Governments and criminal organizations are stepping up digital surveillance of journalists, but the press is not keeping pace in meeting the challenge, a panel of experts said Wednesday at an event marking the launch of the CPJ Journalist Security Guide. Reporters are using unsecure consumer electronic products for sensitive tasks such as note-taking and source management, the experts said, without sufficiently assessing the risks.
The panelists–including CPJ Internet Advocacy Coordinator Danny O’Brien, a co-author of the new guide–spoke to an audience of 80 at Columbia University’s Graduate School of Journalism.
Journalists, of course, are not alone in underestimating the emerging dangers. Even technologists miscalculated the range and severity of risks that would accompany the revolution in digital products, O’Brien said. Fellow panelist Chris Soghoian, a leading privacy activist, stressed how easy it is to unwittingly divulge information that is transmitted or stored on devices such as smart phones. Whenever data is sent or received it travels through a network of computers that can make the information vulnerable at some point. Journalists should assess this risk and take proportionate precautions.
Losing control of your data–notes, calendars, source information–is one of the gravest dangers facing journalists, according to O’Brien, and it’s especially pernicious given that people are often oblivious to the loss. In the CPJ security guide, O’Brien compared the experience of losing data to having your wallet stolen: You know when your wallet is gone, but not always when your digital information is scanned, copied, or monitored. When that data is lost, he said, there is no reversing the damage to you or your source.
Panelist Katrin Verclas–co-founder of MobileActive, a group that promotes the use of mobile technology for social change–said the widespread use of mobile phones has heightened reporting risks. Mobile technology presents ample opportunities for repressive regimes to monitor journalists’ work and relationships. Her group’s Mobile Security Survival Guide for Journalists provides checklists that journalists can follow while working in risky situations. For example, replacing a SIM card is not enough to guarantee protection, she noted, because each mobile phone has its own serial number.
The better strategy, she said, may be the even simpler one: Use a disposable phone in a repressive country. She and the other panelists all emphasized the value of simplicity in protecting information. “Just because you can do something on a phone, doesn’t mean that you have to,” Verclas says. Using complicated strategies, such as encrypting messages, often sparks more suspicion and only makes it easier for governments to track you.
Security is a process, not a product, said Verclas. It’s a way of thinking and approaching your work.