Computer security is necessary for journalist safety

EDITOR’S NOTE: This article was originally published, in Spanish, in El País.

This week, journalists, technologists, and other human rights advocates will gather in Valencia, Spain for the Internet Freedom Festival, a multidisciplinary “un-conference” dedicated to fighting surveillance and censorship online. More than 600 people from 43 countries have registered for the festival, which is now in its second year. The gathering could not come at a more important time.

Journalists and bloggers use technology to speak uncomfortable truths to and about those in power. Inevitably, this exposes them to resentment and, far too often, retribution. Governments routinely abuse surveillance technologies and exploit technological vulnerabilities, to repressive ends.

It is a global problem. In Colombia, allegations that the government is spying on journalists have recently resurfaced, giving rise to questions about the sufficiency of the country’s legal protections around surveillance. In Russia, journalists face physical attacks and intimidation for what they write online. News organizations experience network censorship attacks in Mexico and spurious copyright complaints in Ecuador. In China, where more journalists are imprisoned than anywhere else in the world, government-friendly alternatives to Facebook, Twitter, and other social media services reinforce the country’s technical “great firewall” content filtering system.

The online censorship and intimidation journalists face often spill into the real world. They can be physically tracked via their phones. Once arrested, many are questioned about their online activities. And journalists, many of whom work online, are murdered for their work with tragic frequency.

Even when journalists are not being physically assaulted or censored, the threats they face cause many to take extraordinary measures to protect their stories and themselves, thus taking vital energy away from their real job of reporting the news.

Just as technology can be used to put journalists under scrutiny, however, it can work to liberate them from it. When used carefully, technology allows journalists to communicate confidentially with sources they could not safely meet, tap the Web’s information for research, and even publish anonymously if necessary.

Many examples of privacy-protecting technologies exist, and they take many forms. Journalists use the Tor browser to anonymize their Web traffic. CPJ is both a co-founding partner and a beneficiary of CloudFlare’s Project Galileo, which provides world-class network attack protection to smaller news outlets for free. And strong encryption is so important that its use is protected under international law.

But the promise of technology is also under threat. In Ethiopia, the Zone 9 bloggers were imprisoned in part for trying to learn how to use encryption. Last year in Turkey, Mohammed Rasool was held for 131 days in part for using so-called “military-grade” encryption–a term that describes technologies common to consumer smartphones, online banking and nearly everything else that deals with private data. And speaking of smartphones, in the U.S.–where constitutional protections for the press were formulated via encrypted correspondence–the FBI wants to make Apple write custom malware to circumvent the security of its flagship iPhone.

The legal battle between Apple and the FBI may mark the beginning of what would be a very worrying trend. Should the FBI prevail in forcing Apple to sabotage the security of its own devices, a move the company calls unprecedented, it could easily do the same to other companies. Other governments would likely follow suit–or simply steal the exploits the U.S. government forced Apple to create.

The U.S. isn’t the only Western government to seek to undermine computer security, however. Governments in France and Britain have made similar demands on technology companies in the past year; however, these have been largely rebuffed. Still, there is danger not only in the introduction of forced technological vulnerabilities, but a discourse from governments that pits privacy and security at odds with one another.

In the information age, privacy, security, and free speech are all complementary. We live in a world in which cars can be commandeered, hospitals can be held ransom, and assault rifles moved off-target, all remotely and without the knowledge of the user. Good computer security by default prevents these harms, in addition to the phishing attacks, surveillance and censorship journalists and news organizations frequently experience.

That is why we are joining our peers in Valencia: to counteract the myth that security and privacy are somehow at odds, and work toward a world in which journalists–and everyone else–can be safe.