Re: a national newspaper, which recorded the data
Use a dedicated sanitizer device such as https://www.circl.lu/projects/CIRCLean/
That's a nice answer, probably does do the job (at least, it's hard to believe an arbitrary good USB flash drive could be compromised to propagate the attack further), and looks like it's from people who know what they're doing. However when there are things like this in the mix https://www.theregister.co.uk/2017/11/07/linux_usb_security_bugs/ it's hard to say that you can't attack the device, even with allowed device classes locked down (to avoid all the peripheral spoofing types of attack), especially the sanitiser is a standard computer. Once you've got control of the sanitiser you can't guarantee what's been written to the 'clean' device is safe. I might be wrong, but it seems some storage devices will accept firmware updates and presumably you need to avoid those.
An attacker who'd gained control of the sanitiser could also attempt to include filesystem handling attacks and compromised files on the output device, but those you can at least handle by analysing from a VM and wiping it afterwards. Attacks on the interface itself seem (to me) harder to deal with, since the attacker potentially has the host OS and therefore the ability to get to the BIOS and other hardware. I suppose I was hoping for some protocol level device that could buffer and sanitise the connection. Admittedly a USB firmware worm that will propagate over a Pi seems like quite a sophisticated hypothetical attack,