Justice Department Seizes Reporter's Phone, Email Records In Leak Probe

According to The New York Times, the Department of Justice seized a New York Times reporter's phone and email records this year in an effort to probe the leaking of classified information, the first known instance of the DOJ going after a journalist's data under President Trump. The Hill reports: The Times reported Thursday that the DOJ seized years' worth of records from journalist Ali Watkins's time as a reporter at BuzzFeed News and Politico before she joined The Times in 2017 as a federal law enforcement reporter, according to the report Thursday. Watkins was alerted by a prosecutor in February that the DOJ had years of records and subscriber information from telecommunications companies such as Google and Verizon for two email accounts and a phone number belonging to her. Investigators did not receive the content of the records, according to The Times. The newspaper reported that it learned of the letter on Thursday.

so just like previous administrations then?

[ooloorie]

Good ol' Eric Holder obtained the records for more than 20 telephone lines of [the AP's] offices and journalists, including their home phones and cellphones. It said the records were seized without notice sometime this year. And this issue is hardly new.

Cryptography + Tor, etc.

[DrYak]

As a side note this would not have been such a problem if the journalist Ali Watkins had actually run their own email server like ms clinton had...

Well, fundamentally : NO it won't have been *that* much different.

In theory :
  - The justice could have just as well gotten a warrant to search her private sever.
  - She could have argued that as a reporter, she should protect her source
  - She would have been sued in turn for obstruction of justice.

In practice :
  - Securing a mail server is hard.
  - The court could "accidentally find" the needed information in one of the inevitable hack that the server is going to sustain.
(Whether the government would have anything to do with that specific hack is left to the reader's imagination)

so lesson learnt dont depend on a third party like gmail/office365 if you want privacy and certainly do not depend on something like signal not to leak your metadata

The best way would be to combine 2 things :

  - use end-to-end encryption (for the specific case of e-mail: that would be using GPG or S/MIME, either as a mail client plugin, or as a browser plugin if you're using webmail. For chats that would be using something like OTR or Openwhisper protocols). That would prevent the content being visible during transit at the servers.

  - use something that can hide the connection between the users.
For e-mail the point is moot, because even if you encrypt the mail body as stated before, due to the way the mailing protocol works the headers are going to be kept accessible for message routing, and any server relaying the messages along the way will know that the 2 persons have communicated(*).
Instead you should go for something that can successfully leverage onion routing (like TOR or I2P) :
- Chat system working over Tor (i think Tox can work over it ?)
- Plain simple drop boxes that are accessible through .onion addresses. (Several newspapers have setup such)
etc.

---

(*)
you could rig something by using a single private server, that can be accessed over tor as a .onion addresses and have both the journalist and the source use local accounts on that server (thus never routing them outside the server).
basically, you're setting up a glorified drop box that uses SSMTP and IMAPS instead of HTTPS/FTPS/SFTP