4. Who will you be contacting and/or working with?

Updated:July 2016

4. Who will you be contacting and/or working with?

When you’re sharing what you determine to be confidential information with someone, you’re putting trust in that person’s ability to keep the information safe.

A. Who are they and who could be monitoring them? (employer, government, etc.)

List either specific sources, or source types and classify them in a way that makes sense for your assignment: on the record, off the record, deep background, and so forth. You could also be organising them another way: military, government agency, police, corporate employee, activist/partisan, civilian, whistle blower, etc.

For each of these, write down: who they are; what’s their role is in your assignment; and who or what stands to be damaged by their involvement. This section’s information could likely overlap with your overall communication plan and safety risk assessment.

B. How will you be contacting them?

What are you going to be talking about? Who could be trying to stop you and/or them? What methods might an adversary use to monitor or interfer? Knowing all this information, what steps could you take? Some examples: In-person meetings, generic, anonymous email addresses, encrypted emails or chat services, intermediaries that can pass information.

C. Will you need to send or receive any sensitive information from them?

How will you obtain it from the contact? (email, file sharing, a USB stick, on paper)? How will you be storing it and accessing it? Will you be contacting others to verify the information?

Information is like water: It leaks.
It’s part of your job to keep it from putting yourself and your contacts at risk. The best way to strategise safer communication (whenever possible) is in person. You can test different methods, make agreements, set up security questions, or verify keys if you use GPG encrypted emails.


D. Will contacting them will put you or your contact under threat?

Write down the various kinds of threats (personal and professional) that could arise in contacting people and categorise them.

Now that you’ve identified which kinds of contacts or sources pose which kinds of threats, you can start to strategise different ways to work with them. There are no 100% secure methods, but there are practices that increase the likelihood of safer communication.

Next: 5. What will you be trying to access online?

Image credit: Screenshot from the CyrptoCat homepage.

Created: June 2014

Help us be a better resource!

Give us feedback about this page. What was helpful here, or what could be included to make it more useful?

Create a comment
Create a Comment
  • Security code

This website uses cookies. For more information about these please click here.
By continuing to browse you consent to the use of cookies