Skip to content

DEPRECIATED — SecureDrop User Interview Script

Jump to bottom
Nina Eleanor Alter edited this page Feb 27, 2022 · 1 revision

What is an Intercept Interview Script?

Intercept Interviews are short, semi-structured, exploratory interviews (In the Internet Freedom community commonly called "Intercept Interviews") are useful ways of researching broad topics,

They provide you with basic understanding of what participants do, and establish opportunities for further dialogue with them.

These can then be used to carry out further, more focused research.

They should not be very long, taking no more 15-30 minutes. This interview script will focus on SecureDrop.

Essential parts of the interview are:

  • Introduction (to explain to the participant who you are, why you are talking to them)
  • Get consent (because it's ethical, dammit to establish trust with the participant)
  • About the participant (to learn about the participant, and their organisation)
  • About SecureDrop, and Usage of SecureDrop (to learn about their uderstanding, and usage of SecureDrop)
  • Usability of SecureDrop (to learn about difficulties the user may have)

Tools needed

  • way to take notes (paper, or laptop)
  • audio recorder (optional)

Interview script

Introduction

Hello there, my name is [interviewer]. I am a contributor to Securedrop. Thank you for agreeing to speak with me. I'd like to speak to you about SecureDrop.

Get consent for recording the audio of the session

(This is only needed if you're actually able to record the interview)

I would like to ask you for your permission to record our discussion today. Recording allows me to focus my attention on you. I will use this recording to make notes of our discussion today. Once I've made the notes, I will delete the recording.

May I record our discussion?

Get consent for questions and making notes public

You can answer my questions to the extent that you feel comfortable. You're free to choose not to answer a question, or to stop the interview at any moment. OK?

We want to keep information from interiews publicly available for project contributors. With all our interview we remove personally identifiable information, like names, organisations, countries. We will send you the notes for review and wait for your approval to publish them. It would be perfectly ok for you to decide at that time that you don't want them public after all.

Do you have any questions before we begin?

About you

  • Can you tell me what is your name?
  • What's your background? Is it journalism, technology, or something else?
  • Can you tell me what your job title is?
  • How long have you been working in [news org]?
  • (probe if background is different than job title) and where were you working before that?
  • Can you tell me what a typical day looks like for you?
  • (probe):
    • How many people are in their team?
    • What type of people do you work with on a daily basis? e.g. Do you work with journalists, digital, security people, or just one type of people

About SecureDrop

  • In your words, what is SecureDrop?
  • What kinds of people in [news-org] uses SecureDrop?
  • (probe) What kinds of people? Journalists? Lawyers? Digital/technology people?

Usage of SecureDrop

  • How long have you been working with SecureDrop?
  • Tell me, what kinds of things do you do with SecureDrop?
  • (probe) Are there other people that do those things as well?
  • (probe if necessary) Why?
  • How many times do you check SecureDrop?
  • (probe if necessary) Why?
  • What time of the day do you check SecureDrop?
  • (probe if necessary) Why?
  • Tell me, how many submissions have you received through SecureDrop per week? Don't worry about if they were useful or not. An approximate total number is OK (1, 10, 100, 1000, more)
  • How many documents, files do typical sources submit?
  • What are the alternatives for a source, or whistleblower have to send [news org] submissions?
  • What is the most popular method for sources to submit information to [news org]?

SecureDrop workflow

Now I'd like to focus on the last time you checked SecureDrop. Firstly - it's important that you don't tell me specific details about the particular submission - what it was about, who sent it. This information is confidential to your organisation, and not important to this research. If by accident, you do tell me details about submissions, I will remove this from my notes. Instead, I'd like you to tell me as much detail as you can about each step you had to do.

Physical access

  • Tell me about what you have to do to get to the SecureDrop servers and workstations?
  • (probe) is access to them restricted? (more than 1 person)
  • (probe) what kind of people have access to them?
  • (probe) How long did it take you to get access to them?

Downloading files/messages

  • So, once you've gotten access to the SecureDrop workstation, what happens next?
  • (probes)
  • Do you download them or does someone else?
  • Do you store them in the same room, or somewhere else?
  • Once you've downloaded the files, what do you do next?
    • Do you decrypt them in the same room, or somewhere else?

Inventory of submissions

  • Once you've downloaded the files, what do you do next?
  • (probe) for example, do you keep a record of submissions?
  • How do you update the record?
  • (if yes) can you tell me about what that record looks like? Again, I'm interested in how that record looks, not the contents
  • Why do you do it like that?
  • How do you deal with the metadata, and redacting information in submissions you'd receive?
  • What concerns do your journalists have about publishing?
  • Do you publish documents? Why?

Useful or not, Sensitive or not

  • So, tell me about what happens next?
  • (probe) How do you know if the submission is useful or not?
  • What decisions do you make to decide if you're going to use it?
  • How do you decide on the sensitivity of a document?
  • Where does this decision process happen? In SecureDrop? Outside it?
  • Where should this decision process happen?

Getting the submission to Journalists

  • So, you've made the decision that the submission is useful, what happens next?
  • (probe) how does the submission get to journalist?

General questions?

  • How long can this process take?
  • Does every submission take the same amount of time?
  • How long can it take for a submission to become a story?
  • (probe) Is there only 1 message, or does a story take more than 1 message?
  • What's wrong with this process?
  • How could it be better?
  • What other software do you need to use with SecureDrop?
  • Are there any issues sources have had with Securedrop?

Finishing

Thanks very much [NAME/ALIAS] for your time and patience. As a little thank you, I'd like to give you this SecureDrop sticker.

Would it be OK if I asked you for an email address so I can contact you about SecureDrop?

If you'd like to use PGP encrypted email I will send you my PGP key.

Is there anybody you know who uses SecureDrop? Would it be OK to introduce me to them so I can talk to them about SecureDrop?

Thanks again.

Who Uses SecureDrop?
Learn about SecureDrop's users!

Design

Contributors

Learn!

User Research

Et cetera

Clone this wiki locally