The Freedom of the Press Foundation provided tremendous support for this project, so my first words of gratitude are for its staff. My introduction to SecureDrop came when James Dolan spent a whole afternoon guiding me and a colleague through the process of installing the system on virtual machines. At a time when dozens of news organizations were waiting in line for similar attention, this was a remarkably generous gesture. Later, as my research project was just getting off the ground, Garrett Robinson’s patient and often quite eloquent explanations of the SecureDrop system helped me to understand the level of care brought to developing it. Likewise, Conor Shaeffer has a gift for clarifying operational security measures while maintaining the full force of their complexity. I am incredibly grateful to Trevor Timm, who not only offered hours of interviews and commented on a draft of this report, but also brokered introductions to many journalists. Interviews with these journalists formed the core of my study. I would like to thank Mike Tigas and Scott Klein of ProPublica, Barton Gelman of the Century Foundation, Julie Tate and Steven Rich of The Washington Post, Kevin Poulsen of Wired, John Cook of Gawker, Lydia Dennett of the Project on Government Oversight, Jeremy Keehn of The New Yorker, Micah Lee and Betsy Reed of The Intercept, and Alasdair McKie of The Globe and Mail. My interviews with the technical administrators of SecureDrop systems also provided essential context to this study. I would like to thank Dave Boxall of The Guardian, Pam Rutter of the Project on Government Oversight, and Dan Phiffer of The New Yorker. My doctoral colleagues at Columbia all helped me to develop and refine the ideas in this report: in particular, I would like to thank Jonah Bossewitch, Andi Dixon, Max Foxman, Alex Goncalves, Joscelyn Jurich, Travis Mushett, and Ri Pierce-Grove. Among my teachers, Michael Schudson, Todd Gitlin, Matthew Jones, Mark Hansen, and Dennis Tenen have had a particularly strong influence on how I see the concerns at play around this topic. Above all, I am indebted to the Tow Center for Digital Journalism, which funded, guided, and published this research. Emily Bell listened to my pitch one evening over a year ago, warmly encouraging me to submit a proposal—but also offered a “five-minute threat model” citing the substantial hazards of such a project. Fergus Pitt helped me shape the frame of my research as I was just getting started, then Claire Wardle offered indispensable guidance on my methodology as I performed the bulk of the work that follows. Susan McGregor was not only a mentor and a fellow traveler, but really paved the way for studying digital security and journalism. Pete Brown, Kathy Zhang, Smitha Khorana, and Nushin Rashidian have been a joy to work with at Tow. Finally, and perhaps most importantly, Abigail Ronck was a thorough and thoughtful editor. This report reflects the generous contributions of everyone listed above, but any remaining errors are my own. May 2016