As hackers get more sophisticated and the government gets more aggressive, journalists need to have a plan for protecting their data and their sources. It’s no longer enough to have a good reputation for protecting the identity of your sources and sticking to your word, because everyone knows that a simple hack into your phone or laptop can reveal this information and more. And the government demonstrated through the AP phone records seizure, as well as through the Edward Snowden NSA revelations, that they can and will use their authority to collect your communications data without your authorization.
The Wall Street Journal newscast below explains a bit more about what happened in the AP case. This situation illustrates the government’s desire to uncover news sources and their willingness to go around reporters and editors to do so.
And if you're looking for a bit more background on the Snowden revelations, this video provides details from the whistleblower himself:
At this year’s World Press Freedom Day, discussion and presentations focused on digital security for journalists, highlighting the plight of journalists jailed and harrased worldwide to suppress their work. Footage of the full conference can be seen here:
As a result of more aggressive tactics on behalf of the U.S. government, and governments and organizations worldwide, journalists are using technology to protect their data and their sources.
Simon (2014) notes that journalists have become so utterly dependent on electronic devises to manage their communications, create content and transmit content to their newsrooms that they need a mechanism for protecting that information from getting into the wrong hands. He suggests conducting a risk assessment to determine what information may be most at risk (Simon, 2014). For instance, if you are worried about your laptop being confiscated and interogators demanding your password, then encrypted communications might be the best route (Simon, 2014). He also suggests having an emergency plan, such as for what your editors should do if you get detained (Simon, 2014). They might be directed to shut down your email or Facebook account, for instance.
This is the new reality for journalists, particularly since so many are working remotely and depending heavily on their electronic devises. Governments, criminals, corporations, and any group looking to stop what a journalist is doing could potentially seek to retrieve information through a journalist’s devises.
Smyth (n.d.) gives some basic recommendations for journalists, such as: keep your software and operating system updated; use good anti-virus and anti-spyware software; don’t leave your devises out of your site, especially in hostile areas; use good passwords, at least 12 keywords with a variety of characters; and don’t fall for shady looking email attachments. Smyth (n.d.) recommends checking out Security in-a-Box, which provides a ton of tools that can be helpful in ramping up your digital security. If it is your communication you are concerned with, you may want to consider a secure email service like Riseup, which was built by Internet freedom activists and offers encryption services (Smyth, n.d.). For instant messageing, he recommends Pidgin, which allows for off-the-record conversations. For larger scale security, you may want to consider encryption software that covers emails and files, such as PGP or GPG (Smyth, n.d.). Since we are being monitored through our browsing history, downloading the Tor browser can help you surf the web anonymously.
Smyth (n.d.) gives some basic recommendations for journalists, such as: keep your software and operating system updated; use good anti-virus and anti-spyware software; don’t leave your devises out of your site, especially in hostile areas; use good passwords, at least 12 keywords with a variety of characters; and don’t fall for shady looking email attachments. Smyth (n.d.) recommends checking out Security in-a-Box, which provides a ton of tools that can be helpful in ramping up your digital security. If it is your communication you are concerned with, you may want to consider a secure email service like Riseup, which was built by Internet freedom activists and offers encryption services (Smyth, n.d.). For instant messageing, he recommends Pidgin, which allows for off-the-record conversations. For larger scale security, you may want to consider encryption software that covers emails and files, such as PGP or GPG (Smyth, n.d.). Since we are being monitored through our browsing history, downloading the Tor browser can help you surf the web anonymously.
As far as mobile security, Smyth (n.d.) reminds us that smartphones can potentially turn into tracking devises or an eavesdropping devise, so it’s a good idea to turn it off when you are in a sensitive area or doing sensitive work. You also might want to go a step further and use a pre-paid phone that can’t be traced back to you (Smyth, n.d.).
To get a better grasp on how journalists are using digital security tools as well as how journalist’s alter their behavior based on the perception that they are being monitored, check out the Pew Research Center’s 2015 report on digital security. The report illustrates how the work of journalists has changed based on their perceptions of potential data breaches (Holcomb, et al. 2015). The report (Holcomb, et al. 2015) explains that journalists are taking more measures to protect their data in response to a perceived threat from governments and hackers. For instance, it found that a majority of journalists don’t believe their organizations are doing enough to protect them, so they are taking measures into their own hands. This data is illustrated in the infograhsipc below:
 |
| http://www.journalism.org/2015/02/05/investigative-journalists-and-digital-security/ |
I recently attended a cybersecurity conference in the Virgin Islands by the federal contractor RecoilForce to see if I could get any tips on how to protect myself. It was highly technical and not applicable to someone not in the field of cybersecurity, but I was able to talk to a lot of professionals and understand the issues a bit better. One of the big takeaways was learning that despite what you do to protect your data, if someone is determined enough, they will get it. To stay on top of it, cybersecurity professionals take on the role of hacker and learn the latest techniques. As far as protection, it comes down to street smarts more than anything else. Be aware, be safe, recognize your weak points and do your best to protect what needs protecting. Unfortunately, cybersecurity is something that needs to be on every journalist’s radar. You can’t simply promise your sources anonymity. You have to make that promise, then show them all the steps you are taking to ensure no one will figure it out through some backdoor you forgot to lock.
References:
Holcomb, J.; Mitchell, A. & Purcell, K. (2015). Investigative journalists and digital security. Retrieved from http://www.journalism.org/2015/02/05/investigative-journalists-and-digital-security/
Simon, J. (2014). How journalists can protect their digital information. Columbia Journalism Review. Retrieved from http://www.cjr.org/behind_the_news/joel_simon_column.php
Smyth, F. (n.d.). Digital security basics for journalists. Medill, National Security Zone. Retrieved from http://nationalsecurityzone.org/site/digital-security-basics-for-journalists/
No comments:
Post a Comment