The following are some reflections of mine after attending a discussion session titled, ‘Secure the News: A Dialogue on How to Protect the Future of Journalism’ at RightsCon 2016.
The aftershock of Snowden’s revelations seems to have died down. Other than a few more journalists who are now using encrypted emails, nothing much has changed. Security experts are still juggling terms such as SecureDrop, TOR, PGP and many more, but just how many media professionals are paying attention to them?
Journalists around the globe are increasingly being harassed, censored, monitored or even worse, have been stopped from doing their work. According to Reporters Without Borders, 35 journalists have been killed and 167 others imprisoned in 2016 alone.
However, according to our work in the field, we note that the threats faced by journalists are mostly related to local actors and not some form of high-level surveillance. Local thugs, mayors, politicians and landlords have shown themselves to be the most common enemies.
At the same time, the tools used to conduct these acts of surveillance are becoming cheaper and easier to obtain and use. So while journalists should discuss and investigate larger issues, they should pay more attention to their local challenges.
There’s also this new phenomenon, where journalists are finding it very difficult to protect their sources, the people who are providing them with the data and information. Journalists need to be more careful about their digital footprints and the kinds of information they are releasing in stories. They also need to do more to protect their research, data, electronic devices, workspaces, and on/offline identities.
- What is the protocol for using encrypted emails?
- Who will people refer to if there are security issues?
- How will they contact this expert or reliable individual?
- Do they live in a country where encryption is outlawed?
Journalists are also currently using more chat applications in their smartphones than laptops. Here, it’s important that they choose between Whatsapp and Signal, which are already equipped with end-to-end encryption, making them far more secure than free-service email, with Whatsapp looking to soon integrate fingerprint verification. Beyond these tools, are they even using secure passwords? Knowledge in creating better passwords is actually just as, if not more important, than using complex applications.
Most importantly, addressing all the above issues requires a change in behaviour towards security, which is usually the hardest to achieve. The journalists of the world will hopefully not have to see another prominent victim like Snowden for that to happen.