In the first hours after a missile strike, a natural disaster or a political assassination, the same thing happens every time: social media fills with photos and videos faster than any newsroom can process them. Some are real. Some are from a different country, a different year, a different war. Some are AI-generated. A journalist with a large following shares one without checking. It spreads. By the time the correction goes out, the original post has half a million impressions.

This is the problem that open source intelligence was supposed to solve. And in many ways, it has. But the most powerful investigative tool available to journalists today was not developed for journalists. It was developed for prosecutors, war crimes investigators, and intelligence analysts. Journalists borrowed it, adapted it, and built entire beats around it — without ever stopping to consider specific rules and standards. Especially around ethics.

OSINT, short for Open Source Intelligence, refers to the methodology and tools that leverage public-facing information like satellite imagery, radio, ship and plane tracking data, social media photos and videos, for either storytelling or accountability purposes. (There are far more tools than anyone could master or count, but collectives like Bellingcat do a great job at compiling and explaining what each tool does.)

OSINT helps us verify whether a photo or video is real, where and when it was taken, and whether it’s been used out of context. By examining individuals’ digital footprints, we can identify potential perpetrators and trace chain of command structures for criminal responsibility in war and conflict zones. We can also cross-reference weapons and equipment visible in footage against databases like the Open Source Munitions Portal to identify who the arms suppliers are in a conflict, and use platforms like Flightradar24 and MarineTraffic to track military air and naval movements, blockades, and resource flows.

The possibilities are infinite. But so are the mistakes. In the end, OSINT is less about the tools and more about the methodology. More than the open source information we collect, OSINT is about collecting what is relevant, archiving it, and analyzing it without error.

Most OSINT handbooks and tutorials tend to be tool-oriented. And only recently has the OSINT methodology been codified in documents like the Berkeley Protocol on Digital Open Source Investigations.

In this blog post, I want to argue that even though the Berkeley Protocol has enormously contributed to the field, it is mostly written for those who investigate human rights violations and war crimes at an international level. It doesn’t work for journalists. It’s of course a guiding document on the craft regardless, at a time when blogs are abundant but normative documents are scarce. And yet the Berkeley Protocol reads like a law. It makes sense, as it was written so that social media videos and photos from conflict zones could be accepted as evidence in international courts. It was very much needed in that space.

But it’s of little use to journalists.

Don’t get me wrong: most of the principles are very relevant. Keeping yourself and your team safe, not breaking the law, being transparent in your findings, knowing your biases, and archiving the information you collect are all sound practices. But the Protocol is written in language that is barely understandable by journalists, and it contemplates outputs that have to work within the constraints of a trial, including the right to due process, the legal principle requiring states to respect someone’s rights before depriving them of life, liberty, or property.

Journalism follows a different logic. It involves characters that take the audience through a plot and hold power to account. It operates within a news cycle, and deadlines are a lot stricter. It’s precisely those differences between human rights law and journalism that affect not only the collection methods, but also the outcome, the presentation, and the ethical rules.

It’s time for an OSINT Protocol for journalists and storytellers, especially given its rise in the past years as a method of investigation.

The tools are the same for human rights practitioners and journalists alike. But the methodology, the output, and the process change. What follows is what I think an OSINT Protocol for journalists should include at the minimum, and what it should leave out. These are not meant to be comprehensive, but rather to get the conversation started.

What it should leave out

The Berkeley Protocol has genuinely useful principles that should apply across disciplines, regardless of whether your output is a war crimes tribunal or a front-page story.

But the Protocol was written with a specific reader in mind, one whose job is to build a legal case that can withstand cross-examination in an international court. That reader has to respect the due process rights of the people they’re investigating. Even an alleged war criminal has a right to privacy, a right to a fair trial, and a right not to have evidence collected through methods that could get it thrown out. The Protocol’s stricter principles exist to protect those rights, and to protect the integrity of the prosecution.

Journalists operate under a different obligation. We are accountable to the public and to the truth, not to evidentiary standards designed for The Hague.

Take “data minimization,” the principle that investigators should collect only what is strictly necessary, conduct preliminary assessments before gathering material, and develop formal retention and deletion policies for everything they handle. For a prosecutor, this makes sense: over-collection can constitute a privacy violation and compromise a case. For a journalist, the calculus is different. Our concern when gathering material is relevance to the story, not whether collecting a public social media post might infringe on someone’s legal rights.

The same goes for chain of custody, the strict chronological documentation of who has controlled a piece of evidence, when, and how it was transferred or analyzed, so that it can be admitted in court. Maintaining a formal digital preservation system to satisfy chain of custody requirements is a reasonable demand on a war crimes investigator. It is an unreasonable demand on a reporter working on deadline. That doesn’t mean journalists shouldn’t archive their material carefully. They should, for their own reasons. But the standard is different, and pretending otherwise produces compliance theater rather than better journalism.

What it should include

For all its wonders, OSINT can be abused: exposing someone’s private or intimate information, stalking, harassing, or impersonating could all be done with OSINT tools and methods. That’s why the first thing an OSINT Protocol for journalists should address is ethical standards.

OSINT is still too new in journalism. Ethics codes like the one from the Society of Professional Journalists (SPJ) are not even reflective of the social media era, let alone open source intelligence methods or AI. Some ideas that came up in the Open Source Investigative Reporting class I used to teach with Alexa Koenig and David Barstow at UC Berkeley are the following:

1. We don’t hack. This seems obvious. And yet it needs to be said, because the line between open source investigation and unauthorized access can blur faster than you’d expect, especially when the information is sitting right there, one more click away. OSINT, by definition, is information that is publicly accessible by design, or that has been made available through legal means. OSINT journalism is not hacking. It doesn’t matter how important the story is. It doesn’t matter if the target is a war criminal, a corrupt official, or a corporate fraudster. It doesn’t matter if the door was technically left open. It’s a threshold we shouldn’t cross.

2. We don’t break the law. This principle sounds obvious, but it deserves closer examination because OSINT creates specific ambiguities that general journalism ethics codes were never written to address. Scraping public data might be legal in one country but not in another. In some places you need a person’s consent to record a phone call; in others you can record without it. The ethical principle here is about knowing the laws in the places where you are working, especially given the international nature of OSINT.

3. We don’t doxx people. Doxxing is the act of publishing someone’s private or identifying information with the intent to harass, threaten, or extort. It’s one of the most obvious misuses of OSINT, and it’s sometimes done accidentally. The distinction matters. There is a difference between identifying a person in the public interest, such as naming a military commander responsible for a documented atrocity or identifying the owner of a shell company linked to corruption, and publishing a private individual’s home address, phone number, or daily routine. The first is accountability journalism. The second is unethical.

4. We don’t take advantage of sources. OSINT can create a power imbalance that is different from traditional source relationships. You may know a great deal about someone before they know you exist. You may have their location history, their social connections, their family situation. You may have found them because they posted something in a moment of grief, anger, or confusion, in a community they thought was private, or in a language they didn’t expect a foreign journalist to read. This is especially true when the people you’re dealing with are victims.

5. We fact-check. Fact-checking is different from verification. Fact-checking is about corroborating facts with multiple sources and being clear about where you got your information. Verification in OSINT is about establishing where a photo or video was taken (geolocation) and when it was taken (chronolocation). But OSINT alone is never enough. In 2017, Bellingcat located the site of an execution based on satellite imagery and social media videos, noting that from the satellite you could see what appeared to be blood stains exactly where people had been executed. Fact-checking in OSINT journalism means treating your open source findings as a lead, not a conclusion. In that case, it would mean obtaining additional evidence to confirm that those spots were actually blood, whether through a witness who was present or someone who analyzed the stains directly. It means seeking ground truth: physical verification, on-record sources, documentary evidence that either corroborates or complicates what the data shows. It means being willing to hold a story that is visually compelling but not yet confirmed.

6. We verify before we publish. More and more journalists re-share AI-generated photos or older videos taken out of context and passed off as breaking news. The speed of social media has made this worse: a compelling image gets shared by a journalist with a large following before anyone has asked the basic questions, namely when it was taken, where, and by whom. A new ethical principle for journalists in the disinformation era would be to use OSINT tools and methods to determine the veracity of information before publishing, not after it has already spread. Reverse image search takes thirty seconds. Checking a video’s metadata, cross-referencing landmarks, or running a clip through a tool like InVID takes a few minutes more. These are not exotic skills. They are, increasingly, the minimum standard of care. The correction, when it comes, rarely travels as far as the original error.

A whole discussion could be had about a particularly fraught principle for US-based journalists: “We don’t misrepresent ourselves.” Not everyone takes the same approach, especially with OSINT. Is it acceptable to pose as a white supremacist to gain access to a Facebook group you’re investigating? Do you always have to disclose yourself as a journalist? European news organizations tend to be considerably more permissive about undercover investigations. I’m setting this principle aside for now because it merits its own post.

Conclusion

The OSINT field has matured faster than the frameworks meant to govern it. The Berkeley Protocol was a landmark, rigorous, necessary, and built for a specific purpose. But a document designed to get satellite imagery admitted as evidence at the International Criminal Court was never going to serve a journalist trying to verify a video before a 6 p.m. deadline.

What journalists need is a protocol written in their language, for their constraints, and with their outputs in mind. Not a legal brief, but a practical and honest set of commitments that reflects how open source investigation actually works inside a newsroom: the collaborative chaos of it, the time pressure, the platforms, the AI-generated noise, and the very real ethical traps that existing codes were never designed to catch.

The principles sketched out here, including not hacking, not breaking the law, not doxxing, not exploiting sources, fact-checking, and verifying before publishing, are a starting point, not a finished document. But the conversation has to start somewhere. The disinformation environment isn’t waiting for journalism to catch up, and neither are the people who would misuse these methods. An OSINT Protocol for journalists won’t solve everything. It will, at least, give the field something to argue about. And in journalism, that’s usually how progress gets made.

Gisela Pérez de Acha is an open source investigative reporter specializing on extremism, disinformation and environmental issues. She works as a cybersecurity expert and a digital safety trainer with PEN America. In 2021, she created a partnership between at UC Berkeley’s Investigative Reporting Program and its Human Rights Center to teach a first-of-its-kind Open Source Investigative Reporting course at Berkeley Journalism.