How to Encrypt Files as a Reporter: The Ultimate Guide to Protecting Sources

Meta Title: How to Encrypt Files as a Reporter | Source Protection Guide Meta Description: Full-disk encryption isn’t enough. Learn how to encrypt individual files to protect sources during raids, border crossings, and cloud transfers. Slug: /profession/how-to-encrypt-files-reporter

Introduction

The statistics are sobering. At least 124 journalists were killed in 2024, the deadliest year on record according to the Committee to Protect Journalists (CPJ), often linked directly to their investigative work. But for modern correspondents, the threat isn’t just physical—it is deeply digital. A seized laptop or a compromised cloud account doesn’t just endanger your story; it endangers the lives of the people who trusted you with their secrets.

Most journalists understand the basics: use Signal for calls and turn on FileVault or BitLocker for their laptops. However, there is a massive security gap that most reporters overlook. While Signal protects your messages in transit, and full-disk encryption protects your laptop when it is turned off, neither protects your files while you are working.

If your computer is seized while powered on—during a raid, a border crossing, or a brief moment away from your desk—your “secure” laptop is wide open.

This guide addresses that specific vulnerability. We will move beyond basic advice to show you how to encrypt files as a reporter using file-level encryption. This is the critical missing layer of defense that locks down interview transcripts, leaked documents, and source lists, ensuring that even if a device is seized and unlocked, your most sensitive data remains unreadable.

The Threat Landscape: Why Standard Security Fails

The anxiety regarding source protection is widespread. A 2024 survey by the Center for News, Technology & Innovation (CNTI) found that 64% of journalists facing high security risks believe their sources are also in danger. This fear is justified because the standard security model—relying solely on “Full-Disk Encryption” (FDE)—is often insufficient against determined adversaries.

The “Full-Disk” Fallacy

Full-Disk Encryption (like BitLocker on Windows or FileVault on macOS) is essential baseline hygiene, but it has a fatal flaw: it only works when the computer is powered off.

Consider the scenario of Elena, an investigative reporter in London. She relied on FDE to protect her work on government corruption. During a dawn raid, police seized her laptop while she was working at her desk. Because the laptop was powered on and the disk was mounted (decrypted) for use, the encryption was effectively bypassed. Officers could immediately access her “Notes” folder, compromising source names and meeting locations.

Had Elena used file-level encryption for those specific notes, the police would have found only scrambled, inaccessible code, even with the laptop running.

Expert Insight

Harlo Holmes, Director of Digital Security at the Freedom of the Press Foundation, puts it clearly: “Full-disk encryption is essential, but it is not a silver bullet… you need ‘file-level’ encryption.”

The Legal Reality

There is also a legal dimension to this technical problem. in many jurisdictions, authorities can legally force you to unlock a device using biometrics (face or fingerprint). However, forcing a suspect to reveal a complex alphanumeric passphrase for a specific file container is often legally more difficult, depending on the country. By compartmentalizing your data, you create layers of legal and technical friction that protect your sources.

Full-Disk vs. File-Level Encryption

To understand how to encrypt files as a reporter effectively, you need to distinguish between the two main types of encryption. Think of your digital security like a house.

Full-Disk Encryption is like locking the front door. It protects everything inside the house from strangers on the street. However, once someone gets past the front door—whether they kick it in (a raid) or you invite them in (unlocking your device at a border)—they can walk around and read every paper sitting on your desk. If your laptop is on, the front door is open.

File-Level Encryption is like a titanium safe inside the house. Even if an intruder gets through the front door, they cannot access the documents inside the safe without a specific combination. Even if they hold a gun to your head and force you to open the front door, the safe remains locked.

When to Use Which

• Full-Disk Encryption: Use this always. It is your first line of defense against common theft (e.g., leaving a laptop in a taxi).
• File-Level Encryption: Use this for “radioactive” assets. This includes raw audio of whistleblower interviews, scanned financial leaks, and lists of source identities.

If you are unsure where to start with basic security, review our Basics of Encryption guide before proceeding to the advanced steps below.

Step-by-Step: How to Encrypt Sensitive Files

Encryption used to require command-line knowledge or complex key management. Today, tools have evolved to be user-friendly without sacrificing security. Here is how to lock down your data.

1. Preparation: Data Classification

Not every file needs the “titanium safe” treatment. Encrypting your grocery list or public press releases is a waste of time. You need to isolate your High-Risk Data. Create a specific folder for the investigation at hand and identify the files that, if leaked, would cause harm to a person or reputation.

2. The Toolset

For most reporters, we recommend sekura.app. It provides robust, client-side encryption (meaning data is encrypted on your device, not a server) without requiring complex software installations that might flag you at a border. For advanced users needing “hidden volumes,” Veracrypt is the industry standard, though it has a steeper learning curve.

3. Tutorial: Encrypting with Sekura

Here is how to secure a sensitive transcript in under a minute:

1. Select Your File: Navigate to sekura.app. Drag your sensitive document (e.g., Interview_Transcript.docx) into the browser window. The processing happens locally on your machine—the file never travels to the cloud.

2. Set a Strong Password: This is the most critical step. Do not use “Password123.” Use the Diceware method: string together 5-7 random words (e.g., battery-horse-staple-correct-painting). Sekura will indicate the strength of your passphrase in real-time.

3. Click Encrypt: The tool uses AES-256 encryption—the standard used by governments—to scramble your file.

4. Save the Encrypted File: Download the resulting .skr file. This file is now unreadable to anyone without the password.

5. Destroy the Original: This is often overlooked. You must securely delete the original, unencrypted version. On Windows, use “Shift+Delete”; on Mac, use “Option+Command+Delete” and then empty the Trash immediately.

Pro Tip: Metadata Hygiene

The Electronic Frontier Foundation (EFF) warns that “Encrypting a file protects its contents, but if the file name is ‘Source_John_Doe.docx’, you have already failed.”

Adversaries can infer a lot from a filename. Always rename your encrypted archives to something innocuous. A file named System_Logs_Backup_2024.skr or Recipes_Archive.enc is far less likely to attract attention during a cursory search than Panama_Leaks.skr.

High-Risk Scenarios & Solutions

Journalism often requires working in environments where you have zero control over your physical security. Here is how file encryption protects you in the field.

Scenario A: Crossing Borders

Border agents in countries like the US and UK have the legal authority to search electronic devices without a warrant (Freedom of the Press Foundation, 2023).

The Story: Mark, a freelance conflict reporter, was stopped at a border crossing. To avoid detention, he unlocked his laptop. Guards copied his “Documents” folder, which contained unencrypted scans of leaked financial records. Months later, those records were leaked back to the regime he was investigating, endangering his source.

The Fix: Never carry unencrypted sensitive data across a border. Before traveling, encrypt your sensitive files into a single archive. Ideally, upload this encrypted file to a secure cloud location, then securely wipe the file from your laptop. Cross the border with a “clean” machine, and download the encrypted file once you are in a safe location.

Scenario B: Cloud Storage & Collaboration

According to IBM’s 2024 report, the average data breach now costs $4.88 million, and professional services are frequent targets. You cannot trust Google Drive or Dropbox to keep your secrets safe from subpoenas or hackers.

The Story: Sarah stored interview transcripts on Google Drive for easy access. When her account was compromised via a phishing attack, hackers read every word.

The Fix: Use Client-Side Encryption. Encrypt the file on your machine using sekura.app before dragging it to Dropbox. If Google is hacked or subpoenaed, they only hand over scrambled code that they cannot read.

Scenario C: Sharing with Non-Tech Sources

Sources are rarely tech-savvy. Asking them to install PGP usually results in them going silent.

The Fix: If a source needs to send you a file, guide them to a simple web-based encryption tool. Have them encrypt the file with a password you agreed upon via Signal, and then send the encrypted file via email or drop site. This ensures the file is protected the moment it leaves their computer.

Best Practices Checklist for Journalists

When you are on a deadline, security steps are easy to forget. Use this checklist before you start your next investigation.

• Enable Full-Disk Encryption on all laptops and mobile devices immediately.
• Identify “Radioactive Data”—files that could endanger life or liberty.
• Encrypt radioactive files individually with unique, long passphrases.
• Rename encrypted files to remove metadata clues (e.g., change “Whistleblower” to “Budget_Draft”).
• Use an Air-Gapped computer (one that never touches the internet) for decrypting and viewing ultra-sensitive documents if possible.
• Never recycle passwords between different sources or investigations.

FAQ: Common Questions from Reporters

Is Signal enough to protect my files? No. Signal protects data in transit (while it is moving from phone to phone). Once you save a file from Signal to your hard drive, Signal’s encryption no longer protects it. You must apply file-level encryption for storage.

Can I legally refuse to unlock my files at a border? It depends entirely on the jurisdiction. In some countries, refusal can lead to detention. This is why “plausible deniability” (using hidden volumes) or simply not carrying the data across the border (cloud transfer) is safer than relying on legal rights that may be ignored.

Does deleting a file actually remove it? No. When you hit “delete,” the computer just hides the file; the data remains on the disk until it is overwritten. Forensic software can easily recover “deleted” files. You must use “secure delete” or “shredding” tools to overwrite the data space.

What happens if I lose the password to my encrypted scoop? It is gone forever. Real encryption does not have a “forgot password” link. If there were a backdoor for you, there would be a backdoor for the police. Manage your passwords carefully.

Conclusion

In 2025, a journalist’s notebook is digital, and the adversaries—be they state actors, corporations, or criminal syndicates—are sophisticated. Protecting your files is not just about your own safety; it is an ethical mandate to keep the promise of anonymity you made to your source.

Standard tools are no longer enough. Don’t wait for a raid or a border stop to think about data security. Start encrypting your most sensitive files today using sekura.app. It is the simplest way to ensure that your sources remain safe, no matter what happens to your device.

Start Encrypting Now