What about tech companies or companies with some security savvy?

Hopefully, employees at Facebook and other internet and telecom companies understand by now that they are being targeted. But we know that foreign governments are hacking energy companies and utilities, state and local governments, financial firms, airlines, hospitals, universities, manufacturing, Hollywood studios, rideshare companies, even agriculture, fashion and retail. The costs of hacking are so low, and the value of our data is so high, that targeted surveillance happens a lot more than we expect.

If you’re in an industry of any interest at all to foreign governments, even if you’re a junior employee, then you might be individually targeted for hacking. Even if you work as a hair stylist, public-school teacher, restaurant server or some other job with a very local focus, it appears that there’s more targeted hacking in local disputes and by intimate partners.

You deal with incredibly sensitive information every day. What’s your setup to ensure communications stay private?

Unfortunately, security is expensive and inconvenient, and there is no easy way to secure yourself. Whistleblower Aid has gone to great lengths to create systems that are harder to hack. While we aspire to become the most secure legal organization on earth, we know that there is no such thing as 100 percent security. Whenever possible, we do things in person with no devices nearby, or in hard copy, and then we burn the paper. We have a manual typewriter with the old-fashioned ribbons.

How does Whistleblower Aid protect potential clients’ privacy?

After someone becomes our client, we typically give them a new device that they use only for communication with us. But because it’s so easy to hack any particular device, and we expect that we are being targeted, we have to ensure that our clients’ devices are not associated with ours in any way.

From the moment a client reaches out to us, we make an extensive effort to protect their communications with us and advise them about how to be safer in the rest of their life. From burners to Faraday Bags and other tried-and-true techniques to avoid surveillance, we invest heavily in providing clients with alternate technological means to communicate with us, and work hard to avoid physical and location tracking.

We have a special system for receiving new inquiries from prospective clients. Prospective clients must install a special browser called Tor onto a personal laptop and send us encrypted messages to our custom platform called SecureDrop. Tor is the only browser that strips off all the metadata like IP addresses from all traffic, so that if our SecureDrop is somehow hacked, even we aren’t holding identifying data.