Source protection in the digital era with @asmitch of @pewresearch & me @ #WNC15 #Editors15. June in DC #JournosSafe http://www.wan-ifra.org/events/67th-world-news-media-congress-22nd-world-editors-forum-25th-world-advertising-forum?view=programme#128496 …
In 2013, the UN High Commissioner for Human Rights reported that online attacks on journalists were increasing, including “illegal hacking of their accounts, monitoring their online activities…and the blocking of websites that contain information critical of the authorities.”
The new report, “Building Digital Safety for Journalism”, also points out that “some media actors are being killed for their online journalism.” Between 2011-2013, 37 of the 276 killings of journalists condemned by UNESCO involved journalists whose practice was primarily online.
According to the report, there are 12 main digital safety challenges facing contemporary journalists and news organisations.
12 key safety challenges to digital safety for journalists
- Surveillance, data storage capabilities and digital attack technologies are becoming less expensive and more pervasive.
- Digital security tools are not always user friendly, leading to too few journalists implementing the tools correctly, or at all.
- Commercially available digital security tools may be too expensive for freelancers or bloggers to purchase, and many tools (free or otherwise) are not user-friendly for non-technologists.
- Open source digital security tools often lack a sustainable business model, which means they may become obsolete after a short period of time or may not be updated against vulnerabilities.
- Denial-of-Service attacks may result in financial loss for news organisations or individual journalists.
- Many journalists and their sources are unaware of technologists willing and able to assist them if they experience a threat or attack that is digital or digitally-relayed.
- Many journalists and their sources are not adept at understanding data anonymisation or the use of secure technologies such as encryption.
- There is a lack of publicly available data documenting the types of digital attacks and threats those doing journalism face.
- State and non-state actors can use location tracking technology to identify media actors – and their sources – who often need confidentiality for the production of journalism.
- The digital security of both those who do journalism and their associates (sources, families, colleagues) can often easily be compromised via phishing campaigns.
- Compromised user accounts and devices can be used to identify the sources and networks of those doing journalism, leading to increased insecurity.
- Digital security is often taught ad-hoc, if taught at all, instead of being systematic and holistic.
12 key digital security threats
The Study also identifies 12 types of threats confronting digital journalism:
- Surveillance and mass surveillance,
- Software and hardware exploits without the knowledge of the target,
- Phishing attacks,
- Fake domain attacks,
- Man-in-the-Middle (MitM) attacks,
- Denial of Service (DoS) attacks (and DDOS – distributed denial of service),
- Website defacement,
- Compromised user accounts,
- Intimidation, harassment and forced exposure of online networks,
- Disinformation and smear campaigns,
- Confiscation of journalistic work product, and
- Data storage and mining.
How should journalists and newsrooms respond to these threats?
The report’s author, Jenn Henrichsen, told the World Editors Forum that: “News organizations and journalistic actors need to adopt a security mindset to ensure their communications and networks are protected, and to also better understand how digital activities can affect physical security and psychological wellbeing.”
Henrichsen said it’s important for media organisations and individual journalistic actors to be flexible in their understanding of, and response to, digital security threats and attacks. “They need to keep up-to-date with changing technology, including methods used by attackers and changes to the tools they use for their work,” she said.
Director of Freedom of Expression and Media Development at UNESCO, Guy Berger, acknowledged the sense of urgency connected to these issues. “Some observers have spoken about a digital arms race, which would imply an ongoing need to update digital defence,” he said. “But perhaps a bigger issue is that journalists should keep abreast (of) UN statements, because…these norms help to shape laws and set parameters on actions, especially if they become part of public knowledge – which is something the media can (contribute to).”
Berger also highlighted the value of the report’s recommendation to adopt a process of ‘threat modelling’. “Train journalists about how to do a threat assessment,” he told the World Editors Forum “…so that they can take a nuanced response to digital threats – rather than lapse into doing nothing on the one hand, and overreacting on the other.”
The gender factor
The report acknowledges that “Online abuse against women is a growing international phenomenon, in forms ranging from sexual harrassment to rape threats and gender based hate speech.” It also presents a valuable global catalogue of such attacks and research on the issues. The study stops short of making recommendations for action on the the specific issue of tackling digital safety threats to women journalistic actors. However, Berger acknowledged that “Gender-sensitivity is needed in analyzing threats, devising technology responses, and in training courses.” And Henrichsen said: “Heightened awareness of this phenomenon is needed and training regarding psychological impacts of gendered hate speech on women could be helpful.” (Note: see this Editors Weblog post from 2014 for some other useful suggestions to combat gendered online attacks against journalists).
Who is a journalist?
Significantly, the report adopts a broad definition of journalism to encompass a range of actors, rather than focusing on defining the occupation. This move reflects a 2011 UN Human Rights Commission comment that defined journalism as “a function shared by a range of actors, including full-time reporters and analysts, as well as bloggers and others who engage in forms of self-publication in print, on the internet, or elsewhere.” Similarly, in a 2013 report on Journalists’ Safety Indicators, UNESCO refered to “journalists, media workers and social media producers who generate a significant amount of public interest journalism” as the target group.
The digital safety methods adopted by the report’s author
We asked Jenn Henrichsen, (formerly of Columbia University’s Tow Center, and now a First Look Media Technology Fellow with the Reporters Committee for Freedom of the Press) how she changed her own digital security practices during the course of her research. “I went through a self-directed risk assessment exercise and attended a variety of digital security trainings, and talked with several digital security trainers. More specifically, I created more difficult passwords and began using a password manager,” she said. “I stopped using public wifi and began using a VPN and Tor in some circumstances.”
Henrichsen said that she also started routinely encrypting data. “For example, I set up encrypted email and chat, encrypted my devices, switched to encrypted cloud storage, encrypted my internet connections by installing the HTTPS Everywhere add on, and I also store data on encrypted external hard drives.” Additionally, she said that she had grown more cautious about dealing with attachments and clicking on links. “I’m wary of attachments and try to open them in the cloud if I do open them. I’m also careful about what links I click on, especially if someone I don’t know on Twitter sends me something.”
And she has taken to covering up the cameras on her phone and laptop while also being more diligent about physically securing her laptop. “I’ve stopped leaving my computer unattended in a hotel room, even if it is in a safe, when I travel, and I am more careful and thoughtful about what computer or phone I bring with me when I do travel.” She said she also reads tech blogs and follows information security experts on Twitter to help build her digital security knowledge. “But, perhaps most importantly, I have sought to adopt a mindset of openness to learning and adopting new technologies, even if they seem intimidating to understand or difficult to use at first blush.”