Source protection

Due to the centrality of communication between journalists and sources to the daily business of journalism, the question of whether or not sources can expect to have their identity protected has significant effects on the ability of media to operate and investigate cases.^[4] If a potential source can expect to face legal retaliation or other personal harm as a result of talking to a journalist, they may be less willing to talk to the media.^[5]

The digital environment poses challenges to traditional legal protections for journalists' sources. While protective laws and/or a reporter's commitment shielded the identity of sources in the analogue past, in the age of digital reporting, mass surveillance, mandatory data retention, and disclosure by third party intermediaries, this traditional shield can be penetrated.^[3]

Technological developments and a change in operational methods of police and intelligence services are redefining the legal classification of privacy and journalistic privilege internationally.^[6] With rapid technological advancement, law enforcement and national security agencies have shifted from a process of detecting crimes already committed, to one of threat prevention in the post-September 11 environment. In the digital age, it is not the act of committing (or suspicion of committing) a crime that may result in a person being subject to surveillance, but the simple act of using certain modes of communication—such as mobile technology, email, social networks and the Internet.^[6][7]

Journalists are now adapting their work in an effort to shield their sources from exposure, sometimes even seeking to avoid electronic devices and communications. The cost of the digital era source protection threat is significant—in terms of digital security tools, training, reversion to more labor-intensive analogue practices, and legal advice. Such tactics may be insufficient if legal protections are weak, anonymity is forbidden, encryption is disallowed, and sources themselves are unaware of the risks. The impact of these combined factors on the production and scope of investigative journalism based on confidential sources is significant.

Where source protection is compromised, the impacts can include:

• Pre-publication exposure of journalistic investigations which may trigger cover-ups, intimidation, or destruction of information,
• Revelation of sources' identities with legal or extra-legal repercussions on them,
• Sources of information running dry,
• Self-censorship by journalists and citizens more broadly.^[3]

1. Source protection laws are at risk of being trumped by national security and anti-terrorism legislation that increasingly broadens definitions of 'classified information' and limits exceptions for journalistic acts,
2. The widespread use of mass and targeted surveillance of journalists and their sources undercuts legal source protection frameworks by intercepting journalistic communications,
3. Expanding requirements for third party intermediaries to mandatory retain citizens' data for increasingly lengthy periods of time further exposes journalistic communications with confidential sources
4. Debates about digital media actors' entitlement to access source protection laws where they exist, while being more prominent in Western contexts, are intensifying around the world.^[3]

Scholars,^[8] journalism organizations^[9] and press freedom advocacy groups^[10] have put a lot of effort in defining journalism in a way that it would allow the best possible protection of themselves and their sources. Many stakeholders have argued in favor of legal protections being defined in connection with 'acts of journalism', rather than through the definition of the professional functions of a journalist.

Some countries are broadening the legal definition of 'journalist' to ensure adequate protection for citizen reporters (working on and offline). This opens up debates about classifying journalists, and even about licensing and registering those who do journalism—debates that are particularly potent where there is a history of controls over press freedom.

Many legal definitions of 'journalist' have been evaluated as overly narrow, as they tend to emphasis official contractual ties to legacy media organizations, may demand a substantial publication record, and/or require significant income to be derived from the practice of journalism. This leaves confidential sources relied upon by bloggers and citizen journalists largely unprotected, because these producers of journalism are not recognized as 'proper journalists'. Such definitions also exclude the growing group of academic writers and journalism students, lawyers, human rights workers and others, who produce journalism online, including investigative journalism. This has bearing on a controversy in 2015 in which Amnesty International objected to having been a subject of surveillance^[11]

In December 2013, the United Nations General Assembly adopted a resolution which outlined a broad definition of journalistic actors that acknowledged that: "...journalism is continuously evolving to include inputs from media institutions, private individuals and a range of organizations that seek, receive and impart information and ideas of all kinds, online as well as offline, in the exercise of freedom of opinion and expression".^[12]

In 2014, the Intergovernmental Council of UNESCO's International Program for the Development of Communications (IPDC) welcomed the UNESCO Director-General's Report on the Safety of Journalists and the Danger of Impunity, which uses the term 'journalists' to designate the range of "journalists, media workers and social media producers who generate a significant amount of public-interest journalism".^[13]

The Arabic Media Internet Network's Dauoud Kuttab does not want to limit entitlement to source protection to recognized journalists, but to extend it to citizens as well.^[14] Egyptian Media Studies Professor Rasha Abdullah said that source protection needs to be accessible to a broad range of communications actors: "It should apply to anyone who has information to expose, particularly in the age of digital media".^[15] For Arab Reporters for Investigative Journalism's (ARIJ) Rana Sabbagh, "There is a difference between reporting the news, writing an editorial, and being an activist".^[16]

United States media lawyer Charles Tobin is also in favor of a broad definition of journalism as a response to the rise of citizen journalists and bloggers.^[17] In 2013, the USA's Society of Professional Journalists passed a unanimous motion that "strongly rejects any attempts to define a journalist in any way other than as someone who commits acts of journalism."^[9]

Moving the framework to a protection of 'acts of journalism' rather than limiting it to the work of professional journalists is a conceptual shift, according to Stearns in a 2013 report.^[10]

In 2007, Banisar noted that: "A major recent concern ... is the adoption of new anti terrorism laws that allow for access to records and oblige assistance. There are also problems in many countries with searches of newsrooms and with broadly defined state secrets acts which criminalize journalists who publish leaked information".^[18]

The problem has grown in the intervening years, as a parallel to digital development, and occurs where it is unchecked by measures designed to preserve fundamental rights to freedom of expression and privacy, as well as accountability and transparency. In practice, Campbell considers that this leads to what can be identified as a 'trumping effect', where national security and anti-terrorism legislation effectively take precedence over legal and normative protections for confidential journalistic sources.^[19] The classification of information as being protected by national security or anti-terrorism legislation has the effect of increasing the reluctance of sources to come forward.^[3]

A 2008 Council of Europe (CoE) report stated: "Terrorism is often used as a talisman to justify stifling dissenting voices in the way that calling someone a communist or capitalist were used during the Cold War".^[7] According to the COE report, following the 2001 terrorist attacks, many European countries adopted new laws or expanded the use of old laws to monitor communications.^[20]

Gillian Phillips, Director of Editorial Legal Services of The Guardian has specifically referenced the implications of governments invoking national security and anti-terrorism measures that interfere with protections for journalists and their sources. Calls for unlimited monitoring and use of modern surveillance technologies to access all citizens' data, directly challenge journalists' rights to protect their confidential sources, she said.^[21] A report by The Guardian in 2015, based on files leaked by Edward Snowden, highlighted the potential controversy in this area. It stated that a United Kingdom Government Communications Headquarters (GCHQ) information security assessment had listed "investigative journalists" alongside terrorists and hackers in a threat hierarchy.^[22]

Fuchs,^[23] Eubanks,^[24] and Giroux^[25] have warned that surveillance is a broader problem than the impingement of individual privacy. Andrejevic (2014) has argued that it represents a fundamental alteration to the power dynamics of society: "...Surveillance should be understood as referring to forms of monitoring deeply embedded in structural conditions of asymmetrical power relations that underwrite domination and exploitation."^[26]

Mass surveillance can be defined as the broad, arbitrary monitoring of an entire or substantial fraction of a population.^[27] According to former United Nations Special Rapporteur on the Promotion and Protection of the Right to Freedom of Expression and Opinion, Frank La Rue, States can achieve almost complete control of telecommunications and online communications "...by placing taps on the fiber-optic cables, through which the majority of digital communication information flows, and applying word, voice and speech recognition...".^[28]

A report of the United Nations Special Rapporteur on the Promotion and Protection of Human Rights and Fundamental Freedoms while Countering Terrorism, Ben Emmerson, has outlined that States can gain access to the telephone and email content of an effectively unlimited number of users and maintain an overview of Internet activity associated with particular websites. "All of this is possible without any prior suspicion related to a specific individual or organization. The communications of literally every Internet user are potentially open for inspection by intelligence and law enforcement agencies in the States concerned".^[29]

There is also concern about the extent of targeted surveillance, according to Emmerson's report: "Targeted surveillance...enables intelligence and law enforcement agencies to monitor the online activity of particular individuals, to penetrate databases and cloud facilities, and to capture the information stored on them".^[29]

In 2013, the Monk School of Global Affairs' Citizen Lab research group at the University of Toronto discovered command and control servers for FinFisher software (also known as FinSpy) backdoors, in a total of 25 countries, including 14 countries in Asia, nine in Europe and North America, one in Latin America and the Caribbean, and one in Africa.^[30] This software is exclusively sold to governments and law enforcement agencies.^[31]

A 2008 Council of Europe report detailed what it described as a "worrying trend in the use of both authorized and unauthorized electronic surveillance to monitor journalists by governments and private parties to track their activities and identify their sources". According to the report, most such incidents are not related to countering terrorism but they are authorized under the broad powers of national laws or undertaken illegally, in an attempt to identify the sources of journalistic information.^[7]

These laws expand surveillance in a number of ways, according to the CoE study, such as:

• Extending the range of crimes that interception is authorised for;
• Relaxing legal limitations on approving and conducting surveillance including allowing for warrantless interception in some cases;
• Authorizing the use of invasive techniques such as Trojan horse and remote keystroke monitoring to be used;
• Increased demand for identification of users of telecommunications services.^[7]

According to Polish law academic Jan Podkowik (2014), surveillance undertaken without a journalist's consent should be considered as an act of interference with the protection granted by Article 10 of the European Convention on Human Rights. He proposed in a 2014 paper that interference with journalistic confidentiality by means of secret surveillance should be recognized at least as equally onerous as searches of a home or a workplace. "... it seems that in the digital era, it is necessary to redefine the scope of the protection of journalistic privilege and to include in that scope all the data acquired in the process of communication, preparation, processing or gathering of information that would enable the identification of an informant," Podkowik wrote.^[32]

Compounding the impacts of surveillance on source protection and confidential source-dependent journalism globally is the interception, capture and long term storage of data by third party intermediaries. If ISPs, search engines, telecommunication technologies, and social media platforms, for example, can be compelled to produce electronic records (stored for increasingly lengthy periods under mandatory data retention laws) that identify journalists' sources, then legal protections that shield journalists from disclosing confidential sources may be undercut by backdoor access to the data.^[33]

A 2014 United Nations Office of the High Commissioner for Human Rights Report, The right to privacy in the Digital Age concludes that there is a pattern of "...increasing reliance of Governments on private sector actors to retain data 'just in case' it is needed for government purposes. Mandatory third-party data retention—a recurring feature of surveillance regimes in many States, where Governments require telephone companies and internet service providers to store metadata about their customers' communications and location for subsequent law enforcement and intelligence agency access—appears neither necessary nor proportionate".^[34]

States are introducing mandatory data retention laws. Such laws require telecommunications and Internet Service Providers to preserve communications data for inspection and analysis, according to a report of the Special Rapporteur on Promotion and Protection of Human Rights and Fundamental Freedoms while Countering Terrorism.^[29] In practice, this means that data on individuals' telecommunication and Internet transactions are collected and stored even when no suspicion of crime has been raised.^[35]

Some of the data collected under these policies is known as metadata. Metadata is data that defines and describes other data. For the International Organization for Standardization standard, metadata is defined as data that defines and describes other data and processes.^[36] As the Electronic Frontier Foundation's Peter Eckersley has put it, "Metadata is information about what communications you send and receive, who you talk to, where you are when you talk to them, the length of your conversations, what kind of device you were using and potentially other information, like the subject line of your emails".^[37] Metadata may also include geolocation information.

Advocates of long-term metadata retention insist that there are no significant privacy or freedom of expression threats.^[38] Even when journalists encrypt the content, they may neglect the metadata, meaning they still leave behind a digital trail when they communicate with their sources. This data can easily identify a source, and safeguards against its illegitimate use are frequently limited, or non-existent.^[39]

In an era where citizens and other social communicators have the capacity to publish directly to their own audiences, and those sharing information in the public interest are recognized as legitimate journalistic actors by the United Nations, the question, for Julie Posetti is to know to whom source protection laws should be applied. On the one hand, broadening the legal definition of 'journalist' to ensure adequate protection for citizen reporters (working on and offline) is desirable, and case law is catching up gradually on this issue of redefinition. On the other hand, it opens up debates about licensing and registering those who do journalism and who wish to be recognized for protection of their sources.^[3]

Female journalists working in the context of reporting conflict and organized crime are particularly vulnerable to physical attacks, including sexual assault, and harassment. In some contexts, their physical mobility may be restricted due to overt threats to their safety, or as a result of cultural prohibitions on women's conduct in public, including meeting privately with male sources. For the World Trends Report, women journalists need to be able to rely on secure non-physical means of communication with their sources. Women sources may face the same physical risks outlined above—especially if their journalistic contact is male and/or they experience cultural restrictions, or they are working in conflict zones. Additionally, female confidential sources who are domestic abuse victims may be physically unable to leave their homes, and therefore be reliant on digital communications.^[40][3]

Women journalists need to be able to rely on secure digital communications to ensure that they are not at increased risk in conflict zones, or when working on dangerous stories, such as those about corruption and crime. The ability to covertly intercept and analyze journalistic communications with sources increases the physical risk to both women journalists and their sources in such contexts. Encrypted communications and other defensive measures are therefore of great importance to ensure that their movements are not tracked and the identity of the source remains confidential.^[3]

Journalists and sources using the Internet or mobile apps to communicate face greater risk of gendered harassment and threats of violence. These risks need to be understood and mitigated to avoid further chilling women's involvement in journalism—as practitioners or sources.^[3]

"There is widespread recognition in international agreements, case law and declarations that protection of journalists' sources [are] a crucial aspect of freedom of expression that should be protected by all nations"^[18]

International Organizations such as the United Nations (UN) or UNESCO, Organisation of American States, African Union, Council of Europe, and the Organization for Security and Co-operation in Europe (OSCE) have specifically recognized journalists' right to protect their sources. The European Court of Human Rights (ECtHR) has found in several cases that it is an essential component of freedom of expression.

• 2012: Resolution adopted by the UN Human Rights Council (A/HRC/RES/20/8) on the promotion, protection and enjoyment of human rights on the Internet that recognize the need to uphold people's rights equally regardless of environment^[41]
• 2012: Human Rights Council resolution A/HRC/RES/21/12 on the safety of journalists.^[42]
• 2013: Resolution adopted by the UN General Assembly (A/RES/68/163) on the Safety of Journalists and Issue of Impunity (2013)^[43]
• In November 2013, the 37th session of the UNESCO General Conference passed a Resolution on 'Internet-related issues: including access to information and knowledge, freedom of expression, privacy and ethical dimensions of the information society' (UNESCO 2013).^[44][45]
• In December 2013 the United Nations General Assembly (UNGA) adopted a resolution on the Right to Privacy in the Digital Age. (A/C.3/68/167)^[46]
• 2014: Resolution adopted by the UN Human Rights Council (A/HRC/RES/27/5) on the Safety of Journalists^[47]
• December 2014: UN General Assembly Resolution on The safety of journalists and the issue of impunity freedoms (A/RES/69/185)^[48]

• July 2011: Office of the International Covenant on Civil and Political Rights UN Human Rights Committee, General Comment no. 34 recognizes protection of all forms of expression and the means of their dissemination, including electronic and Internet-based modes of expression.^[49]
• 2012: Carthage Declaration—participants at the UNESCO World Press Freedom Day conference highlights the significance of the challenges posed by Internet communications to the maintenance of freedom of expression and privacy rights essential to the practice of investigative journalism.^[50]
• June 2013: 'Report of the Special Rapporteur (Frank La Rue) on the Promotion and Protection of the Right to Freedom of Opinion and Expression' to the Human Rights Council (A/HRC/23/40) highlights the relationship between the rights to freedom of expression, and access to information and privacy that underpins source protection.^[51]
• In July 2013, the then UN High Commissioner for Human Rights, Navi Pillay spotlighted the right to privacy in protecting individuals who reveal human rights implicated information.
• In February 2014, the UN hosted an international expert seminar on the Right to Privacy in the Digital Age (Geneva) Frank La Rue (then UN Special Rapporteur on the Promotion and Protection of the Right to Freedom of Opinion and Expression), called for a special United Nations mandate for protecting the right to privacy.^[52]
• July 2014 - Summary of the Human Rights Council panel discussion on the safety of journalists: Report of the Office of the United Nations High Commissioner for Human Rights the meeting heard that national security and anti-terrorism laws should not be used to silence journalists^[53]
• 2014 UNESCO World Trends in Freedom of Expression and Media Development report highlights the role of national security, anti-terrorism and anti-extremism laws as instruments "...used in some cases to limit legitimate debate and to curtail dissenting views in the media, while also underwriting expanded surveillance, which may be seen to violate the right to privacy and to jeopardize freedom of expression"^[54]
• July 2014: 'The right to privacy in the digital age: Report of the Office of the United Nations High Commissioner for Human Rights'^[34]
• July 2015: UNESCO study "Keystones for the Internet" calls for enhanced protection of the confidentiality of sources of journalism in the digital age.^[55]
• May 2015: UN Office of the High Commissioner for Human Rights (OHCHR) Report on Encryption, Anonymity and the Human Rights Framework by UN Special on the Promotion and Protection of the Right to Freedom of Opinion and Expression, David Kaye (Kaye 2015) emphasizes the essential roles played by encryption and anonymity as defenses create a zone of privacy to protect opinion from outside scrutiny.^[56]

• The OSCE Representative on Freedom of the Media (RFOM) regularly issues statements and comments regarding breaches and threats to legal source protection frameworks.^[57]
• June 2011 Organization for Security and Cooperation in Europe (OSCE)—Representative on Freedom of the Media: Vilnius Recommendations on Safety of Journalists.^[58] This set of recommendations included the following point relevant to source protection in connection with journalism safety: "Encourage legislators to increase safe working conditions for journalists by creating legislation that fosters media freedoms, including guarantees of free access to information, protection of confidential sources, and decriminalizing journalistic activities."

April 2013 draft report published: "CleanGovBiz Integrity in Practice, Investigative Media" argued that forcing a journalist to reveal a source in such cases would be a short sighted approach in many cases: "...once a corruption case has been brought to light by a journalist, law enforcement has an incentive to discover the anonymous source(s). While the source might indeed be valuable for the case in question either by providing additional information or through being a witness in court forcing the journalist to reveal the source would often be short-sighted."^[59]

In Africa, the African Commission on Human and Peoples' Rights has adopted a Declaration of Principles on Freedom of Expression in Africa which includes a right to protection of sources under Principle XV.^[60]

In Africa, there exists a relatively strong recognition of the right of journalists to protect their sources, at national, sub-regional as well as continental levels. However, and by and large, this recognition has not yet resulted in a critical mass of legal provisions

Article 9 of the African Charter of Human Rights gives every person the right to receive information and express and disseminate opinions. The 2002 Declaration of Principles on Freedom of Expression in Africa, released by the African Commission on Human and People's Rights, provided guidelines for member states of the African Union on protection of sources:

"XV Protection of Sources and other journalistic material Media practitioners shall not be required to reveal confidential sources of information or to disclose other material held for journalistic purposes except in accordance with the following principles:

• The identity of the source is necessary for the investigation or prosecution of a serious crime, or the defense of a person accused of a criminal offense;
• The information or similar information leading to the same result cannot be obtained elsewhere;
• The public interest in disclosure outweighs the harm to freedom of expression;
• And disclosure has been ordered by a court, after a full hearing."^[61]

Noteworthy developments since 2007:

• April 2013 - Model Law on Access to Information in Africa by the Special Rapporteur on Freedom of Expression and Access to Information at the African Commission on Human and People's Rights was circulated. An information officer may refuse a request if the information: "(c) Consists of confidential communication between a journalist and her or his source".^[62]
• May 2015 - East African Court of Justice (EAJC) judgement on Burundi Press Law (Burundian journalists' union v the Attorney General of the Republic of Burundi, Reference No.7 of 2013). In this judgement, the EAJC ruled Articles 19 & 20 of Burundi's 2013 Press Law violated democratic principles and should be repealed.^[63]

The Association of Southeast Asian Nations (ASEAN) adopted a Human Rights Declaration in November 2012 with general provisions for freedom of expression and privacy (ASEAN 2012).^[64] Reservations have been voiced regarding the wording of provisions on human rights and fundamental freedoms in relation to political, economic and cultural systems and the Declaration's provisions on "balancing" rights with individual duties as well as an absence of reference that legitimate restrictions of rights must be provided by law and conform to strict tests of necessity and proportionality^[65][66][67]

In 2007, Banisar noted that: "A major recent concern in the region is the adoption of new anti-terrorism laws that allow for access to records and oblige assistance. There are also problems in many countries with searches of newsrooms and with broadly defined state secrets acts which criminalize journalists who publish leaked information".^[18]

In Europe, the European Court of Human Rights stated in the 1996 case of Goodwin v. United Kingdom that "[p]rotection of journalistic sources is one of the basic conditions for press freedom ... Without such protection, sources may be deterred from assisting the press in informing the public on matters of public interest. As a result the vital public-watchdog role of the press may be undermined and the ability of the press to provide accurate and reliable information may be adversely affected."^[68] The Court concluded that absent "an overriding requirement in the public interest", an order to disclose sources would violate the guarantee of free expression in Article 10^[69] of the European Convention on Human Rights.

In the wake of Goodwin, the Council of Europe's Committee of Ministers issued a Recommendation to its member states on how to implement the protection of sources in their domestic legislation.^[70] The Organization for Security and Co-operation in Europe has also called on states to respect the right.^[71]

"The recognition of protection of journalistic sources is fairly well established in Europe both at the regional and domestic levels. For the most part, the protections seem to be respected by authorities...and direct demands to [expose] sources seem more the exception than the common practice". Banisar noted: "...There are still significant problems. Many of the national laws are limited in scope, or in the types of journalists that they protect. The protections are being bypassed in many countries by the use of searches of newsrooms and through increasing use of surveillance. There has also been an increase in the use of criminal sanctions against journalists, especially under national security grounds for receiving information from sources."

Since then, European organizations and law-making bodies have made significant attempts at a regional level to identify the risks posed to source protection in the changing digital environment, and to mitigate these risks.

• November 2007: European Court of Human Rights (ECtHR) - Tillack v Belgium (20477/05) involved a leak investigation targeting an investigative journalist. The ECtHRs judgment concluded that the authorities acted disproportionately and breached the journalist's right to freedom of expression enshrined in Article 10 of the European Convention on Human Rights.^[72]
• February 2008: European Court of Human Rights (ECtHR) Guja v. Moldova (14277/04) This judgement found in favour of Jacob Guja who had served as a whistleblower to a newspaper regarding cases of alleged political interference with the justice process.^[73]
• December 2009: European Court of Human Rights (ECtHR) Financial Times ltd and others v. The United Kingdom (821/03). The Court ruled that the Financial Times, The Guardian, The Times, The Independent and Reuters were right to protect their sources by rejecting a United Kingdom High Court order for them to turn over leaked documents connected to a takeover bid involving a brewing company.^[74]
• September 2010: European Court of Human Rights (ECtHR), Grand Chamber Appeal—Sanoma Uitgevers B.V. v The Netherlands. The ECtHR declared illegal the seizure by the Dutch police of a journalist's CD of photographs, which identified confidential sources.^[75]
• November 2012: European Court of Human Rights (ECtHR) Telegraaf Media Nederland Landelijke Media b.v. and others v. the Netherlands (Application no. 39315/06) The complaint in this case was brought by a Dutch newspaper and two of its journalists. The journalists had been under investigation after publishing stories in De Telegraaf about the circulation of state secrets, in the form of documents from the Netherlands' secret service (AIVD). The Court found that the journalists' rights under both Articles 8 and 10 of the European Convention on Human Rights had been violated.^[76]
• April 2014: European Union Court of Justice judgement (Ireland Data Retention Directive). The Court observed, in its judgment declaring the Data Retention Directive invalid, that communications metadata "taken as a whole may allow very precise conclusions to be drawn concerning the private lives of the persons whose data has been retained" (Digital Rights Ireland Ltd C-293/12 v Minister for Communications et al. Ireland, 8 April 2014, Directive 2006/24/EC).^[77]
• May 2014 Stichting Ostade Blade v The Netherlands in the ECtHR (Application no. 8406/06). The Court rejected a Dutch magazine's application against a police raid under Article 10 of the European Convention on Human Rights. This judgement demonstrates the narrow circumstances in which source protection laws can be legitimately over-ridden in the public interest.^[78]

• September 2007: Guidelines of the Committee of Ministers of the Council of Europe on protecting freedom of expression and information in times of crisis adopted. These guidelines (CoE 2007) recommended that Member States adopt Recommendation No. R (2000)7 (CoE 2000) into law and practice. In March 2000, the Council of Europe's Committee of Ministers had adopted that Recommendation on the "right of journalists not to disclose their sources of information".^[79]
• 2010: Report on the protection of journalists' sources from the Council of Europe (CoE) Parliamentary Assembly highlighted the need to limit exceptions to legal source protection provisions.
• 2011: Council of Europe Human Rights Commission issues discussion paper on Protection of Journalists from Violence (CoE HRC 2011) noting that "the fight against terrorism does not allow the authorities to circumvent this right by going beyond what is permitted [Article 10 of the ECHR and Recommendation R (2000) 7]"^[80]
• 2011: Council of Europe Parliamentary Assembly adopted Recommendation 1950 on the protection of journalists´ sources. (CoE 2011) recommending that the Committee of Ministers call on all their Member States to: legislate for source protection; review their national laws on surveillance, anti-terrorism, data retention, and access to telecommunications records; co-operate with journalists' and media freedom organisations to produce guidelines for prosecutors and police officers and training materials for judges on the right of journalists not to disclose their sources; develop guidelines for public authorities and private service providers concerning the protection of the confidentiality of journalists' sources in the context of the interception or disclosure of computer data and traffic data of computer network.^[81]
• 2014 Declaration of the Committee of Ministers on the protection of journalism and safety of journalists and other media actors adopted: "A favorable environment for public debate requires States to refrain from judicial intimidation by restricting the right of individuals to disclose information of public interest through arbitrary or disproportionate application of the law, in particular the criminal law provisions relating to defamation, national security or terrorism. The arbitrary use of laws creates a chilling effect on the exercise of the right to impart information and ideas, and leads to self-censorship."^[82]
• January 2015: Council of Europe Committee on Legal Affairs and Human Rights, Report on Mass Surveillance/Resolution and recommendation addressed the implications for journalistic source protection in the context of freedom of expression and access to information. The Resolution included the following statement: "The Parliamentary Assembly is deeply concerned about mass surveillance practices disclosed since June 2013 by journalists to whom a former United States national security insider, Mr. Edward Snowden, had entrusted a large amount of top secret data establishing the existence of mass surveillance and large-scale intrusion practices hitherto unknown to the general public and even to most political decision-makers."^[83]
• May 2014: Council of the European Union - "EU Human Rights Guidelines on Freedom of Expression: Online and Offline" included the following statement: "States should protect by law the right of journalists not to disclose their sources in order to ensure that journalists can report on matters in the public interest without their sources fearing retribution. All governments must allow journalists to work in a free and enabling environment in safety and security, without the fear of censorship or restraint."^[84]

In Bulgaria, Poland, and Romania unauthorized access to information by government entities were identified in several cases.^[85] In those political regions, policies such as mandatory registration of pre-paid SIM mobile phone cards and government access to CCTV make hacking tools and surveillance a lot easier.

In the Netherlands, a 2006 case ruled that in cases of minimal national security interest do not supersede source confidentiality. Bart Mos and Joost de Haas, of the Dutch daily De Telegraaf. In an article in January 2006, the two journalists alleged the existence of a leak in the Dutch secret services and quoted from what they claimed was an official dossier on Mink Kok, a notorious criminal. They further alleged that the dossier in question had fallen into the hands of Kok himself. A subsequent police investigation led to the prosecution of Paul H., an agent accused of selling the file in question. Upon motions by the prosecution and the defence, the investigative judge in the case ordered the disclosure of the source for the news story, on the grounds that it was necessary to safeguard national security and ensure a fair trial for H. The two journalists were subsequently detained for refusing to comply with the disclosure order, but were released on appeal after three days, on November 30. The Hague district court considered that the national security interest served by the order was minor and should not prevail over the protection of sources.^[86]

In the Americas, protection of sources has been recognized in the Inter-American Declaration of Principles on Freedom of Expression,^[87] which states in Principle 8 that "every social communicator has the right to keep his/her source of information, notes, personal and professional archives confidential."

In the United States, unlike doctor-patient or lawyer-client confidentiality, reporters are not afforded a similar legal shield. Communications between reporters and sources have been used by the FBI and other law enforcement agencies as an avenue to information about specific individuals or groups related to pending criminal investigations.^[88]

In the 1971 case of Branzburg v. Hayes the court ruled that reporter's privilege was not guaranteed by the First Amendment, but the publicity surrounding the case helped introduce the concept of reporter's privilege into public discussion. As a result of the case, Branzburg, a Kentucky reporter, was forced to testify about his sources and story to a grand jury.^[3]

A University of Montana student, Linda Tracy, was issued a subpoena for video she took of a violent encounter between police officers and a group of residents.^[when?] The case, which was ultimately dismissed, involved attaining unedited footage of the encounter which part of was used in a documentary Linda Tracy made as for an undergraduate journalism class. Although she won the case, her status as a real journalist was called into question. Even with the victory, the court did not specifically address if protections and privacy extended to student journalists, but because of the nature of her intent and the project she could not be coerced to releasing the footage.^[89] The case helped help further battles in student journalism and press freedoms at an educational level.^{[citation needed]}

The Electronic Communications Privacy Act passed in 1986 and protects bank transactions, telephone digits, and other information. The act also encompasses what organizations must provide to law enforcement with a subpoena, such as name, address, durations of services used, type of device used, and source of payment. This is known as “required disclosure” policies. It later included provisions to prohibit access to stored electronic devices.^[90]

Former CIA employee Edward Snowden further impacted the relationship between journalism, sources, and privacy. Snowden's actions as a whistleblower at the National Security Agency drew attention to the extent of US government surveillance operations.^[91] Surveillance by network administrators may include being able to view how many times a journalist or source visits a website per day, the information they are reading or viewing, and online applications they utilize.

In Mexico, it is reported that the government there has spent $300 million during one year to surveil and gather information from the population with specific interest in journalists to get access to their texts, phone calls, and emails.^[92]

Under Canadian law journalists cannot be compelled to identify or disclose information likely to identify a journalistic source, unless a court of competent jurisdiction finds there is no other reasonable way to obtain the information in question, and that the public interest of administrating justice in the case outweighs the public interest of source protection.^[93]

In 2019, the Supreme Court of Canada overturned an order that would have required a journalist to disclose the source of her reporting on the Sponsorship scandal, former cabinet minister Marc-Yvan Côté had sought the order in a bid to have charges against him stayed, arguing that officials from an anti-corruption police unit had leaked information about the case to the press. The case was remitted back to the Court of Quebec for further consideration of new facts.^[94]

Newsrooms rely on end-to-end encryption technologies to protect the confidentiality of their communications.^[92] However, even these methods are not completely effective.^[1]

More schools of journalism are also beginning to include data and source protection and privacy into their curriculum.^[91]

Technologies used to protect source privacy include SecureDrop,^[95] GlobaLeaks,^[96] Off-the-Record Messaging, the Tails operating system, and Tor.^[91]

Banisar wrote: "There are important declarations from the Organisation of American States (OAS). Few journalists are ever required to testify on the identity of their sources. However direct demands for sources still occur regularly in many countries, requiring journalists to seek legal recourse in courts. There are also problems with searches of newsrooms and journalists' homes, surveillance and the use of national security laws".

In 1997, the Hemisphere Conference on Free Speech staged in Mexico City adopted the Chapultepec Declaration. Principle 3 states: "No journalist may be forced to reveal his or her sources of information."^[97] Building on the Chapultepec Declaration, in 2000 the Inter-American Commission on Human Rights (IACHR) approved the Declaration of Principles on Freedom of Expression as a guidance document for interpreting Article 13 of the Inter American Convention of Human Rights. Article 8 of the Declaration states: "Every social communicator has the right to keep his/her source of information, notes, personal and professional archives confidential."^[98]

There are developments with regards to the status of the above regional instruments since 2007:

• Guatemala 2013: (The then) President Otto Pérez Molina expressed interest in signing the Declaration of Chapultepec, he later suspended the signing.
• Venezuela 2013: announced its withdrawal from the Inter-American Commission on Human Rights (IACHR) and the Inter-American Court of Human Rights.

• Confidentiality
• Senior administration official
• Shield laws in the United States