One day, every journalism school in the United States and beyond will offer a full three-credit, 15-week course in digital safety, along with more advanced classes. But that day has not yet come. Only a year ago, Alysia Santo reported in the Columbia Journalism Review that no American journalism school offered formal digital safety training. A number of groups, including CPJ, have tried to fill the void with digital security guides. This week, the Medill School of Journalism at Northwestern University added to the resource stockpile with the publication of a guide that I’ve written, Digital Security Basics for Journalists.
One caveat: No journalist should stop after reading any single guide. The pace of technological innovation is only accelerating; intelligence services, criminal actors, and other digital predators are constantly finding new ways to steal, copy, or access other people’s information and communications. Even if you were to master all of the concepts and tools available today, your skills will become outdated if you don’t make a concerted effort to keep up.
Heightened government surveillance of telephone records poses one kind of risk, as we learned from recent disclosures that the U.S. Justice Department had secretly seized phone records of The Associated Press, and had reviewed the phone and email records of Fox News reporter James Rosen. In both cases, journalists were covering stories the U.S. government considered to be secret.
But threats to journalists today are coming not only from powerful officials with vast resources but from digital predators able to snoop or hack on the cheap. One Russian software firm, using a reseller in Canada, offers the kind of “black” software once out of reach to all but the most advanced intelligence agencies. For just $40, spyware called Blackshades allows anyone with minimal technical skills the possibility to digitally eavesdrop on another person or entity’s computer or network.
The Medill guide is meant as a starting point, helping journalists understand broad tactics and directing them to sources of more detailed information. It builds on the Information Security chapter of the CPJ Journalist Security Guide, which was published in 2012. The chapter was written by my colleague Danny O’Brien, a leading figure in the field who is now with the Electronic Frontier Foundation.
The new Medill guide directs journalists to sites offering security tools, such as Security-in-a-Box, run by the Berlin-based Tactical Technology Collective and the Dublin-based Frontline non-governmental organizations. Keeping abreast of changes in technology is also essential. The best single source for information may be The Liberationtech Archives. Based on a listserv by the same name, it is hosted by the Center on Democracy, Development, and the Rule of Law at Stanford University. The list is populated by Internet freedom activists, and the conversations often include technical language. But by running a search of any particular software name or brand through the Liberationtech archives, one can quickly discern whether there is an active discussion about the security or vulnerabilities of a tool.