What Journalists Need to Know About Digital Safety and Security?
The Internet and the digital era have disrupted many industries. Some, like real estate, marketing, commerce, etc. have found a way to thrive in the new digital world, while others like brick-and-mortar booksellers, language translators, travel agencies have seen a decline as a result of online services like Amazon or Expedia that essentially do the same thing as them.
One of the industries most affected by digitalization is journalism. In many ways, the transition from print to digital hasn’t been an easy one. Many newspaper chains like the Tribune filed for bankruptcy as they couldn’t adapt to the new era.
People are looking for news in a different way than they did 20 years ago. The Internet has way surpassed the newspaper in that regard.
A Digital Safety and Security Challenge for Journalists
The Internet has brought many new challenges to journalism and the press.
Readers are today expecting a faster news delivery. Today you can learn what happened 5 minutes ago in Brazil, while in the 1990s or before you’d only learn about it the next day (at best).
Advertising revenue has dropped for print media 44% between 2005 and 2009 as print classified ads are outcompeted by ads on the Internet, social networking, and such.
However, few challenges are as significant and impactful for journalism as digital safety and security.
Almost every day you can read about a journalist or news media company being hacked. For example, in October, 2019, 100 journalists, political dissidents and human rights activists had their smartphones hacked using a WhatsApp vulnerability.
The bigger problem for journalists is that it’s not only random hackers that they have to worry about, it’s also their own governments if they do so much as tweet about something.
Digital Security Best Practices for Journalists
Journalists need to adopt certain best practices when it comes to digital security. However, before we get into that, it’s important to first define what digital security is and why it’s important for journalists.
Digital security includes tools and practices one can use to protect their online identity and sensitive information. For journalists, this is even more important as often they don’t have to worry just about their own online security, but also that of their sources, who might want to stay anonymous.
To achieve this, journalists should follow these digital security best practices:
The first doesn’t apply only to journalists, but everyone else. Your password is the first line of defense for your online accounts and you need to make it strong. First of all, this means never use the same password more than once. Always use a unique password for every account.
To further protect your passwords and online accounts from hackers, you can also use 2-factor authentication (2FA), which will add an extra layer of protection beyond the login credentials (username and password).
Everywhere you go on the Internet, you leave digital footprints in the form of cookies. Get into the habit of deleting these as well as your entire browsing history often as these can be used to spy on your activities as a journalist.
With this in mind, stay in the habit of hidden browsing, using Incognito mode (for Chrome) or Private Browsing (on Safari), or the equivalent for other browsers. However, keep in mind that all this does is make the browser not record your cookies. Sites you visit will still record your IP and your browsing will be visible to your ISP (which in turn may reveal this information to the authorities).
Speaking of digital footprints, none is as big as your IP address. You’ll leave it everywhere you go like a kid who just stole some chocolate. VPN is one of the best ways to browse the Internet safely without revealing your real IP as the traffic will go through a VPN/proxy server so that anyone looking will see the VPNs IP and not yours.
Although TOR has a somewhat dark reputation as a place where criminals of all types congregate, which by the way, is completely undeserved, we shouldn’t forget that its main purpose is to allow people to be anonymous online.
That’s exactly what journalists need and many, like ProPublica, have adopted Tor and have .onion sites (.onion sites can only be accessed if you have Tor browser installed).
The very notion of installing encryption tools like OpenPGP might scare a lot of journalists, but this is necessary if you want to protect your messages. Once you have OpenPGP installed, it becomes virtually impossible for anyone without the proper combination of public and private keys to decrypt your messages.
Furthermore, journalists should also consider using encrypted services. For example, instead of Skype, use an encrypted messaging app Signal and if you need to send sensitive documents online, use SecureDrop instead of Dropbox.
Email is 40+ years old, but has evolved multiple times since. Email is still one of the top business and private communication tools and it remains relevant.
Today there are some known email services like Gmail, Yahoo or Outlook. These are indeed not safe for sending confidential documents and communicating anonymously.
This is why journalists need to use anonymous emails like CTemplar, which will keep their identities hidden from prying eyes.
CTemplar allows you to become a ghost by signing up completely anonymously (without a phone or SMS verification) and it will also hide your IP address.
This has a “no data-retention policy” which means that, once you press Delete, the message will be permanently deleted (and not stay in logs for the next 6 months like with some providers).
Of course, keep in mind that all anonymous email providers, CTemplar included, are obligated to respond to legal court requests and therefore must provide them with encrypted email contents and other metadata in their possession and they do so in regards to things like terrorism or children abuse.