A journalist was arrested because of an email. Here's what went wrong.

Short answer

The email was not intercepted or hacked. It was handed over by the provider under a legal request the journalist never knew existed. The failure was not technical. It was a misunderstanding of what “secure email” means when the provider is a US company subject to compelled disclosure with non-disclosure orders.

The email wasn’t intercepted. It wasn’t hacked. It was handed over by the provider in response to a legal request that the journalist never knew existed.

By the time the journalist found out, the source was already in custody. (See: how to communicate with sources safely.)

How this happens

Most journalists working in sensitive environments operate under a set of assumptions that haven’t been tested. They use Signal for messaging because they’ve been told it’s secure. They use Gmail or Outlook for email because that’s what their organisation uses. They assume that the security of the channel depends on whether someone is monitoring them right now, not on what records exist that could be accessed later.

That assumption is wrong. And it’s the most dangerous kind of wrong: the kind that feels completely reasonable until the moment it isn’t.

Step one: the email that creates the record

A source makes contact. Sometimes through a secure channel. Sometimes not. Sometimes through a journalist’s public email address, because that’s what was available. The message may contain nothing sensitive. It establishes that a connection exists between two people.

That connection is now a record in a server somewhere. Encrypting the content of that email, if anyone thought to do it, protects what was said. It does not protect the fact that contact occurred.

Step two: the legal request you never hear about

In most jurisdictions, authorities can compel email providers to hand over account data without notifying the account holder. The provider receives a legal request. They comply. Sometimes they are legally prohibited from disclosing that the request was made.

Gmail, Outlook, Yahoo: US companies subject to US law, which includes mechanisms for compelled disclosure with non-disclosure orders. If the journalist or source uses these services, the content and metadata of every email ever sent is potentially accessible.

Step three: the arrest that reveals the chain

The source is identified through the connection record, not through the content of any communication. The journalist learns about it when the source stops responding. Or when the source is publicly named in an arrest.

At this point there is nothing to fix. The chain played out in the past, in metadata the journalist didn’t know existed, through a legal process the journalist didn’t know was happening.

What actually protects sources

The answer is not a single tool. It’s a system of decisions made before first contact, not after.

Compartmentalisation: the email address a source uses to make initial contact should not be the address used for ongoing communication. Two different addresses, two different providers, create two separate records that require two separate legal requests to connect.

End-to-end encryption for content: Proton Mail with PGP ensures that the provider cannot hand over readable message content because it doesn’t have it.

Signal for ongoing communication: once initial contact is established through a secure channel, all subsequent communication should move to Signal with disappearing messages enabled.

The practical checklist

Proton Mail for source communications. Not Gmail. Not your organisation’s email system.

A separate Proton Mail address that has never been linked to your public identity.

Signal with disappearing messages enabled for all sensitive ongoing communications.

A separate device for source communications if the threat level justifies it.

A clear policy for sources on how to make first contact. Published. Consistent. Followed.

Frequently asked questions

Can authorities access journalist emails without a warrant?

In many jurisdictions, yes. through legal mechanisms that compel providers to disclose data without notifying the account holder. Proton Mail, under Swiss law, has a higher disclosure threshold and publishes transparency reports on every request.

What email should journalists use for source communications?

Proton Mail, from a dedicated address never linked to your public identity. For ongoing communication after initial contact, Signal with disappearing messages.

Security for sources isn’t about what happens when someone tries to break in. It’s about what you left unlocked before you knew anyone was watching.

There’s no perfect setup. Anyone selling you perfect is selling fear. The goal is simple: make yourself a harder target than the person next to you.

A journalist was arrested because of an email. Here’s what went wrong.

Short answer

How this happens

Step one: the email that creates the record

Step two: the legal request you never hear about

Step three: the arrest that reveals the chain

What actually protects sources

The practical checklist

Frequently asked questions

Can authorities access journalist emails without a warrant?

What email should journalists use for source communications?

Most journalists are compromised before they know they’re being watched.

Border agents seized a journalist’s laptop. It took 11 minutes to access everything.

Your phone carrier sells your location data. Here’s the proof.

Mullvad VPN review 2026. The most anonymous VPN tested.

Signal vs ProtonMail vs Wire. Which one for sources in 2026?

1Password review for journalists. Is it enough for source protection?

Short answer

How this happens

Step one: the email that creates the record

Step two: the legal request you never hear about

Step three: the arrest that reveals the chain

What actually protects sources

The practical checklist

Frequently asked questions

Can authorities access journalist emails without a warrant?

What email should journalists use for source communications?

Similar Posts