A journalist talks on his satellite phone outside the Rixos Hotel in Libya in August 2011. (AFP/Filippo Monteforte)
A journalist talks on his satellite phone outside the Rixos Hotel in Libya in August 2011. (AFP/Filippo Monteforte)
CPJ

Safer mobile use is key issue for journalists

As the Internet and mobile communications become more integrated into reporters’ work, the digital threats to journalists’ work and safety have increased as well. While many press reports have documented Internet surveillance and censorship–and the efforts to combat them–mobile communications are the new frontline for journalist security.

With five billion active subscriptions, mobile phones are the most ubiquitous digital communication device in history. And yet security researcher Chris Soghoian writes that many journalists aren’t fully aware of the risks posed by their mobile communications. “Confidential information is sent over regular phone lines and via text messages and email, all of which are easy to intercept,” Soghoian notes. “Few journalists use secure-communication tools, even ones that are widely available and easy to use.”

Mobile phones have become readily and cheaply available for the vast majority of the global population even as those communications have been subjected to greater control by repressive regimes. Governments in countries such as Uganda, Libya, Egypt, Mozambique, the Democratic Republic of Congo, Belarus, Russia, and Syria have forced mobile carriers to suspend services, filter data, or transmit propaganda to their citizens. A number of mobile network operators in repressive countries are partially or wholly owned by the regimes, making large-scale surveillance and interference all the easier.

With governments’ increased demand for new surveillance technologies comes increased supply: Surveillance equipment vendors from Western democracies to China are all selling their wares in these countries at a rapid pace.

And it’s not just governments using technology to repress–so do non-state players such as criminal cartels in countries like Mexico. Since the escalation of the drug war in 2008, the cartels have demonstrated their willingness to intimidate, kidnap, maim, and kill bloggers and journalists. In one particularly brutal case, a Mexican journalist was beheaded and left in a public square with a note that said she had been killed for her reporting on social media.

At SaferMobile–a nonprofit dedicated to helping human rights defenders and journalists use mobile technology securely–we believe that efforts to track, intimidate, and attack journalists will likely continue, and the risks associated with mobile security will likely intensify. One area of concern, for instance, is location tracking–knowing, based on the cellphone signal, exactly where a given person is physically located. As soon as a phone is turned on, the handset and SIM card transmit unique identifying data to the mobile network operator. This is not an evil tracking scheme but a basic function of mobile networks. After all, a phone has to send its location so that it can be connected to the network and ultimately bill you for data sent and received.

Still, a litany of anecdotes illustrates the security issues raised by mobile communications:

  • A legislator in Belarus was confronted in interrogation with his exact locations, data uploads, and calls and text messages sent and received over the course of several days of demonstrations.
  • People detained in the streets of Egypt, Syria, and Bahrain routinely have their phones seized at the moment of arrest. This exposes contact data stored in the phone’s address book, or its SMS and call logs.
  • An activist in Libya showed us the verbatim transcripts of her mobile calls over the course of weeks, recovered from the security services in the heat of the battle for Tripoli. It turns out that voice calls can be easily intercepted even without expensive surveillance equipment.
  • A filmmaker in Nigeria resorted to eating his SIM card so as not to expose the contact information of his network.
  • Reporters killed in Syria may have been identified and located by Syrian intelligence forces by their satellite phones.

So what’s a journalist to do?

We have seen firsthand that many people, for lack of experience or technical know-how, put themselves at risk with insecure online or mobile communications that exposes them (or their sources) to arrest, or worse.

Obviously, the best way to avoid phone-related security risks is to not use a phone at all. But most people, even if they understand the risks involved, find that phones are too useful to discard. The best approach, then, becomes one of harm reduction–identifying and understanding the risks and taking appropriate steps to limit exposure.

The SaferMobile program of MobileActive.org works to support journalists in identifying, understanding, and mitigating risks associated with using mobile phones in their reporting. We are here to help journalists make educated decisions about how they use mobile phones and reduce their exposure. As an introduction to mobile security in journalistic operations, we have put together a mobile security survival guide with journalists in mind.

We believe journalists need to ask:

  • What does your mobile use say about you? What is logged by the network operator and why is this important?
  • As you are preparing for an assignment, how do you effectively assess your mobile risks and what preparation should you undertake?
  • How do you communicate securely with your newsroom back home?
  • While you are on assignment, what are more secure ways to use your phone to contact sources and conduct interviews?
  • What should you think of in regard to using your phone in emergency situations?
  • What should you consider when filing your story or multimedia content from the field?
  • What special consideration should be given to social media use on your phone?

As a function of their design, mobile networks are logging large amounts of data about your activities, locations, and interactions, all of which can be disclosed to an adversary. If you are working in a risky environment, severely limit the sensitive data you keep on a device that can be lost or taken.

Minimizing risks and implementing safer practices may be an inconvenience in your daily work, but it is a small price for the greater security you can provide for yourself and your sources.