of unbridled spying powers.

Journalists were dismayed by the realisation that almost all digital communications are now being recorded; for them and their sources there are real risks and now danger in their work. This danger does not just worry reporters, whistleblowers and other sources, but all those who hear privileged information and whose privacy is considered fundamental to the courts, the practice of law, and justice in all of its meanings.  Lawyers and accountants and their clients are now without the protection of client confidentiality, and are vulnerable to the secret surveillance of an increasingly authoritarian and unaccountable state.

After knowing how Snowden’s disclosures were safely presented to the public, we know that there are real protective measures available.  The CIJ’s handbook, Information Security for Journalists, lays out the most effective means of keeping your work private and safe from spying.  It explains how to write safely, how to think about security and how to safely receive, store and send information that a government or powerful corporation may be keen for you not to know, to have or to share.  To ensure your privacy and the safety of your sources, Information Security for Journalists will help you to make your communications indecipherable, untraceable and anonymous.

When planning work that must remain private and confidential it is important to carefully assess the level of threat that may be associated with it.   Shop floor maintenance, building site health and safety, restaurant hygiene, and hospital cleaning may be areas where the precautions and methods described here are unnecessary or might act to complicate and slow down your work. In these cases a phone call made or received away from work or home to a source or a reporter, may ensure sufficient protection at least in making an initial contact.

People working or reporting on national security, the military, intelligence, nuclear affairs, or at high levels of the state and in major corporations should probably consider this handbook as very important to their safety.

Although this handbook is largely about how to use your computer, you don’t need to have a computer science degree to use it. Its authors, and other experts advising on the project have worked to ensure its practical accuracy and usability.  The authors expect that after six months, updates and some changes will be required.  Please return to the website to download the latest edition. You will not of course want to download this on a machine identified with or close to your employer or your source or your home.

Gavin MacFadyen, Director of the Centre for Investigative Journalism

Download links for the book:

The links to download the book in various formats can be found in the table below, along with their respective SHA-256 hashes which can be used to verify the integrity of the download.

Link SHA-256
PDF E748C1AFBF907B2B7A8B2541B68A7593B8523175E95585405A5A66532855E1B3
EPUB 10ae03051d833791d4d497e88785e0a191c9e5fab94138fdefcedbd4cf66a57d
MOBI 17bdaf16d56abb807fd0f75a7cd0e73d7cc9bcbd681dcb1332c7fb24c08fae7e
AZW3 565cd7e17b22ee2c34b4365103ea3a9be1784ae521c925e231e72d5c479de191
LIT 53224949dd50bcdf2c0a9f5da55825482be98fb2f2c6db5b3ec7fd5fee02f958
FB2 1106f0c30e27c5dedc31ae609eac3642612245a58dfbd4d11e400f023e980c0b
1-page instruction leaflet for starting Tails USB-drives 5eb4606df25801302072d1f5acaacea2ff27e0d02fc1c74dab04ad59eca7b9de

This book is also available as a set of webpages. We have put much valuable feedback from the Summer School 2014 and several readers in the improved version. Slides from the Summer School 2014 lectures on information security are here in PDF and PPT.

This handbook is being translated into Arabic, Chinese, French, German, Turkish, Spanish, and other languages.


Creative Commons (CC BY-NC-SA 4.0). Licence for humans. Licence for lawyers.

Articles by participants who attended our training:

Securing our information – we have the technology; we just have to have the will to do it
Valentina Novak interviews Arjen Kamphuis

Information security for journalists: staying secure online
How can journalists protect both the sources and the communications when online? Infosec expert Arjen Kamphuis shared his advice on top-level security by Alastair Reid (from

A day with the surveillance expert - CIJ's Arjen Kamphuis
by Jason Murdock,

We are always looking for ways to make this book better, so any feedback about this book will be most gratefully received.
Please email

If you want to use encryption to secure these mails please use KeyID :0x23F5FB02  
Fingerprint: 3E93 1B31 7676 CC7F 1F98 71E9 37A1 396C 23F5 FB02

The PGP key can be downloaded from keyservers by searching for KeyID mentioned above. Failing that copying the key below manually will also work.

Version: GnuPG v2