At the “News Organizations and Digital Security” convening, journalists and technologists faced sometimes grisly realities about the challenges individuals and news organizations face to safely secure communication.
The event, co-hosted by the Reporters Committee for Freedom of the Press, Freedom of the Press Foundation, and the New America Foundation’s Open Technology Institute, also showcased current tools (and their limitations) for encryption.
Some of the issues flagged:
- Encryption isn’t general in the population, so it’s a red flag that you have something to hide. That makes government sources afraid, and it scares everyone else too. If only everyone used encryption (think of it like safer sex).
- Encryption is usually only a tool to get to the human, F2F encounter. A big data dump like the Snowden revelations is the exception, not the rule. But setting up the F2F encounter usually means a digital (and traceable) interaction.
- Journalists are using many tools like GPG and Tor, and try to use a variety of them. They also sometimes try to leave many trails rather than just one (for instance, email several people on the same topic), and develop a cover story with their sources to explain away contact.
- Encryption is, as speaker after speaker said, “good hygiene,” and it protects readers as well as sources/reporters. Too many journalistic organizations have bad hygiene at the level of their public websites; and it makes you wonder how bad the security hygiene is inside.
- Security needs to be a policy, holistic and seamless, built into institutional practice. It’s not about the tools, it’s about a mindset, a set of practices, and use of good threat modeling. Organizations need to have security practices, tools, training and personnel.
Too many tools are too hard to use. When they’re hard to use, people don’t use them, even when their institutions require it.