The shock effect after Snowden’s revelation has stopped. And it just stopped there. Except for a few journalists who are now using encrypted emails not much has changed. Security experts are juggling with words and acronyms like Securedrop, TOR, PGP and many others, but how many journalist are actually paying attention to these matters? Let alone who is really digging into these security measures and has started using them.
Even worse, many say all is back to basics. We just use the pre-existing threat models.
Around the globe, more and more journalists are being harassed, censored and monitored, all with the aim of stopping them from being able to continue their work. In the field we see that most threats are local threats. Not threats from higher level surveillance, although linkages between the two most likely exist, journalist state that they deal with these threats on a local level.
Local thugs, local mayors or politicians, local dictators, these are the common enemies of journalists.
Also there’s a new phenomena where journalist can’t protect their sources. It has become easy for anyone to find out who the journalist’s sources are, to discover who is providing him/her with data and information. Journalists need to be aware about the digital footprint and information they are releasing from their stories. Also they need to be aware to protect their research and data, including their work spaces. For example by paying attention to the security situation of their own desk and office. Also there is a need to protect recordings, tapes, smartphones, laptops and other personal things journalists carry with them while working.
In the meantime, journalists should also protect their own personal information as much as they can. Where they live, in which part of city they are working and so on. Another important issue is protecting their identity on social media. Actually most of these steps are included in journalist manuals on journalist ethics and guidance, in reality a lot of data surrounding journalists are easily available online.
For example, regarding the digital protection in an office, questions that need to be answered are
What are the considerations for using encrypted emails?
Who will we contact if there is a security problem?
Is there a security expert or reliable person around who can help?
Does our country denounce email encryption?
Does the State regard users of encrypted emails as illegal activists?
We need to know, what kind of threats journalists face in their home towns. Again this is related to the threat model discussed earlier. Below a list of question regarding local threats
Are you using PGP or Signal or other chatting apps? Why?
What are your considerations in choosing between Whatsapp versus Signal as a chatting app?
Is the password you are using safe?
Do you know how to create better passwords? Or should you opt for an app that offers more security?
The most basic and important fact related to all these issues is, that journalists need to change their behavior. But we all know that it is hard to change a person’s behavior. Let alone a journalists’ behavior, as they are always chasing deadlines and in need for quick bits of information. Usually the hardest question to ask oneself as a journalist is that one: am I willing to change my behavior?
This Blog is based on a dialog at Secure the News: A Dialogue on How to Protect the Future of Journalism.